diff --git a/builds/linux/ubuntu-server-18-04-lts/linux-ubuntu-server.pkr.hcl b/builds/linux/ubuntu-server-18-04-lts/linux-ubuntu-server.pkr.hcl index bf79df471..0a5fc956e 100644 --- a/builds/linux/ubuntu-server-18-04-lts/linux-ubuntu-server.pkr.hcl +++ b/builds/linux/ubuntu-server-18-04-lts/linux-ubuntu-server.pkr.hcl @@ -138,6 +138,10 @@ build { source = "${path.cwd}/certificates/root-ca.crt" } + provisioner "ansible-local" { + playbook_file = "${path.cwd}/scripts/ansible/playbook.yml" + } + provisioner "shell" { execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" environment_vars = [ diff --git a/builds/linux/ubuntu-server-20-04-lts/linux-ubuntu-server.pkr.hcl b/builds/linux/ubuntu-server-20-04-lts/linux-ubuntu-server.pkr.hcl index 258e93168..b0de09089 100644 --- a/builds/linux/ubuntu-server-20-04-lts/linux-ubuntu-server.pkr.hcl +++ b/builds/linux/ubuntu-server-20-04-lts/linux-ubuntu-server.pkr.hcl @@ -136,8 +136,12 @@ build { source = "${path.cwd}/certificates/root-ca.crt" } + provisioner "ansible-local" { + playbook_file = "${path.cwd}/scripts/ansible/playbook.yml" + } + provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" + execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" environment_vars = [ "BUILD_USERNAME=${var.build_username}", "BUILD_KEY=${var.build_key}", diff --git a/scripts/ansible/playbook.yml b/scripts/ansible/playbook.yml new file mode 100644 index 000000000..e90f6c89f --- /dev/null +++ b/scripts/ansible/playbook.yml @@ -0,0 +1,51 @@ +--- + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE +# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR +# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +- hosts: localhost + gather_facts: yes + become: true + tasks: + - name: System Details + debug: msg="{{ item }}" + with_items: + - "{{ ansible_distribution }}" + + - block: # Ubuntu Distributions + - name: Update Cache and Upgrade Packages + apt: + name: "*" + state: latest + update_cache: yes + force_apt_get: true + + - name: Install Additional Packages + apt: + name: + - bash-completion + - curl + - wget + - git + - net-tools + - unzip + - ca-certificates + state: latest + + - name: Install CA Certificate + copy: + src: /tmp/root-ca.crt + dest: /usr/local/share/ca-certificates/ + owner: root + group: root + mode: 0644 + notify: + - Ubuntu - Update Trusted CA + when: + - ansible_distribution == "Ubuntu" + + handlers: + - name: Ubuntu - Update Trusted CA + shell: /usr/sbin/update-ca-certificates diff --git a/scripts/linux/ubuntu-server-18.sh b/scripts/linux/ubuntu-server-18.sh index 81a8f5c2d..18e371b5c 100644 --- a/scripts/linux/ubuntu-server-18.sh +++ b/scripts/linux/ubuntu-server-18.sh @@ -13,29 +13,6 @@ export BUILD_KEY export ANSIBLE_USERNAME export ANSIBLE_KEY -### Update the guest operating system. ### -echo '> Updating the guest operating system ...' -sudo apt-get update -sudo apt-get upgrade -y - -### Install additional packages. ### -echo '> Installing additional packages ...' -sudo apt-get install -y \ - curl \ - wget \ - git \ - net-tools \ - unzip \ - ca-certificates - -### Install the Certificate Authority certificates and add to the certificate authority trust. ### -echo '> Installing the Certificate Authority certificates and adding to the certificate authority trust ...' -sudo chown -R root:root /tmp/root-ca.crt -sudo chmod 644 /tmp/root-ca.crt -sudo cp /tmp/root-ca.crt /usr/local/share/ca-certificates/ -sudo update-ca-certificates -sudo rm -rf /tmp/root-ca.crt - ### Update the default local user. ### echo '> Updating the default local user ...' echo '> Adding authorized_keys for the default local user ...' @@ -78,10 +55,10 @@ sudo systemctl restart sshd ### Create the clean script. ### echo '> Creating the clean script ...' -sudo cat < /tmp/clean.sh +sudo cat < /home/$BUILD_USERNAME/clean.sh #!