HCP Packer Is Now Generally Available

We announced the public beta of our HashiCorp Cloud Platform (HCP) Packer service at HashiConf in October. Since then, we’ve seen quite a few organizations adopt it. Today we are pleased to announce that HCP Packer is now generally available. HCP Packer configures and manages images across clouds automatically, improving your workflows. It also provides a standardized way of securing images across an organization.

This GA release includes new features not present in the beta, including security workflows as well as the ability to track and query images that use your own custom metadata. Terraform Cloud Business tier users will also be able to integrate HCP Packer image compliance checks into their Terraform Cloud workflows. This enables customers to check all Terraform configurations for images flagged for revocation within HCP Packer.

The HCP Packer Standard tier allows you to track 10 images and make 250 API requests for free each month.

»A Multi-Cloud Golden Image Pipeline for Terraform Provisioning Workflows

Many organizations’ application stacks use the same operating system and system-level security tools. To keep things DRY and avoid creating the same image for this operating environment over and over, it makes sense to codify a single “golden image,” which can then be used to track and update this base image across stacks using automation.

The concept of using golden images is not new. Why does it make sense to codify images using HCP Packer instead of other tools?

• You can configure golden images using HCL2, which makes it easy for Terraform users to work with.
• A single Packer template can configure an image for Amazon Web Services, Microsoft Azure, Google Cloud, and even private infrastructure.
• HCP Packer now integrates with Terraform Cloud, so DevOps teams can add security and automation for their images using the same workflows they use for provisioning virtual machines.

»Build Downstream Images on Top of Codified Golden Images Across Clouds

Many of the organizations we talked to about build management kept track of their images across clouds in spreadsheets. Some sought to have a standardized means for updating images, but struggled to get visibility for images across clouds. Some organizations still update images manually.

Codifying base images across downstream images provides visibility into how they are used and enables teams to update them using automation. HCP Packer can codify a base image as a golden image using channels, enabling your teams to automate updates to its downstream images with a single packer build. Not only can this golden image be used to automate base image updates across a single cloud, the same golden image can be used to automate image updates across multiple clouds and private infrastructure.

HCP Packer updates a version of Ubuntu across downstream images.

HCP Packer saves every update to your image as an iteration within an image bucket in your registry. HCP Packer will also tell you all of the artifacts associated with that particular iteration of this image across multiple clouds.

»Integrate Golden Images into Terraform Configuration Files

A key mantra of HashiCorp is “workflows, not technologies.” People who provision infrastructure often manage images, so we aim to make their workflows as simple as possible. By defining golden images as a data source that is consumable by Terraform, other teams can always find the right version of an image for their provisioning pipelines.

You can integrate golden images into Terraform configurations using the HCP provider for Terraform. This provider makes HCP Packer’s data available as a data source. Instead of updating hard-coded Amazon Machine Images (AMIs) or VM images within your Terraform configurations, your teams can use the channel ID that defines your golden images. Once that channel is updated, a single terraform apply will update the golden image. In the time it takes you to brew a pot of coffee, you can update an image used within numerous application stacks across multiple clouds.

»Enforcing Image Compliance Using Terraform Cloud

As we talked to customers about their image management practices, we found that many wanted to set processes for deprecating older images, but struggled to do this across multiple application stacks and clouds. HCP Packer now allows you to set end of life (EOL) dates for images, or revoke images immediately as necessary. If your team schedules an image to be revoked, it will no longer return queries from the HCP Packer API after that date.

Setting up EOL dates is one thing, but enforcing action on these EOL dates is something else entirely. HCP Packer integrates with Terraform Cloud using run tasks (currently in beta), which are available to Terraform Cloud Business tier users. If you try to execute a terraform plan for a configuration that includes a revoked image, Terraform Cloud will let you know. The more visibility teams have into the images that are up-to-date, the easier it is to improve security and compliance across your organization.

»Getting Started with HCP Packer

We aim to make it easy to get started with HCP Packer. Your team can get started with a Standard plan and track ten images per month for free. After that, it’s just $5 per tracked image per month. Sign up for free.

If you haven’t used Packer yet, this New to Packer? HashiCorp Learn guide will walk you through the basics. If you know Packer already, there are Learn guides for building golden images as well as integrating with Terraform.

»Getting Your Organization Started with HCP Packer

Do you want to implement HCP Packer across larger and/or multiple teams? HashiCorp is launching a Plus plan in Beta. This already includes image compliance checks, which allow Terraform Cloud to scan configurations for hard-coded AMIs that are set for revocation. Using this integration will make it easier to track and enforce compliance across all provisioning pipelines. Going forward, we plan to enhance HCP Packer Plus with more features that simplify image management at scale. If you’re interested, please contact us for more details.