Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Add default ssh key to centos for the base AMI build for AWS. Adjust …
…README and .gitignore.
- Loading branch information
Mason Packard
committed
Aug 2, 2016
1 parent
e42bc5c
commit 39db146717a9aa4acd7e45b272b13e4a4a7c6628
Showing
5 changed files
with
265 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -3,3 +3,5 @@ packer_cache/* | ||
iso/* | ||
output-virtualbox-iso/* | ||
builds/* | ||
output-xfs/* | ||
output-ext4/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -0,0 +1,55 @@ | ||
{ | ||
"min_packer_version": "0.8.6", | ||
"description": "Bare CentOS 7 prepped for AMI import", | ||
"variables": { | ||
"profile": "xfs", | ||
"disk_size": "8192", | ||
"memory": "6122", | ||
"cpus": "4", | ||
"ssh_username": "centos", | ||
"ssh_password": "centos", | ||
"aws_access_key": "", | ||
"aws_secret_key": "", | ||
"region": "us-west-1" | ||
}, | ||
"builders": [ | ||
{ | ||
"type": "virtualbox-iso", | ||
"name": "centos-7-ami", | ||
"vm_name": "centos7-ec2-{{user `profile`}}", | ||
"headless": true, | ||
"guest_os_type": "RedHat_64", | ||
"disk_size": "{{user `disk_size`}}", | ||
"vboxmanage": [ | ||
["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"], | ||
["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"] | ||
], | ||
"iso_url": "http://mirror.steadfast.net/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall-1511.iso", | ||
"iso_checksum": "9ed9ffb5d89ab8cca834afce354daa70a21dcb410f58287d6316259ff89758f5", | ||
"iso_checksum_type": "sha256", | ||
"http_directory": "http", | ||
"boot_command": ["<tab> text ks=http://{{.HTTPIP}}:{{.HTTPPort}}/ks-{{user `profile`}}.cfg<enter><wait>"], | ||
"boot_wait": "10s", | ||
"ssh_username": "{{user `ssh_username`}}", | ||
"ssh_password": "{{user `ssh_password`}}", | ||
"ssh_port": 22, | ||
"ssh_wait_timeout": "10000s", | ||
"guest_additions_mode": "disable", | ||
"shutdown_command": "sudo -S shutdown -P now", | ||
"output_directory": "output-{{user `profile`}}", | ||
"format": "ova" | ||
} | ||
], | ||
"post-processors": [ | ||
{ | ||
"type": "amazon-import", | ||
"access_key": "{{user `aws_access_key`}}", | ||
"secret_key": "{{user `aws_secret_key`}}", | ||
"region": "{{user `region`}}", | ||
"s3_bucket_name": "internet2-ami-import-us-west-1", | ||
"tags": { | ||
"Description": "packer amazon-import-base {{timestamp}}" | ||
} | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -0,0 +1,68 @@ | ||
install | ||
cdrom | ||
lang en_US.UTF-8 | ||
keyboard us | ||
timezone UTC | ||
network --onboot yes --bootproto dhcp | ||
bootloader --location=mbr | ||
|
||
repo --name=base --baseurl=http://mirror.steadfast.net/centos/7/os/x86_64/ | ||
url --url=http://mirror.steadfast.net/centos/7/os/x86_64/ | ||
logging --level=debug | ||
|
||
firewall --enabled --ssh | ||
services --enabled=NetworkManager,sshd | ||
eula --agreed | ||
|
||
text | ||
skipx | ||
zerombr | ||
|
||
clearpart --all | ||
autopart --type=plain --fstype=ext4 | ||
firstboot --disabled | ||
|
||
authconfig --useshadow --passalgo=sha512 | ||
rootpw --lock --plaintext "$(openssl rand -base64 32)" | ||
user --name centos --groups wheel,adm,systemd-journal --uid 1000 --gid 1000 --plaintext --password centos | ||
reboot | ||
|
||
|
||
%packages --nobase --ignoremissing | ||
@core | ||
@development Tools | ||
openssh-clients | ||
