Constraints

• This feature is available for open beta test (OBT) only in certain regions.
• Suggestions on using CCE node images:
  • You are advised to use the default node images maintained by CCE. These images have passed strict tests and updated in a timely manner, providing better compatibility, stability, and security.
  • Use the base images provided by CCE to create custom images.
  • Custom CCE node images are created using the open-source tool HashiCorp Packer of v1.7.2 or later and the open-source plug-in Huawei Cloud ECS. The cce-image-builder template is provided to help you quickly create valid images.
  

  Packer is an open-source tool used to create custom node images. Packer contains three components: builder, provisioner, and post-processor. It supports template files in JSON or HCL format. You can flexibly combine the three components to automatically create images in parallel.

  Packer has the following advantages:

  1. Automatic build process: You can use Packer configuration files to specify and automate the build process.
  2. Strong cloud platform compatibility: Packer supports mainstream cloud platforms and diverse third-party plug-ins, including Huawei Cloud ECS, which is used to connect HUAWEI CLOUD.
  3. Easy-to-use configuration files: Packer configuration files are simple and intuitive to write and read. Parameter definitions are easy to understand.
  4. Diverse image build functions: Common functional modules are supported. For example, the provisioner supports the shell module in remote script execution, the file module in remote file transfer, and the breakpoint module for process pauses.
• Before you create a custom node image, submit a service ticket to:
  • Obtain professional suggestions from CCE service experts on the customization.
  • Obtain the latest node image ID of the CCE service for image customization.
  • If later updates on the CCE node image are incompatible with the customized node image used in your production environment, you will be notified at least one month in advance and receive assistance in adaption to prevent possible failures in node and node pool scaling out.
• When you create a custom node image, make sure:
  • You follow the instructions in this section to prevent unexpected problems.
  • You have the sudo root or root permissions required to log in to VMs created from base images.

Precautions

• Ensure that you have obtained the latest CCE node image ID and use the image as the base image for customization.

• The component package on which user nodes depend is preset in the base image. The package version varies with the cluster version.
• Before you create an image, prepare:
  • An ECS executor: An ECS x86 server is used as the Linux executor. You are advised to select CentOS 7 and bind an EIP to it so that it can access the public network and install Packer.
  • Authentication credentials: Obtain the AK/SK of the tenant or user with required permissions. For details, see How Do I Obtain an Access Key (AK/SK).
  • Security group: Packer creates a temporary ECS and uses a key pair to log in to the ECS using SSH. Ensure that TCP:22 is enabled in the security group. For details, see Security Group Configuration Examples.

Creating a Node Image

1. Log in to the ECS executor, download and decompress cce-image-builder.

   wget https://cce-north-4.obs.cn-north-4.myhuaweicloud.com/cce-image-builder/cce-image-builder.tgz
   tar zvxf cce-image-builder.tgz
   cd cce-image-builder/

   

   The cce-image-builder contains:

   • turbo-node.pkr.hcl # Packer configuration template used for creating the image
   • scripts/* # CCE image creation preset in the template. Do not modify it. Otherwise, the image might become unavailable.
   • user-scripts/* # Custom package script directory preset in the template. Take example.sh as an example. When you create a custom image, the image is automatically uploaded to the temporary server and executed.
   • user-packages/* # Custom package directory preset in the template. Take example.package as an example. When you create a custom image, the image is automatically uploaded to the temporary server /tmp/example.package.

2. Install HashiCorp Packer. For details, see the official documentation.
   

   Install Packer of v1.7.2 or later.

   Take the CentOS 7 executor as an example. Run the following command to automatically install Packer (for reference only. For detailed operations, see the official guide):

   # Configure the yum repository and install Packer.
   sudo yum install -y yum-utils
   sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo
   sudo yum -y install packer
   
   # Configure an alias to avoid duplicate Packer binary in the OS and check the Packer version.
   rpm -q packer
   alias packer=$(rpm -ql packer)
   packer -v

3. Obtain the parameters required by cce-image-builder/turbo-node.pkr.hcl and configure the parameters using environment variables.
   

   The turbo-node.pkr.hcl file is the configuration template of Packer. It defines the complete image build process. For details, see Packer Documentation.

   • variables/variable

     Variable definition. turbo-node.pkr.hcl defines the parameters required in image build. You can set the parameters based on the live environment. For details about the parameters, see Table 1.

