refactor: rework cloud-init and communicator integration
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
016f414b08
commit
1f5f4b3685
@ -41,8 +41,8 @@ If required, modify the configuration and scripts files.
|
||||
Initialize packer and start a build.
|
||||
|
||||
```Shell
|
||||
packer init rocky-9.0/
|
||||
packer build rocky-9.0/
|
||||
packer init rocky-9/
|
||||
packer build rocky-9/
|
||||
```
|
||||
|
||||
## License
|
||||
|
69
rocky-9/data/files/90-proxmox.cfg
Normal file
69
rocky-9/data/files/90-proxmox.cfg
Normal file
@ -0,0 +1,69 @@
|
||||
users:
|
||||
- default
|
||||
|
||||
disable_root: 0
|
||||
ssh_pwauth: 0
|
||||
|
||||
mount_default_fields: [~, ~, 'auto', 'defaults,nofail,x-systemd.requires=cloud-init.service', '0', '2']
|
||||
resize_rootfs_tmp: /dev
|
||||
ssh_deletekeys: 1
|
||||
ssh_genkeytypes: ['rsa', 'ecdsa', 'ed25519']
|
||||
syslog_fix_perms: ~
|
||||
disable_vmware_customization: false
|
||||
|
||||
cloud_init_modules:
|
||||
- disk_setup
|
||||
- migrator
|
||||
- bootcmd
|
||||
- write-files
|
||||
- [ growpart, always ]
|
||||
- [ resizefs, always ]
|
||||
- set_hostname
|
||||
- update_hostname
|
||||
- [ update_etc_hosts, once-per-instance ]
|
||||
- rsyslog
|
||||
- users-groups
|
||||
- ssh
|
||||
|
||||
cloud_config_modules:
|
||||
- mounts
|
||||
- locale
|
||||
- set-passwords
|
||||
- rh_subscription
|
||||
- yum-add-repo
|
||||
- package-update-upgrade-install
|
||||
- timezone
|
||||
- puppet
|
||||
- chef
|
||||
- salt-minion
|
||||
- mcollective
|
||||
- disable-ec2-metadata
|
||||
- runcmd
|
||||
|
||||
cloud_final_modules:
|
||||
- rightscale_userdata
|
||||
- scripts-per-once
|
||||
- scripts-per-boot
|
||||
- scripts-per-instance
|
||||
- scripts-user
|
||||
- ssh-authkey-fingerprints
|
||||
- keys-to-console
|
||||
- phone-home
|
||||
- final-message
|
||||
- power-state-change
|
||||
|
||||
system_info:
|
||||
default_user:
|
||||
name: cloud-user
|
||||
lock_passwd: true
|
||||
gecos: Cloud User
|
||||
groups: [adm, systemd-journal]
|
||||
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
|
||||
shell: /bin/bash
|
||||
distro: rhel
|
||||
paths:
|
||||
cloud_dir: /var/lib/cloud
|
||||
templates_dir: /etc/cloud/templates
|
||||
ssh_svcname: sshd
|
||||
|
||||
# vim:syntax=yaml
|
9
rocky-9/data/files/93-proxmox.cfg
Normal file
9
rocky-9/data/files/93-proxmox.cfg
Normal file
@ -0,0 +1,9 @@
|
||||
disable_root: 0
|
||||
ssh_pwauth: 1
|
||||
|
||||
# Set the distro defaults
|
||||
system_info:
|
||||
default_user:
