refactor: rework cloud-init and communicator integration
All checks were successful
continuous-integration/drone/push Build is passing

This commit is contained in:
Robert Kaussow 2022-09-09 10:29:00 +02:00
parent 016f414b08
commit 1f5f4b3685
Signed by: xoxys
GPG Key ID: 4E692A2EAECC03C0
8 changed files with 160 additions and 80 deletions

View File

@ -41,8 +41,8 @@ If required, modify the configuration and scripts files.
Initialize packer and start a build. Initialize packer and start a build.
```Shell ```Shell
packer init rocky-9.0/ packer init rocky-9/
packer build rocky-9.0/ packer build rocky-9/
``` ```
## License ## License

View File

@ -0,0 +1,69 @@
users:
- default
disable_root: 0
ssh_pwauth: 0
mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
resize_rootfs_tmp: /dev
ssh_deletekeys: 1
ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']
syslog_fix_perms: ~
disable_vmware_customization: false
cloud_init_modules:
- disk_setup
- migrator
- bootcmd
- write-files
- [ growpart, always ]
- [ resizefs, always ]
- set_hostname
- update_hostname
- [ update_etc_hosts, once-per-instance ]
- rsyslog
- users-groups
- ssh
cloud_config_modules:
- mounts
- locale
- set-passwords
- rh_subscription
- yum-add-repo
- package-update-upgrade-install
- timezone
- puppet
- chef
- salt-minion
- mcollective
- disable-ec2-metadata
- runcmd
cloud_final_modules:
- rightscale_userdata
- scripts-per-once
- scripts-per-boot
- scripts-per-instance
- scripts-user
- ssh-authkey-fingerprints
- keys-to-console
- phone-home
- final-message
- power-state-change
system_info:
default_user:
name: cloud-user
lock_passwd: true
gecos: Cloud User
groups: [adm, systemd-journal]
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
shell: /bin/bash
distro: rhel
paths:
cloud_dir: /var/lib/cloud
templates_dir: /etc/cloud/templates
ssh_svcname: sshd
# vim:syntax=yaml

View File

@ -0,0 +1,9 @@
disable_root: 0
ssh_pwauth: 1
# Set the distro defaults
system_info:
default_user:
name: root
shell: /bin/bash
lock_passwd: false

