feat: migrate Packer templates to HCL2 #7689
Conversation
There was a problem hiding this comment.
Pull request overview
This PR migrates Packer templates from JSON to HCL2 format to address JSON deprecation and leverage modern Packer features. The migration consolidates multiple distro-specific JSON templates into a unified HCL2 configuration with dynamic provisioners.
Changes:
- Introduces new HCL2 configuration files (variables.pkr.hcl, source.pkr.hcl, build.pkr.hcl, packer-plugin.pkr.hcl) replacing multiple JSON templates
- Updates build scripts to reference the new buildconfig directory structure
- Refactors Makefile to use a single unified template path instead of multiple distro-specific paths
Reviewed changes
Copilot reviewed 9 out of 12 changed files in this pull request and generated 15 comments.
Show a summary per file
| File | Description |
|---|---|
| vhdbuilder/packer/buildconfig/variables.pkr.hcl | Defines all Packer variables and local values with environment variable defaults |
| vhdbuilder/packer/buildconfig/source.pkr.hcl | Configures the Azure ARM builder source with image and infrastructure settings |
| vhdbuilder/packer/buildconfig/build.pkr.hcl | Defines the build process with dynamic provisioners for file uploads and shell scripts |
| vhdbuilder/packer/buildconfig/packer-plugin.pkr.hcl | Specifies required Packer plugin versions |
| vhdbuilder/packer/buildconfig/produce-packer-settings.sh | Script for generating Packer settings JSON from environment variables |
| vhdbuilder/packer/buildconfig/produce-packer-settings-functions.sh | Helper functions for settings generation and Azure resource management |
| vhdbuilder/packer/buildconfig/dynamic-provisioners/*.json | JSON files defining file upload/download mappings for different distros |
| packer.mk | Updated Makefile to use unified HCL2 template path instead of multiple JSON templates |
| buildNumber = "${var.build_number}" | ||
| createdBy = "aks-vhd-pipeline" | ||
| image_sku = "${var.img_sku}" | ||
| now = "${var.create_time}" |
There was a problem hiding this comment.
The variable create_time is referenced but never declared. This will cause a Packer error. You need to add a variable declaration for create_time.
| for_each = "${local.ubuntu_file_upload}" | ||
| content { | ||
| type = "file" | ||
| source = provisioner.value.source | ||
| destination = provisioner.value.destination | ||
| when = lower(var.os_sku) == "ubuntu" | ||
| } | ||
| } | ||
|
|
||
| // AzureLinux-specific file uploads | ||
| dynamic "provisioner" { | ||
| for_each = "${local.azlinux_file_upload}" | ||
| content { | ||
| type = "file" | ||
| source = provisioner.value.source | ||
| destination = provisioner.value.destination | ||
| when = lower(var.os_sku) == "cblmariner" | ||
| } | ||
| } | ||
|
|
||
| // Flatcar-specific file uploads | ||
| dynamic "provisioner" { | ||
| for_each = "${local.flatcar_file_upload}" | ||
| content { | ||
| type = "file" | ||
| source = provisioner.value.source | ||
| destination = provisioner.value.destination | ||
| when = lower(var.os_sku) == "flatcar" |
There was a problem hiding this comment.
The when attribute is not valid for dynamic provisioners in Packer. The conditional logic should be implemented using a conditional expression in the for_each itself:
for_each = lower(var.os_sku) == "flatcar" ? local.flatcar_file_upload : []
| for_each = "${local.ubuntu_file_upload}" | |
| content { | |
| type = "file" | |
| source = provisioner.value.source | |
| destination = provisioner.value.destination | |
| when = lower(var.os_sku) == "ubuntu" | |
| } | |
| } | |
| // AzureLinux-specific file uploads | |
| dynamic "provisioner" { | |
| for_each = "${local.azlinux_file_upload}" | |
| content { | |
| type = "file" | |
| source = provisioner.value.source | |
| destination = provisioner.value.destination | |
| when = lower(var.os_sku) == "cblmariner" | |
| } | |
| } | |
| // Flatcar-specific file uploads | |
| dynamic "provisioner" { | |
| for_each = "${local.flatcar_file_upload}" | |
| content { | |
| type = "file" | |
| source = provisioner.value.source | |
| destination = provisioner.value.destination | |
| when = lower(var.os_sku) == "flatcar" | |
| for_each = lower(var.os_sku) == "ubuntu" ? local.ubuntu_file_upload : [] | |
| content { | |
| type = "file" | |
| source = provisioner.value.source | |
| destination = provisioner.value.destination | |
| } | |
| } | |
| // AzureLinux-specific file uploads | |
| dynamic "provisioner" { | |
| for_each = lower(var.os_sku) == "cblmariner" ? local.azlinux_file_upload : [] | |
| content { | |
| type = "file" | |
| source = provisioner.value.source | |
| destination = provisioner.value.destination | |
| } | |
| } | |
| // Flatcar-specific file uploads | |
| dynamic "provisioner" { | |
| for_each = lower(var.os_sku) == "flatcar" ? local.flatcar_file_upload : [] | |
| content { | |
| type = "file" | |
| source = provisioner.value.source | |
| destination = provisioner.value.destination |
|
|
||
| subscription_id = "${var.subscription_id}" | ||
| user_assigned_managed_identities = "${var.msi_resource_strings}" | ||
| use_azure_cli_auth = "true" |
There was a problem hiding this comment.
