diff --git a/rocky-linux-9-test/files/99-pve.cfg b/rocky-linux-8/files/99-pve.cfg similarity index 100% rename from rocky-linux-9-test/files/99-pve.cfg rename to rocky-linux-8/files/99-pve.cfg diff --git a/rocky-linux-9-test/files/inst.ks b/rocky-linux-8/http/kickstart.cfg similarity index 90% rename from rocky-linux-9-test/files/inst.ks rename to rocky-linux-8/http/kickstart.cfg index 245c4a2..7941f5e 100644 --- a/rocky-linux-9-test/files/inst.ks +++ b/rocky-linux-8/http/kickstart.cfg @@ -1,14 +1,19 @@ #version=RHEL8 -ignoredisk --only-use=sda +ignoredisk --only-use=vda +autopart + # Partition clearing information clearpart --none --initlabel + # Use graphical install # graphical + # Use CDROM installation media cdrom text # Keyboard layouts keyboard --vckeymap=us --xlayouts='us' + # System language lang en_US.UTF-8 @@ -16,21 +21,24 @@ lang en_US.UTF-8 network --bootproto=dhcp --ipv6=auto --activate network --hostname=localhost.localdomain repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream + # Root password -rootpw Packer +rootpw --iscrypted $6$lVFG3WA8AqEXLM7v$L2Ah5x1gy9Z1BosC5I/Jn8R0YDqnXacZ4o9TC.8NUgDjglJHzV6Hcf7SKhB6WI/qmZ6ji0Ne3VCUvA/ciyfTD0 +user --groups=wheel --name=cnorris --password=$6$KEyeHOUYzZf9pJHJ$7Fx6s/jYpj9mnVAiTHYVp2cmqLx8x8zrEZHk/vCLiJvyQ1JzXPMVbh5BaY6tNCfNsGckIN3s..KwIYtLBm1Ox0 --iscrypted --gecos="Chuck Norris" + # Run the Setup Agent on first boot firstboot --disabled + # Do not configure the X Window System skipx + # System services services --disabled="kdump" --enabled="sshd,rsyslog,chronyd" + # System timezone timezone Etc/UTC --isUtc -# Disk partitioning information -part / --fstype="xfs" --grow --size=6144 -part swap --fstype="swap" --size=512 -reboot +reboot %packages @^minimal-environment @@ -51,15 +59,7 @@ python3-libselinux -ipw2100-firmware -ipw2200-firmware -ivtv-firmware --iwl100-firmware --iwl1000-firmware --iwl3945-firmware --iwl4965-firmware --iwl5000-firmware --iwl5150-firmware --iwl6000-firmware --iwl6000g2a-firmware --iwl6050-firmware +-iwl*firmware -libertas-usb8388-firmware -ql2100-firmware -ql2200-firmware diff --git a/rocky-linux-8/http/meta-data b/rocky-linux-8/http/meta-data new file mode 100644 index 0000000..e69de29 diff --git a/rocky-linux-8/rocky-linux-8.pkr.hcl b/rocky-linux-8/rocky-linux-8.pkr.hcl new file mode 100644 index 0000000..5b197f5 --- /dev/null +++ b/rocky-linux-8/rocky-linux-8.pkr.hcl @@ -0,0 +1,166 @@ +# Rocky Linux 9 Server +# --- +# Packer Template to create an Rocky Linux 9 Server on Proxmox +packer { + required_plugins { + proxmox = { + version = ">= 1.1.3" + source = "github.com/hashicorp/proxmox" + } + } +} + +# Variable Definitions +variable "proxmox_api_url" { + type = string +} + +variable "proxmox_api_token_id" { + type = string +} + +variable "proxmox_api_token_secret" { + type = string + sensitive = true +} + +variable "proxmox_ssh_username" { + type = string + sensitive = true +} + +variable "proxmox_ssh_password" { + type = string + sensitive = true +} + + +source "proxmox-iso" "rocky-linux-8" { + + # Proxmox Connection Settings + proxmox_url = "${var.proxmox_api_url}" + username = "${var.proxmox_api_token_id}" + token = "${var.proxmox_api_token_secret}" + # (Optional) Skip TLS Verification + insecure_skip_tls_verify = true + + # VM General Settings + node = "boba" + vm_id = "4800" + vm_name = "rocky-linux-8" + template_description = "Rocky Linux 8 Server Image" + machine = "q35" + bios = "ovmf" + os = "l26" + + efi_config { + efi_storage_pool = "fast" + } + + # VM OS Settings + # (Option 1) Local ISO File + # iso_file = "local:iso/ubuntu-20.04.2-live-server-amd64.iso" + # - or - + # (Option 2) Download ISO + # iso_url = "https://releases.ubuntu.com/20.04/ubuntu-20.04.3-live-server-amd64.iso" + # iso_checksum = "f8e3086f3cea0fb3fefb29937ab5ed9d19e767079633960ccb50e76153effc98" + iso_file = "data:iso/rocky-8.8-x86_64-dvd1.iso" + iso_storage_pool = "data" + unmount_iso = true + + # VM System Settings + qemu_agent = true + + # VM Hard Disk Settings + scsi_controller = "virtio-scsi-pci" + + disks { + disk_size = "40G" + format = "raw" + storage_pool = "fast" + type = "virtio" + } + + # VM CPU Settings + cores = "2" + cpu_type = "host" + + # VM Memory Settings + memory = "2048" + + # VM Network Settings + network_adapters { + model = "virtio" + bridge = "vmbr0" + firewall = "false" + } + + # VM Cloud-Init Settings + cloud_init = true + cloud_init_storage_pool = "fast" + + # PACKER Boot Commands + boot_command = ["einst.text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/kickstart.cfgx"] + boot_wait = "5s" + + # PACKER Autoinstall Settings + http_directory = "http" + # (Optional) Bind IP Address and Port + http_bind_address = "0.0.0.0" + http_port_min = 8802 + http_port_max = 8802 + + ssh_username = "${var.proxmox_ssh_username}" + + # (Option 1) Add your Password here + ssh_password = "${var.proxmox_ssh_password}" + # - or - + # (Option 2) Add your Private SSH KEY file here + # ssh_private_key_file = "~/.ssh/id_rsa" + + # Raise the timeout, when installation takes longer + ssh_timeout = "20m" +} + +# Build Definition to create the VM Template +build { + + name = "rocky-linux-8" + sources = ["source.proxmox-iso.rocky-linux-8"] + + # Provisioning the VM Template for Cloud-Init Integration in Proxmox #1 + provisioner "shell" { + inline = [ + "echo 'Updating system...'", + "dnf -y update", + "dnf install -y cloud-init qemu-guest-agent cloud-utils-growpart gdisk", + "systemctl enable qemu-guest-agent", + "echo 'manual_cache_clean: True' > /etc/cloud/cloud.cfg.d/99-manual.cfg", + "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", + "rm -f /var/run/utmp", + ">/var/log/lastlog", + ">/var/log/wtmp", + ">/var/log/btmp", + "rm -rf /tmp/* /var/tmp/*", + "unset HISTFILE; rm -rf /home/*/.*history /root/.*history", + "rm -f /root/*ks", + "passwd -d root", + "passwd -l root", + "rm -f /etc/ssh/ssh_config.d/allow-root-ssh.conf" + ] + } + + # Provisioning the VM Template for Cloud-Init Integration in Proxmox #2 + provisioner "file" { + source = "files/99-pve.cfg" + destination = "/tmp/99-pve.cfg" + } + + # Provisioning the VM Template for Cloud-Init Integration in Proxmox #3 + provisioner "shell" { + inline = [ "sudo cp /tmp/99-pve.cfg /etc/cloud/cloud.cfg.d/99-pve.cfg" ] + } + + # Add additional provisioning scripts here + # ... +} \ No newline at end of file diff --git a/rocky-linux-9/files/99-pve.cfg b/rocky-linux-9/files/99-pve.cfg new file mode 100644 index 0000000..a78672c --- /dev/null +++ b/rocky-linux-9/files/99-pve.cfg @@ -0,0 +1 @@ +datasource_list: [ConfigDrive, NoCloud] \ No newline at end of file diff --git a/rocky-linux-9/http/kickstart.cfg b/rocky-linux-9/http/kickstart.cfg new file mode 100644 index 0000000..7941f5e --- /dev/null +++ b/rocky-linux-9/http/kickstart.cfg @@ -0,0 +1,149 @@ +#version=RHEL8 +ignoredisk --only-use=vda +autopart + +# Partition clearing information +clearpart --none --initlabel + +# Use graphical install +# graphical + +# Use CDROM installation media +cdrom +text +# Keyboard layouts +keyboard --vckeymap=us --xlayouts='us' + +# System language +lang en_US.UTF-8 + +# Network information +network --bootproto=dhcp --ipv6=auto --activate +network --hostname=localhost.localdomain +repo --name="AppStream" --baseurl=file:///run/install/repo/AppStream + +# Root password +rootpw --iscrypted $6$lVFG3WA8AqEXLM7v$L2Ah5x1gy9Z1BosC5I/Jn8R0YDqnXacZ4o9TC.8NUgDjglJHzV6Hcf7SKhB6WI/qmZ6ji0Ne3VCUvA/ciyfTD0 +user --groups=wheel --name=cnorris --password=$6$KEyeHOUYzZf9pJHJ$7Fx6s/jYpj9mnVAiTHYVp2cmqLx8x8zrEZHk/vCLiJvyQ1JzXPMVbh5BaY6tNCfNsGckIN3s..KwIYtLBm1Ox0 --iscrypted --gecos="Chuck Norris" + +# Run the Setup Agent on first boot +firstboot --disabled + +# Do not configure the X Window System +skipx + +# System services +services --disabled="kdump" --enabled="sshd,rsyslog,chronyd" + +# System timezone +timezone Etc/UTC --isUtc + +reboot + +%packages +@^minimal-environment +openssh-server +openssh-clients +sudo +kexec-tools +curl +# allow for ansible +python3 +python3-libselinux + +# unnecessary firmware +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl*firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware +%end + +%addon com_redhat_kdump --enable --reserve-mb='auto' + +%end + +%post + + +# this is installed by default but we don't need it in virt +echo "Removing linux-firmware package." +yum -C -y remove linux-firmware + +# Remove firewalld; it is required to be present for install/image building. +echo "Removing firewalld." +yum -C -y remove firewalld --setopt="clean_requirements_on_remove=1" + +# remove avahi and networkmanager +echo "Removing avahi/zeroconf and NetworkManager" +yum -C -y remove avahi\* + +echo -n "Getty fixes" +# although we want console output going to the serial console, we don't +# actually have the opportunity to login there. FIX. +# we don't really need to auto-spawn _any_ gettys. +sed -i '/^#NAutoVTs=.*/ a\ +NAutoVTs=0' /etc/systemd/logind.conf + +# set virtual-guest as default profile for tuned +echo "virtual-guest" > /etc/tuned/active_profile + +# Because memory is scarce resource in most cloud/virt environments, +# and because this impedes forensics, we are differing from the Fedora +# default of having /tmp on tmpfs. +echo "Disabling tmpfs for /tmp." +systemctl mask tmp.mount + +cat < /etc/sysconfig/kernel +# UPDATEDEFAULT specifies if new-kernel-pkg should make +# new kernels the default +UPDATEDEFAULT=yes + +# DEFAULTKERNEL specifies the default kernel package type +DEFAULTKERNEL=kernel +EOL + +# make sure firstboot doesn't start +echo "RUN_FIRSTBOOT=NO" > /etc/sysconfig/firstboot + +echo "Fixing SELinux contexts." +touch /var/log/cron +touch /var/log/boot.log +mkdir -p /var/cache/yum +/usr/sbin/fixfiles -R -a restore + +# reorder console entries +sed -i 's/console=tty0/console=tty0 console=ttyS0,115200n8/' /boot/grub2/grub.cfg + +#echo "Zeroing out empty space." +# This forces the filesystem to reclaim space from deleted files +# dd bs=1M if=/dev/zero of=/var/tmp/zeros || : +# rm -f /var/tmp/zeros +# echo "(Don't worry -- that out-of-space error was expected.)" + +yum update -y + +sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers +echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/allow-root-ssh.conf + +yum clean all +%end + +%anaconda +pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty +pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok +pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty +%end \ No newline at end of file diff --git a/rocky-linux-9/http/meta-data b/rocky-linux-9/http/meta-data new file mode 100644 index 0000000..e69de29 diff --git a/rocky-linux-9-test/rocky-linux-9-test.pkr.hcl b/rocky-linux-9/rocky-linux-9.pkr.hcl similarity index 72% rename from rocky-linux-9-test/rocky-linux-9-test.pkr.hcl