 Morning everyone, thank you for attending and we're here to welcome Phillip Bueller who will be talking to us about open BSD and Open BSD VMM and Packer Good morning, everybody. I hope it's not too early on a Sunday morning after the social event is always a bit of a problem Having a talk in this slot and I see it's not that many people but hopefully on the stream and the recording later on We'll reach out for you know people who are interested in that Only quick introduction about the company like you can read all that and we have been found it in 2000 and we are doing cloudy things even before the term cloud was ever coined. So that's about that and myself I'm doing UNIX administration for Well, just around or a little bit more than 25 years So who is already using a packer? Oh, that's Who knows what packer might be is okay. That's a bit more people. Okay Thanks, so The major thing every everybody wants to have with virtualization Segmentation and running around with their laptop having half the infrastructure on it All the hypervisors have basically the least common denominator and that's having kind of a Box or image file where you have a raw disk with your installed system some metadata about how many CPUs RAM usage, whatever and Apparently It's like XKCD story. Oh, we have 14 standards. Let's invent the 15th So Every hypervisor out there has its own metadata format, but basically it's always the same stuff just packed a little differently and That's the first thing you you have to address if you want to do some automation in that area the the other objective for me is to have Not only infrastructure as code but infrastructure to go Like I want to have my automation script on the laptop so I can work on it while being on the plane and This also adds reproducibility Because I'm just running exactly the same code on the laptop and on the big machines in the data center This is reached by what packer can do is It works cross-host or even cross virtualize or so you can just interchange the same script Between something like OS X with virtual box AWS with a my images and Since this project you will be able to do that without missing VMM. So creating those images I usually something like I Didn't write out that one, but like you can do in virtual box application measure export this machine as a new box And typically it will begin that people write a shell script around we box manage or something like that. So that's creating your own shell script the worse version of that is you pull something from github you have never seen before and just pipe it into sh or You have those guys doing that at night and when You need a new image. For example, there was Some CVE and security problems or you have to recreate the image the guy is having a hangover or is on vacation Well, nobody can do it. I Was just adding that after yesterday You can replace the shell script with pearl of course By the way, Ansible or something like that isn't the key thing here because we are talking about Virtualized bare metal so there's no python yet. So you cannot do chef ansible whatever but I Will come to that at a later point where you can hook in For example Ansible. Yeah, well and then packer comes into play Who knows and is using vagrant or wake around like I like it to say. Oh, that's not so many as well But this is vagrant It's just an abstraction layer for hypervisor management And this is from hashy corp Packer is also from hashy corp So in their very own description you can can read that yourself. I hope it's readable Okay Vagrant is written in Packer sorry packers written in Golang the very packer core is only a communication proxy doing RPC Within other code bases. So every actual Fingy doing something you can see is a plug-in and it's talking why are this Corporate wider where RPC calls and then reaching the other plugins like hey, I have finished something Please please take over and do do your stuff and the configuration for packer is just one jason file and For the easy and typical cases. This is something like I have an example later on It's maybe like 15 or 20 lines maximum for actually build description But you can make it a bit more complex if you want to spit out Images for like five or six hyperwisels but it's not really a difficult format to understand and you can have a second file like Location or host specific variables file, but that's optional Options are good if they are optional so Every toolkits whatever comes with its own terminology and I will go over that Quickly because that's important when I'm just saying like oh There's a template. Yeah. Well, what could that be because everybody's understanding something different given only to know in itself so Speak is artifacts which are the resulting image files the hypervisor can directly consume a build a running build is just The plugins and the core doing its thing to create artifacts The builders are the actual code base that will be run To have a build and then creating an artifact Then they are provisionals like after spinning up the VM and the builder can then Do its thing to bring up the VM launching or let launch the kernel and If you want to do additional customer customization, which is the main point here anyway, so you can Hook in just maybe something like two or three lines of our shell script like package at Python and You can then also I'll go and Call within packer say oh, please use Ansible and this and that Playbook provided from over there or you hook in chef and all that they are way more That's on the next slide and then there's post-processing which is actually Tearing down to we am Like in virtual box terms like exporting it and then making a touch is that file with the raw disk device Depending on a hypervisor OVF XML files and all that whatever is needed that you have a valid Virtual box box or am I image to be used in Amazon cloud and all that and templates in package speak is That's just a configuration chasing. It's not like you're having A VM image as a template you will be modifying Because many other things in this area will have the terminology that a template is just An image you are modifying So as of At least some weeks ago Those hypervisors are supported By the packer as distributed by hashy corp That's a lot of things already Including stuff I never have heard of before like profit