improve handling of SSH keys

2024-11-21 23:52:18 +00:00 · 2023-04-19 13:36:29 -05:00 · 2023-04-19 13:36:29 -05:00 · 0b13e195dc
commit 0b13e195dc
parent 0a699fb499
5 changed files with 18 additions and 9 deletions
--- a/packer/data/user-data.pkrtpl.hcl
+++ b/packer/data/user-data.pkrtpl.hcl
@ -183,7 +183,9 @@ autoinstall:
        lock-passwd: false
        sudo: ALL=(ALL) NOPASSWD:ALL
        shell: /bin/bash
-%{ if length( build_key ) > 0 ~}
+%{ if length( ssh_keys ) > 0 ~}
        ssh_authorized_keys:
-          - ${ build_key }
+%{ for ssh_key in ssh_keys ~}
+          - ${ ssh_key }
+%{ endfor ~}
 %{ endif ~}
--- a/packer/scripts/generalize.sh
+++ b/packer/scripts/generalize.sh
@ -30,6 +30,9 @@ sudo rm -rf /var/tmp/*
 echo '>> Clearing host keys...'
 sudo rm -f /etc/ssh/ssh_host_*

+echo '>> Removing Packer SSH key...'
+sed -i '/packer_temp_key/d' ~/.ssh/authorized_keys
+
 echo '>> Clearing machine-id...'
 sudo truncate -s 0 /etc/machine-id
 if [ -f /var/lib/dbus/machine-id ]; then
--- a/packer/ubuntu-k8s.example.pkrvars.hcl
+++ b/packer/ubuntu-k8s.example.pkrvars.hcl
@ -77,10 +77,12 @@ communicator_port       = 22
 communicator_timeout    = "20m"
 common_ip_wait_timeout  = "20m"
 common_shutdown_timeout = "15m"
-build_remove_keys       = false
+build_remove_keys       = true
 build_username          = "admin"
 build_password          = "VMware1!"
-build_key               = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpLvpxilPjpCahAQxs4RQgv+Lb5xObULXtwEoimEBpA builder"
+ssh_keys                = [
+  "ssh-ed25519 blahblahblah builder"
+]

 // Provisioner Settings
 post_install_scripts = [
--- a/packer/ubuntu-k8s.pkr.hcl
+++ b/packer/ubuntu-k8s.pkr.hcl
@ -23,6 +23,8 @@ packer {
 //  BLOCK: locals
 //  Defines the local variables.
 data "sshkey" "install" {
+  type = "ed25519"
+  name = "packer_key"
 }

 locals {
@ -39,7 +41,7 @@ locals {
    "/user-data"            = templatefile("data/user-data.pkrtpl.hcl", {
      build_username        = var.build_username
      build_password        = bcrypt(var.build_password)
-      build_key             = var.build_key
+      ssh_keys              = concat([local.ssh_public_key], var.ssh_keys)
      vm_guest_os_language  = var.vm_guest_os_language
      vm_guest_os_keyboard  = var.vm_guest_os_keyboard
      vm_guest_os_timezone  = var.vm_guest_os_timezone
@ -112,7 +114,6 @@ source "vsphere-iso" "ubuntu-k8s" {
  // Communicator Settings and Credentials
  communicator              = "ssh"
  ssh_username              = var.build_username
-  ssh_password              = var.build_password
  ssh_private_key_file      = local.ssh_private_key_file
  ssh_clear_authorized_keys = var.build_remove_keys
  ssh_port                  = var.communicator_port
--- a/packer/variables.pkr.hcl
+++ b/packer/variables.pkr.hcl
@ -333,10 +333,11 @@ variable "build_password_encrypted" {
  default     = null
 }

-variable "build_key" {
-  type        = string
-  description = "The public key to login to the guest operating system."
+variable "ssh_keys" {
+  type        = list(string)
+  description = "List of public keys to be added to ~/.ssh/authorized_keys."
  sensitive   = true
+  default     = []
 }

 variable "build_remove_keys" {