Tuesday, June 26, 2018

Experiments with Packer and Vagrant (Fini)

I spent time exploring HashiCorp's Packer and Vagrant tools. My objective for this exploration was to understand how Packer and Vagrant could help me develop and maintain my infrastructure. I like both tools. I like them a lot.

The power of Packer is that it turns infrastructure into code. You can configure virtual machines using Packer with a small collection of scripts. The advantages Packer introduces are the ability to use source control to manage the configuration. This permits the update of the virtual machine through the modification of these scripts.

The power of Vagrant is that it enables deployment of the virtual machine. It's genius is that you can use Vagrant to deploy clusters of virtual machines. My use case is the deployment of continuous integration servers but I have other use cases wherein web servers and application servers can be created with the Packer and Vagrant combination and then deployed into a test and production environment.

The main contribution my exploration makes it that I introduce my own SSH key pairs into my Vagrant Boxes and I took steps to update the Kickstart Configuration and Preseed files with encrypted root passwords. I also locked out the Vagrant user account so that access to the virtual machine can only occur over SSH using my key pair.

I developed a collection of make files to coordinate provisioning the Vagrant Boxes. I don't actually like the target structure used by these make files. In hindsight they would be more useful if the target names reflected the purpose of the Vagrant Box (i.e., web server instead of delian-jessie).

I use a script to generate my Kickstart and Preseed files. Possibly useful for examples.

I don't like the way my Packer template provisioning scripts are structured. I initially thought that separating scripts by service (e.g., nfs instead networking). Ultimately I think that a better structure for provisioning scripts is closer to the purpose of the Vagrant Box.

For example, to build of a developer and production environment I want makefile targets like:
  • base_box (provision to enable vagrant user)
  • developer_box (provision to enable vagrant user and developer tool chain)
  • production_box (provision to enable vagrant user and no developer tool chain)

and scripts that provision these boxes. In this example, creating a developer box should rely on the base box script and the developer box script. This enables a minimal approach to creating additional boxes.

My production box need ever be provisioned to include a developer tool chain, which ensures that only production services and applications flow into the production environment.

The source: experiments with Vagrant