-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
start ssh early to prevent failing from number of handshakes
- Loading branch information
Showing
8 changed files
with
253 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,4 +1,4 @@ | ||
python 3.11.1 | ||
python 3.11.2 | ||
awscli 2.9.14 | ||
packer 1.8.5 | ||
gcloud 416.0.0 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
|
||
source "virtualbox-iso" "autogenerated_1" { | ||
boot_command = ["<esc><wait>", "install <wait>", " auto=true", " priority=critical", " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>", "<enter><wait>"] | ||
boot_wait = "10s" | ||
disk_size = "30480" | ||
guest_additions_path = "/home/vagrant/VBoxGuestAdditions.iso" | ||
guest_os_type = "Ubuntu_64" | ||
hard_drive_interface = "sata" | ||
hard_drive_nonrotational = "true" | ||
http_directory = "http" | ||
iso_checksum = "sha256:10f19c5b2b8d6db711582e0e27f5116296c34fe4b313ba45f9b201a5007056cb" | ||
iso_url = "https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso" | ||
output_directory = "output-virtualbox-iso-ubuntu22base" | ||
sata_port_count = "5" | ||
shutdown_command = "echo 'packer' | sudo -S shutdown -P now" | ||
ssh_agent_auth = true | ||
ssh_username = "pulsys" | ||
ssh_wait_timeout = "6000s" | ||
vboxmanage = [["modifyvm", "{{ .Name }}", "--memory", "8192"], ["modifyvm", "{{ .Name }}", "--cpus", "2"]] | ||
vm_name = "ubuntu22base" | ||
} | ||
|
||
build { | ||
sources = ["source.virtualbox-iso.autogenerated_1"] | ||
|
||
provisioner "ansible" { | ||
playbook_file = file("../ansible/site.yml") | ||
user = "pulsys" | ||
} | ||
|
||
post-processor "vagrant" { | ||
keep_input_artifact = false | ||
output = "pulimage" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
packer { | ||
required_plugins { | ||
virtualbox = { | ||
version = ">= 0.0.1" | ||
source = "github.com/hashicorp/virtualbox" | ||
} | ||
} | ||
} | ||
|
||
variable "os_username" { | ||
type = string | ||
default = "ansible" | ||
sensitive = true | ||
} | ||
|
||
variable "os_password" { | ||
type = string | ||
default = "ansible" | ||
sensitive = true | ||
} | ||
|
||
locals { | ||
hashed_os_password = bcrypt("${var.os_password}") | ||
} | ||
|
||
source "virtualbox-iso" "ubuntu-22-04-live-server" { | ||
boot_command = [ | ||
"c<wait>", | ||
"linux /casper/vmlinuz --- autoinstall ds=\"nocloud-net;seedfrom=http://{{.HTTPIP}}:{{.HTTPPort}}/\"", | ||
"<enter><wait>", | ||
"initrd /casper/initrd", | ||
"<enter><wait>", | ||
"boot", | ||
"<enter>" | ||
] | ||
boot_wait = "5s" | ||
guest_os_type = "ubuntu-64" | ||
http_content = { | ||
"/meta-data" = file("../subiquity/http/meta-data") | ||
"/user-data" = templatefile("../subiquity/http/user-data.yaml.pkrtpl.hcl", { | ||
"os_username": "${var.os_username}" | ||
"hashed_os_password": "${local.hashed_os_password}" | ||
}) | ||
} | ||
iso_url = "https://releases.ubuntu.com/22.04/ubuntu-22.04.1-live-server-amd64.iso" | ||
iso_checksum = "sha256:10f19c5b2b8d6db711582e0e27f5116296c34fe4b313ba45f9b201a5007056cb" | ||
memory = 8192 | ||
output_directory = "output/ubuntu-2204-live-server-ansible" | ||
shutdown_command = "sudo shutdown -P now" | ||
ssh_handshake_attempts = "20" | ||
ssh_pty = true | ||
ssh_timeout = "20m" | ||
ssh_username = "${var.os_username}" | ||
ssh_password = "${var.os_password}" | ||
} | ||
|
||
build { | ||
sources = ["sources.virtualbox-iso.ubuntu-22-04-live-server"] | ||
|
||
provisioner "ansible" { | ||
playbook_file = file("../ansible/site.yml") | ||
} | ||
|
||
post-processor "vagrant" { | ||
output = "output/ubuntu-2204-live-server-ansible.box" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
--- | ||
- hosts: all | ||
become: yes | ||
vars: | ||
mountDir: /vbox | ||
|
||
tasks: | ||
