From 6cb709bc3a1dc8205a68fb2bdc169f9df1bf5617 Mon Sep 17 00:00:00 2001 From: Michael Trip Date: Mon, 16 Jan 2023 21:44:18 +0100 Subject: [PATCH] first commit --- .gitignore | 2 + README.md | 95 ++++++++++++++++++++++++ centos7/ks.cfg | 97 +++++++++++++++++++++++++ centos7/packer.json | 77 ++++++++++++++++++++ centos8/ks.cfg | 148 +++++++++++++++++++++++++++++++++++++ centos8/packer.json | 77 ++++++++++++++++++++ rocky8/inst.ks | 148 +++++++++++++++++++++++++++++++++++++ rocky8/packer.json | 77 ++++++++++++++++++++ rocky9/inst.ks | 149 ++++++++++++++++++++++++++++++++++++++ rocky9/packer.json | 80 ++++++++++++++++++++ ubuntu2004/http/meta-data | 0 ubuntu2004/http/user-data | 23 ++++++ ubuntu2004/packer.json | 71 ++++++++++++++++++ ubuntu2204/http/meta-data | 0 ubuntu2204/http/user-data | 24 ++++++ ubuntu2204/packer.json | 74 +++++++++++++++++++ 16 files changed, 1142 insertions(+) create mode 100644 .gitignore create mode 100644 README.md create mode 100644 centos7/ks.cfg create mode 100644 centos7/packer.json create mode 100644 centos8/ks.cfg create mode 100644 centos8/packer.json create mode 100644 rocky8/inst.ks create mode 100644 rocky8/packer.json create mode 100644 rocky9/inst.ks create mode 100644 rocky9/packer.json create mode 100644 ubuntu2004/http/meta-data create mode 100644 ubuntu2004/http/user-data create mode 100644 ubuntu2004/packer.json create mode 100644 ubuntu2204/http/meta-data create mode 100644 ubuntu2204/http/user-data create mode 100644 ubuntu2204/packer.json diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9abd7c9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +Makefile +packer_cache \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..75d2dd6 --- /dev/null +++ b/README.md @@ -0,0 +1,95 @@ +# CentOS Packer Builder for Proxmox + +This project provides Packer files to build a basic image of either CentOS 7 or CentOS 8 for use on a Proxmox system. Use it as is or as a starting point for a more fully customized image. + +## Getting started + +To use this you will need: + +* This repo `git clone https://github.com/dustinrue/proxmox-packer.git` +* DVD ISO files for the OS you want to build an image for uploaded to Proxmox - [CentOS Downloads](https://wiki.centos.org/Download) +* A working [Proxmox](https://www.proxmox.com/en/) system +* [Packer](https://packer.io) +* The builder machine must be accessible to Proxmox or you must host the ks.cfg or inst.ks files somewhere publicly accessible and modify the packer.json file. + +**The OS ISO file will need to be uploaded to your Proxmox system.** + +The simplest way to get the ISO file on your Proxmox system is to use the "Download from URL" option on the disk/share that you configured for ISO files. + +## Building an Image + +You will first want to determine if your host running Packer can be accessed by the Proxmox host. This is because Packer will briefly run an http server so that the installer can download the kickstart file. If Proxmox is on the same network as your builder host and there are no other firewall restrictions on your builder host this should work fine. If not, you will need to copy/host the ks.cfg files on a publicly accessible server. + +Next, you will need to know the URL to your Proxmox system, the name of the node to build on as well as a username and password of a user with sufficient privileges to create VMs and templates. If you have customized your install or are using a storage pool other than the default you will need to specify that as well. To build the CentOS 7 image would issue: + +``` +packer build \ + -var proxmox_node=hp-desktop \ + -var proxmox_username="root@pam" \ + -var proxmox_password=password \ + -var proxmox_url=https://192.168.0.1:8006/api2/json \ + centos7/packer.json +``` + +To build CentOS 8 issue: + +``` +packer build \ + -var proxmox_node=hp-desktop \ + -var proxmox_username="root@pam" \ + -var proxmox_password=password \ + -var proxmox_url=https://192.168.0.1:8006/api2/json \ + centos8/packer.json +``` + +To build Ubuntu 20.04 issue: + +``` +packer build \ + -var proxmox_node=hp-desktop \ + -var