A hacker at Packer
Over the last year or so I've been trying out Packer as a tool to build images for EUC environments. Previously I have used the Automation Framework from XenAppBlog and been happy with it. I still am as using it I was able to create a Windows 11 VM without needing TPM on my AHV cluster. If you are still building images manually, and there are still many that do, it's worth a look (https://xenappblog.com/automation-framework-ce-training/).
If there is already a tool out there that is successful, why change is a natural question. There are a couple reasons to look at Packer. The first is that infrastructure as code is becoming the dominant way of managing infrastructure. It is no longer just large enterprises leveraging it but is becoming more and more common across all businesses. It allows for a bit simpler way of iterating changes and tracking them than say editing an MDT sequence.
The other reason is for Packer's ability to provision to multiple platforms with the same command structure. For those not familiar with Packer, there is a concept of builders and provisioners. Builders tell WHERE to provision the image, and provisioners are definitions of WHAT to do with that image. The beauty of Packer is that it abstracts the platform specific commands so you just have to tell it how you want it to look. As an admin I don't need to know how to connect to AWS, vSphere, etc and build out scripts for each of those. You just put in credentials to connect to those platforms and determine how the VM should look (disk size, CPU, network, image to start, etc) and Packer does the rest. Once that is complete, then you can use provisioners to execute commands within the image and customize it to your hearts content.
Nothing of what I have told you is groundbreaking information. Packer has been around for some time and folks have been building images for some time. What is new with what I've been doing? The main goal here is to help others get past some possible intimidation of using the tool. The idea of using a new tool can be intimidating to many. Also, for many EUC admins that are typically Windows focused, the idea of a command line only, JSON/HCL text configuration-oriented tool can seem daunting. Let me assure you, it is not. There are many examples out on the interwebs of building images with Packer.
Let me tell you of my latest endeavor. I was looking for a way to build images via Packer to use with AHV from my Mac. I am an EUC consultant that is always looking at ways to improve the process for admins to get users what they need as quickly as possible. Also, I am an avowed Mac fanboy (hey at least I admit it) Currently there is no builder specific to Nutanix/AHV. There are many posts where the QEMU builder was used as an alternative. This seems to work well for Linux based images; however, it was not working well for Windows.
After re-thinking the process some I decided to try a different builder. Thankfully the VirtualBox provisioner works nice and easy. Even better, VirtualBox is free. The first step of building a Windows 10 image is done. But if I want my image to be relevant, I need a few more things. The first thing is I need to take care of is the VirtIO drivers as they are not natively built into Windows. This is done easily by uploading the VirtIO drivers into the image and running a script to silently install them as provisioners in my Packer configuration.
The next thing to investigate is Windows updates. What's the point of building fresh images if they aren't going to be updated as part of the process? Windows updates seem like such a simple thing yet they can be troublesome in Packer. There is a community provisioner that was developed (https://github.com/rgl/packer-plugin-windows-update) however it didn't seem to provide consistency that I hoped to have. Granted I'm not known for my vast patience so that could be partly my issue. I was able to find a method of reliably doing Windows updates that to Tim Tharratt (https://github.com/eltimmo/packerWindowsUpdate). Adding his routine into my Windows configuration resolved my issues with Windows updates.
Now for anyone having done any EUC work, we come to the most beloved step...application installation. Disregarding the sarcasm implied, applications are what make the image. The fun thing is that many EUC image installations have very common applications across them. Most companies are going to want Office installed, Adobe Reader, and several other very common applications. I could figure out how to script the application installations, but thankfully Manuel Winkel has the Evergreen script (https://github.com/Deyda/Evergreen-Script). This allows you to select common software installations and have it install them all in one fell swoop. I won't go into all the details of configuring the Evergreen script but will let you read for yourself (https://www.deyda.net/index.php/en/evergreen-script/). The one thing I will note is that per the documentation the script, when using a setting file, should auto update and re-run if it isn't the latest version. It does not appear to be working properly as of this writing (January 18, 2022). I have reported it to Manuel and he is looking into it. For the time being you will need to ensure you have the latest version downloaded and stored within your Packer directories.
If you are interested in leveraging what I have done, take a trip over to my GitHub (yes, I have a GitHub now) and download what I have. You can find my Packer setup here: https://github.com/benjamin-crill/packer
I will admit I am no expert in Packer. I already know that I need to work on switching over from JSON to HCL. However, it is a start and the foundation for some new things going forward. Some of my next steps include:
Automatic upload of images to the Nutanix cluster
Terraform to automatically provision the gold VM to be leveraged by the EUC environment
Automatically remove ghosted devices from the VirtualBox build
Installation of EUC agents based on variables
If you have an interest in helping out or providing guidance I am happy to take advice. Most of what I have done is trial and error. There might be better ways of doing things, I am sure of that, but I've tried to re-use existing Powershell as that is my comfort area.
Thanks for reading and joining me in my journey, here's to the open road to further automation!