Building Images for Oracle Cloud Infrastructure (OCI)


Building Images

The build prerequisites for using image-builder for building OCI images are managed by running the following command from images/capi directory.

make deps-oci

From the images/capi directory, run make build-oci-<OS> where <OS> is the desired operating system. The available choices are listed via make help.


In addition to the configuration found in images/capi/packer/config, the oci directory includes several JSON files that define the default configuration for the different operating systems.

oracle-linux-8.jsonThe settings for the Oracle Linux 8 image
oracle-linux-9.jsonThe settings for the Oracle Linux 9 image
ubuntu-1804.jsonThe settings for the Ubuntu 18.04 image
ubuntu-2004.jsonThe settings for the Ubuntu 20.04 image
ubuntu-2204.jsonThe settings for the Ubuntu 22.04 image
windows-2019.jsonThe settings for the Windows Server 2019 image
windows-2022.jsonThe settings for the Windows Server 2022 image

Common options

This table lists several common options that a user must set via PACKER_VAR_FILES to customize their build behavior. This is not an exhaustive list, and greater explanation can be found in the Packer documentation for the OCI builder.

base_image_ocidThe OCID of an existing image to build upon.No
compartment_ocidThe OCID of the compartment that the instance will run in.Yes
subnet_ocidThe OCID of the subnet within which a new instance is launched and provisioned.Yes
availability_domainThe name of the Availability Domain within which a new instance is launched and provisioned. The names of the Availability Domains have a prefix that is specific to your tenancy.Yes
shapeAn OCI region. Overrides value provided by the OCI config file if present. This cannot be used along with the use_instance_principals key.VM.Standard.E4.FlexNo

Steps to create Packer VAR file

Create a file with the following contents and name it as oci.json

  "compartment_ocid": "Fill compartment OCID here",
  "subnet_ocid": "Fill Subnet OCID here",
  "availability_domain": "Fill Availability Domain here"

Example make command with Packer VAR file

PACKER_VAR_FILES=oci.json make build-oci-oracle-linux-8

Build an Arm based image

Building an Arm based image requires some overrides to use the correct installation files . An example for an oci.json file for Arm is shown below. The parameters for containerd, crictl and Kubernetes has to point to the corresponding URL for Arm. The containerd SHA can be changed appropriately, the containerd version is defined in images/capi/packer/config/containerd.json.

  "compartment_ocid": "Fill compartment OCID here",
  "subnet_ocid": "Fill Subnet OCID here",
  "availability_domain": "Fill Availability Domain here",
  "shape": "VM.Standard.A1.Flex",
  "containerd_url": "{{user `containerd_version`}}/cri-containerd-cni-{{user `containerd_version`}}-linux-arm64.tar.gz",
  "crictl_url": "{{user `crictl_version`}}/crictl-v{{user `crictl_version`}}-linux-arm64.tar.gz",
  "kubernetes_rpm_repo": "",
  "containerd_sha256": "9ac616b5f23c1d10353bd45b26cb736efa75dfef31a2113baff2435dbc7becb8"

Building a Windows image

NOTE: In order to use Windows with CAPI a Baremetal instance is required. This means a Baremetal instance is required for building the image as well. The OCIDs for the 2019 Datacenter edition of Windows can be found in their documentation:

NOTE: It is important to make sure the shape used at image build time is used when launching an instance.

Example: If BM.Standard2.52 is used to build, then only BM.Standard2.52 can be used for the newly created image.

Windows environment variables

OPC_USER_PASSWORDThe password to set the OPC user to when creating the image. This will be used for accessing instances using this image.Yes

NOTE: Your new password must be at least 12 characters long and must comply with Microsoft’s password policy. If the password doesn’t comply WinRM will fail to connect to the instance since the password failed to be updated.

NOTE: The OPC_USER_PASSWORD will be set in the winrm_bootstrap.txt file temporarily, while building the image. This is required in order for WinRM to access the instance building the image. Once the build process is complete the password will be deleted along with the fil so the password isn’t stored long term in a cleartext file.

Build a Windows based image

The following example JSON would use the Windows Server 2019 Datacenter Edition BM E4 image in the us-ashburn-1 region.

  "build_name": "windows",
  "base_image_ocid": "<image_OCID>",
  "ocpus": "128",
  "shape": "BM.Standard.E4.128",
  "region": "us-ashburn-1",
  "compartment_ocid": "Fill compartment OCID here",
  "subnet_ocid": "Fill Subnet OCID here",
  "availability_domain": "Fill Availability Domain here"