|
||||
name: root
|
||||
shell: /bin/bash
|
||||
lock_passwd: false
|
@ -1,6 +1,15 @@
|
||||
### Installs from the first attached CD-ROM/DVD on the system.
|
||||
### Install from the first attached CD-ROM/DVD on the system
|
||||
cdrom
|
||||
|
||||
### Configure network information for target system and activate network devices in the installer environment (optional)
|
||||
### --onboot enable device at a boot time
|
||||
### --device device to be activated and / or configured with the network command
|
||||
### --bootproto method to obtain networking configuration for device (default dhcp)
|
||||
### --noipv6 disable IPv6 on this device
|
||||
###
|
||||
### network --bootproto=static --ip=172.16.11.200 --netmask=255.255.255.0 --gateway=172.16.11.200 --nameserver=172.16.11.4 --hostname centos-linux-8
|
||||
network --bootproto=dhcp --device=link --activate --onboot=on
|
||||
|
||||
### Performs the kickstart installation in text mode.
|
||||
### By default, kickstart installations are performed in graphical mode.
|
||||
text
|
||||
@ -14,18 +23,8 @@ lang ${vm_guest_os_language}
|
||||
### Sets the default keyboard type for the system.
|
||||
keyboard ${vm_guest_os_keyboard}
|
||||
|
||||
### Configure network information for target system and activate network devices in the installer environment (optional)
|
||||
### --onboot enable device at a boot time
|
||||
### --device device to be activated and / or configured with the network command
|
||||
### --bootproto method to obtain networking configuration for device (default dhcp)
|
||||
### --noipv6 disable IPv6 on this device
|
||||
###
|
||||
### network --bootproto=static --ip=172.16.11.200 --netmask=255.255.255.0 --gateway=172.16.11.200 --nameserver=172.16.11.4 --hostname centos-linux-8
|
||||
network --bootproto=dhcp
|
||||
|
||||
### The selected profile will restrict root login.
|
||||
### Add a user that can login and escalate privileges.
|
||||
user --name=${build_username} --iscrypted --password=${build_password_encrypted} --groups=wheel
|
||||
### Set initial root password
|
||||
rootpw --iscrypted ${build_password_encrypted}
|
||||
|
||||
### Configure firewall settings for the system.
|
||||
### --enabled reject incoming connections that are not in response to outbound requests
|
||||
@ -58,9 +57,9 @@ clearpart --all --initlabel
|
||||
|
||||
### Modify partition sizes for the virtual machine hardware.
|
||||
### Create primary system partitions.
|
||||
part /boot --fstype xfs --size=1024 --label=BOOTFS
|
||||
part /boot/efi --fstype vfat --size=1024 --label=EFIFS
|
||||
part pv.01 --size=25 --grow
|
||||
part /boot --fstype xfs --size=512 --label=BOOTFS
|
||||
part /boot/efi --fstype vfat --size=512 --label=EFIFS
|
||||
part pv.01 --size=19 --grow
|
||||
|
||||
### Create a logical volume management (LVM) group.
|
||||
volgroup vg00 --pesize=4096 pv.01
|
||||
@ -68,15 +67,15 @@ volgroup vg00 --pesize=4096 pv.01
|
||||
### Modify logical volume sizes for the virtual machine hardware.
|
||||
### Create logical volumes.
|
||||
logvol swap --fstype swap --name=lv_swap --vgname=vg00 --size=2048 --label=SWAPFS
|
||||
logvol / --fstype xfs --name=lv_root --vgname=vg00 --size=8000 --label=ROOTFS
|
||||
logvol /home --fstype xfs --name=lv_home --vgname=vg00 --size=4000 --label=HOMEFS
|
||||
logvol / --fstype xfs --name=lv_root --vgname=vg00 --size=6000 --label=ROOTFS
|
||||
logvol /home --fstype xfs --name=lv_home --vgname=vg00 --size=3000 --label=HOMEFS
|
||||
logvol /opt --fstype xfs --name=lv_opt --vgname=vg00 --size=1000 --label=OPTFS
|
||||
logvol /tmp --fstype xfs --name=lv_tmp --vgname=vg00 --size=1000 --label=TMPFS --fsoptions="nosuid,noexec,nodev"
|
||||
logvol /tmp --fstype xfs --name=lv_tmp --vgname=vg00 --size=512 --label=TMPFS --fsoptions="nosuid,noexec,nodev"
|
||||
logvol /var --fstype xfs --name=lv_var --vgname=vg00 --size=2000 --label=VARFS --fsoptions="nosuid"
|
||||
logvol /var/tmp --fstype xfs --name=lv_vartmp --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
||||
logvol /var/www --fstype xfs --name=lv_www --vgname=vg00 --size=2000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
||||
logvol /var/tmp --fstype xfs --name=lv_vartmp --vgname=vg00 --size=512 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
||||
logvol /var/www --fstype xfs --name=lv_www --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
||||
logvol /var/log --fstype xfs --name=lv_log --vgname=vg00 --size=1000 --label=LOGFS --fsoptions="nosuid,noexec,nodev"
|
||||
logvol /var/log/audit --fstype xfs --name=lv_audit --vgname=vg00 --size=1024 --label=AUDITFS --fsoptions="nosuid,noexec,nodev"
|
||||
logvol /var/log/audit --fstype xfs --name=lv_audit --vgname=vg00 --size=512 --label=AUDITFS --fsoptions="nosuid,noexec,nodev"