/bin/bash -### Cleans all audit logs. ### +### Cleans all audit logs. ### echo '> Cleaning all audit logs ...' if [ -f /var/log/audit/audit.log ]; then cat /dev/null > /var/log/audit/audit.log @@ -93,7 +70,7 @@ if [ -f /var/log/lastlog ]; then cat /dev/null > /var/log/lastlog fi -### Cleans persistent udev rules. ### +### Cleans persistent udev rules. ### echo '> Cleaning persistent udev rules ...' if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then rm /etc/udev/rules.d/70-persistent-net.rules @@ -132,18 +109,17 @@ echo > ~/.bash_history rm -fr /root/.bash_history EOF -### Change the permissions on /tmp/clean.sh. ### -echo '> Changing the permissions on /tmp/clean.sh ...' -sudo chmod +x /tmp/clean.sh +### Change the permissions on /home/$BUILD_USERNAME/clean.sh. ### +echo '> Changing the permissions on /home/$BUILD_USERNAME/clean.sh ...' +sudo chmod +x /home/$BUILD_USERNAME/clean.sh -### Run the clean script. ### +### Run the clean script. ### echo '> Running the clean script ...' -sudo /tmp/clean.sh +sudo /home/$BUILD_USERNAME/clean.sh -### Generate the host keys using ssh-keygen. ### +### Generate the host keys using ssh-keygen. ### echo '> Generating the host keys using ssh-keygen ...' sudo ssh-keygen -A -### Done. ### -echo '> Done.' - +### Done. ### +echo '> Done.' \ No newline at end of file diff --git a/scripts/linux/ubuntu-server-2x.sh b/scripts/linux/ubuntu-server-2x.sh index 9e685c188..213f12ba7 100644 --- a/scripts/linux/ubuntu-server-2x.sh +++ b/scripts/linux/ubuntu-server-2x.sh @@ -13,29 +13,6 @@ export BUILD_KEY export ANSIBLE_USERNAME export ANSIBLE_KEY -### Update the guest operating system. ### -echo '> Updating the guest operating system ...' -sudo apt-get update -sudo apt-get upgrade -y - -### Install additional packages. ### -echo '> Installing additional packages ...' -sudo apt-get install -y \ - curl \ - wget \ - git \ - net-tools \ - unzip \ - ca-certificates - -### Install the Certificate Authority certificates and add to the certificate authority trust. ### -echo '> Installing the Certificate Authority certificates and adding to the certificate authority trust ...' -sudo chown -R root:root /tmp/root-ca.crt -sudo chmod 644 /tmp/root-ca.crt -sudo cp /tmp/root-ca.crt /usr/local/share/ca-certificates/ -sudo update-ca-certificates -sudo rm -rf /tmp/root-ca.crt - ### Update the default local user. ### echo '> Updating the default local user ...' echo '> Adding authorized_keys for the default local user ...' @@ -78,10 +55,10 @@ sudo systemctl restart sshd ### Create the clean script. ### echo '> Creating the clean script ...' -sudo cat < /tmp/clean.sh +sudo cat < /home/$BUILD_USERNAME/clean.sh #!/bin/bash -### Cleans all audit logs. ### +### Cleans all audit logs. ### echo '> Cleaning all audit logs ...' if [ -f /var/log/audit/audit.log ]; then cat /dev/null > /var/log/audit/audit.log @@ -93,7 +70,7 @@ if [ -f /var/log/lastlog ]; then cat /dev/null > /var/log/lastlog fi -### Cleans persistent udev rules. ### +### Cleans persistent udev rules. ### echo '> Cleaning persistent udev rules ...' if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then rm /etc/udev/rules.d/70-persistent-net.rules @@ -139,17 +116,17 @@ echo > ~/.bash_history rm -fr /root/.bash_history EOF -### Change the permissions on /tmp/clean.sh . ### -echo '> Changing the permissions on /tmp/clean.sh ...' -sudo chmod +x /tmp/clean.sh +### Change the permissions on /home/$BUILD_USERNAME/clean.sh . ### +echo '> Changing the permissions on /home/$BUILD_USERNAME/clean.sh ...' +sudo chmod +x /home/$BUILD_USERNAME/clean.sh -### Run the clean script. ### +### Run the clean script. ### echo '> Running the clean script ...' -sudo /tmp/clean.sh +sudo /home/$BUILD_USERNAME/clean.sh -### Generate the host keys using ssh-keygen. ### +### Generate the host keys using ssh-keygen. ### echo '> Generating the host keys using ssh-keygen ...' sudo ssh-keygen -A -### Done. ### +### Done. ### echo '> Done.' \ No newline at end of file