Skip to content
Permalink
Browse files
Add default ssh key to centos for the base AMI build for AWS. Adjust … 
…README and .gitignore.
  • Loading branch information
Mason Packard committed Aug 2, 2016
1 parent e42bc5c commit 39db146717a9aa4acd7e45b272b13e4a4a7c6628
Showing with 265 additions and 0 deletions.
  1. +2 −0 .gitignore
  2. +69 −0 README.md
  3. +55 −0 aws-centos7-base.json
  4. +68 −0 http/ks-ext4.cfg
  5. +71 −0 http/ks-xfs.cfg
2 .gitignore
View file
@@ -3,3 +3,5 @@ packer_cache/*
iso/*
output-virtualbox-iso/*
builds/*
output-xfs/*
output-ext4/*
69 README.md
View file
@@ -2,6 +2,75 @@

## Introduction

This packer templates create vmware image of CentOS 7 with `.vmx` and `.ova`. In addition, there is an AMI you can create for AWS. You will need to have credentials setup according to [AWS credentials setup](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files)

The OS versions are:

- Centos 7

For all operating systems we generate images for

- centos7.json will build:
- VmWare (user: packer/changeme1234)
- VirtualBox (user: packer/changeme1234)

- aws-centos7-base.json will build:
- AMI for AWS (user: centos/centos)

This template only is tested against 64 bit systems. With the following sizing requirements:
```
"vmx_data": {
"cpuid.coresPerSocket": "1",
"memsize": "512",
"numvcpus": "2"
}
```

```
"disk_size": 81920
```

## Requirements

The templates are only tested with [packer](http://www.packer.io/downloads.html) 0.10.1 and later.

### Pre-Requisites for AWS / AMI import

- IAM needs to be setup for the `vmimport` role per the [AWS guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/VMImportPrerequisites.html#vmimport-service-role).
- The bucket `internet2-ami-import-us-west-1` needs to be setup on AWS S3.


## Run conversion process

VMware and Virtualbox build

```
# Build CentOS VMWare and Virtualbox images
PACKER_LOG=1 packer build centos7.json
````

AMI build will require both `aws_access_key` and `aws_secret_key` to be setup with [AWS credentials setup](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files)

```
# Build CentOS for AWS / AMI
packer build aws-centos7-base.json
```

## Issues during build time

If you experience issues with packer, please use `PACKER_LOG=1 packer ... ` to find the errors.

## Author

- Author:: Mason Packard (<mason.packard@levvel.io>)

# License

TBD
# Packer Image Builder for CentOS

## Introduction

This packer templates create vmware image of CentOS 7 with `.vmx` file type.

The OS versions are:
55 aws-centos7-base.json
View file
@@ -0,0 +1,55 @@
{
"min_packer_version": "0.8.6",
"description": "Bare CentOS 7 prepped for AMI import",
"variables": {
"profile": "xfs",
"disk_size": "8192",
"memory": "6122",
"cpus": "4",
"ssh_username": "centos",
"ssh_password": "centos",
"aws_access_key": "",
"aws_secret_key": "",
"region": "us-west-1"
},
"builders": [
{
"type": "virtualbox-iso",
"name": "centos-7-ami",
"vm_name": "centos7-ec2-{{user `profile`}}",
"headless": true,
"guest_os_type": "RedHat_64",
"disk_size": "{{user `disk_size`}}",
"vboxmanage": [
["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"],
["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"]
],
"iso_url": "http://mirror.steadfast.net/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall-1511.iso",
"iso_checksum": "9ed9ffb5d89ab8cca834afce354daa70a21dcb410f58287d6316259ff89758f5",
"iso_checksum_type": "sha256",
"http_directory": "http",
"boot_command": ["<tab> text ks=http://{{.HTTPIP}}:{{.HTTPPort}}/ks-{{user `profile`}}.cfg<enter><wait>"],
"boot_wait": "10s",
"ssh_username": "{{user `ssh_username`}}",
"ssh_password": "{{user `ssh_password`}}",
"ssh_port": 22,
"ssh_wait_timeout": "10000s",
"guest_additions_mode": "disable",
"shutdown_command": "sudo -S shutdown -P now",
"output_directory": "output-{{user `profile`}}",
"format": "ova"
}
],
"post-processors": [
{
"type": "amazon-import",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "{{user `region`}}",
"s3_bucket_name": "internet2-ami-import-us-west-1",
"tags": {
"Description": "packer amazon-import-base {{timestamp}}"
}
}
]
}
68 http/ks-ext4.cfg
View file
@@ -0,0 +1,68 @@
install
cdrom
lang en_US.UTF-8
keyboard us
timezone UTC
network --onboot yes --bootproto dhcp
bootloader --location=mbr

repo --name=base --baseurl=http://mirror.steadfast.net/centos/7/os/x86_64/
url --url=http://mirror.steadfast.net/centos/7/os/x86_64/
logging --level=debug

firewall --enabled --ssh
services --enabled=NetworkManager,sshd
eula --agreed

text
skipx
zerombr

clearpart --all
autopart --type=plain --fstype=ext4
firstboot --disabled

authconfig --useshadow --passalgo=sha512
rootpw --lock --plaintext "$(openssl rand -base64 32)"
user --name centos --groups wheel,adm,systemd-journal --uid 1000 --gid 1000 --plaintext --password centos
reboot


