mirror of
https://github.com/jbowdre/vsphere-k8s.git
synced 2024-11-21 23:52:18 +00:00
script cleanup, shift to using dynamically-generated SSH keys for Packer
This commit is contained in:
parent
0a699fb499
commit
340cb8e895
6 changed files with 25 additions and 36 deletions
|
@ -183,7 +183,9 @@ autoinstall:
|
||||||
lock-passwd: false
|
lock-passwd: false
|
||||||
sudo: ALL=(ALL) NOPASSWD:ALL
|
sudo: ALL=(ALL) NOPASSWD:ALL
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
%{ if length( build_key ) > 0 ~}
|
%{ if length( ssh_keys ) > 0 ~}
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
- ${ build_key }
|
%{ for ssh_key in ssh_keys ~}
|
||||||
|
- ${ ssh_key }
|
||||||
|
%{ endfor ~}
|
||||||
%{ endif ~}
|
%{ endif ~}
|
||||||
|
|
|
@ -1,7 +0,0 @@
|
||||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
||||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
|
||||||
QyNTUxOQAAACDqS76cYpT46QmoQEMbOEUIL/i2+cTm1C17cBKIphAaQAAAAJC/ririv64q
|
|
||||||
4gAAAAtzc2gtZWQyNTUxOQAAACDqS76cYpT46QmoQEMbOEUIL/i2+cTm1C17cBKIphAaQA
|
|
||||||
AAAECBctr1BYu+QL8D8IFHQ8uN/Us4X9xkj9HYf1hQjqrXCupLvpxilPjpCahAQxs4RQgv
|
|
||||||
+Lb5xObULXtwEoimEBpAAAAADGpvaG5AcGVuZ3VpbgE=
|
|
||||||
-----END OPENSSH PRIVATE KEY-----
|
|
|
@ -30,6 +30,9 @@ sudo rm -rf /var/tmp/*
|
||||||
echo '>> Clearing host keys...'
|
echo '>> Clearing host keys...'
|
||||||
sudo rm -f /etc/ssh/ssh_host_*
|
sudo rm -f /etc/ssh/ssh_host_*
|
||||||
|
|
||||||
|
echo '>> Removing Packer SSH key...'
|
||||||
|
sed -i '/packer_key/d' ~/.ssh/authorized_keys
|
||||||
|
|
||||||
echo '>> Clearing machine-id...'
|
echo '>> Clearing machine-id...'
|
||||||
sudo truncate -s 0 /etc/machine-id
|
sudo truncate -s 0 /etc/machine-id
|
||||||
if [ -f /var/lib/dbus/machine-id ]; then
|
if [ -f /var/lib/dbus/machine-id ]; then
|
||||||
|
|
|
@ -77,10 +77,13 @@ communicator_port = 22
|
||||||
communicator_timeout = "20m"
|
communicator_timeout = "20m"
|
||||||
common_ip_wait_timeout = "20m"
|
common_ip_wait_timeout = "20m"
|
||||||
common_shutdown_timeout = "15m"
|
common_shutdown_timeout = "15m"
|
||||||
build_remove_keys = false
|
vm_shutdown_command = "sudo /usr/sbin/shutdown -P now"
|
||||||
|
build_remove_keys = true
|
||||||
build_username = "admin"
|
build_username = "admin"
|
||||||
build_password = "VMware1!"
|
build_password = "VMware1!"
|
||||||
build_key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpLvpxilPjpCahAQxs4RQgv+Lb5xObULXtwEoimEBpA builder"
|
ssh_keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOpLvpxilPjpCahAQxs4RQgv+Lb5xObULXtwEoimEBpA builder"
|
||||||
|
]
|
||||||
|
|
||||||
// Provisioner Settings
|
// Provisioner Settings
|
||||||
post_install_scripts = [
|
post_install_scripts = [
|
||||||
|
|
|
@ -5,7 +5,6 @@
|
||||||
|
|
||||||
// BLOCK: packer
|
// BLOCK: packer
|
||||||
// The Packer configuration.
|
// The Packer configuration.