proxmox_username="root@pam" \ + -var proxmox_password=password \ + -var proxmox_url=https://192.168.0.1:8006/api2/json \ + ubuntu2004/packer.json +``` + +To build Rocky Linux 8 issue: + +``` +packer build \ + -var proxmox_node=hp-desktop \ + -var proxmox_username="root@pam" \ + -var proxmox_password=password \ + -var proxmox_url=https://192.168.0.1:8006/api2/json \ + rocky8/packer.json +``` + +To build Rocky Linux 9 issue: + +``` +packer build \ + -var proxmox_node=hp-desktop \ + -var proxmox_username="root@pam" \ + -var proxmox_password=password \ + -var proxmox_url=https://192.168.0.1:8006/api2/json \ + rocky9/packer.json +``` + +Note that RL9 now requires at least an Intel Nehalem processor or equivalent. You can read more at https://www.phoronix.com/scan.php?page=news_item&px=RHEL-9-x86-64-v2-Plans + +There are a number of other variables you can set. You will notice these closely match the available options for the [Proxmox builder](https://packer.io/docs/builders/proxmox.html). The full list of variables you can customize is: + +* `proxmox_username` - username to log into Proxmox as +* `proxmox_password` - password to log into Proxmox as +* `proxmox_url` - URL of your Proxmox system +* `proxmox_node` - name of the Proxmox node to build on +* `proxmox_storage_pool` - name of the storage pool the image should be built on +* `proxmox_storage_pool_type` - type of storage pool, `lvm-thin` (default), `lvm` , `zfspool` or `directory` +* `proxmox_storage_format` - storage format, `raw` (default), `cow`, `qcow`, `qed`, `qcow2`, `vmdk` or `cloop` +* `centos_image` - The CentOS DVD image. Defaults to the most recent release as of April 3, 2020 +* `template_name` - Name of the template. Defaults to `CentOS7-Template` or `CentOS8-Template` depending on version +* `template_description` - Template description. Defaults to `CentOS 7 Template` or `CentOS 8 Template` depending on image being built. + +## After the image is built + +Once the image is built you will want to adjust any remaining settings in the template including creating a cloud-init drive. A cloud-init drive _must_ be created for you to ssh into any new VMs you create. For details on how to do so visit [https://blog.dustinrue.com/proxmox-cloud-init/](https://blog.dustinrue.com/proxmox-cloud-init/). diff --git a/centos7/ks.cfg b/centos7/ks.cfg new file mode 100644 index 0000000..08b3cb0 --- /dev/null +++ b/centos7/ks.cfg @@ -0,0 +1,97 @@ +# based on work by Jeff Geerling - https://github.com/geerlingguy/packer-boxes/blob/master/centos7/http/ks.cfg +install +cdrom +lang en_US.UTF-8 +keyboard us +network --bootproto=dhcp +rootpw Packer +firewall --disabled +selinux --permissive +timezone UTC +bootloader --location=mbr +text +skipx +zerombr +clearpart --all --initlabel +# systems will often run better with a bit of swap +part / --fstype xfs --grow --size=6144 +part swap --fstype swap --size=512 +auth --enableshadow --passalgo=sha512 --kickstart +firstboot --disabled +eula --agreed +services --enabled=NetworkManager,sshd +reboot + +%packages --ignoremissing --excludedocs +@Core +openssh-clients +openssh-server +sudo +net-tools +curl + +# unnecessary firmware +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%post +yum update -y + +# set virtual-guest as default profile for tuned +echo "virtual-guest" > /etc/tuned/active_profile + +# Because memory is scarce resource in most cloud/virt environments, +# and because this impedes forensics, we are differing from the Fedora +# default of having /tmp on tmpfs. +echo "Disabling tmpfs for /tmp." +systemctl mask tmp.mount + +cat < /etc/sysconfig/kernel +# UPDATEDEFAULT specifies if new-kernel-pkg should make +# new kernels the default +UPDATEDEFAULT=yes + +# DEFAULTKERNEL specifies the default kernel package type +DEFAULTKERNEL=kernel +EOL + +# make sure firstboot doesn't start +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +echo "Fixing SELinux contexts." +touch /var/log/cron +touch /var/log/boot.log +mkdir -p /var/cache/yum +/usr/sbin/fixfiles -R -a restore + +yum -y remove firewalld + +sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers + +yum clean all +%end \ No newline at end of file diff --git a/centos7/packer.json b/centos7/packer.json new file mode 100644 index 0000000..cc53de1 --- /dev/null +++ b/centos7/packer.json @@ -0,0 +1,77 @@ +{ + "variables": { + "proxmox_username": "", + "proxmox_password": "", + "proxmox_url": "", + "proxmox_node": "", + "proxmox_storage_pool": "local-lvm", + "proxmox_storage_pool_type": "lvm-thin", + "proxmox_storage_format": "raw", + "proxmox_iso_pool": "local:iso", + "centos_image": "CentOS-7-x86_64-DVD-1908.iso", + "template_name": "CentOS7-Template", + "template_description": "CentOS 7 Template", + "version": "" + }, + "builders": [ + { + "type": "proxmox", + "username": "{{user `proxmox_username`}}", + "password": "{{user `proxmox_password`}}", + "proxmox_url": "{{ user `proxmox_url`}}", + "insecure_skip_tls_verify": true, + "node": "{{user `proxmox_node`}}", + "os": "l26", + "boot_command": [ + " text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg" + ], + "network_adapters": [ + { + "bridge": "vmbr0", + "model": "virtio" + } + ], + "disks": [ + { + "type": "scsi", + "disk_size": "8G", + "storage_pool": "{{user `proxmox_storage_pool`}}", + "storage_pool_type": "{{user `proxmox_storage_pool_type`}}", + "format": "{{user `proxmox_storage_format`}}" + } + ], + "scsi_controller": "virtio-scsi-single", + "iso_file": "{{user `proxmox_iso_pool`}}/{{user `centos_image`}}", + "boot_wait": "10s", + "cores": "2", + "memory": "2048", + "http_directory": "centos7", + "ssh_username": "root", + "ssh_password": "Packer", + "ssh_port": 22, + "ssh_timeout": "15m", + "unmount_iso": true, + "template_name": "{{user `template_name`}}", + "template_description": "{{user `template_description`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "yum install -y cloud-init qemu-guest-agent cloud-utils-growpart gdisk", + "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", + "rm -f /var/run/utmp", + ">/var/log/lastlog", + ">/var/log/wtmp", + ">/var/log/btmp", + "rm -rf /tmp/* /var/tmp/*", + "unset HISTFILE; rm -rf /home/*/.*history /root/.*history", + "rm -f /root/*ks", + "passwd -d root", + "passwd -l root" + ], + "only": ["proxmox"] + } + ] +} diff --git a/centos8/ks.cfg b/centos8/ks.cfg new file mode 100644 index 0000000..56ad346 --- /dev/null +++ b/centos8/ks.cfg @@ -0,0 +1,148 @@ +#version=RHEL8 +ignoredisk --only-use=sda +# Partition clearing information +clearpart --none --initlabel +# Use graphical install +# graphical +# Use CDROM installation media +cdrom +text +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' +# System language +lang en_US.UTF-8 + +# Network information +network --bootproto=dhcp --ipv6=auto --activate +network --hostname=localhost.localdomain +repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream +# Root password +rootpw Packer +# Run the Setup Agent on first boot +firstboot --disabled +# Do not configure the X Window System +skipx +# System services +services --disabled="kdump" --enabled="sshd,rsyslog,chronyd" +# System timezone +timezone Etc/UTC --isUtc +# Disk partitioning information +part / --fstype="xfs" --grow --size=6144 +part swap --fstype="swap" --size=512 +reboot + + +%packages +@^minimal-environment +openssh-server +openssh-clients +sudo +kexec-tools +curl +# allow for ansible +python3 +python3-libselinux + +# unnecessary firmware +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%addon com_redhat_kdump --enable --reserve-mb='auto' + +%end + +%post + + +# this is installed by default but we don't need it in virt +echo "Removing linux-firmware package." +yum -C -y remove linux-firmware + +# Remove firewalld; it is required to be present for install/image building. +echo "Removing firewalld." +yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1" + +# remove avahi and networkmanager +echo "Removing avahi/zeroconf and NetworkManager" +yum -C -y remove avahi\* + +echo -n "Getty fixes" +# although we want console output going to the serial console, we don't +# actually have the opportunity to login there. FIX. +# we don't really need to auto-spawn _any_ gettys. +sed -i '/^#NAutoVTs=.