- name: create a temporary mount point for vbox guest additions | ||
file: | ||
path: "{{ mountDir }}" | ||
state: directory | ||
|
||
# as per `guest_additions_path` in Packer's configuration file | ||
- name: mount guest additions ISO read-only | ||
mount: | ||
path: "{{ mountDir }}" | ||
src: /home/vagrant/VBoxGuestAdditions.iso | ||
fstype: iso9660 | ||
opts: ro | ||
state: mounted | ||
|
||
# in case running kernel modules are detected using `failed_when` can prevent an error | ||
- name: execute guest additions script | ||
command: "{{ mountDir }}/VBoxLinuxAdditions.run" | ||
register: modules | ||
failed_when: | ||
- modules.rc != 0 | ||
- modules.rc != 2 | ||
|
||
- name: unmount guest additions ISO | ||
mount: | ||
path: "{{ mountDir }}" | ||
state: absent | ||
|
||
- name: remove the temporary mount point | ||
file: | ||
path: "{{ mountDir }}" | ||
state: absent | ||
|
||
- name: upgrade all packages | ||
apt: | ||
name: '*' | ||
state: latest |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,88 @@ | ||
#cloud-config | ||
autoinstall: | ||
version: 1 | ||
early-commands: | ||
# If we install the SSH server using the subiquity `ssh` configuration then port 22 gets opened up to packer _before_ | ||
# the requisite configuration has been done to allow Packer to SSH on to the guest O/S. This results in a failed build | ||
# as Packer exceeds its SSH permitted number of SSH handshake attempts. | ||
# | ||
# To ensure this doesn't happen we stop the SSH service until right at the end when we re-enable it | ||
# using a late-command. | ||
#- sudo iptables -I INPUT -p tcp --dport 22 -j DROP | ||
- sudo systemctl stop ssh | ||
locale: en_US | ||
refresh-installer: | ||
update: yes | ||
keyboard: | ||
layout: en | ||
#network: | ||
# network: | ||
# version: 2 | ||
# ethernets: | ||
# ens33: | ||
# dhcp4: true | ||
storage: | ||
layout: | ||
name: lvm | ||
ssh: | ||
allow-pw: true | ||
install-server: yes | ||
user-data: | ||
disable_root: false | ||
users: | ||
- | ||
name: ${os_username} | ||
passwd: ${hashed_os_password} | ||
groups: [ adm, cdrom, dip, plugdev, lxd, sudo ] | ||
lock-passwd: false | ||
sudo: ALL=(ALL) NOPASSWD:ALL | ||
shell: /bin/bash | ||
# write_files: | ||
# - path: /etc/ssh/sshd_config | ||
# content: | | ||
# Port 22 | ||
# Protocol 2 | ||
# HostKey /etc/ssh/ssh_host_rsa_key | ||
# HostKey /etc/ssh/ssh_host_dsa_key | ||
# HostKey /etc/ssh/ssh_host_ecdsa_key | ||
# HostKey /etc/ssh/ssh_host_ed25519_key | ||
# UsePrivilegeSeparation yes | ||
# KeyRegenerationInterval 3600 | ||
# ServerKeyBits 1024 | ||
# SyslogFacility AUTH | ||
# LogLevel INFO | ||
# LoginGraceTime 120 | ||
# PermitRootLogin yes | ||
# StrictModes no | ||
# RSAAuthentication yes | ||
# PubkeyAuthentication no | ||
# IgnoreRhosts yes | ||
# RhostsRSAAuthentication no | ||
# HostbasedAuthentication no | ||
# PermitEmptyPasswords no | ||
# ChallengeResponseAuthentication no | ||
# X11Forwarding yes | ||
# X11DisplayOffset 10 | ||
# PrintMotd no | ||
# PrintLastLog yes | ||
# TCPKeepAlive yes | ||
# AcceptEnv LANG LC_* | ||
# Subsystem sftp /usr/lib/openssh/sftp-server | ||
# UsePAM yes | ||
# AllowUsers pulsys | ||
packages: | ||
- apt-transport-https | ||
- sudo | ||
- openssh-server | ||
- wget | ||
- curl | ||
- python3 | ||
- python3-pip | ||
- open-vm-tools-dev | ||
late-commands: | ||
- sed -i -e 's/^#\?PasswordAuthentication.*/PasswordAuthentication yes/g' /target/etc/ssh/sshd_config | ||
29 - sed -i -e 's/^#\?PermitRootLogin.*/PermitRootLogin yes/g' /target/etc/ssh/sshd_config | ||
- echo 'pulsys ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/pulsys | ||
32 - curtin in-target --target=/target -- apt-get update | ||
33 - curtin in-target --target=/target -- apt-get upgrade --yes | ||
- sudo systemctl start ssh |