Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Ansible roles for Linux; address project chores #156

Merged
merged 3 commits into from
Feb 7, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/bug.yml
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ body:
attributes:
label: HashiCorp Packer
description: Please provide the HashiCorp Packer version.
placeholder: 1.7.9
placeholder: 1.7.10
validations:
required: true
- type: input
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/code-quality.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,4 +22,5 @@ jobs:
VALIDATE_ALL_CODEBASE: true
DEFAULT_BRANCH: "main"
DISABLE_ERRORS: false
VALIDATE_ANSIBLE: false
VALIDATE_TERRAGRUNT: false
8 changes: 3 additions & 5 deletions CODE_OF_CONDUCT.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,8 @@

## Our Pledge

We as members, contributors, and leaders pledge to make participation in the project and our community a harassment-free
experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics,
gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance,
race, religion, or sexual identity and orientation.
We as members, contributors, and leaders pledge to make participation in the project and our community a harassment-free experience for everyone,
regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.

We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.

Expand Down Expand Up @@ -81,4 +79,4 @@ Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcem
[contributor-covenant-faq]: https://www.contributor-covenant.org/faq
[contributor-covenant-translations]: https://www.contributor-covenant.org/translations

For answers to common questions about this code of conduct, see the [FAQ][contributor-covenant-faq] and its [translations][contributor-covenant-translations].
For answers to common questions about this code of conduct, see the [FAQ][contributor-covenant-faq] and its [translations][contributor-covenant-translations].
2 changes: 1 addition & 1 deletion LICENSE
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Copyright 2020-2021 VMware, Inc. All Rights Reserved.
Copyright 2020-2022 VMware, Inc. All Rights Reserved.

The BSD-2 license (the "License") set forth below applies to all parts of the project. You may not use this file except in compliance with the License.

Expand Down
2 changes: 1 addition & 1 deletion NOTICE
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
Copyright 2020-2021 VMware, Inc. All Rights Reserved.
Copyright 2020-2022 VMware, Inc. All Rights Reserved.

This product is licensed to you under the BSD-2 license (the "License"). You may not use this product except in compliance with the BSD-2 License.

Expand Down
38 changes: 15 additions & 23 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<img alt="Last Commit" src="https://img.shields.io/github/last-commit/vmware-samples/packer-examples-for-vsphere?style=for-the-badge&logo=github"> [<img alt="The Changelog" src="https://img.shields.io/badge/The%20Changelog-Read-blue?style=for-the-badge&logo=github">](CHANGELOG.md) [<img alt="Open in Visual Studio Code" src="https://img.shields.io/badge/Visual%20Studio%20Code-Open-blue?style=for-the-badge&logo=visualstudiocode">](https://open.vscode.dev/vmware-samples/packer-examples-for-vsphere)
<br/>
<img alt="VMware vSphere 7.0 Update 2+" src="https://img.shields.io/badge/VMware%20vSphere-7.0%20Update%202+-blue?style=for-the-badge">
<img alt="Packer 1.7.9+" src="https://img.shields.io/badge/HashiCorp%20Packer-1.7.9+-blue?style=for-the-badge&logo=packer">
<img alt="Packer 1.7.10+" src="https://img.shields.io/badge/HashiCorp%20Packer-1.7.10+-blue?style=for-the-badge&logo=packer">
<img alt="Ansible 2.9+" src="https://img.shields.io/badge/Ansible-2.9+-blue?style=for-the-badge&logo=ansible">

## Table of Contents
Expand Down Expand Up @@ -53,7 +53,7 @@ The following builds are available:
## Requirements

**Packer**:
* HashiCorp [Packer][packer-install] 1.7.9 or higher.
* HashiCorp [Packer][packer-install] 1.7.10 or higher.
* HashiCorp [Packer Plugin for VMware vSphere][packer-plugin-vsphere] (`vsphere-iso`) 1.0.3 or higher.
* [Packer Plugin for Windows Updates][packer-plugin-windows-update] 0.14.0 or higher - a community plugin for HashiCorp Packer.