|
||||||
|
|
||||||
packer {
|
packer {
|
||||||
required_version = ">= 1.8.2"
|
required_version = ">= 1.8.2"
|
||||||
required_plugins {
|
required_plugins {
|
||||||
|
@ -20,18 +19,21 @@ packer {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// BLOCK: locals
|
// BLOCK: data
|
||||||
// Defines the local variables.
|
// Defines data sources.
|
||||||
data "sshkey" "install" {
|
data "sshkey" "install" {
|
||||||
|
type = "ed25519"
|
||||||
|
name = "packer_key"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// BLOCK: locals
|
||||||
|
// Defines local variables.
|
||||||
locals {
|
locals {
|
||||||
ssh_public_key = data.sshkey.install.public_key
|
ssh_public_key = data.sshkey.install.public_key
|
||||||
ssh_private_key_file = data.sshkey.install.private_key_path
|
ssh_private_key_file = data.sshkey.install.private_key_path
|
||||||
build_tool = "HashiCorp Packer ${packer.version}"
|
build_tool = "HashiCorp Packer ${packer.version}"
|
||||||
build_date = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
|
build_date = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
|
||||||
build_description = "Kubernetes Ubuntu 20.04 Node template\nBuild date: ${local.build_date}\nBuild tool: ${local.build_tool}"
|
build_description = "Kubernetes Ubuntu 20.04 Node template\nBuild date: ${local.build_date}\nBuild tool: ${local.build_tool}"
|
||||||
shutdown_command = "sudo -S -E shutdown -P now"
|
|
||||||
iso_paths = ["[${var.common_iso_datastore}] ${var.iso_path}/${var.iso_file}"]
|
iso_paths = ["[${var.common_iso_datastore}] ${var.iso_path}/${var.iso_file}"]
|
||||||
iso_checksum = "${var.iso_checksum_type}:${var.iso_checksum_value}"
|
iso_checksum = "${var.iso_checksum_type}:${var.iso_checksum_value}"
|
||||||
data_source_content = {
|
data_source_content = {
|
||||||
|
@ -39,7 +41,7 @@ locals {
|
||||||
"/user-data" = templatefile("data/user-data.pkrtpl.hcl", {
|
"/user-data" = templatefile("data/user-data.pkrtpl.hcl", {
|
||||||
build_username = var.build_username
|
build_username = var.build_username
|
||||||
build_password = bcrypt(var.build_password)
|
build_password = bcrypt(var.build_password)
|
||||||
build_key = var.build_key
|
ssh_keys = concat([local.ssh_public_key], var.ssh_keys)
|
||||||
vm_guest_os_language = var.vm_guest_os_language
|
vm_guest_os_language = var.vm_guest_os_language
|
||||||
vm_guest_os_keyboard = var.vm_guest_os_keyboard
|
vm_guest_os_keyboard = var.vm_guest_os_keyboard
|
||||||
vm_guest_os_timezone = var.vm_guest_os_timezone
|
vm_guest_os_timezone = var.vm_guest_os_timezone
|
||||||
|
@ -52,7 +54,6 @@ locals {
|
||||||
|
|
||||||
// BLOCK: source
|
// BLOCK: source
|
||||||
// Defines the builder configuration blocks.
|
// Defines the builder configuration blocks.
