This blog post will demonstrate how to implement a feature added to Packer in version 1.6.3. This feature provides the ability to mount multiple ISOs on a Proxmox VM, as Proxmox does “not” support virtual floppy drives. Since Proxmox does not support virtual floppy drives, you cannot provide the Autounattend.xml file to automate the installation and initial configuration of Windows. By converting the Autounattend.xml file to an ISO, we can now mount an ISO to install the operating system and an ISO containing the necessary files for automated installation. Finally, I will use Vault to store sensitive values needed by Packer to create this VM.

What is Packer?  

Packer is an open-source tool used to create identical machine images for multiple platforms from a single source configuration. Packer is lightweight, runs on every major operating system, and is highly performant, allowing you to create machine images for multiple platforms in parallel.

Installing Packer v1.6.3 on macOS  

brew install hashicorp/tap/packer

Install Packer  

packer -v

Ensure the version is 1.6.3 or higher.

Setting up Proxmox  

Download Windows and Windows VirtIO driver ISOs  

You can instruct Packer to download ISOs via URL, but for Windows, I find this process tedious. First, Packer must download it locally to the machine executing Packer. Then, Packer must upload the ISO to Proxmox. Since my server is remote, with an upload speed of 5MB, it takes about two hours to upload an ISO to Proxmox. As my Proxmox instance has 1GB network bandwidth, downloading the 4GB ISO directly to Proxmox takes only a few seconds. If you prefer the ISO URL download method, skip this section.

SSH into the Proxmox node  

Setting up Vault  

Recently, I’ve been integrating Vault into many of my projects, and I will continue doing so here. If your environment doesn’t have Vault, you can replace all  { { vault “<secret/path>” secret} }

with actual values, and you can skip this section. If you want to learn how to integrate Vault into your Packer build, keep reading.

Enable the secrets engine  

Setting up policies  

vault policy write packer-read-only vault_policies/read-only.hcl

Add a read-only policy for Packer secrets  

vault policy write packer-admin vault_policies/admin.hcl

Add an admin policy for Packer secrets  

Attach the policies to their respective users.

Proxmox secrets  

vault kv put secrets/proxmox proxmox_url=https://<Proxmox IP addr or FQDN>/api2/json

Set the Proxmox URL  

vault kv patch secrets/proxmox proxmox_host=<Proxmox node name>

Set the Proxmox node to create the VM on  

vault kv patch secrets/proxmox proxmox_username=<proxmox_username>@pam

Set the Proxmox username  

vault kv patch secrets/proxmox proxmox_password=changeme

Set the Proxmox password  

vault kv patch secrets/proxmox proxmox_skip_tls_verify=false

Define whether Packer should verify the TLS certificate  

vault kv get secrets/proxmox

Windows secrets  

Since most of these values aren’t sensitive, I provide a  

vault-win10x64-vars.json

This can make the process easier. Vault will accept the secret key-value pairs from the JSON I provide with non-sensitive values.

Set the username used by WinRM  

vault kv patch secrets/packer/win10x64 winrm_password=vagrant

Set the password used by WinRM  

vault kv get secrets/win10x64

Writing the Windows version for Packer  

Converting Autounattend.xml to Autounattend.iso  

In a typical Windows installation, the Autounattend.xml is provided via a floppy device. However, as I mentioned above, Proxmox does not support floppy devices. This new Packer feature provides the ability to mount multiple ISOs for Windows VMs, so we must convert the XML file to ISO.

git clone https://github.com/CptOfEvilMinions/BlogProjects/tree/master/packer-windows

cd BlogProjects/packer-windows

macOS  

hdiutil makehybrid -o Autounattend.iso -hfs -joliet -iso -default-volume-name cidata <input_directory>

If the command runs successfully, you should have generated an Autounattend.iso  

scp Autounattend.iso <username>@<proxmox>:<ISO directory>/Autounattend.iso

Linux  

mkisofs -J -l -R -V “Label CD” -iso-level 4 -o Autounattend.iso <input_directory>

Packer Build  

Variables  

By specifying Vault as the location for Packer’s secrets, it will contact Vault. Vault not only holds sensitive values but can also contain values used to standardize build templates, such as VM name, VM template description, the number of CPU cores, and the amount of memory allocated to the VM template.

Proxmox  

proxmox_url

– Specifies the Proxmox location by designating the API’s location, e.g.:  

proxmox_host

– Specifies the Proxmox node where the VM will be built  

proxmox_username

– Specifies the Proxmox username with permission to create VMs  

proxmox_password

– Specifies the Proxmox password with permission to create VMs  

proxmox_skip_tls_verify

– Specifies whether Packer should verify the TLS of the Proxmox service

WinRM  

winrm_username

– Specifies the username the unattended.xml file will create for the default user  

winrm_password

– Specifies the password the unattended.xml file will create for the default user

Virtual Machine  

vm_name

– The VM template name  

template_description

– The description of the VM template  

iso_file

– Specifies the location of the ISO on the Proxmox cluster, e.g.:  

<proxmox datastore path>:iso/<ISO filename>

e.g.:  

local:iso/Fedora-Server-dvd-x86_64-29-1.2.iso

Packer documentation on iso_file  

vm_cpu_cores

– Specifies the number of CPU cores allocated to the VM template  

vm_memory

– Specifies the amount of memory allocated to the VM template  

vm_disk_size

– Specifies the size of the virtual machine’s template disk

Packer Build  

export VAULT_TOKEN=`vault token lookup –format=json | jq -r ‘.data.id’`

Request the user token and store it in Packer’s environment variables  

packer build win10x64-enterprise.json