Expand Down Expand Up @@ -84,7 +84,7 @@ The following software packages must be installed on the Packer host:
- macOS: `brew install --cask docker`
* Coreutils
- macOS: `brew install coreutils`
* HashiCorp [Terraform][terraform-install] 1.1.3 or higher.
* HashiCorp [Terraform][terraform-install] 1.1.5 or higher.
- Ubuntu:
- `sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl`
- `curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -`
Expand Down Expand Up @@ -164,8 +164,6 @@ The directory structure of the repository.
│ └── root-ca.cer.example
├── manifests
├── scripts
│ ├── linux
│ │ └── *.sh
│ └── windows
│ └── *.ps1
└── terraform
Expand All @@ -174,14 +172,14 @@ The directory structure of the repository.
```

The files are distributed in the following directories.
* **`ansible`** - contains the Ansible roles to initialize and prepare the machine image build.
* **`ansible`** - contains the Ansible roles to prepare a Linux machine image build.
* **`builds`** - contains the templates, variables, and configuration files for the machine image build.
* **`scripts`** - contains the scripts to initialize and prepare the machine image build.
* **`certificates`** - contains the Trusted Root Authority certificates for Windows build.
* **`scripts`** - contains the scripts to initialize and prepare a Windows machine image build.
* **`certificates`** - contains the Trusted Root Authority certificates for a Windows machine image build.
* **`manifests`** - manifests created after the completion of the machine image build.
* **`manifests`** - contains example Terraform plans to test machine image builds.
* **`terraform`** - contains example Terraform plans to test machine image builds.

> **NOTE**: The project is transitioning to use Ansible instead of scripts, where possible.
> **NOTE**: The project is transitioning to use Ansible role instead of scripts, where possible.

### Step 2 - Download the Guest Operating Systems ISOs

Expand Down Expand Up @@ -405,7 +403,7 @@ Your public key has been saved in /Users/rainpole/.ssh/id_ecdsa.pub.
The content of the public key, `build_key`, is added the key to the `.ssh/authorized_keys` file of the `build_username` on the guest operating system.

>**WARNING**: Replace the default public keys and passwords.
>By default, both Public Key Authentication and Password Authentication are enabled for Linux distributions. If you wish to disable Password Authentication and only use Public Key Authentication, comment or remove the portion of the associated script in the `scripts` directory.
>By default, both Public Key Authentication and Password Authentication are enabled for Linux distributions. If you wish to disable Password Authentication and only use Public Key Authentication, comment or remove the portion of the associated Ansible `configure` role.

##### Ansible Variables

Expand Down Expand Up @@ -560,17 +558,17 @@ Edit the `*.auto.pkvars.hcl` file in each `builds/<type>/<build>` folder to conf
>**Note**: All `variables.auto.pkvars.hcl` default to using the [VMware Paravirtual SCSI controller][vmware-pvscsi] and the [VMXNET 3][vmware-vmxnet3] network card device types.


### Step 5 - Modify the Configurations and Scripts (Optional)
### Step 5 - Modify the Configurations (Optional)

If required, modify the configuration and scripts files, for the Linux distributions and Microsoft Windows.
If required, modify the configuration files for the Linux distributions and Microsoft Windows.

#### Linux Distribution Kickstart and Scripts
#### Linux Distribution Kickstart and Ansible Roles

Username and password variables are passed into the kickstart or cloud-init files for each Linux distribution as Packer template files (`.pkrtpl.hcl`) to generate these on-demand.
Username and password variables are passed into the kickstart or cloud-init files for each Linux distribution as Packer template files (`.pkrtpl.hcl`) to generate these on-demand. Ansible roles are then used to configure the Linux machine image builds.

#### Microsoft Windows Unattended amd Scripts

Variables are passed into the [Microsoft Windows][microsoft-windows-unattend] unattend files (`autounattend.xml`) as Packer template files (`autounattend.pkrtpl.hcl`) to generate these on-demand.