rename to rocky-linux-9/rocky-linux-9.pkr.hcl index 257c819..3740e0c 100644 --- a/rocky-linux-9-test/rocky-linux-9-test.pkr.hcl +++ b/rocky-linux-9/rocky-linux-9.pkr.hcl @@ -1,6 +1,14 @@ # Rocky Linux 9 Server # --- # Packer Template to create an Rocky Linux 9 Server on Proxmox +packer { + required_plugins { + proxmox = { + version = ">= 1.1.3" + source = "github.com/hashicorp/proxmox" + } + } +} # Variable Definitions variable "proxmox_api_url" { @@ -16,7 +24,18 @@ variable "proxmox_api_token_secret" { sensitive = true } -source "proxmox" "rocky-linux-9" { +variable "proxmox_ssh_username" { + type = string + sensitive = true +} + +variable "proxmox_ssh_password" { + type = string + sensitive = true +} + + +source "proxmox-iso" "rocky-linux-9" { # Proxmox Connection Settings proxmox_url = "${var.proxmox_api_url}" @@ -27,9 +46,16 @@ source "proxmox" "rocky-linux-9" { # VM General Settings node = "boba" - vm_id = "4500" + vm_id = "4900" vm_name = "rocky-linux-9" template_description = "Rocky Linux 9 Server Image" + machine = "q35" + bios = "ovmf" + os = "l26" + + efi_config { + efi_storage_pool = "fast" + } # VM OS Settings # (Option 1) Local ISO File @@ -50,14 +76,14 @@ source "proxmox" "rocky-linux-9" { disks { disk_size = "40G" - format = "qcow2" + format = "raw" storage_pool = "fast" - storage_pool_type = "storage" type = "virtio" } # VM CPU Settings cores = "2" + cpu_type = "host" # VM Memory Settings memory = "2048" @@ -74,23 +100,23 @@ source "proxmox" "rocky-linux-9" { cloud_init_storage_pool = "fast" # PACKER Boot Commands - boot_command = [" text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/files/inst.ks"] - boot_wait = "10s" + boot_command = ["einst.text inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/kickstart.cfgx"] + boot_wait = "5s" # PACKER Autoinstall Settings http_directory = "http" # (Optional) Bind IP Address and Port - # http_bind_address = "0.0.0.0" - # http_port_min = 8802 - # http_port_max = 8802 + http_bind_address = "0.0.0.0" + http_port_min = 8802 + http_port_max = 8802 - ssh_username = "cnorris" + ssh_username = "${var.proxmox_ssh_username}" # (Option 1) Add your Password here - # ssh_password = "your-password" + ssh_password = "${var.proxmox_ssh_password}" # - or - # (Option 2) Add your Private SSH KEY file here - ssh_private_key_file = "~/.ssh/id_rsa" + # ssh_private_key_file = "~/.ssh/id_rsa" # Raise the timeout, when installation takes longer ssh_timeout = "20m" @@ -100,26 +126,27 @@ source "proxmox" "rocky-linux-9" { build { name = "rocky-linux-9" - sources = ["source.proxmox.rocky-linux-9"] + sources = ["source.proxmox-iso.rocky-linux-9"] # Provisioning the VM Template for Cloud-Init Integration in Proxmox #1 provisioner "shell" { inline = [ - "echo "Updating system...", + "echo 'Updating system...'", "dnf -y update", - "echo "Installing python and ansible...", + "echo 'Installing python and ansible...'", "dnf -y install python3", "dnf -y install python3-pip", "pip3 install ansible", - "echo "Installing cloud-init...", + "echo 'Installing cloud-init...'", "dnf -y install cloud-init", - "echo "manual_cache_clean: True" > /etc/cloud/cloud.cfg.d/99-manual.cfg" + "echo 'manual_cache_clean: True' > /etc/cloud/cloud.cfg.d/99-manual.cfg", ] } provisioner "shell" { inline = [ - "dnf install -y cloud-init qemu-guest-agent cloud-utils-growpart gdisk", "systemctl enable qemu-guest-agent", + "dnf install -y cloud-init qemu-guest-agent cloud-utils-growpart gdisk", + "systemctl enable qemu-guest-agent", "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", "rm -f /var/run/utmp", ">/var/log/lastlog",