breaks whatever and Since the whole packer structure is a plug-in base anyway it's very easy to add additional builders and You can just pack them in some I think it's like three three Directories where a packer will look for legitimate plugins you could call and Besides that many The third party world I think this list goes on for maybe another 20 or something so more or less everything Out there doing hypervisor stuff is already supported what was missing VMM So I think it was in Bucharest Where Antoine was approaching me like are you doing all this background stuff? Please add OpenBSD VMM support to packer because packer itself Was already ported to OpenBSD And you can use it right now To create Amazon images you're doing that So after the bringing up the VM and Doing let's say the other install features of Of the operating system itself like other install in OpenBSD or kickstart in anything redhead based or all this stuff You can also hook additional provisioning which Has a built-in support like distributed of those things Even here I learned something new like breakpoint a breakpoint on masterless Just another Not invented here thing or something and of course you can add third-party provisioners as a plugin as well But that's not covered here because we are or I was concentrating in this area On the OpenBSD side everybody knows OpenBSD Not everybody But I was adding this here for reference and completeness So you have the kernel side of things you have a userland daemon handling the VM and userland CLI to start and stop the VMs and all that and a configuration file you Do not necessarily need but if you want to persist your configuration and I think Switch setups are only possible with VM.conf Yeah, but I'm not not using switch as of now. So I don't need that One concept in Packer is baked in already it tries to use at The least privilege needed That's a nice thing and if it needs privilege for doing whatever It will by default called Zudo, but that won't be any good any longer than OpenBSD, but do as support is not a problem Sorry There's only one thing I will be talking about the details in a bit While Packer is handling the build You cannot access the terminal. So you cannot type in a password It would be possible to do something like ask pass password upfront and Then pass it into the session. But if this is running longer than five minutes the Credential will time out and you would have to type in again and that's impossible So you have to have a do as configuration this Works with no pass because persists timeouts too early Typically if you are installing Doing a custom build auto install you will need to reach out Well, at least Farther than the host you are building on so on the host you need a PF configuration like that for the domain resolution and the actual HTTP requests making happen to fetch down new packages or whatever Configuration service you need so and since we are using that we need IP forwarding enabled And of course you have to start VMD. That's all the dependencies you have Before you can use Packer with this plugin I've written So We have kind of stage here so not like in Tokyo where you can just rush over there and So if you have questions We are doing that at the end of the talk and I will be in the hallway for the next hour Needs in terms of tooling and space for developing packer plugins all of them As you need go link packer and get which are easily available packages and open beasties, or that's a no-brainer You obviously you need an editor of your choice I was adding editor not only visual because of all that ad hype lately The go dependency needed for this plugin around 1.5 1.5 gigabyte And then it depends on what you are actually doing like if you are making super lean images with 1 gigabyte Root disks you will need less space if you're doing something with what 100 gig you will need way more. So that's obvious In the in the source layout There are like two Breeds in the packer Ecosystem like the one breed is doing everything in the Well root directory of that repository, but I think it's a bit nicer to have a make file read me and maybe the main entry hook in Root directory, but Well hiding the dirty work somewhere else like in the cellar so I'm doing that in a sub directory and From the source files perspective Just some simple make file to make things nice like I'm even doing the presentation with make show Presentation VM it's some oh by the way all the slides on GitHub and all that so getting a link on the last page and even the Presenting the presenter. We am and the presentations all on guitar. It's all self-hosted more or less Well, I'm not hosting GitHub, but Get the idea So the make file can do building the plug-in install it in the corresponding directory VMB is building a test we am with that builder then format and vetting for um Go let's say linting and formatting and all that and yeah, what has been uninstalled is Speaking for itself in the main go source file. There's only like ten lines or something like that Which is actually importing the builder into The packer world And it will have a plug-in type of server So on the RPC side of things you always have a server and a client. So this builder is a server connecting to the core RPC Run go routine from from packet itself it will register under its name like If you are having then a configuration that says Builder VMM open BSD the RPC server has to have knows where is that plug-in running in terms of RPC addressing and then it will just Being involved as a go routine or in simpler Unix speak it's spinning around so it's acting more or less like a demon Config go Isn't about Pousing the configuration because that is packer doing for us already You only define a big Struct where all the keywords and the value type are being defined and that's all you have to do everything else is more or less popping out of the chasen and other parsing stuff that The packer core is already doing for you. Actually, it's a config plug-in of packer doing that for the core and Communicating you the resulting data structure into your plug-in Yeah build ago itself will be doing well the rough groundwork for all of it like Bringing the code into life anyway using the configuration struck into Your running instance like in your build So the builder is populating Build with config