View File

@ -1,6 +1,15 @@
### Installs from the first attached CD-ROM/DVD on the system. ### Install from the first attached CD-ROM/DVD on the system
cdrom cdrom
### Configure network information for target system and activate network devices in the installer environment (optional)
### --onboot enable device at a boot time
### --device device to be activated and / or configured with the network command
### --bootproto method to obtain networking configuration for device (default dhcp)
### --noipv6 disable IPv6 on this device
###
### network --bootproto=static --ip=172.16.11.200 --netmask=255.255.255.0 --gateway=172.16.11.200 --nameserver=172.16.11.4 --hostname centos-linux-8
network --bootproto=dhcp --device=link --activate --onboot=on
### Performs the kickstart installation in text mode. ### Performs the kickstart installation in text mode.
### By default, kickstart installations are performed in graphical mode. ### By default, kickstart installations are performed in graphical mode.
text text
@ -14,18 +23,8 @@ lang ${vm_guest_os_language}
### Sets the default keyboard type for the system. ### Sets the default keyboard type for the system.
keyboard ${vm_guest_os_keyboard} keyboard ${vm_guest_os_keyboard}
### Configure network information for target system and activate network devices in the installer environment (optional) ### Set initial root password
### --onboot enable device at a boot time rootpw --iscrypted ${build_password_encrypted}
### --device device to be activated and / or configured with the network command
### --bootproto method to obtain networking configuration for device (default dhcp)
### --noipv6 disable IPv6 on this device
###
### network --bootproto=static --ip=172.16.11.200 --netmask=255.255.255.0 --gateway=172.16.11.200 --nameserver=172.16.11.4 --hostname centos-linux-8
network --bootproto=dhcp
### The selected profile will restrict root login.
### Add a user that can login and escalate privileges.
user --name=${build_username} --iscrypted --password=${build_password_encrypted} --groups=wheel
### Configure firewall settings for the system. ### Configure firewall settings for the system.
### --enabled reject incoming connections that are not in response to outbound requests ### --enabled reject incoming connections that are not in response to outbound requests
@ -58,9 +57,9 @@ clearpart --all --initlabel
### Modify partition sizes for the virtual machine hardware. ### Modify partition sizes for the virtual machine hardware.
### Create primary system partitions. ### Create primary system partitions.
part /boot --fstype xfs --size=1024 --label=BOOTFS part /boot --fstype xfs --size=512 --label=BOOTFS
part /boot/efi --fstype vfat --size=1024 --label=EFIFS part /boot/efi --fstype vfat --size=512 --label=EFIFS
part pv.01 --size=25 --grow part pv.01 --size=19 --grow
### Create a logical volume management (LVM) group. ### Create a logical volume management (LVM) group.
volgroup vg00 --pesize=4096 pv.01 volgroup vg00 --pesize=4096 pv.01
@ -68,15 +67,15 @@ volgroup vg00 --pesize=4096 pv.01
### Modify logical volume sizes for the virtual machine hardware. ### Modify logical volume sizes for the virtual machine hardware.
### Create logical volumes. ### Create logical volumes.
logvol swap --fstype swap --name=lv_swap --vgname=vg00 --size=2048 --label=SWAPFS logvol swap --fstype swap --name=lv_swap --vgname=vg00 --size=2048 --label=SWAPFS
logvol / --fstype xfs --name=lv_root --vgname=vg00 --size=8000 --label=ROOTFS logvol / --fstype xfs --name=lv_root --vgname=vg00 --size=6000 --label=ROOTFS
logvol /home --fstype xfs --name=lv_home --vgname=vg00 --size=4000 --label=HOMEFS logvol /home --fstype xfs --name=lv_home --vgname=vg00 --size=3000 --label=HOMEFS
logvol /opt --fstype xfs --name=lv_opt --vgname=vg00 --size=1000 --label=OPTFS logvol /opt --fstype xfs --name=lv_opt --vgname=vg00 --size=1000 --label=OPTFS
logvol /tmp --fstype xfs --name=lv_tmp --vgname=vg00 --size=1000 --label=TMPFS --fsoptions="nosuid,noexec,nodev" logvol /tmp --fstype xfs --name=lv_tmp --vgname=vg00 --size=512 --label=TMPFS --fsoptions="nosuid,noexec,nodev"
logvol /var --fstype xfs --name=lv_var --vgname=vg00 --size=2000 --label=VARFS --fsoptions="nosuid" logvol /var --fstype xfs --name=lv_var --vgname=vg00 --size=2000 --label=VARFS --fsoptions="nosuid"
logvol /var/tmp --fstype xfs --name=lv_vartmp --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev" logvol /var/tmp --fstype xfs --name=lv_vartmp --vgname=vg00 --size=512 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
logvol /var/www --fstype xfs --name=lv_www --vgname=vg00 --size=2000 --label=LOGFS --fsoptions="nosuid,noexec,nodev" logvol /var/www --fstype xfs --name=lv_www --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
logvol /var/log --fstype xfs --name=lv_log --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev" logvol /var/log --fstype xfs --name=lv_log --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
logvol /var/log/audit --fstype xfs --name=lv_audit --vgname=vg00 --size=1024 --label=AUDITFS --fsoptions="nosuid,noexec,nodev" logvol /var/log/audit --fstype xfs --name=lv_audit --vgname=vg00 --size=512 --label=AUDITFS --fsoptions="nosuid,noexec,nodev"
### Modifies the default set of services that will run under the default runlevel. ### Modifies the default set of services that will run under the default runlevel.
services --enabled=NetworkManager,sshd,qemu-guest-agent services --enabled=NetworkManager,sshd,qemu-guest-agent
@ -98,6 +97,7 @@ curl
python3 python3
python3-libselinux python3-libselinux
qemu-guest-agent qemu-guest-agent
jq
-aic94xx-firmware -aic94xx-firmware
-atmel-firmware -atmel-firmware
-b43-openfwwf -b43-openfwwf
@ -136,9 +136,15 @@ dnf install -y cloud-init
dnf clean all dnf clean all
touch /etc/cloud/cloud-init.disabled touch /etc/cloud/cloud-init.disabled
cat >/etc/cloud/cloud.cfg.d/90-proxmox.cfg <<EOF
${files_proxmox_default_init}
EOF
cat >/etc/cloud/cloud.cfg.d/93-proxmox.cfg <<EOF
${files_proxmox_init}
EOF
echo "Completed cloud-init step!" echo "Completed cloud-init step!"
echo "${build_username} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/${build_username}
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
%end %end
### Reboot after the installation is complete. ### Reboot after the installation is complete.

