packer vsphere example for Photon 4 (#157)

Signed-off-by: Gary Bright <[email protected]>
Co-authored-by: Gary <[email protected]>

.gitignore

@@ -10,4 +10,6 @@ docs-rendered/*
 packer-plugin-mondoo
 packer-plugin-cnspec
 .docs
-centos-7-x86_64.vsphere.local.json
+centos-7-x86_64.vsphere.local.json
+examples/*/*/manifests/*
+examples/*/*/artifacts/*

examples/packer-vsphere/photon4/README.md

@@ -0,0 +1,27 @@
+# Photon OS 4
+
+This example builds Photon OS 4 with vSphere.
+
+Edit the `variables.pkrvars.hcl` file to configure the credentials for the default account on machine images.
+
+```hcl title="variables.pkrvars.hcl"
+build_username           = "example"
+build_password           = "<plaintext_password>"
+build_password_encrypted = "<sha512_encrypted_password>"
+build_key                = "<public_key>"
+```
+
+Run the following command to generate a SHA-512 encrypted password for the `build_password_encrypted` using mkpasswd.
+
+```shell
+docker run -it --rm alpine:latest
+mkpasswd -m sha512
+```
+
+Then run packer build:
+
+```
+packer build -force -var-file variables.pkrvars.hcl .
+```
+
+Kudos: This example is based on [packer-examples-for-vsphere](https://github.com/vmware-samples/packer-examples-for-vsphere/tree/main/builds/linux/photon/5)

examples/packer-vsphere/photon4/data/ks.pkrtpl.hcl

@@ -0,0 +1,40 @@
+{
+    "hostname": "photon",
+    "password":
+        {
+            "crypted": true,
+            "text": "${build_password_encrypted}"
+        },
+    "disk": "/dev/sda",
+    "partitions": [
+        {"mountpoint": "/", "size": 0, "filesystem": "ext4"},
+        {"mountpoint": "/boot", "size": 128, "filesystem": "ext4"},
+        {"mountpoint": "/root", "size": 128, "filesystem": "ext4"},
+        {"size": 128, "filesystem": "swap"}
+    ],
+    "bootmode": "efi",
+    "packages": [
+        "minimal",
+        "linux",
+        "initramfs",
+        "sudo",
+        "vim",
+        "cloud-utils"
+    ],
+    "postinstall": [
+        "#!/bin/sh",
+        "useradd -m -p '${build_password_encrypted}' -s /bin/bash ${build_username}",
+        "usermod -aG sudo ${build_username}",
+        "echo \"${build_username} ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers.d/${build_username}",
+        "chage -I -1 -m 0 -M 99999 -E -1 root",
+        "chage -I -1 -m 0 -M 99999 -E -1 ${build_username}",
+        "systemctl restart iptables",
+        "sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config",
+        "sed -i 's/.*MaxAuthTries.*/MaxAuthTries 10/g' /etc/ssh/sshd_config",
+        "systemctl restart sshd.service"
+    ],
+    "linux_flavor": "linux",
+    "network": {
+        "type": "dhcp"
+    }
+}

examples/packer-vsphere/photon4/photon.auto.pkrvars.hcl

@@ -0,0 +1,45 @@
+# Copyright 2023 Broadcom. All rights reserved.
+# SPDX-License-Identifier: BSD-2
+
+/*
+    DESCRIPTION:
+    VMware Photon OS 5 build variables.
+    Packer Plugin for VMware vSphere: 'vsphere-iso' builder.
+*/
+
+// Guest Operating Systtem Metadata
+vm_guest_os_family  = "linux"
+vm_guest_os_name    = "photon"
+vm_guest_os_version = "5.0"
+
+// Virtual Machine Guest Operating Systtem Setting
+vm_guest_os_type = "vmwarePhoton64Guest"
+
+// Virtual Machine Hardware Settings
+vm_firmware              = "efi-secure"
+vm_cdrom_type            = "sata"
+vm_cpu_count             = 2
+vm_cpu_cores             = 1
+vm_cpu_hot_add           = false
+vm_mem_size              = 2048
+vm_mem_hot_add           = false
+vm_disk_size             = 40960
+vm_disk_controller_type  = ["pvscsi"]
+vm_disk_thin_provisioned = true
+vm_network_card          = "vmxnet3"
+
+// Removable Media Settings
+// see https://github.com/vmware/photon/wiki/Downloading-Photon-OS
+iso_path           = "packer_cache/"
+iso_file           = "photon-4.0-c001795b8.iso"
+iso_url            = "https://packages.vmware.com/photon/4.0/Rev2/iso/photon-4.0-c001795b8.iso"
+iso_checksum_type  = "md5"
+iso_checksum_value = "5af288017d0d1198dd6bd02ad40120eb"
+
+// Boot Settings
+vm_boot_order = "disk,cdrom"
+vm_boot_wait  = "2s"
+
+// Communicator Settings
+communicator_port    = 22
+communicator_timeout = "30m"

