diff --git a/.gitignore b/.gitignore index 5d680c0..b8a1855 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,6 @@ docs-rendered/* packer-plugin-mondoo packer-plugin-cnspec .docs -centos-7-x86_64.vsphere.local.json \ No newline at end of file +centos-7-x86_64.vsphere.local.json +examples/*/*/manifests/* +examples/*/*/artifacts/* \ No newline at end of file diff --git a/examples/packer-vsphere/photon4/README.md b/examples/packer-vsphere/photon4/README.md new file mode 100644 index 0000000..a0c1717 --- /dev/null +++ b/examples/packer-vsphere/photon4/README.md @@ -0,0 +1,27 @@ +# Photon OS 4 + +This example builds Photon OS 4 with vSphere. + +Edit the `variables.pkrvars.hcl` file to configure the credentials for the default account on machine images. + +```hcl title="variables.pkrvars.hcl" +build_username = "example" +build_password = "" +build_password_encrypted = "" +build_key = "" +``` + +Run the following command to generate a SHA-512 encrypted password for the `build_password_encrypted` using mkpasswd. + +```shell +docker run -it --rm alpine:latest +mkpasswd -m sha512 +``` + +Then run packer build: + +``` +packer build -force -var-file variables.pkrvars.hcl . +``` + +Kudos: This example is based on [packer-examples-for-vsphere](https://github.com/vmware-samples/packer-examples-for-vsphere/tree/main/builds/linux/photon/5) \ No newline at end of file diff --git a/examples/packer-vsphere/photon4/data/ks.pkrtpl.hcl b/examples/packer-vsphere/photon4/data/ks.pkrtpl.hcl new file mode 100644 index 0000000..6aa5e76 --- /dev/null +++ b/examples/packer-vsphere/photon4/data/ks.pkrtpl.hcl @@ -0,0 +1,40 @@ +{ + "hostname": "photon", + "password": + { + "crypted": true, + "text": "${build_password_encrypted}" + }, + "disk": "/dev/sda", + "partitions": [ + {"mountpoint": "/", "size": 0, "filesystem": "ext4"}, + {"mountpoint": "/boot", "size": 128, "filesystem": "ext4"}, + {"mountpoint": "/root", "size": 128, "filesystem": "ext4"}, + {"size": 128, "filesystem": "swap"} + ], + "bootmode": "efi", + "packages": [ + "minimal", + "linux", + "initramfs", + "sudo", + "vim", + "cloud-utils" + ], + "postinstall": [ + "#!/bin/sh", + "useradd -m -p '${build_password_encrypted}' -s /bin/bash ${build_username}", + "usermod -aG sudo ${build_username}", + "echo \"${build_username} ALL=(ALL) NOPASSWD: ALL\" >> /etc/sudoers.d/${build_username}", + "chage -I -1 -m 0 -M 99999 -E -1 root", + "chage -I -1 -m 0 -M 99999 -E -1 ${build_username}", + "systemctl restart iptables", + "sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config", + "sed -i 's/.*MaxAuthTries.*/MaxAuthTries 10/g' /etc/ssh/sshd_config", + "systemctl restart sshd.service" + ], + "linux_flavor": "linux", + "network": { + "type": "dhcp" + } +} \ No newline at end of file diff --git a/examples/packer-vsphere/photon4/photon.auto.pkrvars.hcl b/examples/packer-vsphere/photon4/photon.auto.pkrvars.hcl new file mode 100644 index 0000000..340bc53 --- /dev/null +++ b/examples/packer-vsphere/photon4/photon.auto.pkrvars.hcl @@ -0,0 +1,45 @@ +# Copyright 2023 Broadcom. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +/* + DESCRIPTION: + VMware Photon OS 5 build variables. + Packer Plugin for VMware vSphere: 'vsphere-iso' builder. +*/ + +// Guest Operating Systtem Metadata +vm_guest_os_family = "linux" +vm_guest_os_name = "photon" +vm_guest_os_version = "5.0" + +// Virtual Machine Guest Operating Systtem Setting +vm_guest_os_type = "vmwarePhoton64Guest" + +// Virtual Machine Hardware Settings +vm_firmware = "efi-secure" +vm_cdrom_type = "sata" +vm_cpu_count = 2 +vm_cpu_cores = 1 +vm_cpu_hot_add = false +vm_mem_size = 2048 +vm_mem_hot_add = false +vm_disk_size = 40960 +vm_disk_controller_type = ["pvscsi"] +vm_disk_thin_provisioned = true +vm_network_card = "vmxnet3" + +// Removable Media Settings +// see https://github.com/vmware/photon/wiki/Downloading-Photon-OS +iso_path = "packer_cache/" +iso_file = "photon-4.0-c001795b8.iso" +iso_url = "https://packages.vmware.com/photon/4.0/Rev2/iso/photon-4.0-c001795b8.iso" +iso_checksum_type = "md5" +iso_checksum_value = "5af288017d0d1198dd6bd02ad40120eb" + +// Boot Settings +vm_boot_order = "disk,cdrom" +vm_boot_wait = "2s" + +// Communicator Settings +communicator_port = 22 +communicator_timeout = "30m" \ No newline at end of file diff --git a/examples/packer-vsphere/photon4/photon.pkr.hcl b/examples/packer-vsphere/photon4/photon.pkr.hcl new file mode 100644 index 0000000..66d7abd --- /dev/null +++ b/examples/packer-vsphere/photon4/photon.pkr.hcl @@ -0,0 +1,212 @@ +# Copyright 2023 Broadcom. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +/* + DESCRIPTION: + VMware Photon OS 5 build definition. + Packer Plugin for VMware vSphere: 'vsphere-iso' builder. +*/ + +// BLOCK: packer +// The Packer configuration. + +packer { + required_version = ">= 1.9.4" + required_plugins { + vsphere = { + source = "github.com/hashicorp/vsphere" + version = ">= 1.2.1" + } + ansible = { + source = "github.com/hashicorp/ansible" + version = ">= 1.1.0" + } + git = { + source = "github.com/ethanmdavidson/git" + version = ">= 0.4.3" + } + } +} + +// BLOCK: data +// Defines the data sources. + +data "git-repository" "cwd" {} + +// BLOCK: locals +// Defines the local variables. + +locals { + build_by = "Built by: HashiCorp Packer ${packer.version}" + build_date = formatdate("YYYY-MM-DD hh:mm ZZZ", timestamp()) + build_version = data.git-repository.cwd.head + build_description = "Version: ${local.build_version}\nBuilt on: ${local.build_date}\n${local.build_by}" + iso_paths = ["[${var.common_iso_datastore}] ${var.iso_path}/${var.iso_file}"] + iso_checksum = "${var.iso_checksum_type}:${var.iso_checksum_value}" + manifest_date = formatdate("YYYY-MM-DD'T'hhmmss'Z'", timestamp()) + manifest_path = "${path.cwd}/manifests/" + manifest_output = "${local.manifest_path}${local.manifest_date}.json" + ovf_export_path = "${path.cwd}/artifacts/${local.vm_name}" + data_source_content = { + "/ks.json" = templatefile("${abspath(path.root)}/data/ks.pkrtpl.hcl", { + build_username = var.build_username + build_password = var.build_password + build_password_encrypted = var.build_password_encrypted + }) + } + data_source_command = var.common_data_source == "http" ? "ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.json" : "ks=/dev/sr2:/ks.json" + vm_name = "${var.vm_name}" + bucket_name = replace("${var.vm_guest_os_family}-${var.vm_guest_os_name}-${var.vm_guest_os_version}", ".", "") + bucket_description = "${var.vm_guest_os_family} ${var.vm_guest_os_name} ${var.vm_guest_os_version}" +} + +// BLOCK: source +// Defines the builder configuration blocks. + +source "vsphere-iso" "linux-photon" { + + // vCenter Server Endpoint Settings and Credentials + vcenter_server = var.vsphere_endpoint + username = var.vsphere_username + password = var.vsphere_password + insecure_connection = var.vsphere_insecure_connection + + // vSphere Settings + datacenter = var.vsphere_datacenter + cluster = var.vsphere_cluster + host = var.vsphere_host + datastore = var.vsphere_datastore + folder = var.vsphere_folder + resource_pool = var.vsphere_resource_pool + set_host_for_datastore_uploads = var.vsphere_set_host_for_datastore_uploads + + // Virtual Machine Settings + vm_name = local.vm_name + guest_os_type = var.vm_guest_os_type + firmware = var.vm_firmware + CPUs = var.vm_cpu_count + cpu_cores = var.vm_cpu_cores + CPU_hot_plug = var.vm_cpu_hot_add + RAM = var.vm_mem_size + RAM_hot_plug = var.vm_mem_hot_add + cdrom_type = var.vm_cdrom_type + disk_controller_type = var.vm_disk_controller_type + storage { + disk_size = var.vm_disk_size + disk_thin_provisioned = var.vm_disk_thin_provisioned + } + network_adapters { + network = var.vsphere_network + network_card = var.vm_network_card + } + vm_version = var.common_vm_version + remove_cdrom = var.common_remove_cdrom + tools_upgrade_policy = var.common_tools_upgrade_policy + notes = local.build_description + + // Removable Media Settings + iso_url = var.iso_url + iso_paths = local.iso_paths + iso_checksum = local.iso_checksum + http_content = var.common_data_source == "http" ? local.data_source_content : null + cd_content = var.common_data_source == "disk" ? local.data_source_content : null + + // Boot and Provisioning Settings + http_ip = var.common_http_ip + http_port_min = var.common_http_port_min + http_port_max = var.common_http_port_max + boot_order = var.vm_boot_order + boot_wait = var.vm_boot_wait + boot_command = [ + // This sends the "escape" key, waits, and then sends the "c" key. In the GRUB boot loader, this is used to enter command line mode. + "c", + // This types a command to load the Linux kernel from the specified path, with the specified boot parameters. + // The 'data_source_command' local variable is used to specify the kickstart data source configured in the common variables. + "linux /isolinux/vmlinuz root=/dev/ram0 loglevel=3 insecure_installation=1 ${local.data_source_command} photon.media=cdrom", + // This sends the "enter" key, which executes the command. + "", + // This types a command to load the initial RAM disk from the specified path. + "initrd /isolinux/initrd.img", + // This sends the "enter" key, which executes the command. + "", + // This types the "boot" command, which starts the boot process using the loaded kernel and initial RAM disk. + "boot", + // This sends the "enter" key, which executes the command. + "" + ] + ip_wait_timeout = var.common_ip_wait_timeout + ip_settle_timeout = var.common_ip_settle_timeout + shutdown_command = "echo '${var.build_password}' | sudo -S -E shutdown -P now" + shutdown_timeout = var.common_shutdown_timeout + + // Communicator Settings and Credentials + communicator = "ssh" + ssh_proxy_host = var.communicator_proxy_host + ssh_proxy_port = var.communicator_proxy_port + ssh_proxy_username = var.communicator_proxy_username + ssh_proxy_password = var.communicator_proxy_password + ssh_username = var.build_username + ssh_password = var.build_password + ssh_port = var.communicator_port + ssh_timeout = var.communicator_timeout + + // Template and Content Library Settings + convert_to_template = var.common_template_conversion + dynamic "content_library_destination" { + for_each = var.common_content_library_name != null ? [1] : [] + content { + library = var.common_content_library_name + description = local.build_description + ovf = var.common_content_library_ovf + destroy = var.common_content_library_destroy + skip_import = var.common_content_library_skip_export + } + } + + // OVF Export Settings + dynamic "export" { + for_each = var.common_ovf_export_enabled == true ? [1] : [] + content { + name = local.vm_name + force = var.common_ovf_export_overwrite + options = [ + "extraconfig" + ] + output_directory = local.ovf_export_path + } + } +} + +// BLOCK: build +// Defines the builders to run, provisioners, and post-processors. + +build { + sources = ["source.vsphere-iso.linux-photon"] + + post-processor "manifest" { + output = local.manifest_output + strip_path = true + strip_time = true + custom_data = { + build_username = var.build_username + build_date = local.build_date + build_version = local.build_version + common_data_source = var.common_data_source + common_vm_version = var.common_vm_version + vm_cpu_cores = var.vm_cpu_cores + vm_cpu_count = var.vm_cpu_count + vm_disk_size = var.vm_disk_size + vm_disk_thin_provisioned = var.vm_disk_thin_provisioned + vm_firmware = var.vm_firmware + vm_guest_os_type = var.vm_guest_os_type + vm_mem_size = var.vm_mem_size + vm_network_card = var.vm_network_card + vsphere_cluster = var.vsphere_cluster + vsphere_host = var.vsphere_host + vsphere_datacenter = var.vsphere_datacenter + vsphere_datastore = var.vsphere_datastore + vsphere_endpoint = var.vsphere_endpoint + vsphere_folder = var.vsphere_folder + } + } +} \ No newline at end of file diff --git a/examples/packer-vsphere/photon4/variables.pkr.hcl b/examples/packer-vsphere/photon4/variables.pkr.hcl new file mode 100644 index 0000000..ed9bc6a --- /dev/null +++ b/examples/packer-vsphere/photon4/variables.pkr.hcl @@ -0,0 +1,377 @@ +# Copyright 2023 Broadcom. All rights reserved. +# SPDX-License-Identifier: BSD-2 + +/* + DESCRIPTION: + VMware Photon OS 5 input variables. + Packer Plugin for VMware vSphere: 'vsphere-iso' builder. +*/ + +// BLOCK: variable +// Defines the input variables. + +// vSphere Credentials + +variable "vsphere_endpoint" { + type = string + description = "The fully qualified domain name or IP address of the vCenter Server instance." +} + +variable "vsphere_username" { + type = string + description = "The username to login to the vCenter Server instance." + sensitive = true +} + +variable "vsphere_password" { + type = string + description = "The password for the login to the vCenter Server instance." + sensitive = true +} + +variable "vsphere_insecure_connection" { + type = bool + description = "Do not validate vCenter Server TLS certificate." +} + +// vSphere Settings + +variable "vsphere_datacenter" { + type = string + description = "The name of the target vSphere datacenter." + default = "" +} + +variable "vsphere_cluster" { + type = string + description = "The name of the target vSphere cluster." + default = "" +} + +variable "vsphere_host" { + type = string + description = "The name of the target ESXi host." + default = "" +} + +variable "vsphere_datastore" { + type = string + description = "The name of the target vSphere datastore." +} + +variable "vsphere_network" { + type = string + description = "The name of the target vSphere network segment." +} + +variable "vsphere_folder" { + type = string + description = "The name of the target vSphere folder." + default = "" +} + +variable "vsphere_resource_pool" { + type = string + description = "The name of the target vSphere resource pool." + default = "" +} + +variable "vsphere_set_host_for_datastore_uploads" { + type = bool + description = "Set this to true if packer should use the host for uploading files to the datastore." + default = false +} + +// Virtual Machine Settings + +variable "vm_guest_os_family" { + type = string + description = "The guest operating system family. Used for naming and VMware Tools." +} + +variable "vm_guest_os_name" { + type = string + description = "The guest operating system name. Used for naming." +} + +variable "vm_guest_os_version" { + type = string + description = "The guest operating system version. Used for naming." +} + +variable "vm_guest_os_type" { + type = string + description = "The guest operating system type, also know as guestid." +} + +variable "vm_firmware" { + type = string + description = "The virtual machine firmware." + default = "efi" +} + +variable "vm_cdrom_type" { + type = string + description = "The virtual machine CD-ROM type." + default = "sata" +} + +variable "vm_cpu_count" { + type = number + description = "The number of virtual CPUs." +} + +variable "vm_cpu_cores" { + type = number + description = "The number of virtual CPUs cores per socket." +} + +variable "vm_cpu_hot_add" { + type = bool + description = "Enable hot add CPU." + default = false +} + +variable "vm_mem_size" { + type = number + description = "The size for the virtual memory in MB." +} + +variable "vm_mem_hot_add" { + type = bool + description = "Enable hot add memory." + default = false +} + +variable "vm_disk_size" { + type = number + description = "The size for the virtual disk in MB." +} + +variable "vm_disk_controller_type" { + type = list(string) + description = "The virtual disk controller types in sequence." + default = ["pvscsi"] +} + +variable "vm_disk_thin_provisioned" { + type = bool + description = "Thin provision the virtual disk." + default = true +} + +variable "vm_network_card" { + type = string + description = "The virtual network card type." + default = "vmxnet3" +} + +variable "common_vm_version" { + type = number + description = "The vSphere virtual hardware version." +} + +variable "common_tools_upgrade_policy" { + type = bool + description = "Upgrade VMware Tools on