From 39db146717a9aa4acd7e45b272b13e4a4a7c6628 Mon Sep 17 00:00:00 2001
From: Mason Packard <mason.packard@yahoo.com>
Date: Tue, 2 Aug 2016 15:20:23 -0400
Subject: [PATCH] Add default ssh key to centos for the base AMI build for AWS.
 Adjust README and .gitignore.

---
 .gitignore            |  2 ++
 README.md             | 69 +++++++++++++++++++++++++++++++++++++++++
 aws-centos7-base.json | 55 +++++++++++++++++++++++++++++++++
 http/ks-ext4.cfg      | 68 +++++++++++++++++++++++++++++++++++++++++
 http/ks-xfs.cfg       | 71 +++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 265 insertions(+)
 create mode 100644 aws-centos7-base.json
 create mode 100644 http/ks-ext4.cfg
 create mode 100644 http/ks-xfs.cfg

diff --git a/.gitignore b/.gitignore
index b60c030..42b40c5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,3 +3,5 @@ packer_cache/*
 iso/*
 output-virtualbox-iso/*
 builds/*
+output-xfs/*
+output-ext4/*
diff --git a/README.md b/README.md
index 0198684..3e8916f 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,75 @@
 
 ## Introduction
 
+This packer templates create vmware image of CentOS 7 with `.vmx` and `.ova`. In addition, there is an AMI you can create for AWS. You will need to have credentials setup according to [AWS credentials setup](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files)
+
+The OS versions are:
+
+ - Centos 7
+
+For all operating systems we generate images for
+
+- centos7.json will build:
+  - VmWare (user: packer/changeme1234)
+  - VirtualBox (user: packer/changeme1234)
+
+- aws-centos7-base.json will build:
+  - AMI for AWS (user: centos/centos)
+
+This template only is tested against 64 bit systems. With the following sizing requirements:
+```
+  "vmx_data": {
+    "cpuid.coresPerSocket": "1",
+    "memsize": "512",
+    "numvcpus": "2"
+  }
+```
+
+```
+  "disk_size": 81920
+```
+
+## Requirements
+
+The templates are only tested with [packer](http://www.packer.io/downloads.html) 0.10.1 and later.
+
+### Pre-Requisites for AWS / AMI import
+
+- IAM needs to be setup for the  `vmimport` role per the [AWS guide](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/VMImportPrerequisites.html#vmimport-service-role).
+- The bucket `internet2-ami-import-us-west-1` needs to be setup on AWS S3.
+
+
+## Run conversion process
+
+VMware and Virtualbox build
+
+```
+# Build CentOS VMWare and Virtualbox images
+PACKER_LOG=1 packer build centos7.json
+````
+
+AMI build will require both `aws_access_key` and `aws_secret_key` to be setup with [AWS credentials setup](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files)
+
+```
+# Build CentOS for AWS / AMI
+packer build aws-centos7-base.json
+```
+
+## Issues during build time
+
+If you experience issues with packer, please use `PACKER_LOG=1 packer ... ` to find the errors.
+
+## Author
+
+ - Author:: Mason Packard (<mason.packard@levvel.io>)
+
+# License
+
+TBD
+# Packer Image Builder for CentOS
+
+## Introduction
+
 This packer templates create vmware image of CentOS 7 with `.vmx` file type.
 