examples/packer-vsphere/photon4/photon.pkr.hcl

@@ -0,0 +1,212 @@
+# Copyright 2023 Broadcom. All rights reserved.
+# SPDX-License-Identifier: BSD-2
+
+/*
+    DESCRIPTION:
+    VMware Photon OS 5 build definition.
+    Packer Plugin for VMware vSphere: 'vsphere-iso' builder.
+*/
+
+//  BLOCK: packer
+//  The Packer configuration.
+
+packer {
+  required_version = ">= 1.9.4"
+  required_plugins {
+    vsphere = {
+      source  = "github.com/hashicorp/vsphere"
+      version = ">= 1.2.1"
+    }
+    ansible = {
+      source  = "github.com/hashicorp/ansible"
+      version = ">= 1.1.0"
+    }
+    git = {
+      source  = "github.com/ethanmdavidson/git"
+      version = ">= 0.4.3"
+    }
+  }
+}
+
+//  BLOCK: data
+//  Defines the data sources.
+
+data "git-repository" "cwd" {}
+
+//  BLOCK: locals
+//  Defines the local variables.
+
+locals {
+  build_by          = "Built by: HashiCorp Packer ${packer.version}"
+  build_date        = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp())
+  build_version     = data.git-repository.cwd.head
+  build_description = "Version: ${local.build_version}\nBuilt on: ${local.build_date}\n${local.build_by}"
+  iso_paths         = ["[${var.common_iso_datastore}] ${var.iso_path}/${var.iso_file}"]
+  iso_checksum      = "${var.iso_checksum_type}:${var.iso_checksum_value}"
+  manifest_date     = formatdate("YYYY-MM-DD'T'hhmmss'Z'", timestamp())
+  manifest_path     = "${path.cwd}/manifests/"
+  manifest_output   = "${local.manifest_path}${local.manifest_date}.json"
+  ovf_export_path   = "${path.cwd}/artifacts/${local.vm_name}"
+  data_source_content = {
+    "/ks.json" = templatefile("${abspath(path.root)}/data/ks.pkrtpl.hcl", {
+      build_username           = var.build_username
+      build_password           = var.build_password
+      build_password_encrypted = var.build_password_encrypted
+    })
+  }
+  data_source_command = var.common_data_source == "http" ? "ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.json" : "ks=/dev/sr2:/ks.json"
+  vm_name             = "${var.vm_name}"
+  bucket_name         = replace("${var.vm_guest_os_family}-${var.vm_guest_os_name}-${var.vm_guest_os_version}", ".", "")
+  bucket_description  = "${var.vm_guest_os_family} ${var.vm_guest_os_name} ${var.vm_guest_os_version}"
+}
+
+//  BLOCK: source
+//  Defines the builder configuration blocks.
+
+source "vsphere-iso" "linux-photon" {
+
+  // vCenter Server Endpoint Settings and Credentials
+  vcenter_server      = var.vsphere_endpoint
+  username            = var.vsphere_username
+  password            = var.vsphere_password
+  insecure_connection = var.vsphere_insecure_connection
+
+  // vSphere Settings
+  datacenter                     = var.vsphere_datacenter
+  cluster                        = var.vsphere_cluster
+  host                           = var.vsphere_host
+  datastore                      = var.vsphere_datastore
+  folder                         = var.vsphere_folder
+  resource_pool                  = var.vsphere_resource_pool
+  set_host_for_datastore_uploads = var.vsphere_set_host_for_datastore_uploads
+
+  // Virtual Machine Settings
+  vm_name              = local.vm_name
+  guest_os_type        = var.vm_guest_os_type
+  firmware             = var.vm_firmware
+  CPUs                 = var.vm_cpu_count
+  cpu_cores            = var.vm_cpu_cores
+  CPU_hot_plug         = var.vm_cpu_hot_add
+  RAM                  = var.vm_mem_size
+  RAM_hot_plug         = var.vm_mem_hot_add
+  cdrom_type           = var.vm_cdrom_type
+  disk_controller_type = var.vm_disk_controller_type
+  storage {
+    disk_size             = var.vm_disk_size
+    disk_thin_provisioned = var.vm_disk_thin_provisioned
+  }
+  network_adapters {
+    network      = var.vsphere_network
+    network_card = var.vm_network_card
+  }
+  vm_version           = var.common_vm_version
+  remove_cdrom         = var.common_remove_cdrom
+  tools_upgrade_policy = var.common_tools_upgrade_policy
+  notes                = local.build_description
+
+  // Removable Media Settings
+  iso_url      = var.iso_url
+  iso_paths    = local.iso_paths
+  iso_checksum = local.iso_checksum
+  http_content = var.common_data_source == "http" ? local.data_source_content : null
