script cleanup, shift to using dynamically-generated SSH keys for Packer

This commit is contained in:
John Bowdre 2022-12-10 17:02:12 -06:00
parent 0a699fb499
commit 340cb8e895
6 changed files with 25 additions and 36 deletions

View file

@ -183,7 +183,9 @@ autoinstall:
lock-passwd: false lock-passwd: false
sudo: ALL=(ALL) NOPASSWD:ALL sudo: ALL=(ALL) NOPASSWD:ALL
shell: /bin/bash shell: /bin/bash
%{ if length( build_key ) > 0 ~} %{ if length( ssh_keys ) > 0 ~}
ssh_authorized_keys: ssh_authorized_keys:
- ${ build_key } %{ for ssh_key in ssh_keys ~}
- ${ ssh_key }
%{ endfor ~}
%{ endif ~} %{ endif ~}

View file

@ -1,7 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACDqS76cYpT46QmoQEMbOEUIL/i2+cTm1C17cBKIphAaQAAAAJC/ririv64q
4gAAAAtzc2gtZWQyNTUxOQAAACDqS76cYpT46QmoQEMbOEUIL/i2+cTm1C17cBKIphAaQA
AAAECBctr1BYu+QL8D8IFHQ8uN/Us4X9xkj9HYf1hQjqrXCupLvpxilPjpCahAQxs4RQgv
+Lb5xObULXtwEoimEBpAAAAADGpvaG5AcGVuZ3VpbgE=
-----END OPENSSH PRIVATE KEY-----

View file

@ -30,6 +30,9 @@ sudo rm -rf /var/tmp/*
echo '>> Clearing host keys...' echo '>> Clearing host keys...'
sudo rm -f /etc/ssh/ssh_host_* sudo rm -f /etc/ssh/ssh_host_*
echo '>> Removing Packer SSH key...'
sed -i '/packer_key/d' ~/.ssh/authorized_keys
echo '>> Clearing machine-id...' echo '>> Clearing machine-id...'
sudo truncate -s 0 /etc/machine-id sudo truncate -s 0 /etc/machine-id
if [ -f /var/lib/dbus/machine-id ]; then if [ -f /var/lib/dbus/machine-id ]; then

View file

@ -77,10 +77,13 @@ communicator_port = 22
communicator_timeout = "20m" communicator_timeout = "20m"
common_ip_wait_timeout = "20m" common_ip_wait_timeout = "20m"
common_shutdown_timeout = "15m" common_shutdown_timeout = "15m"
build_remove_keys = false vm_shutdown_command = "sudo /usr/sbin/shutdown -P now"
build_remove_keys = true
build_username = "admin" build_username = "admin"
build_password = "VMware1!" build_password = "VMware1!"
build_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpLvpxilPjpCahAQxs4RQgv+Lb5xObULXtwEoimEBpA builder" ssh_keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpLvpxilPjpCahAQxs4RQgv+Lb5xObULXtwEoimEBpA builder"
]
// Provisioner Settings // Provisioner Settings
post_install_scripts = [ post_install_scripts = [