|
||||
|
||||
### Modifies the default set of services that will run under the default runlevel.
|
||||
services --enabled=NetworkManager,sshd,qemu-guest-agent
|
||||
@ -98,6 +97,7 @@ curl
|
||||
python3
|
||||
python3-libselinux
|
||||
qemu-guest-agent
|
||||
jq
|
||||
-aic94xx-firmware
|
||||
-atmel-firmware
|
||||
-b43-openfwwf
|
||||
@ -136,9 +136,15 @@ dnf install -y cloud-init
|
||||
dnf clean all
|
||||
|
||||
touch /etc/cloud/cloud-init.disabled
|
||||
cat >/etc/cloud/cloud.cfg.d/90-proxmox.cfg <<EOF
|
||||
${files_proxmox_default_init}
|
||||
EOF
|
||||
cat >/etc/cloud/cloud.cfg.d/93-proxmox.cfg <<EOF
|
||||
${files_proxmox_init}
|
||||
EOF
|
||||
echo "Completed cloud-init step!"
|
||||
echo "${build_username} ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/${build_username}
|
||||
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
|
||||
|
||||
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
|
||||
%end
|
||||
|
||||
### Reboot after the installation is complete.
|
||||
|
@ -10,13 +10,11 @@ vm_qemu_agent = true
|
||||
proxmox_iso_pool = "local:iso"
|
||||
proxmox_iso_file = "Rocky-9.0-x86_64-minimal.iso"
|
||||
|
||||
proxmox_template_description = "Rocky Linux 9.0 Template"
|
||||
proxmox_template_name = "rocky-90-cloud"
|
||||
|
||||
proxmox_template_description = "Rocky Linux 9 Template"
|
||||
proxmox_template_name = "rocky-9-cloud"
|
||||
|
||||
// Communicator Settings
|
||||
communicator_port = 22
|
||||
communicator_timeout = "30m"
|
||||
|
||||
// Provisioner Settings
|
||||
scripts = ["scripts/rocky-9.x.sh"]
|
||||
build_scripts = ["scripts/rocky-9.sh"]
|
||||
|
@ -12,20 +12,22 @@ locals {
|
||||
buildtime = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
|
||||
data_source_content = {
|
||||
"/ks.cfg" = templatefile("${abspath(path.root)}/data/init.ks.pkrtpl.hcl", {
|
||||
build_username = var.build_username
|
||||
build_password_encrypted = var.build_password_encrypted
|
||||
vm_guest_os_language = var.vm_guest_os_language
|
||||
vm_guest_os_keyboard = var.vm_guest_os_keyboard
|
||||
vm_guest_os_timezone = var.vm_guest_os_timezone
|
||||
build_password_encrypted = var.build_password_encrypted
|
||||
vm_guest_os_language = var.vm_guest_os_language
|
||||
vm_guest_os_keyboard = var.vm_guest_os_keyboard
|
||||
vm_guest_os_timezone = var.vm_guest_os_timezone
|
||||
files_proxmox_default_init = file("${abspath(path.root)}/data/files/90-proxmox.cfg")
|
||||
files_proxmox_init = file("${abspath(path.root)}/data/files/93-proxmox.cfg")
|
||||
})
|
||||
}
|
||||
data_source_command = "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg"
|
||||
}
|
||||
|
||||
source "proxmox-iso" "rocky-linux-90" {
|
||||
source "proxmox-iso" "rocky-linux-9" {
|
||||
// Proxmox Settings
|
||||
proxmox_url = "${var.proxmox_url}"
|
||||
node = "${var.proxmox_node}"
|
||||
username = "${var.proxmox_username}"
|
||||
token = "${var.proxmox_token}"