View File

@ -10,13 +10,11 @@ vm_qemu_agent = true
proxmox_iso_pool = "local:iso" proxmox_iso_pool = "local:iso"
proxmox_iso_file = "Rocky-9.0-x86_64-minimal.iso" proxmox_iso_file = "Rocky-9.0-x86_64-minimal.iso"
proxmox_template_description = "Rocky Linux 9.0 Template" proxmox_template_description = "Rocky Linux 9 Template"
proxmox_template_name = "rocky-90-cloud" proxmox_template_name = "rocky-9-cloud"
// Communicator Settings // Communicator Settings
communicator_port = 22
communicator_timeout = "30m" communicator_timeout = "30m"
// Provisioner Settings // Provisioner Settings
scripts = ["scripts/rocky-9.x.sh"] build_scripts = ["scripts/rocky-9.sh"]

View File

@ -12,20 +12,22 @@ locals {
buildtime = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp()) buildtime = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
data_source_content = { data_source_content = {
"/ks.cfg" = templatefile("${abspath(path.root)}/data/init.ks.pkrtpl.hcl", { "/ks.cfg" = templatefile("${abspath(path.root)}/data/init.ks.pkrtpl.hcl", {
build_username = var.build_username
build_password_encrypted = var.build_password_encrypted build_password_encrypted = var.build_password_encrypted
vm_guest_os_language = var.vm_guest_os_language vm_guest_os_language = var.vm_guest_os_language
vm_guest_os_keyboard = var.vm_guest_os_keyboard vm_guest_os_keyboard = var.vm_guest_os_keyboard
vm_guest_os_timezone = var.vm_guest_os_timezone vm_guest_os_timezone = var.vm_guest_os_timezone
files_proxmox_default_init = file("${abspath(path.root)}/data/files/90-proxmox.cfg")
files_proxmox_init = file("${abspath(path.root)}/data/files/93-proxmox.cfg")
}) })
} }
data_source_command = "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg" data_source_command = "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg"
} }
source "proxmox-iso" "rocky-linux-90" { source "proxmox-iso" "rocky-linux-9" {
// Proxmox Settings // Proxmox Settings
proxmox_url = "${var.proxmox_url}" proxmox_url = "${var.proxmox_url}"
node = "${var.proxmox_node}" node = "${var.proxmox_node}"
username = "${var.proxmox_username}"
token = "${var.proxmox_token}" token = "${var.proxmox_token}"
// Virtual Machine Settings // Virtual Machine Settings
@ -70,23 +72,20 @@ source "proxmox-iso" "rocky-linux-90" {
// Communicator Settings and Credentials // Communicator Settings and Credentials
communicator = "ssh" communicator = "ssh"
ssh_username = "${var.build_username}" ssh_username = "root"
ssh_password = "${var.build_password}" ssh_password = "${var.build_password}"
ssh_port = "${var.communicator_port}"
ssh_timeout = "${var.communicator_timeout}" ssh_timeout = "${var.communicator_timeout}"
proxmox_template_description = "${var.proxmox_template_description} on ${local.buildtime}" template_description = "${var.proxmox_template_description} on ${local.buildtime}"
proxmox_template_name = "${var.proxmox_template_name}" template_name = "${var.proxmox_template_name}"
unmount_iso = true unmount_iso = true
} }
build { build {
sources = ["source.proxmox-iso.rocky-linux-90"] sources = ["source.proxmox-iso.rocky-linux-9"]
provisioner "shell" { provisioner "shell" {
execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" scripts = formatlist("${path.cwd}/%s", var.build_scripts)
scripts = formatlist("${path.cwd}/%s", var.scripts) remote_folder = "/root"
remote_folder = "/home/${var.build_username}"
} }
} }