And then run a tokenized build structure, you will see that with steps on the next side What's happening over there, and yeah, well of Nicely you can cancel it Which is nice in that way that packer is doing if you're doing doing multiple artifacts like you are building from the same build Post-processing into Amazon Google Cloud virtual box and whatever you could take ages and you can cancel the build and Packer won't just Shoot the routines in the head like kill-9 or something like that, but it will first signal over RPC. Hey, please stop Cancel and then You can have code When this cancel comes it's like you are doing in in the sea world Just having a trap handler for sick stop So you can actually do cleanup when a cancel happens Singapore Try we go and you can name that Whatever you want to but it's If you want to have a community around it well use this terminology and find him so people know where to look into what for So the driver holds the code this actually doing More or less Shell-exec or something in in this case it's like spitting out Needed VM CTL call with minus capital L minus Whatever needed disk images over here and all that I will talk about this fix me on the Outlook future and whatever page Because that's still a bit of a problem here to To get the IP address needed for the so-called boot command so when packer build starts the builder is instructed to Launch the VM via VM CTL with a connected theory console and this theory console won't be connected to your terminal but to a packer internal TTY handler and Packer is then able I have a demo of it To type in commands like If you're old enough and you remember an XPEG or something like that So you can interact with with that and packer is doing this. I Have only to press 1a or so Leave it to the machines And there are several step whatever goes Go files and It's just depending what you are actually doing. So Splitting it up that massively into single files which are then Like out out there is probably only like 15 lines or something might look a bit Yeah, well spending a lot of effort for no real gain, but It's it's the way the packer community is doing this Just follow the herd Otherwise you are annoying as a service as we have look So out there is creating just just mkdir and checking permissions and all that and then creating a disk with VM CTL great in Q-Cow or raw, whatever you have defined in the configuration Chasen Get VM params holds cold code To retrieve information and put it in a so-called Stateback this state back is only Let's say alive while the build is running and it's a possibility that all those Plug-in components can write into like a temporary configuration buffer So you can write into it like it's put And then you can from a from another Wherever you are you can get this information so we have a conflict passing which Is there for the reason that Packer is doing parallel stuff and you don't want to pass this information via function parameters or something like that You write the information into a bag and then multiple functions when they need it can read it from there And that's the main difference to just having a function call with 20 arguments or something like that So launching the VM is why the driver VM CTL start obviously and doing all that Right now especially for debugging purposes if the startup doesn't work because maybe you ran out of RAM on the laptop or wherever I'm not yet having the necessary cancel code to shoot down the VM Properly like you know peak hill and all that so It's not happening that often and I'm just right now leave the VM running so I can connect to it Analyze it whatever and not just shooting it away and then you have difficulties To do a post mortem Analyzes of what what happened what did what did go wrong? Boot command is doing Exactly that thing. I was already talking about like you have a keyboard typing machine that pack up provides and In the early days people have been using that Having a boot command with something like a hundred lines or all that like Running the installer in Interactive mode and then instead of typing this is my host name whatever you can do that in the boot command array but that's super tedious because if Well, something is not quite right Especially on the timing part of things like Packer can type Very slowly, but it cannot type very fast. It's a bit crazy and Well, it wasn't only one build that failed because boot command was typing too fast or too slow or the wrong thing at the wrong time Well auto install to the rescue obviously There's one problem here packer will run up if you if you tell packer to do it Packer can run up a built-in HDBD server which will serve files from it's from a configured Directory somewhere on the host and it will run it on On just some some random high port north of 8,000 or so and auto install isn't capable of that so if you're doing a pixie net boot with DHCP provided file name auto install The shell script auto install will happily run off ask the DHCP server or This next server supported already I Don't know no matter what In the whole thing of that there is no Possibility to say something Yeah, what wait a minute our install repository server is on a port different than port 80 Just doesn't work so I'm not doing in this plugin a real A real or faked or whatever if it would be functioning anyway Pixie based net boot auto install, but actually doing an Interactive install by from the way the VM is booting and then the boot command only is Configured press capital a plus Passing this URL With the dynamic IP and port that is only valid for this very one-built running Okay. Yeah So already there Demo time Like I said the configuration isn't like very complicated or something just like names This size this form and whatever where where to fetch the ISO image either from this Local disc or HTTP or whatever and here's the thing with the boot command Do auto install and here is a URL and packer will provide this variable to me And no I have to provide this variable by looking up tap interface And the port will be provided via the state back configuration So some plug-in elsewhere will write this information into the back and I can read So The demo here the odd install demo cast is within the repository as well. So you can just replay that Start readable Down there. Okay. Cool. Oh Hang