Permalink
Browse files
Add default ssh key to centos for the base AMI build for AWS. Adjust …
…README and .gitignore.
- Loading branch information
Showing
with
265 additions
and 0 deletions.
- +2 −0 .gitignore
- +69 −0 README.md
- +55 −0 aws-centos7-base.json
- +68 −0 http/ks-ext4.cfg
- +71 −0 http/ks-xfs.cfg
@@ -0,0 +1,55 @@ | ||
{ | ||
"min_packer_version": "0.8.6", | ||
"description": "Bare CentOS 7 prepped for AMI import", | ||
"variables": { | ||
"profile": "xfs", | ||
"disk_size": "8192", | ||
"memory": "6122", | ||
"cpus": "4", | ||
"ssh_username": "centos", | ||
"ssh_password": "centos", | ||
"aws_access_key": "", | ||
"aws_secret_key": "", | ||
"region": "us-west-1" | ||
}, | ||
"builders": [ | ||
{ | ||
"type": "virtualbox-iso", | ||
"name": "centos-7-ami", | ||
"vm_name": "centos7-ec2-{{user `profile`}}", | ||
"headless": true, | ||
"guest_os_type": "RedHat_64", | ||
"disk_size": "{{user `disk_size`}}", | ||
"vboxmanage": [ | ||
["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"], | ||
["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"] | ||
], | ||
"iso_url": "http://mirror.steadfast.net/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall-1511.iso", | ||
"iso_checksum": "9ed9ffb5d89ab8cca834afce354daa70a21dcb410f58287d6316259ff89758f5", | ||
"iso_checksum_type": "sha256", | ||
"http_directory": "http", | ||
"boot_command": ["<tab> text ks=http://{{.HTTPIP}}:{{.HTTPPort}}/ks-{{user `profile`}}.cfg<enter><wait>"], | ||
"boot_wait": "10s", | ||
"ssh_username": "{{user `ssh_username`}}", | ||
"ssh_password": "{{user `ssh_password`}}", | ||
"ssh_port": 22, | ||
"ssh_wait_timeout": "10000s", | ||
"guest_additions_mode": "disable", | ||
"shutdown_command": "sudo -S shutdown -P now", | ||
"output_directory": "output-{{user `profile`}}", | ||
"format": "ova" | ||
} | ||
], | ||
"post-processors": [ | ||
{ | ||
"type": "amazon-import", | ||
"access_key": "{{user `aws_access_key`}}", | ||
"secret_key": "{{user `aws_secret_key`}}", | ||
"region": "{{user `region`}}", | ||
"s3_bucket_name": "internet2-ami-import-us-west-1", | ||
"tags": { | ||
"Description": "packer amazon-import-base {{timestamp}}" | ||
} | ||
} | ||
] | ||
} |
@@ -0,0 +1,68 @@ | ||
install | ||
cdrom | ||
lang en_US.UTF-8 | ||
keyboard us | ||
timezone UTC | ||
network --onboot yes --bootproto dhcp | ||
bootloader --location=mbr | ||
|
||
repo --name=base --baseurl=http://mirror.steadfast.net/centos/7/os/x86_64/ | ||
url --url=http://mirror.steadfast.net/centos/7/os/x86_64/ | ||
logging --level=debug | ||
|
||
firewall --enabled --ssh | ||
services --enabled=NetworkManager,sshd | ||
eula --agreed | ||
|
||
text | ||
skipx | ||
zerombr | ||
|
||
clearpart --all | ||
autopart --type=plain --fstype=ext4 | ||
firstboot --disabled | ||
|
||
authconfig --useshadow --passalgo=sha512 | ||
rootpw --lock --plaintext "$(openssl rand -base64 32)" | ||
user --name centos --groups wheel,adm,systemd-journal --uid 1000 --gid 1000 --plaintext --password centos | ||
reboot | ||
|
||
|
||
%packages --nobase --ignoremissing | ||
@core | ||
@development Tools | ||
openssh-clients | ||
openssl-devel | ||
readline-devel | ||
zlib-devel | ||
kernel-headers | ||
kernel-devel | ||