|
||||||
|
|
||||||
source "vsphere-iso" "ubuntu-k8s" {
|
source "vsphere-iso" "ubuntu-k8s" {
|
||||||
|
|
||||||
// vCenter Server Endpoint Settings and Credentials
|
// vCenter Server Endpoint Settings and Credentials
|
||||||
|
@ -106,13 +107,12 @@ source "vsphere-iso" "ubuntu-k8s" {
|
||||||
boot_wait = var.vm_boot_wait
|
boot_wait = var.vm_boot_wait
|
||||||
boot_command = var.vm_boot_command
|
boot_command = var.vm_boot_command
|
||||||
ip_wait_timeout = var.common_ip_wait_timeout
|
ip_wait_timeout = var.common_ip_wait_timeout
|
||||||
shutdown_command = local.shutdown_command
|
shutdown_command = var.vm_shutdown_command
|
||||||
shutdown_timeout = var.common_shutdown_timeout
|
shutdown_timeout = var.common_shutdown_timeout
|
||||||
|
|
||||||
// Communicator Settings and Credentials
|
// Communicator Settings and Credentials
|
||||||
communicator = "ssh"
|
communicator = "ssh"
|
||||||
ssh_username = var.build_username
|
ssh_username = var.build_username
|
||||||
ssh_password = var.build_password
|
|
||||||
ssh_private_key_file = local.ssh_private_key_file
|
ssh_private_key_file = local.ssh_private_key_file
|
||||||
ssh_clear_authorized_keys = var.build_remove_keys
|
ssh_clear_authorized_keys = var.build_remove_keys
|
||||||
ssh_port = var.communicator_port
|
ssh_port = var.communicator_port
|
||||||
|
@ -151,7 +151,6 @@ source "vsphere-iso" "ubuntu-k8s" {
|
||||||
|
|
||||||
// BLOCK: build
|
// BLOCK: build
|
||||||
// Defines the builders to run, provisioners, and post-processors.
|
// Defines the builders to run, provisioners, and post-processors.
|
||||||
|
|
||||||
build {
|
build {
|
||||||
sources = [
|
sources = [
|
||||||
"source.vsphere-iso.ubuntu-k8s"
|
"source.vsphere-iso.ubuntu-k8s"
|
||||||
|
@ -173,6 +172,7 @@ build {
|
||||||
|
|
||||||
provisioner "shell" {
|
provisioner "shell" {
|
||||||
execute_command = "bash {{ .Path }}"
|
execute_command = "bash {{ .Path }}"
|
||||||
|
expect_disconnect = true
|
||||||
scripts = var.pre_final_scripts
|
scripts = var.pre_final_scripts
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -7,7 +7,6 @@
|
||||||
// Defines the input variables.
|
// Defines the input variables.
|
||||||
|
|
||||||
// vSphere Credentials
|
// vSphere Credentials
|
||||||
|
|
||||||
variable "vsphere_endpoint" {
|
variable "vsphere_endpoint" {
|
||||||
type = string
|
type = string
|
||||||
description = "The fully qualified domain name or IP address of the vCenter Server instance. ('vcenter.lab.local')"
|
description = "The fully qualified domain name or IP address of the vCenter Server instance. ('vcenter.lab.local')"
|
||||||
|
@ -32,7 +31,6 @@ variable "vsphere_insecure_connection" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// vSphere Settings
|
// vSphere Settings
|
||||||
|
|
||||||
variable "vsphere_datacenter" {
|
variable "vsphere_datacenter" {
|
||||||
type = string
|
type = string
|
||||||
description = "The name of the target vSphere datacenter. ('Lab Datacenter')"
|
description = "The name of the target vSphere datacenter. ('Lab Datacenter')"
|
||||||
|
@ -59,7 +57,6 @@ variable "vsphere_folder" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Virtual Machine Settings
|
// Virtual Machine Settings
|
||||||
|
|
||||||
variable "vm_name" {
|
variable "vm_name" {
|
||||||
type = string
|
type = string
|
||||||
description = "Name of the new VM to create."
|
description = "Name of the new VM to create."
|
||||||
|
@ -175,7 +172,6 @@ variable "common_remove_cdrom" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Template and Content Library Settings
|
// Template and Content Library Settings
|
||||||
|
|
||||||
variable "common_template_conversion" {
|
variable "common_template_conversion" {
|
||||||
type = bool
|
type = bool
|
||||||
description = "Convert the virtual machine to template. Must be 'false' for content library."
|
description = "Convert the virtual machine to template. Must be 'false' for content library."
|
||||||
|
@ -207,7 +203,6 @@ variable "common_content_library_skip_export" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Snapshot Settings
|
// Snapshot Settings
|
||||||
|
|
||||||
variable "common_snapshot_creation" {
|
variable "common_snapshot_creation" {
|
||||||
type = bool
|
type = bool
|
||||||
description = "Create a snapshot for Linked Clones."
