HCP Packer makes it easier to maintain image pipelines. Traditionally, you would need to coordinate with downstream teams whenever you updated an upstream image. With HCP Packer and channels, upstream teams — like security or platform teams — can update base images and use channels to point to the latest iteration. When downstream teams rebuild their images, Packer will automatically retrieve the channel's current iteration and rebuild with the new, updated base image.
In this tutorial, you will use Packer to query a specific base image's build iteration and build a new image using that base image. Then, you will update the base image's channel to point to another iteration, and rebuild the downstream image on top of the new base image.
»Prerequisites
To complete this tutorial, you must have completed the previous tutorials in this collection. In the previous tutorials, you:
- Created a service principal.
- Set your client ID and secret as environment variables.
- Configured your AWS credentials as environment variables.
- Built an image and push its metadata to HCP Packer.
- Set up a channel named
production
for your image bucket.
»Review example template
Open packer-application/application.pkr.hcl
to review the Packer template that builds the downstream images.
Tip: If you don't have this file, complete the previous tutorials.
This Packer template file contains:
A
hcp-packer-iteration
data source, which retrieves the channel's current iteration.packer-application/application.pkr.hclNotice that this resource references the bucket name (
learn-packer-ubuntu
) and channel (production
) you created in the previous steps.Two
hcp-packer-image
data sources, which retrieve the specific image from the iteration.packer-application/application.pkr.hclRemember that an iteration may contain multiple machine images from different cloud providers and regions. There are two
hcp-packer-image
data sources, one for each region, but they both reference the same iteration,data.hcp-packer-iteration.ubuntu
.Two
source
template blocks, each one mapping to the base image in its respective region.packer-application/application.pkr.hclThese
source
blocks retrieve the image by querying the AMI ID directly with thesource_ami
attribute.A
build
block with ahcp_packer_registry
block. This defines the new HCP bucket name (learn-packer-application
) and builds the two images in parallel.packer-application/application.pkr.hcl
»Build the downstream image
Now that you have a template file configured for HCP Packer, build the image and push its metadata to the registry.
Change into the packer-application
directory.
Initialize your Packer template.
Then, format the Packer template.
Finally, build your image. Packer will display color-coded output for both builds. You can tell which build source an output line is associated by the line's color or prefix.
Visit the AWS us-east-2
AMI Dashboard and us-west-1
AMI Dashboard to verify that Packer has built your images.
»Visit the image bucket
Visit the HCP Packer dashboard to review the image metadata that Packer uploaded to the HCP Packer registry. Select the learn-packer-application
bucket.
»Update image channel
You may occasionally need to revert to using a previous version of a base image and rebuild the downstream images that depend on it.
Navigate to the learn-packer-ubuntu
bucket, then click on Channels.
Edit the production channel by clicking on the ... and selecting Changed assigned iteration. Then, update the channel to the second iteration.
»Rebuild the downstream image
The base image's production
channel now points to a different base image. You will rebuild the application image on top of the updated base image.
Though your template file has not changed, this build will generate new images due to the updated upstream image. Since there are no changes to commit to Git to generate a new fingerprint from the SHA, you must manually create a new fingerprint for this build. Create an environment variable named HCP_PACKER_BUILD_FINGERPRINT
and set it to a unique value.
Now, build your image.
Visit the AWS us-east-2
AMI Dashboard and us-west-1
AMI Dashboard to verify that Packer has built your images.
»Next steps
In this tutorial, you used Packer to query a specific base image's build iteration and built a new image using that base image. Then, you updated the base image's channel to point to another iteration, and rebuilt the downstream image on top of the new base image.
For more information on topics covered in this tutorial, check out the following resources:
- Read more about referencing image metadata in the HCP Packer documentation.
- Visit the HCP Packer Glossary for additional descriptions of the terms covered in this tutorial.
- Visit the Build a Golden Image Pipeline With HCP Packer tutorial to build a sample application image with a golden image pipeline, then you will deploy the image to AWS using Terraform.
- Complete the Set Up Terraform Cloud Run Task for HCP Packer tutorial to learn how to set up run tasks that ensure your Terraform configuration uses compliant machine images.