michael/packer-templates
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

first commit

Browse source
This commit is contained in:
Michael Trip 2023-01-16 21:44:18 +01:00
commit 6cb709bc3a
16 changed files with 1142 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

149
rocky9/inst.ks Normal file
View file

@ -0,0 +1,149 @@
#version=RHEL8
ignoredisk --only-use=sda
# Partition clearing information
clearpart --none --initlabel
# Use graphical install
# graphical
# Use CDROM installation media
cdrom
text
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8
# Network information
network --bootproto=dhcp --ipv6=auto --activate
network --hostname=localhost.localdomain
repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream
# Root password
rootpw Packer
# Run the Setup Agent on first boot
firstboot --disabled
# Do not configure the X Window System
skipx
# System services
services --disabled="kdump" --enabled="sshd,rsyslog,chronyd"
# System timezone
timezone Etc/UTC --isUtc
# Disk partitioning information
part / --fstype="xfs" --grow --size=6144
part swap --fstype="swap" --size=512
reboot
%packages
@^minimal-environment
openssh-server
openssh-clients
sudo
kexec-tools
curl
# allow for ansible
python3
python3-libselinux
# unnecessary firmware
-aic94xx-firmware
-atmel-firmware
-b43-openfwwf
-bfa-firmware
-ipw2100-firmware
-ipw2200-firmware
-ivtv-firmware
-iwl100-firmware
-iwl1000-firmware
-iwl3945-firmware
-iwl4965-firmware
-iwl5000-firmware
-iwl5150-firmware
-iwl6000-firmware
-iwl6000g2a-firmware
-iwl6050-firmware
-libertas-usb8388-firmware
-ql2100-firmware
-ql2200-firmware
-ql23xx-firmware
-ql2400-firmware
-ql2500-firmware
-rt61pci-firmware
-rt73usb-firmware
-xorg-x11-drv-ati-firmware
-zd1211-firmware
%end
%addon com_redhat_kdump --enable --reserve-mb='auto'
%end
%post
# this is installed by default but we don't need it in virt
echo "Removing linux-firmware package."
yum -C -y remove linux-firmware
# Remove firewalld; it is required to be present for install/image building.
echo "Removing firewalld."
yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1"
# remove avahi and networkmanager
echo "Removing avahi/zeroconf and NetworkManager"
yum -C -y remove avahi\*
echo -n "Getty fixes"
# although we want console output going to the serial console, we don't
# actually have the opportunity to login there. FIX.
# we don't really need to auto-spawn _any_ gettys.
sed -i '/^#NAutoVTs=.*/ a\
NAutoVTs=0' /etc/systemd/logind.conf
# set virtual-guest as default profile for tuned
echo "virtual-guest" > /etc/tuned/active_profile
# Because memory is scarce resource in most cloud/virt environments,
# and because this impedes forensics, we are differing from the Fedora
# default of having /tmp on tmpfs.
echo "Disabling tmpfs for /tmp."
systemctl mask tmp.mount
cat <<EOL > /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes
# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel
EOL
# make sure firstboot doesn't start
echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot
echo "Fixing SELinux contexts."
touch /var/log/cron
touch /var/log/boot.log
mkdir -p /var/cache/yum
/usr/sbin/fixfiles -R -a restore
# reorder console entries
sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg
#echo "Zeroing out empty space."
# This forces the filesystem to reclaim space from deleted files
# dd bs=1M if=/dev/zero of=/var/tmp/zeros || :
# rm -f /var/tmp/zeros
# echo "(Don't worry -- that out-of-space error was expected.)"
yum update -y
sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers
echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/allow-root-ssh.conf
yum clean all
%end
%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

80
rocky9/packer.json Normal file
View file

@ -0,0 +1,80 @@
{
"variables": {
"proxmox_username": "",
"proxmox_password": "",
"proxmox_url": "",
"proxmox_node": "",
"proxmox_storage_pool": "local-lvm",
"proxmox_storage_pool_type": "lvm-thin",
"proxmox_storage_format": "raw",
"proxmox_iso_pool": "local:iso",
"centos_image": "Rocky-9.0-x86_64-dvd.iso",
"template_name": "RL9-Template",
"template_description": "Rocky Linux 9 Template",
"version": ""
},
"builders": [
{
"type": "proxmox",
"username": "{{user `proxmox_username`}}",
"password": "{{user `proxmox_password`}}",
"proxmox_url": "{{ user `proxmox_url`}}",
"insecure_skip_tls_verify": true,
"node": "{{user `proxmox_node`}}",
"os": "l26",
"boot_command": [
"<tab> text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/inst.ks<enter><wait>"
],
"network_adapters": [
{
"bridge": "vmbr0",
"model": "virtio"
}
],
"disks": [
{
"type": "scsi",
"disk_size": "8G",
"storage_pool": "{{user `proxmox_storage_pool`}}",
"storage_pool_type": "{{user `proxmox_storage_pool_type`}}",
"format": "{{user `proxmox_storage_format`}}"
}
],
"scsi_controller": "virtio-scsi-single",
"iso_file": "{{user `proxmox_iso_pool`}}/{{user `centos_image`}}",
"boot_wait": "10s",
"cores": "2",
"cpu_type": "Nehalem",
"memory": "2048",
"http_directory": "rocky9",
"ssh_username": "root",
"ssh_password": "Packer",
"ssh_port": 22,
"ssh_timeout": "15m",
"unmount_iso": true,
"template_name": "{{user `template_name`}}",
"template_description": "{{user `template_description`}}"
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"yum install -y cloud-init qemu-guest-agent cloud-utils-growpart gdisk",
"systemctl enable qemu-guest-agent",
"shred -u /etc/ssh/*_key /etc/ssh/*_key.pub",
"rm -f /var/run/utmp",
">/var/log/lastlog",
">/var/log/wtmp",
">/var/log/btmp",
"rm -rf /tmp/* /var/tmp/*",
"unset HISTFILE; rm -rf /home/*/.*history /root/.*history",
"rm -f /root/*ks",
"passwd -d root",
"passwd -l root",
"rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf"
],
"only": ["proxmox"]
}
]
}