View file

@ -5,7 +5,6 @@
// BLOCK: packer // BLOCK: packer
// The Packer configuration. // The Packer configuration.
packer { packer {
required_version = ">= 1.8.2" required_version = ">= 1.8.2"
required_plugins { required_plugins {
@ -20,18 +19,21 @@ packer {
} }
} }
// BLOCK: locals // BLOCK: data
// Defines the local variables. // Defines data sources.
data "sshkey" "install" { data "sshkey" "install" {
type = "ed25519"
name = "packer_key"
} }
// BLOCK: locals
// Defines local variables.
locals { locals {
ssh_public_key = data.sshkey.install.public_key ssh_public_key = data.sshkey.install.public_key
ssh_private_key_file = data.sshkey.install.private_key_path ssh_private_key_file = data.sshkey.install.private_key_path
build_tool = "HashiCorp Packer ${packer.version}" build_tool = "HashiCorp Packer ${packer.version}"
build_date = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp()) build_date = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
build_description = "Kubernetes Ubuntu 20.04 Node template\nBuild date: ${local.build_date}\nBuild tool: ${local.build_tool}" build_description = "Kubernetes Ubuntu 20.04 Node template\nBuild date: ${local.build_date}\nBuild tool: ${local.build_tool}"
shutdown_command = "sudo -S -E shutdown -P now"
iso_paths = ["[${var.common_iso_datastore}] ${var.iso_path}/${var.iso_file}"] iso_paths = ["[${var.common_iso_datastore}] ${var.iso_path}/${var.iso_file}"]
iso_checksum = "${var.iso_checksum_type}:${var.iso_checksum_value}" iso_checksum = "${var.iso_checksum_type}:${var.iso_checksum_value}"
data_source_content = { data_source_content = {
@ -39,7 +41,7 @@ locals {
"/user-data" = templatefile("data/user-data.pkrtpl.hcl", { "/user-data" = templatefile("data/user-data.pkrtpl.hcl", {
build_username = var.build_username build_username = var.build_username
build_password = bcrypt(var.build_password) build_password = bcrypt(var.build_password)
build_key = var.build_key ssh_keys = concat([local.ssh_public_key], var.ssh_keys)
vm_guest_os_language = var.vm_guest_os_language vm_guest_os_language = var.vm_guest_os_language
vm_guest_os_keyboard = var.vm_guest_os_keyboard vm_guest_os_keyboard = var.vm_guest_os_keyboard
vm_guest_os_timezone = var.vm_guest_os_timezone vm_guest_os_timezone = var.vm_guest_os_timezone
@ -52,7 +54,6 @@ locals {
// BLOCK: source // BLOCK: source
// Defines the builder configuration blocks. // Defines the builder configuration blocks.
source "vsphere-iso" "ubuntu-k8s" { source "vsphere-iso" "ubuntu-k8s" {
// vCenter Server Endpoint Settings and Credentials // vCenter Server Endpoint Settings and Credentials
@ -106,13 +107,12 @@ source "vsphere-iso" "ubuntu-k8s" {
boot_wait = var.vm_boot_wait boot_wait = var.vm_boot_wait
boot_command = var.vm_boot_command boot_command = var.vm_boot_command
ip_wait_timeout = var.common_ip_wait_timeout ip_wait_timeout = var.common_ip_wait_timeout
shutdown_command = local.shutdown_command shutdown_command = var.vm_shutdown_command
shutdown_timeout = var.common_shutdown_timeout shutdown_timeout = var.common_shutdown_timeout
// Communicator Settings and Credentials // Communicator Settings and Credentials
communicator = "ssh" communicator = "ssh"
ssh_username = var.build_username ssh_username = var.build_username
ssh_password = var.build_password
ssh_private_key_file = local.ssh_private_key_file ssh_private_key_file = local.ssh_private_key_file
ssh_clear_authorized_keys = var.build_remove_keys ssh_clear_authorized_keys = var.build_remove_keys
ssh_port = var.communicator_port ssh_port = var.communicator_port
@ -151,7 +151,6 @@ source "vsphere-iso" "ubuntu-k8s" {
// BLOCK: build // BLOCK: build
// Defines the builders to run, provisioners, and post-processors. // Defines the builders to run, provisioners, and post-processors.
build { build {
sources = [ sources = [
"source.vsphere-iso.ubuntu-k8s" "source.vsphere-iso.ubuntu-k8s"
@ -173,6 +172,7 @@ build {
provisioner "shell" { provisioner "shell" {
execute_command = "bash {{ .Path }}" execute_command = "bash {{ .Path }}"
expect_disconnect = true
scripts = var.pre_final_scripts scripts = var.pre_final_scripts
} }
} }