   • packer
     Definition of the packer module. required_plugins defines the add-on dependency of Packer, including the add-on source and version range. When you run packer init, the add-on is automatically downloaded and initialized. No manual intervention is required.

     packer {
       required_plugins {
         huaweicloud = {
           version = ">= 0.4.0"
           source  = "github.com/huaweicloud/huaweicloud"
         }
       }
     }

   • source

     Definition of source. The preceding defined variables are referred to automatically set the parameters required for creating an ECS.

   • build
     Definition of build. The scripts are executed from top to bottom. Common modules such as the file upload module and script execution shell module are supported. For details, see the following example:

     build {
       sources = ["source.huaweicloud-ecs.builder"]
     
       provisioner "file" {
         source      = "<source file path>"
         destination = "<destination file path>"
       }
     
       provisioner "shell" {
         scripts = [
           "<source script file: step1.sh>",
           "<source script file: step2.sh>"
         ]
       }
     
       provisioner "shell" {
         inline = ["echo foo"]
       }
     }

   export REGION_NAME=xxx
   export IAM_ACCESS_KEY=xxx
   export IAM_SECRET_KEY=xxx
   export ECS_VPC_ID=xxx
   export ECS_NETWORK_ID=xxx
   export ECS_SECGRP_ID=xxx
   export CCE_SOURCE_IMAGE_ID=xxx

   Table 1 Variables configuration

   Parameter	Description	Remarks
   REGION_NAME	Region to which the project belongs	To obtain the region information, go to My Credentials.
   IAM_ACCESS_KEY	Access key for user authentication	Apply for a temporary AK and delete it when the image is built successfully.
   IAM_SECRET_KEY	Secret key for user authentication	Apply for a temporary SK and delete it when the image is built successfully.
   ECS_VPC_ID	VPC ID	Used by the temporary ECS server, which must be the same as that of the executor
   ECS_NETWORK_ID	Network ID of the subnet	Used by the temporary ECS server. It is recommended that the value be the same as that of the executor. It is not the subnet ID.
   ECS_SECGRP_ID	Security group ID	Used by the temporary ECS server. It is recommended that the value be the same as that of the executor. Alternatively, allow the executor can be logged in to using SSH.
   CCE_SOURCE_IMAGE_ID	Latest CCE node image ID	/

   Note: Retain the default values of other parameters. To modify the value, refer to the description in the variable definition in turbo-node.pkr.hcl and configure the value using environment variables.

   Use the ECS flavor variable ecs_az as an example. If no AZ is specified, select a random AZ. If you want to specify an AZ, configure an environment variable as follows:

   # export PKR_VAR_<variable name>=<variable value>
   export PKR_VAR_ecs_az=xxx

4. Modify the user-scripts and user-packages directories in cce-image-builder. Modify or add the file and shell module configurations corresponding to turbo-node.pkr.hcl by referring to 1.
5. Run the make image command and wait until the image creation is complete. The process takes about 3 to 5 minutes.
   

   In the encapsulation script packer.sh:

   • Automatic access of hashicorp.com by packer is disabled by default for privacy and security purposes.

     export CHECKPOINT_DISABLE=false

   • The debugging detailed logs option is enabled by default for better visibility and traceability. The local packer build logs packer_{timestamp}.log is specified so that the logs can be packed to the /var/log/ directory during build. If sensitive information is involved, remove the related logic.

     export PACKER_LOG=1
     export PACKER_BUILD_TIMESTAMP=$(date +%Y%m%d%H%M%S)
     export PACKER_LOG_PATH="packer_$PACKER_BUILD_TIMESTAMP.log"

   For details about Packer configuration, see Configuring Packer.

   Log when the image build is completed:

   

6. Clear the build files on the executor, mainly the authentication credentials in turbo-node.pkr.hcl.
   • It is recommended that the executor be directly released. If the authentication credentials are temporary, delete them directly.
   • If it is an automatic build, you are advised to add post-processor in the configuration file to execute related operations.

7. After the image is created, log in to the IMS console and locate the created image (default name: image-by-packer-xxxxxx, and xxxxxx indicates the creation time). Access the image details page and delete the cce-created-at, cce-created-by and cce-created-from tags.

   

   You can also change the image name.

   When you create a CCE node or node pool, you can select this image from the private image list.