diff options
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | packer/answer_files/meta-data | 0 | ||||
| -rw-r--r-- | packer/answer_files/user-data | 39 | ||||
| -rw-r--r-- | packer/iso/.gitkeep | 0 | ||||
| -rwxr-xr-x | packer/scripts/create-checksums.sh | 64 | ||||
| -rw-r--r-- | packer/scripts/install-prerequisites.sh | 33 | ||||
| -rw-r--r-- | packer/scripts/sysprep.sh | 277 | ||||
| -rw-r--r-- | packer/ubuntu-24.04-server.json | 87 |
8 files changed, 501 insertions, 0 deletions
@@ -4,3 +4,4 @@ inventory.yaml *rsa* *ed25519* *.iso +*.lock diff --git a/packer/answer_files/meta-data b/packer/answer_files/meta-data new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/packer/answer_files/meta-data diff --git a/packer/answer_files/user-data b/packer/answer_files/user-data new file mode 100644 index 0000000..5e02023 --- /dev/null +++ b/packer/answer_files/user-data @@ -0,0 +1,39 @@ +#cloud-config +autoinstall: + version: 1 + early-commands: + - systemctl stop ssh + locale: en_US.UTF-8 + keyboard: + layout: us + variant: "" + storage: + layout: + name: lvm + identity: + hostname: ubuntu + username: ubuntu + password: "$6$R9142dko7PYoTTJP$o19g/Av.dsI/fVEF4SJ8v0XqRcG6YdhQRGYLFrW2X4BG4gO2z3dWyOwio3pRrFXBMHNZHJlZPUp9yvR7elRKs0" + ssh: + allow-pw: true + install-server: true + user-data: + disable_root: false + runcmd: + - 'echo "root:root" | chpasswd' + late-commands: + - rm -rf /target/etc/apt/preferences.d/90curtin.pref + - curtin in-target --target=/target -- lvextend --extents +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv + - curtin in-target --target=/target -- resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv + - echo 'PermitRootLogin yes' >> /target/etc/ssh/sshd_config + - chmod -x /target/etc/update-motd.d/* + - | + cat << EOF > /target/etc/netplan/99-dhcp-any-interface.yaml + network: + ethernets: + any_interface: + match: + name: "e*" + dhcp4: true + version: 2 + EOF diff --git a/packer/iso/.gitkeep b/packer/iso/.gitkeep new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/packer/iso/.gitkeep diff --git a/packer/scripts/create-checksums.sh b/packer/scripts/create-checksums.sh new file mode 100755 index 0000000..2c0259d --- /dev/null +++ b/packer/scripts/create-checksums.sh @@ -0,0 +1,64 @@ +#!/bin/bash +set -e + +PACKER_BUILD_NAME="${PACKER_BUILD_NAME}" +NAME="${NAME}" +TIMESTAMP="${TIMESTAMP}" +OUTPUT="${OUTPUT}" + +if ! command -v md5sum &>/dev/null; then + printf "%s\n" "[WARN] md5sum not found, skipping" + exit 0 +fi + +if ! command -v sha512sum &>/dev/null; then + printf "%s\n" "[WARN] sha512sum not found, skipping" + exit 0 +fi + +if test -z "${PACKER_BUILD_NAME}" || test -z "${NAME}" || test -z "${TIMESTAMP}"; then + printf "%s\n" "[WARN] \$PACKER_BUILD_NAME|\$NAME|\$TIMESTAMP not supplied for checksum creation, skipping" + exit 0 +fi + +if test "${OUTPUT}"; then + OUTPUT_DIR="${OUTPUT}/${PACKER_BUILD_NAME}" +else + OUTPUT_DIR="output/${PACKER_BUILD_NAME}" +fi + +mkdir -p "${OUTPUT_DIR}" &>/dev/null + +if test "${PACKER_BUILD_NAME#*qemu*}" != "${PACKER_BUILD_NAME}"; then + FILENAME="${PACKER_BUILD_NAME}-${NAME}_${TIMESTAMP}.qcow2" + ARTEFACT="${OUTPUT_DIR}/${FILENAME}" + mv "${PACKER_BUILD_NAME}_output_${NAME}/${PACKER_BUILD_NAME}-${NAME}_${TIMESTAMP}" "${ARTEFACT}" + ( + cd "${OUTPUT_DIR}" + md5sum "${FILENAME}" > "${FILENAME}.sums" + sha512sum "${FILENAME}" >> "${FILENAME}.sums" + ) + +elif test "${PACKER_BUILD_NAME#*parallels*}" != "${PACKER_BUILD_NAME}"; then + FILENAME="${PACKER_BUILD_NAME}-${NAME}_${TIMESTAMP}.pvm" + ARTEFACT="${OUTPUT_DIR}/${FILENAME}.zip" + ( + cd "parallels_output_${NAME}/parallels-${NAME}_${TIMESTAMP}.pvm" + find . -type f -not -name "*.Backup" -exec md5sum {} \; > MD5SUMS + find . -type f -not -name "*.Backup" -exec sha512sum {} \; > SHA512SUMS + ) + zip -r "${ARTEFACT}" "${PACKER_BUILD_NAME}_output_${NAME}/${PACKER_BUILD_NAME}-${NAME}_${TIMESTAMP}.pvm" + +else + FILENAME="${PACKER_BUILD_NAME}-${NAME}_${TIMESTAMP}.ova" + ARTEFACT="${OUTPUT_DIR}/${FILENAME}" + mv "${PACKER_BUILD_NAME}_output_${NAME}/${PACKER_BUILD_NAME}-${NAME}_${TIMESTAMP}.ova" "${ARTEFACT}" + ( + cd "${OUTPUT_DIR}" + md5sum "${FILENAME}" > "${FILENAME}.sums" + sha512sum "${FILENAME}" >> "${FILENAME}.sums" + ) +fi +rm -rf "${PACKER_BUILD_NAME}_output_${NAME}" + +printf "%s\n" "[INFO] created md5 and sha512 checksums for ${OUTPUT_DIR}/${FILENAME}" diff --git a/packer/scripts/install-prerequisites.sh b/packer/scripts/install-prerequisites.sh new file mode 100644 index 0000000..43880b9 --- /dev/null +++ b/packer/scripts/install-prerequisites.sh @@ -0,0 +1,33 @@ +#!/bin/bash + +test "${EUID}" -ne 0 && printf "%s\n" "run as root" && exit 1 + +if ! command -v apt-get &>/dev/null; then + printf "%s\n" "[err] distribution not debian-based" + exit 1 +fi + +export DEBIAN_FRONTEND=noninteractive +export NEEDRESTART_SUSPEND=1 +apt-get update +apt-get install -y \ + curl ca-certificates gpg lsb-release \ + lsb-release xorriso qemu-system-x86 + +curl -sSL https://apt.releases.hashicorp.com/gpg | gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg +printf "%s" "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list +apt-get update +apt-get install -y packer + +hash -r + +plugins=$(packer plugins installed) + +if ! printf "%s\n" "${plugins}" | grep -qi qemu; then + packer plugins install github.com/hashicorp/qemu + printf "%s\n" "[inf] installed packer qemu plugin" +else + printf "%s\n" "[inf] packer qemu plugin already installed" +fi + +curl -fsSL https://get.docker.com | bash diff --git a/packer/scripts/sysprep.sh b/packer/scripts/sysprep.sh new file mode 100644 index 0000000..3920ff5 --- /dev/null +++ b/packer/scripts/sysprep.sh @@ -0,0 +1,277 @@ +#!