View file

@ -7,7 +7,6 @@
// Defines the input variables. // Defines the input variables.
// vSphere Credentials // vSphere Credentials
variable "vsphere_endpoint" { variable "vsphere_endpoint" {
type = string type = string
description = "The fully qualified domain name or IP address of the vCenter Server instance. ('vcenter.lab.local')" description = "The fully qualified domain name or IP address of the vCenter Server instance. ('vcenter.lab.local')"
@ -32,7 +31,6 @@ variable "vsphere_insecure_connection" {
} }
// vSphere Settings // vSphere Settings
variable "vsphere_datacenter" { variable "vsphere_datacenter" {
type = string type = string
description = "The name of the target vSphere datacenter. ('Lab Datacenter')" description = "The name of the target vSphere datacenter. ('Lab Datacenter')"
@ -59,7 +57,6 @@ variable "vsphere_folder" {
} }
// Virtual Machine Settings // Virtual Machine Settings
variable "vm_name" { variable "vm_name" {
type = string type = string
description = "Name of the new VM to create." description = "Name of the new VM to create."
@ -175,7 +172,6 @@ variable "common_remove_cdrom" {
} }
// Template and Content Library Settings // Template and Content Library Settings
variable "common_template_conversion" { variable "common_template_conversion" {
type = bool type = bool
description = "Convert the virtual machine to template. Must be 'false' for content library." description = "Convert the virtual machine to template. Must be 'false' for content library."
@ -207,7 +203,6 @@ variable "common_content_library_skip_export" {
} }
// Snapshot Settings // Snapshot Settings
variable "common_snapshot_creation" { variable "common_snapshot_creation" {
type = bool type = bool
description = "Create a snapshot for Linked Clones." description = "Create a snapshot for Linked Clones."
@ -221,7 +216,6 @@ variable "common_snapshot_name" {
} }
// OVF Export Settings // OVF Export Settings
variable "common_ovf_export_enabled" { variable "common_ovf_export_enabled" {
type = bool type = bool
description = "Enable OVF artifact export." description = "Enable OVF artifact export."
@ -240,7 +234,6 @@ variable "common_ovf_export_path" {
} }
// Removable Media Settings // Removable Media Settings
variable "common_iso_datastore" { variable "common_iso_datastore" {
type = string type = string
description = "The name of the source vSphere datastore for ISO images. ('datastore-iso-01')" description = "The name of the source vSphere datastore for ISO images. ('datastore-iso-01')"
@ -278,7 +271,6 @@ variable "cd_label" {
} }
// Boot Settings // Boot Settings
variable "vm_boot_order" { variable "vm_boot_order" {
type = string type = string
description = "The boot order for virtual machines devices. ('disk,cdrom')" description = "The boot order for virtual machines devices. ('disk,cdrom')"
@ -313,11 +305,9 @@ variable "common_shutdown_timeout" {
} }
// Communicator Settings and Credentials // Communicator Settings and Credentials
variable "build_username" { variable "build_username" {
type = string type = string
description = "The username to login to the guest operating system. ('admin')" description = "The username to login to the guest operating system. ('admin')"
sensitive = true
} }
variable "build_password" { variable "build_password" {
@ -333,10 +323,11 @@ variable "build_password_encrypted" {
default = null default = null
} }
variable "build_key" { variable "ssh_keys" {
type = string type = list(string)
description = "The public key to login to the guest operating system." description = "List of public keys to be added to ~/.ssh/authorized_keys."
sensitive = true sensitive = true
default = []
} }
variable "build_remove_keys" { variable "build_remove_keys" {
@ -346,7 +337,6 @@ variable "build_remove_keys" {
} }
// Communicator Settings // Communicator Settings
variable "communicator_port" { variable "communicator_port" {
type = string type = string
description = "The port for the communicator protocol." description = "The port for the communicator protocol."
@ -370,7 +360,6 @@ variable "communicator_ssl" {
} }
// Provisioner Settings // Provisioner Settings
variable "cloud_init_apt_packages" { variable "cloud_init_apt_packages" {
type = list(string) type = list(string)
description = "A list of apt packages to install during the subiquity cloud-init installer." description = "A list of apt packages to install during the subiquity cloud-init installer."
@ -396,7 +385,6 @@ variable "pre_final_scripts" {
} }
// Kubernetes Settings // Kubernetes Settings
variable "k8s_version" { variable "k8s_version" {
type = string type = string
description = "Kubernetes version to be installed. Latest stable is listed at https://dl.k8s.io/release/stable.txt" description = "Kubernetes version to be installed. Latest stable is listed at https://dl.k8s.io/release/stable.txt"