|
||||
|
||||
// Virtual Machine Settings
|
||||
@ -70,23 +72,20 @@ source "proxmox-iso" "rocky-linux-90" {
|
||||
|
||||
// Communicator Settings and Credentials
|
||||
communicator = "ssh"
|
||||
ssh_username = "${var.build_username}"
|
||||
ssh_username = "root"
|
||||
ssh_password = "${var.build_password}"
|
||||
ssh_port = "${var.communicator_port}"
|
||||
ssh_timeout = "${var.communicator_timeout}"
|
||||
|
||||
proxmox_template_description = "${var.proxmox_template_description} on ${local.buildtime}"
|
||||
proxmox_template_name = "${var.proxmox_template_name}"
|
||||
unmount_iso = true
|
||||
template_description = "${var.proxmox_template_description} on ${local.buildtime}"
|
||||
template_name = "${var.proxmox_template_name}"
|
||||
unmount_iso = true
|
||||
}
|
||||
|
||||
build {
|
||||
sources = ["source.proxmox-iso.rocky-linux-90"]
|
||||
sources = ["source.proxmox-iso.rocky-linux-9"]
|
||||
|
||||
provisioner "shell" {
|
||||
execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'"
|
||||
scripts = formatlist("${path.cwd}/%s", var.scripts)
|
||||
remote_folder = "/home/${var.build_username}"
|
||||
scripts = formatlist("${path.cwd}/%s", var.build_scripts)
|
||||
remote_folder = "/root"
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -13,6 +13,8 @@ variable "proxmox_iso_pool" {
|
||||
variable "proxmox_url" {
|
||||
type = string
|
||||
description = "URL to the Proxmox API, including the full path."
|
||||
sensitive = true
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "proxmox_node" {
|
||||
@ -20,9 +22,18 @@ variable "proxmox_node" {
|
||||
description = "Name of a node in the Proxmox cluster on which to start the virtual machine when it is created."
|
||||
}
|
||||
|
||||
variable "proxmox_username" {
|
||||
type = string
|
||||
description = "The username must include the token id after an exclamation mark."
|
||||
sensitive = true
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "proxmox_token" {
|
||||
type = string
|
||||
description = "Token for authenticating API calls."
|
||||
sensitive = true
|
||||
default = ""
|
||||
}
|
||||
|
||||
variable "proxmox_storage_format" {
|
||||
@ -111,7 +122,7 @@ variable "vm_mem_size" {
|
||||
variable "vm_disk_size" {
|
||||
type = string
|
||||
description = "The size for the virtual disk."
|
||||
default = "32G"
|
||||
default = "20G"
|
||||
}
|
||||
|
||||
variable "vm_disk_controller_type" {
|
||||
@ -163,15 +174,9 @@ variable "vm_qemu_agent" {
|
||||
}
|
||||
|
||||
// Communicator Settings and Credentials
|
||||
variable "build_username" {
|
||||
type = string
|
||||
description = "The username to login to the guest operating system."
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable "build_password" {
|
||||
type = string
|
||||
description = "The password to login to the guest operating system."
|
||||
description = "The password to login the guest operating system."