*/ a\ +NAutoVTs=0' /etc/systemd/logind.conf + +# set virtual-guest as default profile for tuned +echo "virtual-guest" > /etc/tuned/active_profile + +# Because memory is scarce resource in most cloud/virt environments, +# and because this impedes forensics, we are differing from the Fedora +# default of having /tmp on tmpfs. +echo "Disabling tmpfs for /tmp." +systemctl mask tmp.mount + +cat < /etc/sysconfig/kernel +# UPDATEDEFAULT specifies if new-kernel-pkg should make +# new kernels the default +UPDATEDEFAULT=yes + +# DEFAULTKERNEL specifies the default kernel package type +DEFAULTKERNEL=kernel +EOL + +# make sure firstboot doesn't start +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +echo "Fixing SELinux contexts." +touch /var/log/cron +touch /var/log/boot.log +mkdir -p /var/cache/yum +/usr/sbin/fixfiles -R -a restore + +# reorder console entries +sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg + +#echo "Zeroing out empty space." +# This forces the filesystem to reclaim space from deleted files +# dd bs=1M if=/dev/zero of=/var/tmp/zeros || : +# rm -f /var/tmp/zeros +# echo "(Don't worry -- that out-of-space error was expected.)" + +yum update -y + +sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers + +yum clean all +%end + +%anaconda +pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty +pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok +pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty +%end diff --git a/centos8/packer.json b/centos8/packer.json new file mode 100644 index 0000000..5ca1dda --- /dev/null +++ b/centos8/packer.json @@ -0,0 +1,77 @@ +{ + "variables": { + "proxmox_username": "", + "proxmox_password": "", + "proxmox_url": "", + "proxmox_node": "", + "proxmox_storage_pool": "local-lvm", + "proxmox_storage_pool_type": "lvm-thin", + "proxmox_storage_format": "raw", + "proxmox_iso_pool": "local:iso", + "centos_image": "CentOS-8.1.1911-x86_64-dvd1.iso", + "template_name": "CentOS8-Template", + "template_description": "CentOS 8 Template", + "version": "" + }, + "builders": [ + { + "type": "proxmox", + "username": "{{user `proxmox_username`}}", + "password": "{{user `proxmox_password`}}", + "proxmox_url": "{{ user `proxmox_url`}}", + "insecure_skip_tls_verify": true, + "node": "{{user `proxmox_node`}}", + "os": "l26", + "boot_command": [ + " text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/ks.cfg" + ], + "network_adapters": [ + { + "bridge": "vmbr0", + "model": "virtio" + } + ], + "disks": [ + { + "type": "scsi", + "disk_size": "8G", + "storage_pool": "{{user `proxmox_storage_pool`}}", + "storage_pool_type": "{{user `proxmox_storage_pool_type`}}", + "format": "{{user `proxmox_storage_format`}}" + } + ], + "scsi_controller": "virtio-scsi-single", + "iso_file": "{{user `proxmox_iso_pool`}}/{{user `centos_image`}}", + "boot_wait": "10s", + "cores": "2", + "memory": "2048", + "http_directory": "centos8", + "ssh_username": "root", + "ssh_password": "Packer", + "ssh_port": 22, + "ssh_timeout": "15m", + "unmount_iso": true, + "template_name": "{{user `template_name`}}", + "template_description": "{{user `template_description`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "yum install -y cloud-init qemu-guest-agent cloud-utils-growpart gdisk", + "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", + "rm -f /var/run/utmp", + ">/var/log/lastlog", + ">/var/log/wtmp", + ">/var/log/btmp", + "rm -rf /tmp/* /var/tmp/*", + "unset HISTFILE; rm -rf /home/*/.*history /root/.*history", + "rm -f /root/*ks", + "passwd -d root", + "passwd -l root" + ], + "only": ["proxmox"] + } + ] +} diff --git a/rocky8/inst.ks b/rocky8/inst.ks new file mode 100644 index 0000000..56ad346 --- /dev/null +++ b/rocky8/inst.ks @@ -0,0 +1,148 @@ +#version=RHEL8 +ignoredisk --only-use=sda +# Partition clearing information +clearpart --none --initlabel +# Use graphical install +# graphical +# Use CDROM installation media +cdrom +text +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' +# System language +lang en_US.UTF-8 + +# Network information +network --bootproto=dhcp --ipv6=auto --activate +network --hostname=localhost.localdomain +repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream +# Root password +rootpw Packer +# Run the Setup Agent on first boot +firstboot --disabled +# Do not configure the X Window System +skipx +# System services +services --disabled="kdump" --enabled="sshd,rsyslog,chronyd" +# System timezone +timezone Etc/UTC --isUtc +# Disk partitioning information +part / --fstype="xfs" --grow --size=6144 +part swap --fstype="swap" --size=512 +reboot + + +%packages +@^minimal-environment +openssh-server +openssh-clients +sudo +kexec-tools +curl +# allow for ansible +python3 +python3-libselinux + +# unnecessary firmware +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%addon com_redhat_kdump --enable --reserve-mb='auto' + +%end + +%post + + +# this is installed by default but we don't need it in virt +echo "Removing linux-firmware package." +yum -C -y remove linux-firmware + +# Remove firewalld; it is required to be present for install/image building. +echo "Removing firewalld." +yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1" + +# remove avahi and networkmanager +echo "Removing avahi/zeroconf and NetworkManager" +yum -C -y remove avahi\* + +echo -n "Getty fixes" +# although we want console output going to the serial console, we don't +# actually have the opportunity to login there. FIX. +# we don't really need to auto-spawn _any_ gettys. +sed -i '/^#NAutoVTs=.*/ a\ +NAutoVTs=0' /etc/systemd/logind.conf + +# set virtual-guest as default profile for tuned +echo "virtual-guest" > /etc/tuned/active_profile + +# Because memory is scarce resource in most cloud/virt environments, +# and because this impedes forensics, we are differing from the Fedora +# default of having /tmp on tmpfs. +echo "Disabling tmpfs for /tmp." +systemctl mask tmp.mount + +cat < /etc/sysconfig/kernel +# UPDATEDEFAULT specifies if new-kernel-pkg should make +# new kernels the default +UPDATEDEFAULT=yes + +# DEFAULTKERNEL specifies the default kernel package type +DEFAULTKERNEL=kernel +EOL + +# make sure firstboot doesn't start +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +echo "Fixing SELinux contexts." +touch /var/log/cron +touch /var/log/boot.log +mkdir -p /var/cache/yum +/usr/sbin/fixfiles -R -a restore + +# reorder console entries +sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg + +#echo "Zeroing out empty space." +# This forces the filesystem to reclaim space from deleted files +# dd bs=1M if=/dev/zero of=/var/tmp/zeros || : +# rm -f /var/tmp/zeros +# echo "(Don't worry -- that out-of-space error was expected.)" + +yum update -y + +sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers + +yum clean all +%end + +%anaconda +pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty +pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok +pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty +%end diff --git a/rocky8/packer.json b/rocky8/packer.json new file mode 100644 index 0000000..5ba63dc --- /dev/null +++ b/rocky8/packer.json @@ -0,0 +1,77 @@ +{ + "variables": { + "proxmox_username": "", + "proxmox_password": "", + "proxmox_url": "", + "proxmox_node": "", + "proxmox_storage_pool": "local-lvm", + "proxmox_storage_pool_type": "lvm-thin", + "proxmox_storage_format": "raw", + "proxmox_iso_pool": "local:iso", + "centos_image": "Rocky-8.4-x86_64-dvd1.iso", + "template_name": "RL8-Template", + "template_description": "Rocky Linux 8 Template", + "version": "" + }, + "builders": [ + { + "type": "proxmox", + "username": "{{user `proxmox_username`}}", + "password": "{{user `proxmox_password`}}", + "proxmox_url": "{{ user `proxmox_url`}}", + "insecure_skip_tls_verify": true, + "node": "{{user `proxmox_node`}}", + "os": "l26", + "boot_command": [ + " text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/inst.ks" + ], + "network_adapters": [ + { + "bridge": "vmbr0", + "model": "virtio" + } + ], + "disks": [ + { + "type": "scsi", + "disk_size": "8G", + "storage_pool": "{{user `proxmox_storage_pool`}}", + "storage_pool_type": "{{user `proxmox_storage_pool_type`}}", + "format": "{{user `proxmox_storage_format`}}" + } + ], + "scsi_controller": "virtio-scsi-single", + "iso_file": "{{user `proxmox_iso_pool`}}/{{user `centos_image`}}", + "boot_wait": "10s", + "cores": "2", + "memory": "2048", + "http_directory": "rocky8", + "ssh_username": "root", + "ssh_password": "Packer", + "ssh_port": 22, + "ssh_timeout": "30m", + "unmount_iso": true, + "template_name": "{{user `template_name`}}", + "template_description": "{{user `template_description`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "yum install -y cloud-init qemu-guest-agent cloud-utils-growpart gdisk", + "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", + "rm -f /var/run/utmp", + ">/var/log/lastlog", + ">/var/log/wtmp", + ">/var/log/btmp", + "rm -rf /tmp/* /var/tmp/*", + "unset HISTFILE; rm -rf /home/*/.*history /root/.*history", + "rm -f /root/*ks", + "passwd -d root", + "passwd -l root" + ], + "only": ["proxmox"] + } + ] +} diff --git a/rocky9/inst.ks b/rocky9/inst.ks new file mode 100644 index 0000000..b4aa55d --- /dev/null +++ b/rocky9/inst.ks @@ -0,0 +1,149 @@ +#version=RHEL8 +ignoredisk --only-use=sda +# Partition clearing information +clearpart --none --initlabel +# Use graphical install +# graphical +# Use CDROM installation media +cdrom +text +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' +# System language +lang en_US.UTF-8 + +# Network information +network --bootproto=dhcp --ipv6=auto --activate +network --hostname=localhost.localdomain +repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream +# Root password +rootpw Packer +# Run the Setup Agent on first boot +firstboot --disabled +# Do not configure the X Window System +skipx +# System services +services --disabled="kdump" --enabled="sshd,rsyslog,chronyd" +# System timezone +timezone Etc/UTC --isUtc +# Disk partitioning information +part / --fstype="xfs" --grow --size=6144 +part swap --fstype="swap" --size=512 +reboot + + +%packages +@^minimal-environment +openssh-server +openssh-clients +sudo +kexec-tools +curl +# allow for ansible +python3 +python3-libselinux + +# unnecessary firmware +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%addon com_redhat_kdump --enable --reserve-mb='auto' + +%end + +%post + + +# this is installed by default but we don't need it in virt +echo "Removing linux-firmware package." +yum -C -y remove linux-firmware + +# Remove firewalld; it is required to be present for install/image building. +echo "Removing firewalld." +yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1" + +# remove avahi and networkmanager +echo "Removing avahi/zeroconf and NetworkManager" +yum -C -y remove avahi\* + +echo -n "Getty fixes" +# although we want console output going to the serial console, we don't +# actually have the opportunity to login there. FIX. +# we don't really need to auto-spawn _any_ gettys. +sed -i '/^#NAutoVTs=.*/ a\ +NAutoVTs=0' /etc/systemd/logind.conf + +# set virtual-guest as default profile for tuned +echo "virtual-guest" > /etc/tuned/active_profile + +# Because memory is scarce resource in most cloud/virt environments, +# and because this impedes forensics, we are differing from the Fedora +# default of having /tmp on tmpfs. +echo "Disabling tmpfs for /tmp." +systemctl mask tmp.mount + +cat < /etc/sysconfig/kernel +# UPDATEDEFAULT specifies if new-kernel-pkg should make +# new kernels the default +UPDATEDEFAULT=yes + +# DEFAULTKERNEL specifies the default kernel package type +DEFAULTKERNEL=kernel +EOL + +# make sure firstboot doesn't start +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +echo "Fixing SELinux contexts." +touch /var/log/cron +touch /var/log/boot.log +mkdir -p /var/cache/yum +/usr/sbin/fixfiles -R -a restore + +# reorder console entries +sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg + +#echo "Zeroing out empty space." +# This forces the filesystem to reclaim space from deleted files +# dd bs=1M if=/dev/zero of=/var/tmp/zeros || : +# rm -f /var/tmp/zeros +# echo "(Don't worry -- that out-of-space error was expected.)" + +yum update -y + +sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers +echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/allow-root-ssh.conf + +yum clean all +%end + +%anaconda +pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty +pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok +pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty +%end diff --git a/rocky9/packer.json b/rocky9/packer.json new file mode 100644 index 0000000..4c3940d --- /dev/null +++ b/rocky9/packer.json @@ -0,0 +1,80 @@ +{ + "variables": { + "proxmox_username": "", + "proxmox_password": "", + "proxmox_url": "", + "proxmox_node": "", + "proxmox_storage_pool": "local-lvm", + "proxmox_storage_pool_type": "lvm-thin", + "proxmox_storage_format": "raw", + "proxmox_iso_pool": "local:iso", + "centos_image": "Rocky-9.0-x86_64-dvd.iso", + "template_name": "RL9-Template", + "template_description": "Rocky Linux 9 Template", + "version": "" + }, + "builders": [ + { + "type": "proxmox", + "username": "{{user `proxmox_username`}}", + "password": "{{user `proxmox_password`}}", + "proxmox_url": "{{ user `proxmox_url`}}", + "insecure_skip_tls_verify": true, + "node": "{{user `proxmox_node`}}", + "os": "l26", + "boot_command": [ + " text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/inst.ks" + ], + "network_adapters": [ + { + "bridge": "vmbr0", + "model": "virtio" + } + ], + "disks": [ + { + "type": "scsi", + "disk_size": "8G", + "storage_pool": "{{user `proxmox_storage_pool`}}", + "storage_pool_type": "{{user `proxmox_storage_pool_type`}}", + "format": "{{user `proxmox_storage_format`}}" + } + ], + "scsi_controller": "virtio-scsi-single", + "iso_file": "{{user `proxmox_iso_pool`}}/{{user `centos_image`}}", + "boot_wait": "10s", + "cores": "2", + "cpu_type": "Nehalem", + "memory": "2048", + "http_directory": "rocky9", + "ssh_username": "root", + "ssh_password": "Packer", + "ssh_port": 22, + "ssh_timeout": "15m", + "unmount_iso": true, + "template_name": "{{user `template_name`}}", + "template_description": "{{user `template_description`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "yum install -y cloud-init qemu-guest-agent cloud-utils-growpart gdisk", + "systemctl enable qemu-guest-agent", + "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", + "rm -f /var/run/utmp", + ">/var/log/lastlog", + ">/var/log/wtmp", + ">/var/log/btmp", + "rm -rf /tmp/* /var/tmp/*", + "unset HISTFILE; rm -rf /home/*/.*history /root/.*history", + "rm -f /root/*ks", + "passwd -d root", + "passwd -l root", + "rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf" + ], + "only": ["proxmox"] + } + ] +} diff --git a/ubuntu2004/http/meta-data b/ubuntu2004/http/meta-data new file mode 100644 index 0000000..e69de29 diff --git a/ubuntu2004/http/user-data b/ubuntu2004/http/user-data new file mode 100644 index 0000000..9452d29 --- /dev/null +++ b/ubuntu2004/http/user-data @@ -0,0 +1,23 @@ +#cloud-config +autoinstall: + version: 1 + locale: en_US + keyboard: + layout: en + variant: us + storage: + layout: + name: lvm + identity: + hostname: ubuntu + username: ubuntu + password: "$6$exDY1mhS4KUYCE/2$zmn9ToZwTKLhCw.b4/b.ZRTIZM30JZ4QrOQ2aOXJ8yk96xpcCof0kxKwuX1kqLG/ygbJ1f8wxED22bTL4F46P0" + ssh: + install-server: yes + user-data: + disable_root: false + packages: + - qemu-guest-agent + late-commands: + - 'sed -i "s/dhcp4: true/&\n dhcp-identifier: mac/" /target/etc/netplan/00-installer-config.yaml' + - echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/ubuntu diff --git a/ubuntu2004/packer.json b/ubuntu2004/packer.json new file mode 100644 index 0000000..b3374bd --- /dev/null +++ b/ubuntu2004/packer.json @@ -0,0 +1,71 @@ +{ + "variables": { + "proxmox_username": "", + "proxmox_password": "", + "proxmox_url": "", + "proxmox_node": "", + "proxmox_storage_pool": "local-lvm", + "proxmox_storage_pool_type": "lvm-thin", + "proxmox_storage_format": "raw", + "proxmox_iso_pool": "local:iso", + "ubuntu_image": "ubuntu-20.04.5-live-server-amd64.iso", + "template_name": "Ubuntu-20.04-Template", + "template_description": "Ubuntu 20.04 Template", + "version": "" + }, + "builders": [ + { + "type": "proxmox", + "username": "{{user `proxmox_username`}}", + "password": "{{user `proxmox_password`}}", + "proxmox_url": "{{ user `proxmox_url`}}", + "insecure_skip_tls_verify": true, + "node": "{{user `proxmox_node`}}", + "os": "l26", + "boot_command": [ + " ", + "autoinstall ds=nocloud-net;seedfrom=http://{{ .HTTPIP }}:{{ .HTTPPort }}/", + "" + ], + "network_adapters": [ + { + "bridge": "vmbr0", + "model": "virtio" + } + ], + "disks": [ + { + "type": "scsi", + "disk_size": "8G", + "storage_pool": "{{user `proxmox_storage_pool`}}", + "storage_pool_type": "{{user `proxmox_storage_pool_type`}}", + "format": "{{user `proxmox_storage_format`}}" + } + ], + "scsi_controller": "virtio-scsi-single", + "iso_file": "{{user `proxmox_iso_pool`}}/{{user `ubuntu_image`}}", + "boot_wait": "5s", + "cores": "2", + "memory": "2048", + "http_directory": "ubuntu2004/http", + "ssh_username": "ubuntu", + "ssh_password": "ubuntu", + "ssh_port": 22, + "ssh_timeout": "30m", + "unmount_iso": true, + "template_name": "{{user `template_name`}}", + "template_description": "{{user `template_description`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "sudo rm -f /etc/cloud/cloud.cfg.d/99-installer.cfg", + "sudo cloud-init clean", + "sudo passwd -d ubuntu" + ], + "only": ["proxmox"] + } + ] +} diff --git a/ubuntu2204/http/meta-data b/ubuntu2204/http/meta-data new file mode 100644 index 0000000..e69de29 diff --git a/ubuntu2204/http/user-data b/ubuntu2204/http/user-data new file mode 100644 index 0000000..9e243ce --- /dev/null +++ b/ubuntu2204/http/user-data @@ -0,0 +1,24 @@ +#cloud-config +autoinstall: + version: 1 + locale: en_US + keyboard: + layout: en + variant: us + storage: + layout: + name: lvm + identity: + hostname: ubuntu + username: ubuntu + password: "$6$exDY1mhS4KUYCE/2$zmn9ToZwTKLhCw.b4/b.ZRTIZM30JZ4QrOQ2aOXJ8yk96xpcCof0kxKwuX1kqLG/ygbJ1f8wxED22bTL4F46P0" + ssh: + install-server: yes + allow-pw: yes + user-data: + disable_root: false + packages: + - qemu-guest-agent + late-commands: + - 'sed -i "s/dhcp4: true/&\n dhcp-identifier: mac/" /target/etc/netplan/00-installer-config.yaml' + - echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/ubuntu diff --git a/ubuntu2204/packer.json b/ubuntu2204/packer.json new file mode 100644 index 0000000..7a91e8c --- /dev/null +++ b/ubuntu2204/packer.json @@ -0,0 +1,74 @@ +{ + "variables": { + "proxmox_username": "", + "proxmox_password": "", + "proxmox_url": "", + "proxmox_node": "", + "proxmox_storage_pool": "local-lvm", + "proxmox_storage_pool_type": "lvm-thin", + "proxmox_storage_format": "raw", + "proxmox_iso_pool": "local:iso", + "ubuntu_image": "ubuntu-22.04.1-live-server-amd64.iso", + "template_name": "Ubuntu-22.04-Template", + "template_description": "Ubuntu 22.04 Template", + "version": "" + }, + "builders": [ + { + "type": "proxmox", + "username": "{{user `proxmox_username`}}", + "password": "{{user `proxmox_password`}}", + "proxmox_url": "{{ user `proxmox_url`}}", + "insecure_skip_tls_verify": true, + "node": "{{user `proxmox_node`}}", + "os": "l26", + "boot_command": [ + "c", + "linux /casper/vmlinuz -- autoinstall ds='nocloud-net;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/'", + "", + "initrd /casper/initrd", + "", + "boot" + ], + "network_adapters": [ + { + "bridge": "vmbr0" + } + ], + "disks": [ + { + "type": "scsi", + "disk_size": "8G", + "storage_pool": "{{user `proxmox_storage_pool`}}", + "storage_pool_type": "{{user `proxmox_storage_pool_type`}}", + "format": "{{user `proxmox_storage_format`}}" + } + ], + "scsi_controller": "virtio-scsi-single", + "iso_file": "{{user `proxmox_iso_pool`}}/{{user `ubuntu_image`}}", + "boot_wait": "10s", + "cores": "2", + "memory": "2048", + "http_directory": "ubuntu2204/http", + "ssh_username": "ubuntu", + "ssh_password": "ubuntu", + "ssh_port": 22, + "ssh_timeout": "30m", + "unmount_iso": true, + "template_name": "{{user `template_name`}}", + "template_description": "{{user `template_description`}}" + } + ], + "provisioners": [ + { + "type": "shell", + "inline": [ + "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done", + "sudo rm -f /etc/cloud/cloud.cfg.d/99-installer.cfg", + "sudo cloud-init clean", + "sudo passwd -d ubuntu" + ], + "only": ["proxmox"] + } + ] +}