-
Notifications
You must be signed in to change notification settings - Fork 8
/
packer-build.sh
executable file
·76 lines (59 loc) · 1.86 KB
/
packer-build.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#!/bin/bash
set -ex
# prepare to build
IMAGE_DIR=$(echo "$1" | sed 's#packer/##g')
DIR_TO_FILENAME=$(echo "$1" | sed 's#packer/##g' | tr '/' '-')
NEW_IMAGE="output-qemu/ibmcloud-$DIR_TO_FILENAME-amd64-100G.qcow2"
ENCRYPTED_IMAGE="output-qemu/ibmcloud-encrypted-$DIR_TO_FILENAME-amd64-100G.qcow2"
# change directory
mkdir -p img/$DIR_TO_FILENAME
cp -r $1/* img/$DIR_TO_FILENAME
cd img/$DIR_TO_FILENAME
if [ -n "$2" ]; then
SECRET="$2"
else
SECRET="JustMySimpleSecret"
fi
# prepare ssh keys
if [[ -f "~/.ssh/id_rsa.pub" ]]; then
export PACKER_PUBLIC_KEY=~/.ssh/id_rsa.pub
export PACKER_PRIVATE_KEY=~/.ssh/id_rsa
else
mkdir -p ./ssh
chmod 0700 ./ssh
ssh-keygen -q -t rsa -b 4096 -C "[email protected]" -N '' -f ./ssh/id_rsa <<< y
export PACKER_PUBLIC_KEY=./ssh/id_rsa.pub
export PACKER_PRIVATE_KEY=./ssh/id_rsa
fi
# prepare public key image
public_key=$(cat ${PACKER_PUBLIC_KEY})
cat <<EOF > user-data
#cloud-config
ssh_authorized_keys:
- "${public_key}"
EOF
cloud-localds disk-ssh-pub.img user-data
# ansible-galaxy install
ansible-galaxy install geerlingguy.docker
# build the images
rm -rf output-qemu
PACKER_LOG=0 packer build packer.json
qemu-img resize output-qemu/packer.qcow2 100G
qemu-img convert -f qcow2 -O qcow2 output-qemu/packer.qcow2 ${NEW_IMAGE}
qemu-img info ${NEW_IMAGE}
rm output-qemu/packer.qcow2
# create an example encrypted image
BASE64_ENCODED_SECRET=$(echo -n $SECRET | base64)
qemu-img convert -O qcow2 \
--object secret,id=sec0,format=base64,data=${BASE64_ENCODED_SECRET} \
-o encrypt.format=luks,encrypt.key-secret=sec0 \
${NEW_IMAGE} ${ENCRYPTED_IMAGE}
qemu-img compare \
--object secret,id=sec0,format=base64,data=${BASE64_ENCODED_SECRET} \
--image-opts \
driver=qcow2,file.filename=${NEW_IMAGE} \
driver=qcow2,encrypt.key-secret=sec0,file.filename=${ENCRYPTED_IMAGE}
# upload to COS
#TBD
# import as custom images
#TBD