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
@ -181,10 +186,10 @@ variable "build_password_encrypted" {
|
||||
sensitive = true
|
||||
}
|
||||
|
||||
variable "communicator_port" {
|
||||
type = number
|
||||
description = "The port for the communicator protocol."
|
||||
default = 22
|
||||
variable "build_scripts" {
|
||||
type = list(string)
|
||||
description = "A list of scripts and their relative paths to transfer and execute."
|
||||
default = []
|
||||
}
|
||||
|
||||
variable "communicator_timeout" {
|
||||
@ -192,10 +197,3 @@ variable "communicator_timeout" {
|
||||
description = "The timeout for the communicator protocol."
|
||||
default = "30m"
|
||||
}
|
||||
|
||||
// Provisioner Settings
|
||||
variable "scripts" {
|
||||
type = list(string)
|
||||
description = "A list of scripts and their relative paths to transfer and execute."
|
||||
default = []
|
||||
}
|
||||
|
@ -3,12 +3,11 @@ set -eo pipefail
|
||||
|
||||
#### Update system
|
||||
echo '> Update packages ...'
|
||||
dnf update -y
|
||||
dnf clean all
|
||||
dnf -y -q update
|
||||
dnf -q clean all
|
||||
|
||||
### Cleans all audit logs. ###
|
||||
### Cleans all audit logs
|
||||
echo '> Cleaning all audit logs ...'
|
||||
|
||||
if [ -f /var/log/audit/audit.log ]; then
|
||||
cat /dev/null >/var/log/audit/audit.log
|
||||
fi
|
||||
@ -21,40 +20,42 @@ if [ -f /var/log/lastlog ]; then
|
||||
cat /dev/null >/var/log/lastlog
|
||||
fi
|
||||
|
||||
### Cleans persistent udev rules. ###
|
||||
### Cleans persistent udev rules
|
||||
echo '> Cleaning persistent udev rules ...'
|
||||
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
|
||||
rm /etc/udev/rules.d/70-persistent-net.rules
|
||||
fi
|
||||
|
||||
### Clean the /tmp directories. ###
|
||||
### Clean the /tmp directories
|
||||
echo '> Cleaning /tmp directories ...'
|
||||
rm -rf /tmp/*
|
||||
rm -rf /var/tmp/*
|
||||
rm -rf /var/cache/dnf/*
|
||||
|
||||
### Clean the SSH keys. ###
|
||||
### Clean the SSH keys
|
||||
echo '> Cleaning the SSH keys ...'
|
||||
shred -u /etc/ssh/*_key /etc/ssh/*_key.pub
|
||||
rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf
|
||||
rm -rf /root/.ssh/authorized_keys
|
||||
sed -i 's/PermitRootLogin yes/#PermitRootLogin prohibit-password/g' /etc/ssh/sshd_config
|
||||
|
||||
### Clean the machine-id. ###
|
||||
### Clean the machine-id
|
||||
echo '> Cleaning the machine-id ...'
|
||||
truncate -s 0 /etc/machine-id
|
||||
rm -f /var/lib/dbus/machine-id
|
||||
mkdir -p /var/lib/dbus
|
||||
ln -s /etc/machine-id /var/lib/dbus/machine-id
|
||||
|
||||
### Clean the shell history. ###
|
||||
### Prepare cloud-init
|
||||
echo '> Preparing cloud-init ...'
|
||||
rm -f /etc/cloud/cloud-init.disabled
|
||||
|
||||
### Clean the shell history
|
||||
echo '> Cleaning the shell history ...'
|
||||
unset HISTFILE
|
||||
history -cw
|
||||
echo >~/.bash_history
|
||||
rm -f /root/.bash_history
|
||||
|
||||
### Prepare cloud-init ###
|
||||
echo '> Preparing cloud-init ...'
|
||||
rm -f /etc/cloud/cloud-init.disabled
|
||||
|
||||
### Done. ###
|
||||
### Done
|
||||
echo '> Done.'
|
Loading…
Reference in New Issue
Block a user