%packages --nobase --ignoremissing
@core
@development Tools
openssh-clients
openssl-devel
readline-devel
zlib-devel
kernel-headers
kernel-devel
net-tools
vim
wget
curl
rsync
sudo
%end


%post --log=/var/log/ks.post.log
systemctl disable avahi-daemon.service
systemctl disable kdump.service

sed -i -r 's@^#?PermitRootLogin.*$@PermitRootLogin no@' /etc/ssh/sshd_config
sed -i -r "s@^.*requiretty@#Defaults requiretty@" /etc/sudoers

echo "centos ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/centos
chmod 440 /etc/sudoers.d/centos

mkdir --mode=700 /home/centos/.ssh

cat << EOF > /home/centos/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0F2Y68rs0DPofa9ZCJYxx9FG6Lzk+szeI6/c2P4C3yNWy1QvPDfUzFXGgPnb/O0EkI6s4qQ8Nt16GAfwdC4xvrZG5lpn++vBwEb4CxpF+23TsmQCi+DJjNgH4+XfBlGqplcjxJuMOrKrOO+wGuc7yetJ32b2wMNJUv0ijWpCiFp8fhs0a5+q4tq+6Q7LBlaIFTvjTP+YKh7JxAzG492m8TkbVQGnPpnTFI5OF5Q6t0Yqn87RZvVRvuU+jXXxSH7EHWbSpkXveElCC53o3MtunwTYtSkGDkAIF92Iw7eEX9d6hVsO4OXZPIgZn0oWNQQh8yyDYHB+4XQa1mQD8TS8f centos@centos.local

EOF

yum -y update
yum -y clean all
%end
71 http/ks-xfs.cfg
View file
@@ -0,0 +1,71 @@
install
cdrom
lang en_US.UTF-8
keyboard us
timezone UTC
network --onboot yes --bootproto dhcp
bootloader --location=mbr

repo --name=base --baseurl=http://mirror.steadfast.net/centos/7/os/x86_64/
url --url=http://mirror.steadfast.net/centos/7/os/x86_64/
logging --level=debug

firewall --enabled --ssh
services --enabled=NetworkManager,sshd
eula --agreed

text
skipx
zerombr

clearpart --all
autopart --type=plain --fstype=xfs
firstboot --disabled

authconfig --useshadow --passalgo=sha512
rootpw --lock --plaintext "$(openssl rand -base64 32)"
user --name centos --groups wheel,adm,systemd-journal --uid 1000 --gid 1000 --plaintext --password centos
reboot


%packages --nobase --ignoremissing
@core
@development Tools
openssh-clients
sudo
openssl-devel
readline-devel
zlib-devel
kernel-headers
kernel-devel
net-tools
vim
wget
curl
rsync
sudo
%end


%post --log=/var/log/ks.post.log
systemctl disable avahi-daemon.service
systemctl disable kdump.service

sed -i -r 's@^#?PermitRootLogin.*$@PermitRootLogin no@' /etc/ssh/sshd_config
sed -i -r "s@^.*requiretty@#Defaults requiretty@" /etc/sudoers

echo "centos ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/centos
chmod 440 /etc/sudoers.d/centos

mkdir --mode=700 /home/centos/.ssh

cat << EOF > /home/centos/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0F2Y68rs0DPofa9ZCJYxx9FG6Lzk+szeI6/c2P4C3yNWy1QvPDfUzFXGgPnb/O0EkI6s4qQ8Nt16GAfwdC4xvrZG5lpn++vBwEb4CxpF+23TsmQCi+DJjNgH4+XfBlGqplcjxJuMOrKrOO+wGuc7yetJ32b2wMNJUv0ijWpCiFp8fhs0a5+q4tq+6Q7LBlaIFTvjTP+YKh7JxAzG492m8TkbVQGnPpnTFI5OF5Q6t0Yqn87RZvVRvuU+jXXxSH7EHWbSpkXveElCC53o3MtunwTYtSkGDkAIF92Iw7eEX9d6hVsO4OXZPIgZn0oWNQQh8yyDYHB+4XQa1mQD8TS8f centos@centos.local

EOF

chown -R centos /home/centos/.ssh

yum -y update
yum -y clean all
%end

0 comments on commit 39db146

Please sign in to comment.