on So I'm using this as cinema, which is a really really nice tool to record terminal sessions, so this is This is just a little HP microserver sitting in our office, so this this is lap time I'm doing this right here because Serial consoles can only be connected once so I need to see a console within packer itself for boot command If you do a second session with screen or see you or tip or mini-con whatever Connecting to the same serial console. Yeah, well fireworks actually, you know It's more like dark black hole because nothing will happen anymore Until you kill the VM and all that so I'm writing from packer into a log file And I'm tailing that instead of having the serial console output here So just pack a build and you're chasing file And packer will print in nice greenish color. Yeah, I know no colors Creating the disk image that is what out there and all that this doing bring up the VM and then you just have Open is the booting itself Here this built-in HTTP server is starting up and now you see oh, it's just here The I It's the first ID and boot weight is a parameter for the boot command How long to wait until you should do that? It should be dynamically waiting for the question instead of waiting a fixed time but one thing after another and What here you have to think I'm typing in a for auto install it will try To boot to fetch it from port 80, but it doesn't work and the fall big is to ask for the URL again and This is where packer is typing in the URL and then it's fetching the install isoconf Odin sort configuration file and then auto install is doing what it's doing One thing with this my log is you will see there is no Progress bar here until it's finished. This is because this TTY catcher waits for a line feed So it's not printing every character by its own But when the line is finished it pops up at 100% so this is time lapsed The first time I was doing they're like shit. Nothing happens and then suddenly it continues Yeah all this just standard auto install stuff and then We have the installer will try to reboot But in this case it will actually fail to reboot because it has no idea what it was Running just before so actually it's convenient because I need a stopped VM to export it anyway So it's rebooting but actually saying rebooting, but it's actually stopping the thing Yeah, and then you have a 900 Mac nice nicely usable image So status you have seen what it can do All the basic basic stuff is there Wow getting a lag here So it's only two pages no worries Although all the basic needs are there the only thing is Battery dying. I don't know is The function get tap IP address If you want to have details about that as I said, I'm in the hallway the problem is Packer needs to know the IP address of the hosts tap interface Where it will be where it is binding built in HTTP server and Right now I have some assumptions in the code about something and assumptions is the motto of all fuck ups. So I have to fix that and Future plans Would be like having a disc label configuration Option multiple discs more networking and all that that will be something for next year Integration making packer itself of the packer build a plug-in or package ports and the same thing with Vagrant and then creating more or less a little bit of an ecosystem and Maybe some read me about how to integrate that with our domains and then using related on the outside and all that The other day you will have puff launch, which will be cloud on your laptop with open is the only So the slides are on github this is a just Static location leader it all started So the idea was coming from Antoine in bookers, but actually hacking started in Glaris VMCTL minus capital B to fake. I'm a netboot The idea of that was developed in in Glaris as well and Claudia was taking it into the Into the gang and then something like minus capital B happened And that's very convenient even if you are not using packer and that's all good Rubin out helped me with some ghost stuff and adding ISO and Q cow support for the discs Multidisks support will be the next thing or growing file five systems and all that So I think questions will be a bit of a problem time wise Okay, so here's the URLs like I said presentation. It's all online and Thank you open for questions for minutes, whatever nobody are come all Me sure you have questions Okay, can you hear me? Okay. So you were talking about spuff lunch, right? Have you tried to do like a queuing system for if you need for example multiple machines at once? You don't need to do that because packer is absolutely capable of it was in the in the internal description like every step of those five major steps in a packer build will be run in parallel By default packer will be taking care of it. So you do not need to you have your own Kind of queuing parallel parallelism. That's why it everything is doing RPC and not direct serialized calls Okay, even for the logs and if you want to use a database for keeping machines or something. Okay. Thanks Is there a special reason that You run the installation isn't it possible to pack the image by itself? So just create an image and pack the install files into it directly It's instead of run the whole installation of which machine Why are there ten religions? That's all the answer like the the one kind of breed is doing images and Recloning them and modifying it and the other breed is doing completely customized full builds And this is about full builds if you want to do it differently use something else And just ask for the advantages you have if you do it this way because I try this myself But just for one specific cloud we have in our company and there I am copied the The build infrastructure of how Install ISO is is is done and just ask what the what your advantages is if you do it this way hang on If you have an MI image or virtual box box You are having this one box and then you clone or import it and you can still Manipulate customize it This thing is not about instantiating a VM, but building the underlying image So you can customize the images Upfront or you're doing more or less a simple image like just Plane six five install like in the demo and then while you are instantiating it with Amazon or recurrent Then you can still have provisioning afterwards. So It's just different area What we are talking about Okay, thanks