reboot." + default = true +} + +variable "common_remove_cdrom" { + type = bool + description = "Remove the virtual CD-ROM(s)." + default = true +} + +// Template and Content Library Settings + +variable "common_template_conversion" { + type = bool + description = "Convert the virtual machine to template. Must be 'false' for content library." + default = false +} + +variable "common_content_library_name" { + type = string + description = "The name of the target vSphere content library, if used." + default = null +} + +variable "common_content_library_ovf" { + type = bool + description = "Export to content library as an OVF template." + default = true +} + +variable "common_content_library_destroy" { + type = bool + description = "Delete the virtual machine after exporting to the content library." + default = true +} + +variable "common_content_library_skip_export" { + type = bool + description = "Skip exporting the virtual machine to the content library. Option allows for testing/debugging without saving the machine image." + default = false +} + +// OVF Export Settings + +variable "common_ovf_export_enabled" { + type = bool + description = "Enable OVF artifact export." + default = false +} + +variable "common_ovf_export_overwrite" { + type = bool + description = "Overwrite existing OVF artifact." + default = true +} + +// Removable Media Settings + +variable "common_iso_datastore" { + type = string + description = "The name of the source vSphere datastore for the guest operating system ISO." +} + +variable "iso_url" { + type = string + description = "The URL source of the ISO image. (e.g. 'https://artifactory.rainpole.io/.../os.iso')" +} + +variable "iso_path" { + type = string + description = "The path on the source vSphere datastore for ISO image. (e.g. 'iso/linux/rocky')" +} + +variable "iso_file" { + type = string + description = "The file name of the ISO image used by the vendor. (e.g. 'Rocky--x86_64-dvd1.iso')" +} + +variable "iso_checksum_type" { + type = string + description = "The checksum algorithm used by the vendor. (e.g. 'sha256')" +} + +variable "iso_checksum_value" { + type = string + description = "The checksum value provided by the vendor." +} + +// Boot Settings + +variable "common_data_source" { + type = string + description = "The provisioning data source. One of `http` or `disk`." +} + +variable "common_http_ip" { + type = string + description = "Define an IP address on the host to use for the HTTP server." + default = null +} + +variable "common_http_port_min" { + type = number + description = "The start of the HTTP port range." +} + +variable "common_http_port_max" { + type = number + description = "The end of the HTTP port range." +} + +variable "vm_boot_order" { + type = string + description = "The boot order for virtual machines devices." + default = "disk,cdrom" +} + +variable "vm_boot_wait" { + type = string + description = "The time to wait before boot." +} + +variable "common_ip_wait_timeout" { + type = string + description = "Time to wait for guest operating system IP address response." +} + +variable "common_ip_settle_timeout" { + type = string + description = "Time to wait for guest operating system IP to settle down." + default = "5s" +} + +variable "common_shutdown_timeout" { + type = string + description = "Time to wait for guest operating system shutdown." +} + +// Communicator Settings and Credentials + +variable "build_username" { + type = string + description = "The username to login to the guest operating system." + sensitive = true +} + +variable "build_password" { + type = string + description = "The password to login to the guest operating system." + sensitive = true +} + +variable "build_password_encrypted" { + type = string + description = "The SHA-512 encrypted password to login to the guest operating system." + sensitive = true +} + +variable "build_key" { + type = string + description = "The public key to login to the guest operating system." + sensitive = true +} + +variable "communicator_proxy_host" { + type = string + description = "The proxy server to use for SSH connection. (Optional)" + default = null +} + +variable "communicator_proxy_port" { + type = number + description = "The port to connect to the proxy server. (Optional)" + default = null +} + +variable "communicator_proxy_username" { + type = string + description = "The username to authenticate with the proxy server. (Optional)" + default = null +} + +variable "communicator_proxy_password" { + type = string + description = "The password to authenticate with the proxy server. (Optional)" + sensitive = true + default = null +} + +variable "communicator_port" { + type = string + description = "The port for the communicator protocol." +} + +variable "communicator_timeout" { + type = string + description = "The timeout for the communicator protocol." +} + +variable "vm_name" { + type = string +} diff --git a/examples/packer-vsphere/photon4/variables.pkrvars.hcl b/examples/packer-vsphere/photon4/variables.pkrvars.hcl new file mode 100644 index 0000000..0123a18 --- /dev/null +++ b/examples/packer-vsphere/photon4/variables.pkrvars.hcl @@ -0,0 +1,45 @@ +# Copyright (c) Mondoo, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +// vSphere Settings +vsphere_endpoint = "sfo-w01-vc01.sfo.rainpole.io" +vsphere_username = "svc-packer-vsphere@rainpole.io" +vsphere_password = "" +vsphere_insecure_connection = true +vsphere_datacenter = "sfo-w01-dc01" +vsphere_cluster = "sfo-w01-cl01" +vsphere_datastore = "sfo-w01-cl01-ds-vsan01" +vsphere_network = "sfo-w01-seg-dhcp" +// Removable Media Settings +common_iso_datastore = "sfo-w01-cl01-ds-vsan01" + +// Build Variables +build_username = "rainpole" +build_password = "" +build_password_encrypted = "" +build_key = "" +// VM Settings +vm_name = "mondoo-photon-05" + +// Virtual Machine Settings +common_vm_version = 19 +common_tools_upgrade_policy = true +common_remove_cdrom = true + +// Template and Content Library Settings +common_template_conversion = false +common_content_library_name = null +common_content_library_ovf = true +common_content_library_destroy = true + +// OVF Export Settings +common_ovf_export_enabled = false +common_ovf_export_overwrite = true + +// Boot and Provisioning Settings +common_data_source = "disk" // makes sure the disk is used as the data source +common_http_ip = null +common_http_port_min = 8000 +common_http_port_max = 8099 +common_ip_wait_timeout = "20m" +common_shutdown_timeout = "15m" \ No newline at end of file diff --git a/examples/packer-vsphere/rocky8/README.md b/examples/packer-vsphere/rocky8/README.md index fa83bf0..2c2b0e9 100644 --- a/examples/packer-vsphere/rocky8/README.md +++ b/examples/packer-vsphere/rocky8/README.md @@ -4,7 +4,7 @@ This example builds Rocky Linux 8 with vSphere. Edit the `variables.pkrvars.hcl` file to configure the credentials for the default account on machine images. -```hcl title="config/build.pkrvars.hcl" +```hcl title="variables.pkrvars.hcl" build_username = "example" build_password = "" build_password_encrypted = "" diff --git a/examples/packer-vsphere/rocky8/variables.pkrvars.hcl b/examples/packer-vsphere/rocky8/variables.pkrvars.hcl index 6e4e9d9..2f1b6bd 100644 --- a/examples/packer-vsphere/rocky8/variables.pkrvars.hcl +++ b/examples/packer-vsphere/rocky8/variables.pkrvars.hcl @@ -11,6 +11,12 @@ vsphere_cluster = "sfo-w01-cl01" vsphere_datastore = "sfo-w01-cl01-ds-vsan01" vsphere_network = "sfo-w01-seg-dhcp" +// Build Variables +build_username = "rainpole" +build_password = "" +build_password_encrypted = "" +build_key = "" + // Virtual Machine Settings common_vm_version = 19 common_tools_upgrade_policy = true @@ -22,12 +28,6 @@ common_content_library_name = null common_content_library_ovf = true common_content_library_destroy = true -// Build Variables -build_username = "rainpole" -build_password = "" -build_password_encrypted = "" -build_key = "" - // OVF Export Settings common_ovf_export_enabled = false common_ovf_export_overwrite = true