/bin/bash +# taken from https://github.com/DanHam/packer-virt-sysprep +set -o errexit +shopt -s nullglob dotglob + +function _clean_shell_history() { + root_hist="$(find /root -type f -name .bash_history)" + user_hist="$(find /home -type f -name .bash_history | tr -s '\n' ' ')" + rm -rf ${root_hist} ${user_hist} + + set +o errexit + if [[ -f /.dockerenv ]]; then + ln -sf /dev/null "/root/.bash_history" + + while read user home; do + ln -sf /dev/null "${home}/.bash_history" || : + chown --no-dereference "${user}:${user}" "${home}/.bash_history" || : + done <<< $(getent passwd | grep -i home | awk -F ':' '($3>=1000) {print $1" "$6}') + + fi + set -o errexit +} + +function _clean_home_dirs() { + root_files="$(find /root -name .cache -o -name .zshrc -o -name .wget-hsts | tr -s '\n' ' ')" + user_files="$(find /home -name .cache -o -name go -o -name .zshrc -o -name .wget-hsts | tr -s '\n' ' ')" + rm -rf ${root_files} ${user_files} +} + +function _clean_cloud_init() { + rm -rf /var/log/installer + rm -rf /var/lib/cloud/* + rm -rf /var/log/cloud-init.log +} + +function _clean_logs() { + find /var/log -maxdepth 1 -type f -exec bash -c "echo > {}" \; +} + +function _clean_crash_data() { + crash_data_location=( + "/var/crash/*" + "/var/log/dump/*" + ) + for crash_data in ${crash_data_location[@]}; do rm -rf ${crash_data}; done +} + +function _reset_dhcp_state() { + lease_data_locations=( + "/var/lib/dhclient/*" + "/var/lib/dhcp/*" + ) + for lease_file in ${lease_data_locations[@]}; do rm -rf ${lease_file}; done +} + +function _reset_fw_rules() { + if command -v ufw &>/dev/null; then + ufw --force reset &>/dev/null + fi + + if command -v systemctl &>/dev/null; then + if systemctl is-active -q firewalld.service &>/dev/null; then + systemctl stop -q firewalld.service + fi + + if systemctl is-active ufw.service &>/dev/null; then + systemctl stop -q ufw.service + fi + fi + + fw_config_locations=( + "/etc/sysconfig/iptables" + "/etc/firewalld/services/*" + "/etc/firewalld/zones/*" + "/etc/ufw/user.rules.*" + "/etc/ufw/before.rules.*" + "/etc/ufw/after.rules.*" + "/etc/ufw/user6.rules.*" + "/etc/ufw/before6.rules.*" + "/etc/ufw/after6.rules.*" + ) + + for fw_config in ${fw_config_locations[@]}; do rm -rf ${fw_config}; done +} + +function _reset_machine_id() { + sysd_id="/etc/machine-id" + dbus_id="/var/lib/dbus/machine-id" + + if [[ -e ${sysd_id} ]]; then + rm -rf ${sysd_id} && touch ${sysd_id} + fi + + if [[ -e ${dbus_id} && ! -h ${dbus_id} ]]; then + rm -rf ${dbus_id} + fi +} + +function _clean_mail_spool() { + mta_list=( + "exim" + "postfix" + "sendmail" + ) + + mail_spool_locations=( + "/var/spool/mail/*" + "/var/mail/*" + ) + + for mta in ${mta_list[@]}; do + if command -v systemctl &>/dev/null ; then + mta_service="$(systemctl list-units --type service | grep ${mta} | cut -d' ' -f1)" + if [[ "x${mta_service}" != "x" ]]; then + if systemctl is-active ${mta_service} &>/dev/null; then + systemctl stop ${mta_service} + fi + fi + else + mta_service="$(find /etc/init.d/ -iname "*${mta}*")" + if [[ "x${mta_service}" != "x" ]]; then + if ${mta_service} status | grep running &>/dev/null; then + ${mta_service} stop + fi + fi + fi + done + + for mail_spool in ${mail_spool_locations[@]}; do rm -rf ${mail_spool}; done +} + +function _clean_package_manager_cache() { + cache_locations=( + "/var/cache/apt/" + "/var/cache/dnf/" + "/var/cache/yum/" + "/var/cache/zypp*" + ) + + for cache_dir in ${cache_locations[@]}; do + if [[ -d ${cache_dir} ]]; then + find ${cache_dir} -type f | xargs -I FILE rm -rf FILE + fi + done +} + +function _clean_package_manager_db() { + rm -rf /var/lib/rpm/__db.* + apt_lists=/var/lib/apt/lists + if [[ -d "${apt_lists}" ]]; then + find "${apt_lists}" -type f | xargs rm -rf + fi +} + +function _clean_tmp() { + tmp_locations=( + "/tmp" + "/var/tmp" + ) + + mntpnt_orig_tmp="/mnt/orig_tmp" + + shopt -s dotglob + + sum_tmp_space=0 + for tmp in ${tmp_locations[@]} + do + if [[ -d ${tmp} ]]; then + tmp_space="$(du -sm ${tmp} | cut -f1)" + else + tmp_space=0 + fi + sum_tmp_space=$(( ${sum_tmp_space} + ${tmp_space} )) + if [[ ${sum_tmp_space} -gt 128 ]]; then + echo "ERROR: Space for copying tmp into memory > 128mb. Exiting" + exit 1 + fi + done + + if ! mount -l -t tmpfs | grep /dev/shm &>/dev/null; then + [[ -d /dev/shm ]] || mkdir /dev/shm && chmod 1777 /dev/shm + mount -t tmpfs -o defaults,size=128m tmpfs /dev/shm + fi + + + for tmp in ${tmp_locations[@]}; do + tmp_path="${tmp}" + on_tmpfs=false + + while [[ ${tmp_path:0:1} = "/" ]] && [[ ${#tmp_path} > 1 ]] && [[ ${on_tmpfs} = false ]]; do + defifs=${IFS} + IFS=$'\n' + for mountpoint in $(mount -l -t tmpfs | cut -d' ' -f3) + do + if [[ "${mountpoint}" == "${tmp_path}" ]]; then + on_tmpfs=true + continue + fi + done + IFS=${defifs} + tmp_path=${tmp_path%/*} + done + + if [[ "${on_tmpfs}" = false ]]; then + tmp_located_on="" + defifs=${IFS} && IFS=$'\n' + for line in $(df | tr -s ' ') + do + if echo ${line} | cut -d' ' -f6 | grep ^${tmp}$ &>/dev/null; then + tmp_located_on="$(echo ${line} | cut -d' ' -f1)" + fi + done + IFS=${defifs} + [[ "x${tmp_located_on}" = "x" ]] && tmp_located_on="/" + + shmtmp="/dev/shm/${tmp}" + mkdir -p ${shmtmp} + chmod 1777 ${shmtmp} + files=(${tmp}/*) + [[ -e ${files} ]] && cp -pr ${tmp}/* ${shmtmp} + mount --bind ${shmtmp} ${tmp} + + mkdir ${mntpnt_orig_tmp} + if [[ ${tmp_located_on} = "/" ]]; then + mount_opts="--bind" + tmp_path="${mntpnt_orig_tmp}/${tmp}" + else + mount_opts="" + tmp_path="${mntpnt_orig_tmp}" + fi + mount ${mount_opts} ${tmp_located_on} ${mntpnt_orig_tmp} + + files=(${tmp_path}/*) + [[ -e ${files} ]] && rm -rf ${tmp_path}/* + umount ${mntpnt_orig_tmp} && rm -rf ${mntpnt_orig_tmp} + fi + done +} + +function _clean_yum_uuid() { + uuid="/var/lib/yum/uuid" + [[ -e ${uuid} ]] && rm -rf ${uuid} || : +} + +function _clean_logins() { + login_logs=( + "/var/log/lastlog" + "/var/log/wmtp" + "/var/log/btmp" + "/var/run/utmp" + "/var/run/utmp" + ) + for