Variables are passed into the [Microsoft Windows][microsoft-windows-unattend] unattend files (`autounattend.xml`) as Packer template files (`autounattend.pkrtpl.hcl`) to generate these on-demand. A PowerShell script is then used to configure the Linux machine image builds.

By default, each unattended file is set to use the [KMS client setup keys][microsoft-kms] as the **Product Key**.

Expand Down Expand Up @@ -645,10 +643,6 @@ Happy building!!!
* Read [Debugging Packer Builds][packer-debug].

## Credits
* Maher AlAsfar [@vmwarelab][credits-maher-alasfar-twitter]

[Linux][credits-maher-alasfar-github] Bash scripting hints.

* Owen Reynolds [@OVDamn][credits-owen-reynolds-twitter]

[VMware Tools for Windows][credits-owen-reynolds-github] installation PowerShell script.
Expand All @@ -657,8 +651,6 @@ Happy building!!!

[ansible-docs]: https://docs.ansible.com
[cloud-init]: https://cloudinit.readthedocs.io/en/latest/
[credits-maher-alasfar-twitter]: https://twitter.com/vmwarelab
[credits-maher-alasfar-github]: https://github.com/vmwarelab/cloud-init-scripts
[credits-owen-reynolds-twitter]: https://twitter.com/OVDamn
[credits-owen-reynolds-github]: https://github.com/getvpro/Build-Packer/blob/master/Scripts/Install-VMTools.ps1
[download-git]: https://git-scm.com/downloads
Expand All @@ -671,7 +663,7 @@ Happy building!!!
[download-linux-redhat-server-7]: https://access.redhat.com/downloads/content/69/
[download-linux-rocky-server-8]: https://download.rockylinux.org/pub/rocky/8/isos/x86_64/
[download-linux-ubuntu-server-18-04-lts]: http://cdimage.ubuntu.com/ubuntu/releases/18.04.5/release/
[download-linux-ubuntu-server-20-04-lts]: https://releases.ubuntu.com/20.04.1/
[download-linux-ubuntu-server-20-04-lts]: https://releases.ubuntu.com/20.04/
[hashicorp]: https://www.hashicorp.com/
[iso]: https://en.wikipedia.org/wiki/ISO_image
[microsoft-kms]: https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys
Expand Down
3 changes: 3 additions & 0 deletions ansible/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,6 @@
hosts: all
roles:
- base
- users
- configure
- clean
6 changes: 3 additions & 3 deletions ansible/roles/base/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
---
- name: "Prepare {{ ansible_facts['distribution'] }} distribution."
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system."
include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml"
when: "ansible_facts['distribution'] == 'Ubuntu'"
- name: "Prepare {{ ansible_facts['distribution'] }} distribution."
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system."
include_tasks: redhat.yml
when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']"
- name: "Prepare {{ ansible_facts['os_family'] }} distribution."
- name: "Prepare {{ ansible_facts['os_family'] }} guest operating system."
include_tasks: "{{ ansible_facts['lsb']['codename'] | lower }}.yml"
when: "ansible_facts['os_family'] == 'VMware Photon OS'"
2 changes: 1 addition & 1 deletion ansible/roles/base/tasks/redhat.yml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
- name: "Red Hat Subscription Manager Status"
- name: "Checking Red Hat Subscription Manager status."
shell: "subscription-manager refresh"
when: "ansible_facts['distribution'] == 'RedHat'"
- name: "Updating the guest operating system."
Expand Down
10 changes: 10 additions & 0 deletions ansible/roles/clean/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
---
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system."
include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml"
when: "ansible_facts['distribution'] == 'Ubuntu'"
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system."
include_tasks: redhat.yml
when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']"
- name: "Prepare {{ ansible_facts['os_family'] }} guest operating system."
include_tasks: "{{ ansible_facts['lsb']['codename'] | lower }}.yml"
when: "ansible_facts['os_family'] == 'VMware Photon OS'"
29 changes: 29 additions & 0 deletions ansible/roles/clean/tasks/photon.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