openssl-devel | ||
readline-devel | ||
zlib-devel | ||
kernel-headers | ||
kernel-devel | ||
net-tools | ||
vim | ||
wget | ||
curl | ||
rsync | ||
sudo | ||
%end | ||
|
||
|
||
%post --log=/var/log/ks.post.log | ||
systemctl disable avahi-daemon.service | ||
systemctl disable kdump.service | ||
|
||
sed -i -r 's@^#?PermitRootLogin.*$@PermitRootLogin no@' /etc/ssh/sshd_config | ||
sed -i -r "s@^.*requiretty@#Defaults requiretty@" /etc/sudoers | ||
|
||
echo "centos ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/centos | ||
chmod 440 /etc/sudoers.d/centos | ||
|
||
mkdir --mode=700 /home/centos/.ssh | ||
|
||
cat << EOF > /home/centos/.ssh/authorized_keys | ||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0F2Y68rs0DPofa9ZCJYxx9FG6Lzk+szeI6/c2P4C3yNWy1QvPDfUzFXGgPnb/O0EkI6s4qQ8Nt16GAfwdC4xvrZG5lpn++vBwEb4CxpF+23TsmQCi+DJjNgH4+XfBlGqplcjxJuMOrKrOO+wGuc7yetJ32b2wMNJUv0ijWpCiFp8fhs0a5+q4tq+6Q7LBlaIFTvjTP+YKh7JxAzG492m8TkbVQGnPpnTFI5OF5Q6t0Yqn87RZvVRvuU+jXXxSH7EHWbSpkXveElCC53o3MtunwTYtSkGDkAIF92Iw7eEX9d6hVsO4OXZPIgZn0oWNQQh8yyDYHB+4XQa1mQD8TS8f centos@centos.local | ||
|
||
EOF | ||
|
||
yum -y update | ||
yum -y clean all | ||
%end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -0,0 +1,71 @@ | ||
install | ||
cdrom | ||
lang en_US.UTF-8 | ||
keyboard us | ||
timezone UTC | ||
network --onboot yes --bootproto dhcp | ||
bootloader --location=mbr | ||
|
||
repo --name=base --baseurl=http://mirror.steadfast.net/centos/7/os/x86_64/ | ||
url --url=http://mirror.steadfast.net/centos/7/os/x86_64/ | ||
logging --level=debug | ||
|
||
firewall --enabled --ssh | ||
services --enabled=NetworkManager,sshd | ||
eula --agreed | ||
|
||
text | ||
skipx | ||
zerombr | ||
|
||
clearpart --all | ||
autopart --type=plain --fstype=xfs | ||
firstboot --disabled | ||
|
||
authconfig --useshadow --passalgo=sha512 | ||
rootpw --lock --plaintext "$(openssl rand -base64 32)" | ||
user --name centos --groups wheel,adm,systemd-journal --uid 1000 --gid 1000 --plaintext --password centos | ||
reboot | ||
|
||
|
||
%packages --nobase --ignoremissing | ||
@core | ||
@development Tools | ||
openssh-clients | ||
sudo | ||
openssl-devel | ||
readline-devel | ||
zlib-devel | ||
kernel-headers | ||
kernel-devel | ||
net-tools | ||
vim | ||
wget | ||
curl | ||
rsync | ||
sudo | ||
%end | ||
|
||
|
||
%post --log=/var/log/ks.post.log | ||
systemctl disable avahi-daemon.service | ||
systemctl disable kdump.service | ||
|
||
sed -i -r 's@^#?PermitRootLogin.*$@PermitRootLogin no@' /etc/ssh/sshd_config | ||
sed -i -r "s@^.*requiretty@#Defaults requiretty@" /etc/sudoers | ||
|
||
echo "centos ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/centos | ||
chmod 440 /etc/sudoers.d/centos | ||
|
||
mkdir --mode=700 /home/centos/.ssh | ||
|
||
cat << EOF > /home/centos/.ssh/authorized_keys | ||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0F2Y68rs0DPofa9ZCJYxx9FG6Lzk+szeI6/c2P4C3yNWy1QvPDfUzFXGgPnb/O0EkI6s4qQ8Nt16GAfwdC4xvrZG5lpn++vBwEb4CxpF+23TsmQCi+DJjNgH4+XfBlGqplcjxJuMOrKrOO+wGuc7yetJ32b2wMNJUv0ijWpCiFp8fhs0a5+q4tq+6Q7LBlaIFTvjTP+YKh7JxAzG492m8TkbVQGnPpnTFI5OF5Q6t0Yqn87RZvVRvuU+jXXxSH7EHWbSpkXveElCC53o3MtunwTYtSkGDkAIF92Iw7eEX9d6hVsO4OXZPIgZn0oWNQQh8yyDYHB+4XQa1mQD8TS8f centos@centos.local | ||
|
||
EOF | ||
|
||
chown -R centos /home/centos/.ssh | ||
|
||
yum -y update | ||
yum -y clean all | ||
%end |