 The OS versions are:
diff --git a/aws-centos7-base.json b/aws-centos7-base.json
new file mode 100644
index 0000000..3045794
--- /dev/null
+++ b/aws-centos7-base.json
@@ -0,0 +1,55 @@
+{
+  "min_packer_version": "0.8.6",
+  "description": "Bare CentOS 7 prepped for AMI import",
+  "variables": {
+      "profile": "xfs",
+      "disk_size": "8192",
+      "memory": "6122",
+      "cpus": "4",
+      "ssh_username": "centos",
+      "ssh_password": "centos",
+      "aws_access_key": "",
+      "aws_secret_key": "",
+      "region": "us-west-1"
+  },
+  "builders": [
+    {
+        "type": "virtualbox-iso",
+        "name": "centos-7-ami",
+        "vm_name": "centos7-ec2-{{user `profile`}}",
+        "headless": true,
+        "guest_os_type": "RedHat_64",
+        "disk_size": "{{user `disk_size`}}",
+        "vboxmanage": [
+            ["modifyvm", "{{.Name}}", "--memory", "{{user `memory`}}"],
+            ["modifyvm", "{{.Name}}", "--cpus", "{{user `cpus`}}"]
+        ],
+        "iso_url": "http://mirror.steadfast.net/centos/7/isos/x86_64/CentOS-7-x86_64-NetInstall-1511.iso",
+        "iso_checksum": "9ed9ffb5d89ab8cca834afce354daa70a21dcb410f58287d6316259ff89758f5",
+        "iso_checksum_type": "sha256",
+        "http_directory": "http",
+        "boot_command": ["<tab> text ks=http://{{.HTTPIP}}:{{.HTTPPort}}/ks-{{user `profile`}}.cfg<enter><wait>"],
+        "boot_wait": "10s",
+        "ssh_username": "{{user `ssh_username`}}",
+        "ssh_password": "{{user `ssh_password`}}",
+        "ssh_port": 22,
+        "ssh_wait_timeout": "10000s",
+        "guest_additions_mode": "disable",
+        "shutdown_command": "sudo -S shutdown -P now",
+        "output_directory": "output-{{user `profile`}}",
+        "format": "ova"
+    }
+  ],
+  "post-processors": [
+    {
+      "type": "amazon-import",
+      "access_key": "{{user `aws_access_key`}}",
+      "secret_key": "{{user `aws_secret_key`}}",
+      "region": "{{user `region`}}",
+      "s3_bucket_name": "internet2-ami-import-us-west-1",
+      "tags": {
+        "Description": "packer amazon-import-base {{timestamp}}"
+      }
+    }
+  ]
+}
diff --git a/http/ks-ext4.cfg b/http/ks-ext4.cfg
new file mode 100644
index 0000000..c28f769
--- /dev/null
+++ b/http/ks-ext4.cfg
@@ -0,0 +1,68 @@
+install
+cdrom
+lang en_US.UTF-8
+keyboard us
+timezone UTC
+network --onboot yes --bootproto dhcp
+bootloader --location=mbr
+
+repo --name=base --baseurl=http://mirror.steadfast.net/centos/7/os/x86_64/
+url --url=http://mirror.steadfast.net/centos/7/os/x86_64/
+logging --level=debug
+
+firewall --enabled --ssh
+services --enabled=NetworkManager,sshd
+eula --agreed
+
+text
+skipx
+zerombr
+
+clearpart --all
+autopart --type=plain --fstype=ext4
+firstboot --disabled
+
+authconfig --useshadow --passalgo=sha512
+rootpw --lock --plaintext "$(openssl rand -base64 32)"
+user --name centos --groups wheel,adm,systemd-journal --uid 1000 --gid 1000 --plaintext --password centos
+reboot
+
+
+%packages --nobase --ignoremissing
+@core
+@development Tools
