From 2c2770b4e1fc0f1d7bdcd88dec0955e569399b42 Mon Sep 17 00:00:00 2001 From: Sergei Bobkov Date: Fri, 20 Sep 2024 16:32:19 +0300 Subject: [PATCH] Finished packer scripts for Debian 12 --- packer/linux/README.md | 1 + packer/linux/build-debian-12-amd64.sh | 14 +-- packer/linux/debian-12-x64/conf.pkrvars.hcl | 2 +- .../linux/debian-12-x64/data/prep-script.sh | 29 +++++ packer/linux/debian-12-x64/data/preseed.cfg | 115 ++++++++++++++++++ .../linux/debian-12-x64/debian-12-x64.pkr.hcl | 22 +++- packer/linux/debian-12-x64/variables.pkr.hcl | 35 +++--- 7 files changed, 188 insertions(+), 30 deletions(-) create mode 100644 packer/linux/debian-12-x64/data/prep-script.sh create mode 100644 packer/linux/debian-12-x64/data/preseed.cfg diff --git a/packer/linux/README.md b/packer/linux/README.md index 76e767d..e6ff782 100644 --- a/packer/linux/README.md +++ b/packer/linux/README.md @@ -9,4 +9,5 @@ For secrets and cred vars create $HOME/.secret/.packer/vcsrv-creds.pkrvars.hcl `connection_password = "XXXXXXXX"`
+`ssh_private_key_file = "/root/.ssh/XXXXXXX_ansible"`

diff --git a/packer/linux/build-debian-12-amd64.sh b/packer/linux/build-debian-12-amd64.sh index f1f6eef..9a9a10c 100755 --- a/packer/linux/build-debian-12-amd64.sh +++ b/packer/linux/build-debian-12-amd64.sh @@ -1,18 +1,16 @@ #!/bin/bash -# => For logs: -#export PACKER_LOG_PATH=./build-debian-12-amd64.log -export PACKER_LOG=1 - - packer="/usr/bin/packer" +# => For logs: +#export PACKER_LOG_PATH=./build-debian-12-amd64.log +export PACKER_LOG=0 + creds_vars_file="$HOME/.secret/.packer/vcsrv-creds.pkrvars.hcl" -build_file="$HOME/packer/linux/debian" + $packer init $HOME/packer/linux/debian-12-x64/ - $packer build -force \ -var-file="$creds_vars_file" \ -var-file="$HOME/packer/linux/debian-12-x64/conf.pkrvars.hcl" \ -/root/packer/linux/debian-12-x64/ +$HOME/packer/linux/debian-12-x64/ diff --git a/packer/linux/debian-12-x64/conf.pkrvars.hcl b/packer/linux/debian-12-x64/conf.pkrvars.hcl index b54fcaa..7cf4053 100644 --- a/packer/linux/debian-12-x64/conf.pkrvars.hcl +++ b/packer/linux/debian-12-x64/conf.pkrvars.hcl @@ -17,5 +17,5 @@ iso_checksum = "none" os_iso_paths = "[Cluster01-LUN01] ISO/debian-12.7.0-amd64-netinst.iso" os_iso_url = "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.7.0-amd64-netinst.iso" -boot_command = "/install.amd/vmlinuz ipv6.disable=1 auto=true netcfg/dhcp_timeout=30 priority=critical locale=en_US preseed/url=http://aassdd.ru/.my-preseed/debian/preseed.cfg --- initrd=/install.amd/initrd.gz" +boot_command = "/install.amd/vmlinuz ipv6.disable=1 auto=true netcfg/dhcp_timeout=30 priority=critical locale=en_US preseed/url=http://aassdd.ru/.packer/debian/preseed.cfg --- initrd=/install.amd/initrd.gz" diff --git a/packer/linux/debian-12-x64/data/prep-script.sh b/packer/linux/debian-12-x64/data/prep-script.sh new file mode 100644 index 0000000..d8d6b46 --- /dev/null +++ b/packer/linux/debian-12-x64/data/prep-script.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +echo Resize root partition... +sudo parted /dev/sda resizepart 2 100% > /dev/null 2>&1 +sudo pvresize /dev/sda2 > /dev/null 2>&1 +sudo lvextend -y -f -l +100%FREE /dev/vg01/root > /dev/null 2>&1 +sudo resize2fs /dev/vg01/root > /dev/null 2>&1 + +echo Create rc.local file... +sudo echo "#!/bin/sh -e +# +# rc.local +# +# This script is executed at the end of each multiuser runlevel. +# Make sure that the script will exit 0 on success or any other +# value on error. +# +# In order to enable or disable this script just change the execution +# bits. +# +# By default this script does nothing. + + +exit 0 +" > /etc/rc.local +sudo chown root:root /etc/rc.local +sudo chmod 755 /etc/rc.local + +exit 0 diff --git a/packer/linux/debian-12-x64/data/preseed.cfg b/packer/linux/debian-12-x64/data/preseed.cfg new file mode 100644 index 0000000..dc5e04b --- /dev/null +++ b/packer/linux/debian-12-x64/data/preseed.cfg @@ -0,0 +1,115 @@ +# Language and Locale +d-i