Using Packer for regular patching of AWS EC2 Windows instances

[Aman Sharma]

Hi,

I'm rather new to Packer, Vagrant, and AWS in general. I followed this guide: http://pretengineer.com/post/packer-vagrant-infra/#fnref:1, which describes a workflow that uses a pre-baked AMI with Vagrant and Packer to create EC2 instances, specifically Windows instances in my case. I understand that Microsoft releases monthly security patches and AWS subsequently releases a new AMI, making the previous AMI created with Vagrant and Packer old. What would be the best way to apply this patch to currently running instances. Should I go through the above process again of creating a pre-baked AMI, this time with the newly released AMI? And then replace my existing instances with new instances built on this new AMI? Wouldn't this be too cumbersome to do every month, or is there some way to automate this process? Or is there an entirely different solution to deal with the monthly patches? As you can tell, I'm completely new to server management and would really appreciate some guidance on this.

Thank you!

 

[Alvaro Miranda Aguilera]

Hello,

If you only require patches, you could turn on the AMI, run some script to patch/reboot/patch/reboot and have your same AMI updated.

Otherwise, you could use some glue outiside packer to take a variable from command line to use the new patched MS AMI.

then, you could create a new one like this:

packer bulld -var sourceami=new_ami_id template.json

Make sense?

alvaro.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/eb110e51-c733-474d-89ae-215000734765%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Aman Sharma]

Yes, just so I'm clear, you are saying there are two options - I could just run a script to patch the currently running instance. Or I could use Packer to create a new AMI from the new patch. Then I would create a new instance from the new AMI. What would be the benefit of the second method? With both methods, I would need to shut down the current instance and there would be some down time, correct? Is there some way to automate this monthly patching requirement?

[Alvaro Miranda Aguilera]

Hello Aman,

Packer is to be used to create an AMI, and that AMI can be used to deploy new Machines from there.

Once the Machine is deployed, I believe the best will be work in production regime of how to manage those boxes.

In some services, you can deploy a new server fully updated, and then do a decommission the old one.

Are several ways of doing it, but packer is just to create a new base AMI.

You could check into terraform for a blue/gree deployment.

I can suggest check this:

https://www.hashicorp.com/blog/atlas-artifact-pipeline.html

http://containersummit.io/events/nyc-2016/videos/automating-infrastructure-with-packer-and-terraform

Alvaro.

To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/6c3fd514-1748-4837-9b18-7a8f636534b1%40googlegroups.com.