From 0b13e195dc6ac72271f3300e99fba71c06156b25 Mon Sep 17 00:00:00 2001 From: John Bowdre Date: Wed, 19 Apr 2023 13:36:29 -0500 Subject: [PATCH] improve handling of SSH keys --- packer/data/user-data.pkrtpl.hcl | 6 ++++-- packer/scripts/generalize.sh | 3 +++ packer/ubuntu-k8s.example.pkrvars.hcl | 6 ++++-- packer/ubuntu-k8s.pkr.hcl | 5 +++-- packer/variables.pkr.hcl | 7 ++++--- 5 files changed, 18 insertions(+), 9 deletions(-) diff --git a/packer/data/user-data.pkrtpl.hcl b/packer/data/user-data.pkrtpl.hcl index b41f336..f3d3d24 100644 --- a/packer/data/user-data.pkrtpl.hcl +++ b/packer/data/user-data.pkrtpl.hcl @@ -183,7 +183,9 @@ autoinstall: lock-passwd: false sudo: ALL=(ALL) NOPASSWD:ALL shell: /bin/bash -%{ if length( build_key ) > 0 ~} +%{ if length( ssh_keys ) > 0 ~} ssh_authorized_keys: - - ${ build_key } +%{ for ssh_key in ssh_keys ~} + - ${ ssh_key } +%{ endfor ~} %{ endif ~} diff --git a/packer/scripts/generalize.sh b/packer/scripts/generalize.sh index 9be2b3a..c38916d 100644 --- a/packer/scripts/generalize.sh +++ b/packer/scripts/generalize.sh @@ -30,6 +30,9 @@ sudo rm -rf /var/tmp/* echo '>> Clearing host keys...' sudo rm -f /etc/ssh/ssh_host_* +echo '>> Removing Packer SSH key...' +sed -i '/packer_temp_key/d' ~/.ssh/authorized_keys + echo '>> Clearing machine-id...' sudo truncate -s 0 /etc/machine-id if [ -f /var/lib/dbus/machine-id ]; then diff --git a/packer/ubuntu-k8s.example.pkrvars.hcl b/packer/ubuntu-k8s.example.pkrvars.hcl index d16b7a0..0066a73 100644 --- a/packer/ubuntu-k8s.example.pkrvars.hcl +++ b/packer/ubuntu-k8s.example.pkrvars.hcl @@ -77,10 +77,12 @@ communicator_port = 22 communicator_timeout = "20m" common_ip_wait_timeout = "20m" common_shutdown_timeout = "15m" -build_remove_keys = false +build_remove_keys = true build_username = "admin" build_password = "VMware1!" -build_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpLvpxilPjpCahAQxs4RQgv+Lb5xObULXtwEoimEBpA builder" +ssh_keys = [ + "ssh-ed25519 blahblahblah builder" +] // Provisioner Settings post_install_scripts = [ diff --git a/packer/ubuntu-k8s.pkr.hcl b/packer/ubuntu-k8s.pkr.hcl index a9023f8..38a807c 100644 --- a/packer/ubuntu-k8s.pkr.hcl +++ b/packer/ubuntu-k8s.pkr.hcl @@ -23,6 +23,8 @@ packer { // BLOCK: locals // Defines the local variables. data "sshkey" "install" { + type = "ed25519" + name = "packer_key" } locals { @@ -39,7 +41,7 @@ locals { "/user-data" = templatefile("data/user-data.pkrtpl.hcl", { build_username = var.build_username build_password = bcrypt(var.build_password) - build_key = var.build_key + ssh_keys = concat([local.ssh_public_key], var.ssh_keys) vm_guest_os_language = var.vm_guest_os_language vm_guest_os_keyboard = var.vm_guest_os_keyboard vm_guest_os_timezone = var.vm_guest_os_timezone @@ -112,7 +114,6 @@ source "vsphere-iso" "ubuntu-k8s" { // Communicator Settings and Credentials communicator = "ssh" ssh_username = var.build_username - ssh_password = var.build_password ssh_private_key_file = local.ssh_private_key_file ssh_clear_authorized_keys = var.build_remove_keys ssh_port = var.communicator_port diff --git a/packer/variables.pkr.hcl b/packer/variables.pkr.hcl index 96bdc5c..1779cc2 100644 --- a/packer/variables.pkr.hcl +++ b/packer/variables.pkr.hcl @@ -333,10 +333,11 @@ variable "build_password_encrypted" { default = null } -variable "build_key" { - type = string - description = "The public key to login to the guest operating system." +variable "ssh_keys" { + type = list(string) + description = "List of public keys to be added to ~/.ssh/authorized_keys." sensitive = true + default = [] } variable "build_remove_keys" {