The use_azure_cli_auth is set to the string "true" but should be a boolean value true (without quotes) or reference the variable var.use_azure_cli_auth. As defined in variables.pkr.hcl line 125, this variable is of type bool, so it should be referenced as:
use_azure_cli_auth = var.use_azure_cli_auth
| use_azure_cli_auth = "true" | |
| use_azure_cli_auth = var.use_azure_cli_auth |
| inline = "${local.reboot_command}" | ||
| pause_after = "60s" | ||
| skip_clean = true | ||
| } | ||
|
|
||
| provisioner "shell" { | ||
| inline = ["/bin/bash -ux /home/packer/install-dependencies.sh"] | ||
| environment_vars = [ | ||
| FEATURE_FLAGS=${var.feature_flags}, | ||
| BUILD_NUMBER=${var.build_number}, | ||
| BUILD_ID=${var.build_id}, | ||
| COMMIT=${var.commit}, | ||
| HYPERV_GENERATION=${var.hyperv_generation}, | ||
| CONTAINER_RUNTIME=${var.container_runtime}, | ||
| TELEPORTD_PLUGIN_DOWNLOAD_URL=${var.teleportd_plugin_download_url}, | ||
| ENABLE_FIPS=${var.enable_fips}, | ||
| IMG_SKU=${var.img_sku}, | ||
| PRIVATE_PACKAGES_URL=${var.private_packages_url}, | ||
| VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp} | ||
| ] | ||
| } | ||
|
|
||
| provisioner "shell" { | ||
| inline = ["sudo /bin/bash /home/packer/generate-disk-usage.sh"] | ||
| } | ||
|
|
||
| dynamic "provisioner" { | ||
| for_each = "${local.midway_file_downloads}" | ||
| content { | ||
| type = "file" | ||
| direction = "download" | ||
| source = provisioner.value.source | ||
| destination = provisioner.value.destination | ||
| } | ||
| } | ||
|
|
||
| provisioner "shell" { | ||
| expect_disconnect = true | ||
| inline = "${local.reboot_command}" |
There was a problem hiding this comment.
Unnecessary string interpolation. The expression "${local.reboot_command}" can be simplified to local.reboot_command since it's already a string value. The same simplification can be applied throughout this file where single values are wrapped in string interpolation without additional text.
| image_version = "${var.captured_sig_version}" | ||
| replication_regions = ["${var.location}"] | ||
| resource_group = "${var.resource_group_name}" | ||
| subscription = "${local.gallery_subscription_id}" |
There was a problem hiding this comment.
The local variable gallery_subscription_id is referenced but never defined. This will cause a Packer error. You need to add a local or variable definition for gallery_subscription_id.
|
|
||
| variable "captured_sig_version" { | ||
| type = string | ||
| default = "${env("$${CAPTURED_SIG_VERSION")}" |
There was a problem hiding this comment.
The variable default value contains a malformed environment variable reference. The syntax "${env("$${CAPTURED_SIG_VERSION")}" has an extra dollar sign and brace. This should be "${env("CAPTURED_SIG_VERSION")}" to correctly reference the environment variable.
| default = "${env("$${CAPTURED_SIG_VERSION")}" | |
| default = "${env("CAPTURED_SIG_VERSION")}" |
| ENABLE_FIPS=${var.enable_fips}, | ||
| IMG_SKU=${var.img_sku}, | ||
| UA_TOKEN=${var.ua_token}, | ||
| VHD_BUILD_TIMESTAMP=${local.vhd_build_timestamp} |
There was a problem hiding this comment.
The local variable vhd_build_timestamp is referenced but never defined in the variables.pkr.hcl file. This will cause a Packer error. You need to add a local or variable definition for vhd_build_timestamp.
|
|
||
| variable "SkipLinuxAzSecPack" { | ||
| type = string | ||
| default = true |
There was a problem hiding this comment.
The default value is set to the boolean true, but the type is declared as string. This type mismatch will cause a Packer error. The default should be "true" (string) or the type should be changed to bool.
| default = true | |
| default = "true" |
| @@ -0,0 +1,265 @@ | |||
| locals { | |||
| // Managed Image settings - empty for ARM64 builds | |||
| managed_image_resource_group_name = lower("${var.architecture}") == "arm64" ? "" : "${var.resource_group_name}" | |||
There was a problem hiding this comment.
The variable resource_group_name is referenced in line 3 but is never declared in this file. This will cause Packer to fail with an undefined variable error. You need to add a variable declaration for resource_group_name.
|
|
||
| run-packer: az-login | ||
| @packer init ./vhdbuilder/packer/packer-plugin.pkr.hcl && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output) | ||
| @packer init ./vhdbuilder/packer/buildconfig/build.pkr.hcl && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output) |
There was a problem hiding this comment.
The packer init command should target the directory containing all HCL files (buildconfig) rather than just build.pkr.hcl. The correct command should be:
packer init ./vhdbuilder/packer/buildconfig
This ensures all .pkr.hcl files in the directory are properly initialized.
| @packer init ./vhdbuilder/packer/buildconfig/build.pkr.hcl && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output) | |
| @packer init ./vhdbuilder/packer/buildconfig && packer version && ($(MAKE) -f packer.mk init-packer | tee packer-output) && ($(MAKE) -f packer.mk build-packer | tee -a packer-output) |
What this PR does / why we need it:
Migrates Packer template to HCL due to JSON deprecation and to make sure of additional Packer features
Which issue(s) this PR fixes:
JSON deprecation, reduces clutter and maintenance issues in the repo