diff options
| -rw-r--r-- | README.md | 19 | ||||
| -rw-r--r-- | base.json | 5 | ||||
| -rw-r--r-- | centos-7.3-x86_64.json | 6 | ||||
| -rw-r--r-- | http/centos-7.3/anaconda-ks.cfg | 23 |
4 files changed, 38 insertions, 15 deletions
@@ -7,13 +7,19 @@ Packer-based generation of reference systems using distro's ISOs. Packer => 0.12.2 Download: https://www.packer.io/downloads.html -## Usage: Creating base images +## Usage -The file 'base.json' contains default variables (VM, SSH) common to all templates. -Thus it should always be included using packer's '-var-file' option. +The file 'base.json' contains default variables (VM, SSH) common to all templates, +and must always be included using packer's '-var-file' option. +The root password is expected to be in the ROOTPW environment variable. +The installation procedure will fail without it! Basic usage: - packer build -var-file=base.json <template> + ROOTPW=<password> packer build -var-file=base.json <template> + +For the rest of the examples, the root password is expected to be exported. + +## Usage: Creating base images Example: build Ubuntu 16.04.2 LTS template using qemu builder packer build -var-file=base.json -only=qemu ubuntu-16.04-amd64.json @@ -68,11 +74,6 @@ Variables set in base.json can be overriden using packer's '-var' options, e.g.: packer build -var-file=base.json -var='headless=true' <template> (Make sure you first include base.json before overriding a variable!) -Packer connects to the VM per SSH to provision them after the initial ISO installation. -A default password is defined in base.json and the corresponding SHA-512 hashes are set -in the kickstart/preseed files. If you change the 'ssh_password' make sure to change the -hashes in the ks/ps files (generate with 'mkpasswd -m sha-512')! - The partitioning of the virtual disk is done via kickstart/preseed files. Currently, a simple partition scheme is used: separate boot partition, rest a the main system partition labeled as SLX_SYS, using ext4 as filesystem. Other filesystems are also @@ -1,9 +1,8 @@ { "cpus": "2", - "disk_size": "40000", + "disk_size": "4000", "headless": "true", "memory": "1024", "ssh_timeout": "60m", - "ssh_username": "root", - "ssh_password": "s0m3p4ss" + "ssh_username": "root" } diff --git a/centos-7.3-x86_64.json b/centos-7.3-x86_64.json index 28277b8..7248dd0 100644 --- a/centos-7.3-x86_64.json +++ b/centos-7.3-x86_64.json @@ -6,7 +6,8 @@ "vm_name": "packer-centos-x86_64", "http_dir": "http", "kickstart_path": "centos-7.3/anaconda-ks.cfg", - "shutdown_command": "systemctl poweroff" + "shutdown_command": "systemctl poweroff", + "ssh_password": "{{ env `ROOTPW` }}" }, "builders": [{ "type": "qemu", @@ -23,6 +24,7 @@ "boot_command": [ "<esc><wait>", "linux inst.gpt biosdevname=0 net.ifnames=0 ", + "rootpw={{ user `ssh_password` }} ", "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/{{ user `kickstart_path` }}", "<enter>" ], @@ -49,6 +51,7 @@ "boot_command": [ "<esc><wait>", "linux inst.gpt biosdevname=0 net.ifnames=0 ", + "rootpw={{ user `ssh_password` }} ", "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/{{ user `kickstart_path` }}", "<enter>" ], @@ -75,6 +78,7 @@ "boot_command": [ "<esc><wait>", "linux inst.gpt biosdevname=0 net.ifnames=0 ", + "rootpw={{ user `ssh_password` }} ", "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/{{ user `kickstart_path` }}", "<enter>" ], diff --git a/http/centos-7.3/anaconda-ks.cfg b/http/centos-7.3/anaconda-ks.cfg index 8cb0be2..c75033c 100644 --- a/http/centos-7.3/anaconda-ks.cfg +++ b/http/centos-7.3/anaconda-ks.cfg @@ -6,11 +6,10 @@ lang en_US.UTF-8 keyboard --vckeymap=de-nodeadkeys --xlayouts='de (nodeadkeys)' timezone Europe/Berlin --isUtc --nontp auth --enableshadow --passalgo=sha512 -rootpw --iscrypted $6$6yzbOJJy5auuBh9$XUAtAt/ErLkz6.1t8J4UpyZPPUbKjGO1uATaZaxmG02IhJbOwnJMqI6MTJw.SzbBvy8THCmmoia1tVMfXhGVJ1 clearpart --none --initlabel bootloader --location=mbr --boot-drive=sda part biosboot --fstype="biosboot" --ondisk=sda --size=1 -part / --fstype="ext4" --ondisk=sda --grow --label=SLX_SYS +part / --fstype="xfs" --ondisk=sda --grow --label=SLX_SYS %packages @^minimal @@ -18,6 +17,26 @@ part / --fstype="ext4" --ondisk=sda --grow --label=SLX_SYS kexec-tools %end +# small python script to extract the password from the kernel command line +# expects the password given as: rootpw=<password> +%pre --interpreter=/usr/bin/python +import shlex, crypt +arg = 'rootpw=' +with open('/proc/cmdline', 'r') as f: + kcl = f.read().split() +# extract the password +passwords = [x[len(arg):] for x in kcl if x.startswith(arg)] +if len(passwords) == 1: + kclpass = passwords[0] +# TODO sane fallbacks. This should work most of the time though :) +# generate SHA512 hash +hash = crypt.crypt(kclpass, crypt.mksalt(crypt.METHOD_SHA512)) +with open('/tmp/setup-root-pass', 'w') as f: + f.write('rootpw --iscrypted ' + hash) +%end +# include the created password file +%include /tmp/setup-root-pass + %post --erroronfail yum -y update yum -y install wget |