+openssh-clients
+openssl-devel
+readline-devel
+zlib-devel
+kernel-headers
+kernel-devel
+net-tools
+vim
+wget
+curl
+rsync
+sudo
+%end
+
+
+%post --log=/var/log/ks.post.log
+systemctl disable avahi-daemon.service
+systemctl disable kdump.service
+
+sed -i -r 's@^#?PermitRootLogin.*$@PermitRootLogin no@' /etc/ssh/sshd_config
+sed -i -r "s@^.*requiretty@#Defaults requiretty@" /etc/sudoers
+
+echo "centos    ALL=(ALL)    NOPASSWD: ALL" >> /etc/sudoers.d/centos
+chmod 440 /etc/sudoers.d/centos
+
+mkdir --mode=700 /home/centos/.ssh
+
+cat << EOF > /home/centos/.ssh/authorized_keys
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0F2Y68rs0DPofa9ZCJYxx9FG6Lzk+szeI6/c2P4C3yNWy1QvPDfUzFXGgPnb/O0EkI6s4qQ8Nt16GAfwdC4xvrZG5lpn++vBwEb4CxpF+23TsmQCi+DJjNgH4+XfBlGqplcjxJuMOrKrOO+wGuc7yetJ32b2wMNJUv0ijWpCiFp8fhs0a5+q4tq+6Q7LBlaIFTvjTP+YKh7JxAzG492m8TkbVQGnPpnTFI5OF5Q6t0Yqn87RZvVRvuU+jXXxSH7EHWbSpkXveElCC53o3MtunwTYtSkGDkAIF92Iw7eEX9d6hVsO4OXZPIgZn0oWNQQh8yyDYHB+4XQa1mQD8TS8f centos@centos.local
+
+EOF
+
+yum -y update
+yum -y clean all
+%end
diff --git a/http/ks-xfs.cfg b/http/ks-xfs.cfg
new file mode 100644
index 0000000..6a1ae34
--- /dev/null
+++ b/http/ks-xfs.cfg
@@ -0,0 +1,71 @@
+install
+cdrom
+lang en_US.UTF-8
+keyboard us
+timezone UTC
+network --onboot yes --bootproto dhcp
+bootloader --location=mbr
+
+repo --name=base --baseurl=http://mirror.steadfast.net/centos/7/os/x86_64/
+url --url=http://mirror.steadfast.net/centos/7/os/x86_64/
+logging --level=debug
+
+firewall --enabled --ssh
+services --enabled=NetworkManager,sshd
+eula --agreed
+
+text
+skipx
+zerombr
+
+clearpart --all
+autopart --type=plain --fstype=xfs
+firstboot --disabled
+
+authconfig --useshadow --passalgo=sha512
+rootpw --lock --plaintext "$(openssl rand -base64 32)"
+user --name centos --groups wheel,adm,systemd-journal --uid 1000 --gid 1000 --plaintext --password centos
+reboot
+
+
+%packages --nobase --ignoremissing
+@core
+@development Tools
+openssh-clients
+sudo
+openssl-devel
+readline-devel
+zlib-devel
+kernel-headers
+kernel-devel
+net-tools
+vim
+wget
+curl
+rsync
+sudo
+%end
+
+
+%post --log=/var/log/ks.post.log
+systemctl disable avahi-daemon.service
+systemctl disable kdump.service
+
+sed -i -r 's@^#?PermitRootLogin.*$@PermitRootLogin no@' /etc/ssh/sshd_config
+sed -i -r "s@^.*requiretty@#Defaults requiretty@" /etc/sudoers
+
+echo "centos    ALL=(ALL)    NOPASSWD: ALL" >> /etc/sudoers.d/centos
+chmod 440 /etc/sudoers.d/centos
+
+mkdir --mode=700 /home/centos/.ssh
+
+cat << EOF > /home/centos/.ssh/authorized_keys
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0F2Y68rs0DPofa9ZCJYxx9FG6Lzk+szeI6/c2P4C3yNWy1QvPDfUzFXGgPnb/O0EkI6s4qQ8Nt16GAfwdC4xvrZG5lpn++vBwEb4CxpF+23TsmQCi+DJjNgH4+XfBlGqplcjxJuMOrKrOO+wGuc7yetJ32b2wMNJUv0ijWpCiFp8fhs0a5+q4tq+6Q7LBlaIFTvjTP+YKh7JxAzG492m8TkbVQGnPpnTFI5OF5Q6t0Yqn87RZvVRvuU+jXXxSH7EHWbSpkXveElCC53o3MtunwTYtSkGDkAIF92Iw7eEX9d6hVsO4OXZPIgZn0oWNQQh8yyDYHB+4XQa1mQD8TS8f centos@centos.local
+
+EOF
+
+chown -R centos /home/centos/.ssh
+
+yum -y update
+yum -y clean all
+%end