+  cd_content   = var.common_data_source == "disk" ? local.data_source_content : null
+
+  // Boot and Provisioning Settings
+  http_ip       = var.common_http_ip
+  http_port_min = var.common_http_port_min
+  http_port_max = var.common_http_port_max
+  boot_order    = var.vm_boot_order
+  boot_wait     = var.vm_boot_wait
+  boot_command = [
+    // This sends the "escape" key, waits, and then sends the "c" key. In the GRUB boot loader, this is used to enter command line mode.
+    "<esc><wait>c",
+    // This types a command to load the Linux kernel from the specified path, with the specified boot parameters.
+    // The 'data_source_command' local variable is used to specify the kickstart data source configured in the common variables.
+    "linux /isolinux/vmlinuz root=/dev/ram0 loglevel=3 insecure_installation=1 ${local.data_source_command} photon.media=cdrom",
+    // This sends the "enter" key, which executes the command.
+    "<enter>",
+    // This types a command to load the initial RAM disk from the specified path.
+    "initrd /isolinux/initrd.img",
+    // This sends the "enter" key, which executes the command.
+    "<enter>",
+    // This types the "boot" command, which starts the boot process using the loaded kernel and initial RAM disk.
+    "boot",
+    // This sends the "enter" key, which executes the command.
+    "<enter>"
+  ]
+  ip_wait_timeout   = var.common_ip_wait_timeout
+  ip_settle_timeout = var.common_ip_settle_timeout
+  shutdown_command  = "echo '${var.build_password}' | sudo -S -E shutdown -P now"
+  shutdown_timeout  = var.common_shutdown_timeout
+
+  // Communicator Settings and Credentials
+  communicator       = "ssh"
+  ssh_proxy_host     = var.communicator_proxy_host
+  ssh_proxy_port     = var.communicator_proxy_port
+  ssh_proxy_username = var.communicator_proxy_username
+  ssh_proxy_password = var.communicator_proxy_password
+  ssh_username       = var.build_username
+  ssh_password       = var.build_password
+  ssh_port           = var.communicator_port
+  ssh_timeout        = var.communicator_timeout
+
+  // Template and Content Library Settings
+  convert_to_template = var.common_template_conversion
+  dynamic "content_library_destination" {
+    for_each = var.common_content_library_name != null ? [1] : []
+    content {
+      library     = var.common_content_library_name
+      description = local.build_description
+      ovf         = var.common_content_library_ovf
+      destroy     = var.common_content_library_destroy
+      skip_import = var.common_content_library_skip_export
+    }
+  }
+
+  // OVF Export Settings
+  dynamic "export" {
+    for_each = var.common_ovf_export_enabled == true ? [1] : []
+    content {
+      name  = local.vm_name
+      force = var.common_ovf_export_overwrite
+      options = [
+        "extraconfig"
+      ]
+      output_directory = local.ovf_export_path
+    }
+  }
+}
+
+//  BLOCK: build
+//  Defines the builders to run, provisioners, and post-processors.
+
+build {
+  sources = ["source.vsphere-iso.linux-photon"]
+
+  post-processor "manifest" {
+    output     = local.manifest_output
+    strip_path = true
+    strip_time = true
+    custom_data = {
+      build_username           = var.build_username
+      build_date               = local.build_date
+      build_version            = local.build_version
+      common_data_source       = var.common_data_source
+      common_vm_version        = var.common_vm_version
+      vm_cpu_cores             = var.vm_cpu_cores
+      vm_cpu_count             = var.vm_cpu_count
+      vm_disk_size             = var.vm_disk_size
+      vm_disk_thin_provisioned = var.vm_disk_thin_provisioned
+      vm_firmware              = var.vm_firmware
+      vm_guest_os_type         = var.vm_guest_os_type
+      vm_mem_size              = var.vm_mem_size
+      vm_network_card          = var.vm_network_card
+      vsphere_cluster          = var.vsphere_cluster
+      vsphere_host             = var.vsphere_host
+      vsphere_datacenter       = var.vsphere_datacenter
+      vsphere_datastore        = var.vsphere_datastore
+      vsphere_endpoint         = var.vsphere_endpoint
+      vsphere_folder           = var.vsphere_folder
+    }
+  }
+}