script cleanup, shift to using dynamically-generated SSH keys for Packer

packer/data/user-data.pkrtpl.hcl

@@ -183,7 +183,9 @@ autoinstall:
         lock-passwd: false
         sudo: ALL=(ALL) NOPASSWD:ALL
         shell: /bin/bash
-%{ if length( build_key ) > 0 ~}
+%{ if length( ssh_keys ) > 0 ~}
         ssh_authorized_keys:
-          - ${ build_key }
+%{ for ssh_key in ssh_keys ~}
+          - ${ ssh_key }
+%{ endfor ~}        
 %{ endif ~}

packer/packer_cache/ssh_private_key_packer.example.pem

@@ -1,7 +0,0 @@
------BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
-QyNTUxOQAAACDqS76cYpT46QmoQEMbOEUIL/i2+cTm1C17cBKIphAaQAAAAJC/ririv64q
-4gAAAAtzc2gtZWQyNTUxOQAAACDqS76cYpT46QmoQEMbOEUIL/i2+cTm1C17cBKIphAaQA
-AAAECBctr1BYu+QL8D8IFHQ8uN/Us4X9xkj9HYf1hQjqrXCupLvpxilPjpCahAQxs4RQgv
-+Lb5xObULXtwEoimEBpAAAAADGpvaG5AcGVuZ3VpbgE=
------END OPENSSH PRIVATE KEY-----

packer/scripts/generalize.sh

@@ -30,6 +30,9 @@ sudo rm -rf /var/tmp/*
 echo '>> Clearing host keys...'
 sudo rm -f /etc/ssh/ssh_host_*
 
+echo '>> Removing Packer SSH key...'
+sed -i '/packer_key/d' ~/.ssh/authorized_keys
+
 echo '>> Clearing machine-id...'
 sudo truncate -s 0 /etc/machine-id
 if [ -f /var/lib/dbus/machine-id ]; then

packer/ubuntu-k8s.example.pkrvars.hcl

@@ -77,10 +77,13 @@ communicator_port       = 22
 communicator_timeout    = "20m"
 common_ip_wait_timeout  = "20m"
 common_shutdown_timeout = "15m"
-build_remove_keys       = false
+vm_shutdown_command     = "sudo /usr/sbin/shutdown -P now"
+build_remove_keys       = true
 build_username          = "admin"
 build_password          = "VMware1!"
-build_key               = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpLvpxilPjpCahAQxs4RQgv+Lb5xObULXtwEoimEBpA builder"
+ssh_keys                = [
+  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpLvpxilPjpCahAQxs4RQgv+Lb5xObULXtwEoimEBpA builder"
+]
 
 // Provisioner Settings
 post_install_scripts = [

packer/ubuntu-k8s.pkr.hcl

@@ -5,7 +5,6 @@
 
 //  BLOCK: packer
 //  The Packer configuration.
-
 packer {
   required_version = ">= 1.8.2"
   required_plugins {
@@ -20,18 +19,21 @@ packer {
   }
 }
 
-//  BLOCK: locals
-//  Defines the local variables.
+// BLOCK: data
+// Defines data sources.
 data "sshkey" "install" {
+  type = "ed25519"
+  name = "packer_key"
 }
 
+//  BLOCK: locals
+//  Defines local variables.
 locals {
   ssh_public_key        = data.sshkey.install.public_key
   ssh_private_key_file  = data.sshkey.install.private_key_path
   build_tool            = "HashiCorp Packer ${packer.version}"
   build_date            = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
   build_description     = "Kubernetes Ubuntu 20.04 Node template\nBuild date: ${local.build_date}\nBuild tool: ${local.build_tool}"
-  shutdown_command      = "sudo -S -E shutdown -P now"
   iso_paths             = ["[${var.common_iso_datastore}] ${var.iso_path}/${var.iso_file}"]
   iso_checksum          = "${var.iso_checksum_type}:${var.iso_checksum_value}"
   data_source_content   = {
@@ -39,7 +41,7 @@ locals {
     "/user-data"            = templatefile("data/user-data.pkrtpl.hcl", {
       build_username        = var.build_username
       build_password        = bcrypt(var.build_password)
-      build_key             = var.build_key
+      ssh_keys              = concat([local.ssh_public_key], var.ssh_keys)
       vm_guest_os_language  = var.vm_guest_os_language
       vm_guest_os_keyboard  = var.vm_guest_os_keyboard
       vm_guest_os_timezone  = var.vm_guest_os_timezone
@@ -52,7 +54,6 @@ locals {
 
 //  BLOCK: source
 //  Defines the builder configuration blocks.
-
 source "vsphere-iso" "ubuntu-k8s" {
 
