This document focuses on building Windows VM golden image in vSphere 6.7 and later, to be used in CI but can be used as example for other vSphere environments. We use Packer to automate the installation and configuration of the Windows VM golden image.
Packer generates a vSphere VM template that can be converted to a virtual machine. After converting the
template to virtual machine, the machine-api can use this newly created virtual machine (the golden image) in Power-Off state for
subsequent VM cloning.
The above golden image name is the one we use in the Machine Set's providerSpec.template. The following steps need
to be executed with the twingate VPN active.
Install Packer 1.8.3 on the host where you will be building image. The installation steps are:
- Download Packer
curl -o packer.zip https://releases.hashicorp.com/packer/1.8.3/packer_1.8.3_linux_amd64.zip
- Unzip using zip utility on the host
gunzip -S .zip packer.zip
- Add execution permission to the Packer binary
chmod +x packer
- Update the
$PATHenvironment variable to include the Packer binaryPATH=$PATH:<path/to/binary>
Please ensure the scripts directory is present in the location where you are
running Packer from and has the following files:
- authorized_keys
- configure-vm-tools.ps1
- disable-ipv6.ps1
- install-firewall-rules.ps1
- install-openssh.ps1
- install-updates.ps1
- install-vm-tools.cmd
- rename-computer.ps1
In addition, the answer-file directory is present at the same level as the scripts directory and has the following
files:
- autounattend.xml
- unattend.xml
The authorized_keys file must contain a public key, where the private key associated with this public key is what will be used by WMCO to configure VMs created from Windows VM. After deploying WMCO, this private key will be provided by the user in the form of a Secret.
The autounattend.xml file automates the Windows installation and must be edited to update the
value of WindowsPassword with a user provided password. autounattend.xml specifies that the following steps should
occur after the basic installation:
- Runs
install-vm-tools.cmdscript which installs VMWare tools - Runs
configure-vm-tools.ps1script which configures VMWare tools - Runs
install-openssh.ps1script which installs and configures OpenSSH Server
Packer takes over after the initial install and runs provisioners that performs the following:
- Creates
C:\rename-computer.ps1that will randomize the hostname on first boot - Runs
install-firewall-rules.ps1to configure the firewall rules - Runs
install-updates.ps1to install the latest updates - Reboot to apply the updates
- Runs
install-updates.ps1again to ensure we are installing all updates as some Windows updates requires reboots - Runs
disable-ipv6.ps1to disable IPv6 at the OS level - Reboot again to apply the updates
- Pauses to wait for the VM to coalesce
Packer then shutdown the VM via sysprep which uses the answer-files/unattend.xml. unattend.xml is used to
generalize the VM that is created from the resulting template.
Packer needs a build file which specifies how the virtual machine template should be built. You can find a reference build file in the repository.
In order to use the provided reference build file as a valid configuration with Packer, you must adjust the following variables:
-
<vmtools-iso-path>Path where VMWare Tools ISO is available in vSphere datacenter. To download the VMWare Tools ISO for Windows, navigate to the VMWare Tools download page and download the ISO for the version that matches the ESXi version. The ISO should be uploaded to a datastore accessible by the vSphere cluster. For example,[vsanDatastore] windows-iso-images/vmtools-v1240-23259341-windows.iso -
<os-iso-path>Path where Windows OS ISO is available in vSphere datacenter -
<vm-template-folder>Name of the folder where the VM templates will be created by Packer -
<vm-template-name>Name of the VM template that will be created by Packer -
<vm-elevated-password>Password for the Windows virtual machine Administrator user, must match with the password entered in the autounattend.xml script -
<vsphere-cluster>Name of the vSphere cluster -
<vsphere-datacenter>Name of the vSphere datacenter -
<vsphere-network>Name of the vSphere network -
<vsphere-datastore>Name of the vSphere datastore -
<vsphere-server>The vCenter server hostname, with no scheme (https://) nor path separators (/). For example:vcenter.example.com. See Packer documentation for more information -
<vsphere-user>The vCenter username -
<vsphere-password>The vCenter password
Packer relies on a build file for virtual machine template creation.
To build:
packer build windows-server-2022.pkr.hclTo forcefully rebuild the template:
packer build -force windows-server-2022.pkr.hclTo enable detailed logging:
PACKER_LOG=1 packer build windows-server-2022.pkr.hclDuring the golden image creation, it is highly recommended to establish access to the virtual machine by launching a Web Console through the vCenter web client. This can be done after the Packer build has powered on the VM (while it is Waiting for IP...).
If the build halts and prompts for a product key during the Windows OS setup, manual intervention will be required.
When accessing the virtual machine via Web Console, send a Ctrl+Alt+Del then tab over to I don't have a product key,
and hit Enter on the keyboard. This should start the OS setup as intended.
Packer mounts the Windows iso and starts the VM.
- All the files in
floppy_filessection of your build file will be copied to the floppy disk of the mounted iso which is represented asa:\drive in the Windows VM - autounattend.xml is a special file in Windows which automates the Windows installation
once the VM starts. You can specify the commands in the
FirstLogonCommandssection and they will be executed on the first boot of the VM. These steps should be restricted to basic ones that setup the VM for communication with Packer. - Rest of the Windows configuration and setup are performed by the provisioners in windows-server-2022.pkr.hcl.
Once the Packer build completes successfully, a new VM template with name <vm-template-name> will be created in
the folder <vm-template-folder> following the Variables. The later VM template is ready to use as a
golden image, as described in the documentation.