net-tools | ||
vim | ||
wget | ||
curl | ||
rsync | ||
sudo | ||
%end | ||
|
||
|
||
%post --log=/var/log/ks.post.log | ||
systemctl disable avahi-daemon.service | ||
systemctl disable kdump.service | ||
|
||
sed -i -r 's@^#?PermitRootLogin.*$@PermitRootLogin no@' /etc/ssh/sshd_config | ||
sed -i -r "s@^.*requiretty@#Defaults requiretty@" /etc/sudoers | ||
|
||
echo "centos ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/centos | ||
chmod 440 /etc/sudoers.d/centos | ||
|
||
mkdir --mode=700 /home/centos/.ssh | ||
|
||
cat << EOF > /home/centos/.ssh/authorized_keys | ||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0F2Y68rs0DPofa9ZCJYxx9FG6Lzk+szeI6/c2P4C3yNWy1QvPDfUzFXGgPnb/O0EkI6s4qQ8Nt16GAfwdC4xvrZG5lpn++vBwEb4CxpF+23TsmQCi+DJjNgH4+XfBlGqplcjxJuMOrKrOO+wGuc7yetJ32b2wMNJUv0ijWpCiFp8fhs0a5+q4tq+6Q7LBlaIFTvjTP+YKh7JxAzG492m8TkbVQGnPpnTFI5OF5Q6t0Yqn87RZvVRvuU+jXXxSH7EHWbSpkXveElCC53o3MtunwTYtSkGDkAIF92Iw7eEX9d6hVsO4OXZPIgZn0oWNQQh8yyDYHB+4XQa1mQD8TS8f centos@centos.local | ||
|
||
EOF | ||
|
||
yum -y update | ||
yum -y clean all | ||
%end |
@@ -0,0 +1,71 @@ | ||
install | ||
cdrom | ||
lang en_US.UTF-8 | ||
keyboard us | ||
timezone UTC | ||
network --onboot yes --bootproto dhcp | ||
bootloader --location=mbr | ||
|
||
repo --name=base --baseurl=http://mirror.steadfast.net/centos/7/os/x86_64/ | ||
url --url=http://mirror.steadfast.net/centos/7/os/x86_64/ | ||
logging --level=debug | ||
|
||
firewall --enabled --ssh | ||
services --enabled=NetworkManager,sshd | ||
eula --agreed | ||
|
||
text | ||
skipx | ||
zerombr | ||
|
||
clearpart --all | ||
autopart --type=plain --fstype=xfs | ||
firstboot --disabled | ||
|
||
authconfig --useshadow --passalgo=sha512 | ||
rootpw --lock --plaintext "$(openssl rand -base64 32)" | ||
user --name centos --groups wheel,adm,systemd-journal --uid 1000 --gid 1000 --plaintext --password centos | ||
reboot | ||
|
||
|
||
%packages --nobase --ignoremissing | ||
@core | ||
@development Tools | ||
openssh-clients | ||
sudo | ||
openssl-devel | ||
readline-devel | ||
zlib-devel | ||
kernel-headers | ||
kernel-devel | ||
net-tools | ||
vim | ||
wget | ||
curl | ||
rsync | ||
sudo | ||
%end | ||
|
||
|
||
%post --log=/var/log/ks.post.log | ||
systemctl disable avahi-daemon.service | ||
systemctl disable kdump.service | ||
|
||
sed -i -r 's@^#?PermitRootLogin.*$@PermitRootLogin no@' /etc/ssh/sshd_config | ||
sed -i -r "s@^.*requiretty@#Defaults requiretty@" /etc/sudoers | ||
|
||
echo "centos ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/centos | ||
chmod 440 /etc/sudoers.d/centos | ||
|
||
mkdir --mode=700 /home/centos/.ssh | ||
|
||
cat << EOF > /home/centos/.ssh/authorized_keys | ||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0F2Y68rs0DPofa9ZCJYxx9FG6Lzk+szeI6/c2P4C3yNWy1QvPDfUzFXGgPnb/O0EkI6s4qQ8Nt16GAfwdC4xvrZG5lpn++vBwEb4CxpF+23TsmQCi+DJjNgH4+XfBlGqplcjxJuMOrKrOO+wGuc7yetJ32b2wMNJUv0ijWpCiFp8fhs0a5+q4tq+6Q7LBlaIFTvjTP+YKh7JxAzG492m8TkbVQGnPpnTFI5OF5Q6t0Yqn87RZvVRvuU+jXXxSH7EHWbSpkXveElCC53o3MtunwTYtSkGDkAIF92Iw7eEX9d6hVsO4OXZPIgZn0oWNQQh8yyDYHB+4XQa1mQD8TS8f centos@centos.local | ||
|
||
EOF | ||
|
||
chown -R centos /home/centos/.ssh | ||
|
||
yum -y update | ||
yum -y clean all | ||
%end |