|
description = "Create a snapshot for Linked Clones."
|
||||||
|
@ -221,7 +216,6 @@ variable "common_snapshot_name" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// OVF Export Settings
|
// OVF Export Settings
|
||||||
|
|
||||||
variable "common_ovf_export_enabled" {
|
variable "common_ovf_export_enabled" {
|
||||||
type = bool
|
type = bool
|
||||||
description = "Enable OVF artifact export."
|
description = "Enable OVF artifact export."
|
||||||
|
@ -240,7 +234,6 @@ variable "common_ovf_export_path" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Removable Media Settings
|
// Removable Media Settings
|
||||||
|
|
||||||
variable "common_iso_datastore" {
|
variable "common_iso_datastore" {
|
||||||
type = string
|
type = string
|
||||||
description = "The name of the source vSphere datastore for ISO images. ('datastore-iso-01')"
|
description = "The name of the source vSphere datastore for ISO images. ('datastore-iso-01')"
|
||||||
|
@ -278,7 +271,6 @@ variable "cd_label" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Boot Settings
|
// Boot Settings
|
||||||
|
|
||||||
variable "vm_boot_order" {
|
variable "vm_boot_order" {
|
||||||
type = string
|
type = string
|
||||||
description = "The boot order for virtual machines devices. ('disk,cdrom')"
|
description = "The boot order for virtual machines devices. ('disk,cdrom')"
|
||||||
|
@ -313,11 +305,9 @@ variable "common_shutdown_timeout" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Communicator Settings and Credentials
|
// Communicator Settings and Credentials
|
||||||
|
|
||||||
variable "build_username" {
|
variable "build_username" {
|
||||||
type = string
|
type = string
|
||||||
description = "The username to login to the guest operating system. ('admin')"
|
description = "The username to login to the guest operating system. ('admin')"
|
||||||
sensitive = true
|
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "build_password" {
|
variable "build_password" {
|
||||||
|
@ -333,10 +323,11 @@ variable "build_password_encrypted" {
|
||||||
default = null
|
default = null
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "build_key" {
|
variable "ssh_keys" {
|
||||||
type = string
|
type = list(string)
|
||||||
description = "The public key to login to the guest operating system."
|
description = "List of public keys to be added to ~/.ssh/authorized_keys."
|
||||||
sensitive = true
|
sensitive = true
|
||||||
|
default = []
|
||||||
}
|
}
|
||||||
|
|
||||||
variable "build_remove_keys" {
|
variable "build_remove_keys" {
|
||||||
|
@ -346,7 +337,6 @@ variable "build_remove_keys" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Communicator Settings
|
// Communicator Settings
|
||||||
|
|
||||||
variable "communicator_port" {
|
variable "communicator_port" {
|
||||||
type = string
|
type = string
|
||||||
description = "The port for the communicator protocol."
|
description = "The port for the communicator protocol."
|
||||||
|
@ -370,7 +360,6 @@ variable "communicator_ssl" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Provisioner Settings
|
// Provisioner Settings
|
||||||
|
|
||||||
variable "cloud_init_apt_packages" {
|
variable "cloud_init_apt_packages" {
|
||||||
type = list(string)
|
type = list(string)
|
||||||
description = "A list of apt packages to install during the subiquity cloud-init installer."
|
description = "A list of apt packages to install during the subiquity cloud-init installer."
|
||||||
|
@ -396,7 +385,6 @@ variable "pre_final_scripts" {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Kubernetes Settings
|
// Kubernetes Settings
|
||||||
|
|
||||||
variable "k8s_version" {
|
variable "k8s_version" {
|
||||||
type = string
|
type = string
|
||||||
description = "Kubernetes version to be installed. Latest stable is listed at https://dl.k8s.io/release/stable.txt"
|
description = "Kubernetes version to be installed. Latest stable is listed at https://dl.k8s.io/release/stable.txt"
|
||||||
|
|
Loading…
Reference in a new issue