   // vCenter Server Endpoint Settings and Credentials
@@ -106,13 +107,12 @@ source "vsphere-iso" "ubuntu-k8s" {
   boot_wait         = var.vm_boot_wait
   boot_command      = var.vm_boot_command
   ip_wait_timeout   = var.common_ip_wait_timeout
-  shutdown_command  = local.shutdown_command
+  shutdown_command  = var.vm_shutdown_command
   shutdown_timeout  = var.common_shutdown_timeout
 
   // Communicator Settings and Credentials
   communicator              = "ssh"
   ssh_username              = var.build_username
-  ssh_password              = var.build_password
   ssh_private_key_file      = local.ssh_private_key_file
   ssh_clear_authorized_keys = var.build_remove_keys
   ssh_port                  = var.communicator_port
@@ -151,7 +151,6 @@ source "vsphere-iso" "ubuntu-k8s" {
 
 //  BLOCK: build
 //  Defines the builders to run, provisioners, and post-processors.
-
 build {
   sources = [
     "source.vsphere-iso.ubuntu-k8s"
@@ -173,6 +172,7 @@ build {
 
   provisioner "shell" {
     execute_command     = "bash {{ .Path }}"
+    expect_disconnect   = true
     scripts             = var.pre_final_scripts
   }
 }

packer/variables.pkr.hcl

@@ -7,7 +7,6 @@
 //  Defines the input variables.
 
 // vSphere Credentials
-
 variable "vsphere_endpoint" {
   type        = string
   description = "The fully qualified domain name or IP address of the vCenter Server instance. ('vcenter.lab.local')"
@@ -32,7 +31,6 @@ variable "vsphere_insecure_connection" {
 }
 
 // vSphere Settings
-
 variable "vsphere_datacenter" {
   type        = string
   description = "The name of the target vSphere datacenter. ('Lab Datacenter')"
@@ -59,7 +57,6 @@ variable "vsphere_folder" {
 }
 
 // Virtual Machine Settings
-
 variable "vm_name" {
   type        = string
   description = "Name of the new VM to create."
@@ -175,7 +172,6 @@ variable "common_remove_cdrom" {
 }
 
 // Template and Content Library Settings
-
 variable "common_template_conversion" {
   type        = bool
   description = "Convert the virtual machine to template. Must be 'false' for content library."
@@ -207,7 +203,6 @@ variable "common_content_library_skip_export" {
 }
 
 // Snapshot Settings
-
 variable "common_snapshot_creation" {
   type        = bool
   description = "Create a snapshot for Linked Clones."
@@ -221,7 +216,6 @@ variable "common_snapshot_name" {
 }
 
 // OVF Export Settings
-
 variable "common_ovf_export_enabled" {
   type        = bool
   description = "Enable OVF artifact export."
@@ -240,7 +234,6 @@ variable "common_ovf_export_path" {
 }
 
 // Removable Media Settings
-
 variable "common_iso_datastore" {
   type        = string
   description = "The name of the source vSphere datastore for ISO images. ('datastore-iso-01')"
@@ -278,7 +271,6 @@ variable "cd_label" {
 }
 
 // Boot Settings
-
 variable "vm_boot_order" {
   type        = string
   description = "The boot order for virtual machines devices. ('disk,cdrom')"
@@ -313,11 +305,9 @@ variable "common_shutdown_timeout" {
 }
 
 // Communicator Settings and Credentials
-
 variable "build_username" {
   type        = string
   description = "The username to login to the guest operating system. ('admin')"
-  sensitive   = true
 }
 
 variable "build_password" {
@@ -333,10 +323,11 @@ variable "build_password_encrypted" {
   default     = null
 }
 
-variable "build_key" {
-  type        = string
-  description = "The public key to login to the guest operating system."
+variable "ssh_keys" {
+  type        = list(string)
+  description = "List of public keys to be added to ~/.ssh/authorized_keys."
   sensitive   = true
+  default     = []
 }
 
 variable "build_remove_keys" {
@@ -346,7 +337,6 @@ variable "build_remove_keys" {
 }
 
 // Communicator Settings
-
 variable "communicator_port" {
   type        = string
   description = "The port for the communicator protocol."
@@ -370,7 +360,6 @@ variable "communicator_ssl" {
 }
 
 // Provisioner Settings
-
 variable "cloud_init_apt_packages" {
   type        = list(string)
   description = "A list of apt packages to install during the subiquity cloud-init installer."
@@ -396,7 +385,6 @@ variable "pre_final_scripts" {
 }
 
 // Kubernetes Settings
-
 variable "k8s_version" {
   type        = string
   description = "Kubernetes version to be installed. Latest stable is listed at https://dl.k8s.io/release/stable.txt"