---
- name: "Cleaning tdnf cache."
shell: |
tdnf clean all
args:
warn: false
- name: "Cleaning log files."
shell: |
find /var/log -type f -delete
rm -rf /var/log/journal/*
args:
warn: false
- name: "Cleaning SSH host keys."
shell: |
rm -f /etc/ssh/ssh_host_*
args:
warn: false
- name: "Cleaning the machine-id."
shell: |
truncate -s 0 /etc/machine-id
rm /var/lib/dbus/machine-id
ln -s /etc/machine-id /var/lib/dbus/machine-id
args:
warn: false
- name: "Cleaning the shell history."
shell: |
history -c
args:
warn: false
59 changes: 59 additions & 0 deletions ansible/roles/clean/tasks/redhat.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
---
- name: "Cleaning all audit logs."
shell: |
if [ -f /var/log/audit/audit.log ]; then
cat /dev/null > /var/log/audit/audit.log
fi
if [ -f /var/log/wtmp ]; then
cat /dev/null > /var/log/wtmp
fi
if [ -f /var/log/lastlog ]; then
cat /dev/null > /var/log/lastlog
fi
args:
warn: false
- name: "Cleaning persistent udev rules."
shell: |
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
rm /etc/udev/rules.d/70-persistent-net.rules
fi
args:
warn: false
- name: "Cleaning the /tmp directories"
shell: |
rm -rf /tmp/*
rm -rf /var/tmp/*
rm -rf /var/cache/dnf/*
args:
warn: false
- name: "Cleaning the Red Hat Subscription Manager logs."
shell: |
rm -rf /var/log/rhsm/*
when: "ansible_facts['distribution'] == 'RedHat'"
args:
warn: false
- name: "Cleaning the SSH host keys."
shell: |
rm -f /etc/ssh/ssh_host_*
args:
warn: false
- name: "Cleaning the machine-id."
shell: |
truncate -s 0 /etc/machine-id
rm /var/lib/dbus/machine-id
ln -s /etc/machine-id /var/lib/dbus/machine-id
args:
warn: false
- name: "Cleaning the shell history."
shell: |
unset HISTFILE
history -cw
echo > ~/.bash_history
rm -fr /root/.bash_history
args:
warn: false
- name: "Running a sync."
shell: |
sync && sync
args:
warn: false
47 changes: 47 additions & 0 deletions ansible/roles/clean/tasks/ubuntu.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
---
- name: "Cleaning all audit logs."
shell: |
if [ -f /var/log/audit/audit.log ]; then
cat /dev/null > /var/log/audit/audit.log
fi
if [ -f /var/log/wtmp ]; then
cat /dev/null > /var/log/wtmp
fi
if [ -f /var/log/lastlog ]; then
cat /dev/null > /var/log/lastlog
fi
args:
warn: false
- name: "Cleaning persistent udev rules."
shell: |
if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then
rm /etc/udev/rules.d/70-persistent-net.rules
fi
args:
warn: false
- name: "Cleaning the /tmp directories"
shell: |
rm -rf /tmp/*
rm -rf /var/tmp/*
args:
warn: false
- name: "Cleaning the SSH host keys."
shell: |
rm -f /etc/ssh/ssh_host_*
args:
warn: false
- name: "Cleaning the machine-id."
shell: |
truncate -s 0 /etc/machine-id
rm /var/lib/dbus/machine-id
ln -s /etc/machine-id /var/lib/dbus/machine-id
args:
warn: false
- name: "Cleaning the shell history."
shell: |
unset HISTFILE
history -cw
echo > ~/.bash_history
rm -fr /root/.bash_history
args:
warn: false
11 changes: 11 additions & 0 deletions ansible/roles/configure/tasks/main.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system."
include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml"
when: "ansible_facts['distribution'] == 'Ubuntu'"
- name: "Prepare {{ ansible_facts['distribution'] }} ansible_facts['os_family']."
include_tasks: redhat.yml
when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']"
- name: "Prepare {{ ansible_facts['os_family'] }} guest operating system."
include_tasks: "{{ ansible_facts['lsb']['codename'] | lower }}.yml"
when: "ansible_facts['os_family'] == 'VMware Photon OS'"

17 changes: 17 additions & 0 deletions ansible/roles/configure/tasks/photon.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
- name: "Configure SSH for Public Key Authentication."
shell: |
sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config
sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config
args:
warn: false
- name: "Setting hostname to localhost."
shell: |
hostnamectl set-hostname localhost
args:
warn: false
- name: "Disable IPv6."
shell: |
sudo echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
args:
warn: false
Loading