diff --git a/rocky-linux-9-test/files/inst.ks b/rocky-linux-9-test/files/inst.ks new file mode 100644 index 0000000..245c4a2 --- /dev/null +++ b/rocky-linux-9-test/files/inst.ks @@ -0,0 +1,149 @@ +#version=RHEL8 +ignoredisk --only-use=sda +# Partition clearing information +clearpart --none --initlabel +# Use graphical install +# graphical +# Use CDROM installation media +cdrom +text +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' +# System language +lang en_US.UTF-8 + +# Network information +network --bootproto=dhcp --ipv6=auto --activate +network --hostname=localhost.localdomain +repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream +# Root password +rootpw Packer +# Run the Setup Agent on first boot +firstboot --disabled +# Do not configure the X Window System +skipx +# System services +services --disabled="kdump" --enabled="sshd,rsyslog,chronyd" +# System timezone +timezone Etc/UTC --isUtc +# Disk partitioning information +part / --fstype="xfs" --grow --size=6144 +part swap --fstype="swap" --size=512 +reboot + + +%packages +@^minimal-environment +openssh-server +openssh-clients +sudo +kexec-tools +curl +# allow for ansible +python3 +python3-libselinux + +# unnecessary firmware +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%addon com_redhat_kdump --enable --reserve-mb='auto' + +%end + +%post + + +# this is installed by default but we don't need it in virt +echo "Removing linux-firmware package." +yum -C -y remove linux-firmware + +# Remove firewalld; it is required to be present for install/image building. +echo "Removing firewalld." +yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1" + +# remove avahi and networkmanager +echo "Removing avahi/zeroconf and NetworkManager" +yum -C -y remove avahi\* + +echo -n "Getty fixes" +# although we want console output going to the serial console, we don't +# actually have the opportunity to login there. FIX. +# we don't really need to auto-spawn _any_ gettys. +sed -i '/^#NAutoVTs=.*/ a\ +NAutoVTs=0' /etc/systemd/logind.conf + +# set virtual-guest as default profile for tuned +echo "virtual-guest" > /etc/tuned/active_profile + +# Because memory is scarce resource in most cloud/virt environments, +# and because this impedes forensics, we are differing from the Fedora +# default of having /tmp on tmpfs. +echo "Disabling tmpfs for /tmp." +systemctl mask tmp.mount + +cat < /etc/sysconfig/kernel +# UPDATEDEFAULT specifies if new-kernel-pkg should make +# new kernels the default +UPDATEDEFAULT=yes + +# DEFAULTKERNEL specifies the default kernel package type +DEFAULTKERNEL=kernel +EOL + +# make sure firstboot doesn't start +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +echo "Fixing SELinux contexts." +touch /var/log/cron +touch /var/log/boot.log +mkdir -p /var/cache/yum +/usr/sbin/fixfiles -R -a restore + +# reorder console entries +sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg + +#echo "Zeroing out empty space." +# This forces the filesystem to reclaim space from deleted files +# dd bs=1M if=/dev/zero of=/var/tmp/zeros || : +# rm -f /var/tmp/zeros +# echo "(Don't worry -- that out-of-space error was expected.)" + +yum update -y + +sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers +echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/allow-root-ssh.conf + +yum clean all +%end + +%anaconda +pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty +pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok +pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty +%end \ No newline at end of file diff --git a/rocky-linux-9-test/rocky-linux-9-test.pkr.hcl b/rocky-linux-9-test/rocky-linux-9-test.pkr.hcl index 31bbf23..257c819 100644 --- a/rocky-linux-9-test/rocky-linux-9-test.pkr.hcl +++ b/rocky-linux-9-test/rocky-linux-9-test.pkr.hcl @@ -14,4 +14,137 @@ variable "proxmox_api_token_id" { variable "proxmox_api_token_secret" { type = string sensitive = true +} + +source "proxmox" "rocky-linux-9" { + + # Proxmox Connection Settings + proxmox_url = "${var.proxmox_api_url}" + username = "${var.proxmox_api_token_id}" + token = "${var.proxmox_api_token_secret}" + # (Optional) Skip TLS Verification + insecure_skip_tls_verify = true + + # VM General Settings + node = "boba" + vm_id = "4500" + vm_name = "rocky-linux-9" + template_description = "Rocky Linux 9 Server Image" + + # VM OS Settings + # (Option 1) Local ISO File + # iso_file = "local:iso/ubuntu-20.04.2-live-server-amd64.iso" + # - or - + # (Option 2) Download ISO + # iso_url = "https://releases.ubuntu.com/20.04/ubuntu-20.04.3-live-server-amd64.iso" + # iso_checksum = "f8e3086f3cea0fb3fefb29937ab5ed9d19e767079633960ccb50e76153effc98" + iso_file = "data:iso/rocky-9.2-x86_64-dvd.iso" + iso_storage_pool = "data" + unmount_iso = true + + # VM System Settings + qemu_agent = true + + # VM Hard Disk Settings + scsi_controller = "virtio-scsi-pci" + + disks { + disk_size = "40G" + format = "qcow2" + storage_pool = "fast" + storage_pool_type = "storage" + type = "virtio" + } + + # VM CPU Settings + cores = "2" + + # VM Memory Settings + memory = "2048" + + # VM Network Settings + network_adapters { + model = "virtio" + bridge = "vmbr0" + firewall = "false" + } + + # VM Cloud-Init Settings + cloud_init = true + cloud_init_storage_pool = "fast" + + # PACKER Boot Commands + boot_command = [" text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/files/inst.ks"] + boot_wait = "10s" + + # PACKER Autoinstall Settings + http_directory = "http" + # (Optional) Bind IP Address and Port + # http_bind_address = "0.0.0.0" + # http_port_min = 8802 + # http_port_max = 8802 + + ssh_username = "cnorris" + + # (Option 1) Add your Password here + # ssh_password = "your-password" + # - or - + # (Option 2) Add your Private SSH KEY file here + ssh_private_key_file = "~/.ssh/id_rsa" + + # Raise the timeout, when installation takes longer + ssh_timeout = "20m" +} + +# Build Definition to create the VM Template +build { + + name = "rocky-linux-9" + sources = ["source.proxmox.rocky-linux-9"] + + # Provisioning the VM Template for Cloud-Init Integration in Proxmox #1 + provisioner "shell" { + inline = [ + "echo "Updating system...", + "dnf -y update", + "echo "Installing python and ansible...", + "dnf -y install python3", + "dnf -y install python3-pip", + "pip3 install ansible", + "echo "Installing cloud-init...", + "dnf -y install cloud-init", + "echo "manual_cache_clean: True" > /etc/cloud/cloud.cfg.d/99-manual.cfg" + ] + } + + provisioner "shell" { + inline = [ + "dnf install -y cloud-init qemu-guest-agent cloud-utils-growpart gdisk", "systemctl enable qemu-guest-agent", + "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", + "rm -f /var/run/utmp", + ">/var/log/lastlog", + ">/var/log/wtmp", + ">/var/log/btmp", + "rm -rf /tmp/* /var/tmp/*", + "unset HISTFILE; rm -rf /home/*/.*history /root/.*history", + "rm -f /root/*ks", + "passwd -d root", + "passwd -l root", + "rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf" + ] + } + + # Provisioning the VM Template for Cloud-Init Integration in Proxmox #2 + provisioner "file" { + source = "files/99-pve.cfg" + destination = "/tmp/99-pve.cfg" + } + + # Provisioning the VM Template for Cloud-Init Integration in Proxmox #3 + provisioner "shell" { + inline = [ "sudo cp /tmp/99-pve.cfg /etc/cloud/cloud.cfg.d/99-pve.cfg" ] + } + + # Add additional provisioning scripts here + # ... } \ No newline at end of file