View File

@ -13,6 +13,8 @@ variable "proxmox_iso_pool" {
variable "proxmox_url" { variable "proxmox_url" {
type = string type = string
description = "URL to the Proxmox API, including the full path." description = "URL to the Proxmox API, including the full path."
sensitive = true
default = ""
} }
variable "proxmox_node" { variable "proxmox_node" {
@ -20,9 +22,18 @@ variable "proxmox_node" {
description = "Name of a node in the Proxmox cluster on which to start the virtual machine when it is created." description = "Name of a node in the Proxmox cluster on which to start the virtual machine when it is created."
} }
variable "proxmox_username" {
type = string
description = "The username must include the token id after an exclamation mark."
sensitive = true
default = ""
}
variable "proxmox_token" { variable "proxmox_token" {
type = string type = string
description = "Token for authenticating API calls." description = "Token for authenticating API calls."
sensitive = true
default = ""
} }
variable "proxmox_storage_format" { variable "proxmox_storage_format" {
@ -111,7 +122,7 @@ variable "vm_mem_size" {
variable "vm_disk_size" { variable "vm_disk_size" {
type = string type = string
description = "The size for the virtual disk." description = "The size for the virtual disk."
default = "32G" default = "20G"
} }
variable "vm_disk_controller_type" { variable "vm_disk_controller_type" {
@ -163,15 +174,9 @@ variable "vm_qemu_agent" {
} }
// Communicator Settings and Credentials // Communicator Settings and Credentials
variable "build_username" {
type = string
description = "The username to login to the guest operating system."
sensitive = true
}
variable "build_password" { variable "build_password" {
type = string type = string
description = "The password to login to the guest operating system." description = "The password to login the guest operating system."
sensitive = true sensitive = true
} }
@ -181,10 +186,10 @@ variable "build_password_encrypted" {
sensitive = true sensitive = true
} }
variable "communicator_port" { variable "build_scripts" {
type = number type = list(string)
description = "The port for the communicator protocol." description = "A list of scripts and their relative paths to transfer and execute."
default = 22 default = []
} }
variable "communicator_timeout" { variable "communicator_timeout" {
@ -192,10 +197,3 @@ variable "communicator_timeout" {
description = "The timeout for the communicator protocol." description = "The timeout for the communicator protocol."
default = "30m" default = "30m"
} }
// Provisioner Settings
variable "scripts" {
type = list(string)
description = "A list of scripts and their relative paths to transfer and execute."
default = []
}

View File

@ -3,12 +3,11 @@ set -eo pipefail
#### Update system #### Update system
echo '> Update packages ...' echo '> Update packages ...'
dnf update -y dnf -y -q update
dnf clean all dnf -q clean all
### Cleans all audit logs. ### ### Cleans all audit logs
echo '> Cleaning all audit logs ...' echo '> Cleaning all audit logs ...'
if [ -f /var/log/audit/audit.log ]; then if [ -f /var/log/audit/audit.log ]; then
cat /dev/null >/var/log/audit/audit.log cat /dev/null >/var/log/audit/audit.log
fi fi
@ -21,40 +20,42 @@ if [ -f /var/log/lastlog ]; then
cat /dev/null >/var/log/lastlog cat /dev/null >/var/log/lastlog
fi fi
### Cleans persistent udev rules. ### ### Cleans persistent udev rules
echo '> Cleaning persistent udev rules ...' echo '> Cleaning persistent udev rules ...'
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
rm /etc/udev/rules.d/70-persistent-net.rules rm /etc/udev/rules.d/70-persistent-net.rules
fi fi
### Clean the /tmp directories. ### ### Clean the /tmp directories
echo '> Cleaning /tmp directories ...' echo '> Cleaning /tmp directories ...'
rm -rf /tmp/* rm -rf /tmp/*
rm -rf /var/tmp/* rm -rf /var/tmp/*
rm -rf /var/cache/dnf/* rm -rf /var/cache/dnf/*
### Clean the SSH keys. ### ### Clean the SSH keys
echo '> Cleaning the SSH keys ...' echo '> Cleaning the SSH keys ...'
shred -u /etc/ssh/*_key /etc/ssh/*_key.pub shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf
rm -rf /root/.ssh/authorized_keys
sed -i 's/PermitRootLogin yes/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
### Clean the machine-id. ### ### Clean the machine-id
echo '> Cleaning the machine-id ...' echo '> Cleaning the machine-id ...'
truncate -s 0 /etc/machine-id truncate -s 0 /etc/machine-id
rm -f /var/lib/dbus/machine-id rm -f /var/lib/dbus/machine-id
mkdir -p /var/lib/dbus mkdir -p /var/lib/dbus
ln -s /etc/machine-id /var/lib/dbus/machine-id ln -s /etc/machine-id /var/lib/dbus/machine-id
### Clean the shell history. ### ### Prepare cloud-init
echo '> Preparing cloud-init ...'
rm -f /etc/cloud/cloud-init.disabled
### Clean the shell history
echo '> Cleaning the shell history ...' echo '> Cleaning the shell history ...'
unset HISTFILE unset HISTFILE
history -cw history -cw
echo >~/.bash_history echo >~/.bash_history
rm -f /root/.bash_history rm -f /root/.bash_history
### Prepare cloud-init ### ### Done
echo '> Preparing cloud-init ...'
rm -f /etc/cloud/cloud-init.disabled
### Done. ###
echo '> Done.' echo '> Done.'