debian-installer/language string en +d-i debian-installer/country string RU +d-i debian-installer/locale string en_US.UTF-8 + +# Hostname +d-i netcfg/get_hostname string unassigned-hostname +d-i netcfg/get_domain string unassigned-domain + +# Keyboard +d-i keymap select us +d-i console-keymaps-at/keymap select us +d-i keyboard-configuration/xkb-keymap select us + +# Timezone / Time +d-i time/zone string Europe/Moscow +d-i clock-setup/utc boolean true + +# Package Configuration +d-i pkgsel/upgrade select full-upgrade +d-i apt-setup/services-select multiselect security, updates +#d-i mirror/country string TR +d-i mirror/country string manual +d-i mirror/http/hostname string 192.168.111.251 +d-i mirror/http/directory string /debian +d-i apt-setup/security_host string 192.168.111.251 + +d-i apt-setup/non-free-firmware boolean true +d-i apt-setup/non-free boolean true +d-i apt-setup/contrib boolean true + + +tasksel tasksel/first multiselect none +d-i pkgsel/include string openssh-server open-vm-tools perl-modules-* net-tools sudo parted +d-i pkgsel/install-language-support boolean false +popularity-contest popularity-contest/participate boolean false + + +# Partitioning +d-i partman/mount_style select uuid +d-i partman-auto/disk string /dev/sda +d-i partman-basicfilesystems/choose_label string gpt +d-i partman-basicfilesystems/default_label string gpt +d-i partman-partitioning/choose_label string gpt +d-i partman-partitioning/default_label string gpt +d-i partman/choose_label string gpt +d-i partman/default_label string gpt +d-i partman-auto/method string lvm +d-i partman-auto/purge_lvm_from_device boolean true +d-i partman-auto/choose_recipe select gpt-boot-lvm +d-i partman-auto-lvm/new_vg_name string vg01 +d-i partman-auto/expert_recipe string \ + gpt-boot-lvm :: \ + 1 1 1 free \ + $bios_boot{ } \ + method{ biosgrub } \ + . \ + 537 537 537 linux-swap \ + $defaultignore{ } \ + $lvmok{ } \ + lv_name{ swap } \ + method{ swap } \ + format{ } \ + . \ + 2600 2600 -1 ext4 \ + $defaultignore{ } \ + $lvmok{ } \ + lv_name{ root } \ + method{ format } \ + format{ } \ + use_filesystem{ } \ + filesystem{ ext4 } \ + mountpoint{ / } \ + . +d-i partman-auto-lvm/no_boot boolean true +d-i partman/confirm boolean true +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-lvm/confirm boolean true +d-i partman/choose_partition select Finish partitioning and write changes to disk +d-i partman/confirm_nooverwrite boolean true +d-i partman/mount_style select uuid + +# mkpasswd -s -m sha-512 +# +d-i passwd/root-login boolean true +d-i passwd/root-password-crypted password $6$Lij5f1fxeWVCjFbJ$GiWa3/zslkXwE4OfHeQrx/AlDPqhZR9pxSMxAvEZX8twF8ti7L6KM8wQWARzH.nQ99/BEmrjfDM/hwuczDJxY1 +# Create [ ansb-srv-it ] user account. +d-i passwd/make-user boolean true +d-i passwd/user-fullname string ansb-srv-it +d-i passwd/username string ansb-srv-it +d-i passwd/user-password-crypted password $6$Lij5f1fxeWVCjFbJ$GiWa3/zslkXwE4OfHeQrx/AlDPqhZR9pxSMxAvEZX8twF8ti7L6KM8wQWARzH.nQ99/BEmrjfDM/hwuczDJxY1 + +d-i user-setup/allow-password-weak boolean true +d-i user-setup/encrypt-home boolean false + +d-i grub-installer/bootdev string /dev/sda + +d-i debian-installer/splash boolean false + +d-i finish-install/reboot_in_progress note +d-i preseed/late_command string in-target /bin/sh -c '/bin/echo "send dhcp-client-identifier = hardware;" >> /etc/dhcp/dhclient.conf'; \ +in-target mkdir -p /home/ansb-srv-it/.ssh; \ +in-target /bin/sh -c "echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC21HOAhC6o25M1oKxKsZxIoxUUeIpb4oqtAdPRNGU4PhJL1g1Cnro+YeF36YnvTKHRzDxS211y/zZBkt7BxOM7qj6dTQSH23jRwGLyfcYv7VyrK1YoxUAXumOJYnhfjVhXoznKnY9++GO9a/1gxQCzjGFMoxAQxFiBMbR/3Ic92ix2SM5aftXl1Mvu3mv45iZimyVIOH5cXdC0XtDSC7EEsdp1Ex6H/GfYabS+cJ55Uyct3orVBSf1LYFLaBNpIx7evXe+bXl81pvW8k/JhYTizoYNEA9rCi+1zaLQMb5LviHM3QqiYjkJbdt2Bd6TVmAfXrJKkj5XXnaMcDqXg8VUKqBenWOSugwagjYYjPRN/pyOeucL+pW1+iv8rAsVxn/0/eliNMn4rExN+Bj6kOmmdrsfqfierffW4DGDJtZlZhfXeZTX8XhdwMt7QUsUdK/Mr14uaEGjhWywX7uqSTnySV1mG4f6vJOyJksZKNSDzK8zH4k3u3onBFbut6NRG+cW4DaScmDbxAkUyurpesPlQkZzcKit6LLscJWZqCrd09zUvHuktnLuhlcicPQPD0B3VhbqVjTvjTDqZX8ZdxrHaRFwfKtv+gqo5Xb2ziS9MxsslxrSe9Ss4w4XkfbZ3BMnyfJWgxHuuyp4Y9gVRE4pFmsoR3v1zpTTHzMGKJKXWw== root@ansible' >> /home/ansb-srv-it/.ssh/authorized_keys"; \ +in-target chown -R ansb-srv-it:ansb-srv-it /home/ansb-srv-it; \ +in-target chmod 700 /home/ansb-srv-it; \ +in-target chmod 600 /home/ansb-srv-it/.ssh/authorized_keys; \ +in-target chmod 700 /home/ansb-srv-it/.ssh; \ +in-target usermod -aG sudo ansb-srv-it; \ +in-target usermod -p '*' ansb-srv-it; \ +in-target usermod -p '*' root; \ +in-target /bin/sh -c "echo 'ansb-srv-it ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers.d/ansb-srv-it"; \ +in-target chmod 440 /etc/sudoers.d/ansb-srv-it; \ +in-target echo diff --git a/packer/linux/debian-12-x64/debian-12-x64.pkr.hcl b/packer/linux/debian-12-x64/debian-12-x64.pkr.hcl index 8c6a733..5e975d1 100644 --- a/packer/linux/debian-12-x64/debian-12-x64.pkr.hcl +++ b/packer/linux/debian-12-x64/debian-12-x64.pkr.hcl @@ -50,19 +50,20 @@ source "vsphere-iso" "debian-12" { } // **************** ssh_username = var.connection_username - ssh_password = var.connection_password +//ssh_password = var.connection_password + ssh_private_key_file = var.connection_ssh_private_key_file ssh_port = "22" - ip_wait_timeout = "15m" + ip_wait_timeout = "25m" ssh_timeout = "10m" ssh_handshake_attempts = "20" - shutdown_timeout = "15m" + shutdown_timeout = "10m" // **************** iso_checksum = var.iso_checksum // iso_url = var.os_iso_url iso_paths = [var.os_iso_paths] // **************** - boot_wait = "5s" + boot_wait = "8s" boot_command = [var.boot_command] } @@ -70,4 +71,17 @@ source "vsphere-iso" "debian-12" { build { name = "template" sources = ["source.vsphere-iso.debian-12"] + + provisioner "file" { + destination = "/tmp/prep-script.sh" + source = "${path.root}data/prep-script.sh" + } + + provisioner "shell" { + inline = [ + "sudo chmod 755 /tmp/prep-script.sh", + "sudo /tmp/prep-script.sh", + ] + } + } diff --git a/packer/linux/debian-12-x64/variables.pkr.hcl b/packer/linux/debian-12-x64/variables.pkr.hcl index 9ae3697..12b8fae 100644 --- a/packer/linux/debian-12-x64/variables.pkr.hcl +++ b/packer/linux/debian-12-x64/variables.pkr.hcl @@ -43,22 +43,23 @@ variable "vcenter_folder" { } // ************************************ -variable "vm_name" { default = "" } -variable "vm_num_cpu" { default = "" } -variable "vm_ram" { default = "" } -variable "vm_hardware_version" { default = "" } -variable "vm_guest_os_type" { default = "" } -variable "vm_disk_size" { default = "" } -variable "vm_network" { default = "" } -variable "vm_network_nic_type" { default = "" } -variable "os_version" { default = "" } -variable "os_family" { default = "" } -variable "os_iso_url" { default = "" } +variable "vm_name" { default = "" } +variable "vm_num_cpu" { default = "" } +variable "vm_ram" { default = "" } +variable "vm_hardware_version" { default = "" } +variable "vm_guest_os_type" { default = "" } +variable "vm_disk_size" { default = "" } +variable "vm_network" { default = "" } +variable "vm_network_nic_type" { default = "" } +variable "os_version" { default = "" } +variable "os_family" { default = "" } +variable "os_iso_url" { default = "" } // ************************************ -variable "connection_username" { default = "" } -variable "connection_password" { default = "" } +variable "connection_username" { default = "" } +variable "connection_password" { default = "" } +variable "connection_ssh_private_key_file" { default = "" } // ************************************ -variable "iso_checksum" { default = "" } -variable "os_iso_paths" { default = "" } -variable "iso_url" { default = "" } -variable "boot_command" { default = "" } +variable "iso_checksum" { default = "" } +variable "os_iso_paths" { default = "" } +variable "iso_url" { default = "" } +variable "boot_command" { default = "" }