login_log in ${login_logs[@]}; do ln -sfn /dev/null $login_log; done +} + +function _misc() { + find -L /etc/update-motd.d/ -type f -exec chmod -x {} \; + >/etc/issue +} + +_clean_shell_history +_clean_home_dirs +_clean_cloud_init +_clean_logs +_clean_crash_data +_reset_dhcp_state +_reset_fw_rules +_reset_machine_id +_clean_mail_spool +_clean_package_manager_cache +_clean_package_manager_db +_clean_tmp +_clean_yum_uuid +_clean_logins +_misc + +exit 0 diff --git a/packer/ubuntu-24.04-server.json b/packer/ubuntu-24.04-server.json new file mode 100644 index 0000000..397bdba --- /dev/null +++ b/packer/ubuntu-24.04-server.json @@ -0,0 +1,87 @@ +{ + "variables": { + "iso_name": "ubuntu-24.04-live-server-amd64.iso", + "iso_url": "https://old-releases.ubuntu.com/releases/24.04/ubuntu-24.04-live-server-amd64.iso", + "iso_path": "{{pwd}}/iso/{{user `iso_name`}}", + "iso_sha256": "sha256:8762f7e74e4d64d72fceb5f70682e6b069932deedb4949c6975d0f0fe0a91be3", + "timestamp": "{{isotime `2006-01-02`}}", + "headless": "false", + "boot_wait": "5s", + + "name": "ubuntu-24.04-server_vm-builder", + "cpu": "2", + "cores": "2", + "ram": "2048", + "communicator_username": "root", + "communicator_password": "root" + }, + + "builders": [ + { + "type": "qemu", + "format": "qcow2", + "accelerator": "kvm", + "net_device": "virtio-net", + "disk_interface": "virtio", + "headless": "{{user `headless`}}", + "name": "qemu", + "vm_name": "qemu-{{user `name`}}_{{user `timestamp`}}", + "disk_size": "{{user `disk_size`}}", + "disk_cache": "none", + "disk_discard": "unmap", + "disk_compression": true, + "communicator": "ssh", + "ssh_username": "{{user `communicator_username`}}", + "ssh_password": "{{user `communicator_password`}}", + "ssh_pty": true, + "ssh_timeout": "60m", + "ssh_handshake_attempts": "1337", + "shutdown_command": "shutdown -P now", + "boot_wait": "{{user `boot_wait`}}", + "boot_command": [ + "c<wait>", + "set gfxpayload=keep<enter><wait>", + "linux /casper/vmlinuz --- quiet splash autoinstall ds='nocloud-net;seedfrom=http://{{.HTTPIP}}:{{.HTTPPort}}/'<enter><wait>", + "initrd /casper/initrd<enter><wait>", + "boot<enter><wait>" + ], + "iso_urls": [ + "{{user `iso_path`}}", + "{{user `iso_url`}}" + ], + "iso_checksum": "{{user `iso_sha256`}}", + "iso_target_path": "{{user `iso_path`}}", + "http_directory": "answer_files", + "output_directory": "qemu_{{user `name`}}", + "qemuargs": [ + ["-m", "{{user `ram`}}M"], + ["-cpu", "host"], + ["-smp", "cpus={{user `cpu`}}"] + ] + } + ], + + "provisioners": [ + { + "type": "shell", + "script": "scripts/install-prerequisites.sh" + }, + { + "type": "shell", + "script": "scripts/sysprep.sh" + } + ], + + "post-processors": [ + { + "type": "shell-local", + "only_on": ["linux"], + "environment_vars": [ + "NAME={{user `name`}}", + "TIMESTAMP={{user `timestamp`}}", + "OUTPUT={{user `output`}}" + ], + "script": "scripts/create-checksums.sh" + } + ] +} |