CadolesKube
/
vms
7
0
Fork 0
Code Issues 2 Pull Requests 1 Projects Releases Wiki Activity

Recette de construction de l'image "Quid" basée sur Debian 12 #6

Merged
pcaseiro merged 2 commits from feat/efs-quid into feat/first-recipes 2023-10-27 12:22:50 +02:00
Conversation 0 Commits 2 Files Changed 32 +1095 -2
32 changed files with 1095 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/output
/packer-manifest.json

3
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,3 @@
{
"ansible.python.interpreterPath": "/bin/python"
}

6
build
View File

@ -1,5 +1,7 @@
#!/bin/bash
set -eo pipefail
# Simple build wrapper
ACTION=${1}
@ -25,8 +27,8 @@ initPacker() {
# First the "base" image then the provisionned ones
#
run() {
${PACKER} build ${PACKER_OPTS} -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.${BUILDER}.${OS}" "${RCP_DIR}/${OS}/."
${PACKER} build ${PACKER_OPTS} -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.${BUILER}.${OS}" "${RCP_DIR}/${OS}/."
${PACKER} build ${PACKER_OPTS} -on-error=abort -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -only="base.*.${OS}" "${RCP_DIR}/${OS}/."
${PACKER} build ${PACKER_OPTS} -on-error=abort -force -var-file="${RCP_DIR}/${OS}/${VERSION}.pkrvars.hcl" -except="base.*.${OS}" "${RCP_DIR}/${OS}/."
}
#

7
recipes/debian/12.pkrvars.hcl Normal file
View File

@ -0,0 +1,7 @@
name = "debian"
version = "12.2.0"
short_version = "12"
code_name = "bookworm"
arch = "amd64"
source_url = "https://cdimage.debian.org/cdimage/release/12.2.0"
image_dir_name= "latest"

6
recipes/debian/locals.builder.pkr.hcl Normal file
View File

@ -0,0 +1,6 @@
locals {
builder_config = {
TemplateDir = "/usr/share/builder/templates"
ValueDir = "/usr/share/builder/values"
}
}

5
recipes/debian/locals.globals.pkr.hcl Normal file
View File

@ -0,0 +1,5 @@
locals {
Globals = {
Vars = {}
}
}

20
recipes/debian/locals.pkr.hcl Normal file
View File

@ -0,0 +1,20 @@
# "timestamp" template function replacement
locals {
locations = {
recipes = "${path.cwd}/recipes/${var.name}"
templates = "${path.cwd}/recipes/${var.name}/templates"
provisionning = "${path.cwd}/recipes/${var.name}/provisionning"
post-processors = "${path.cwd}/recipes/${var.name}/post-processor"
tools = "${path.cwd}/tools"
}
dirs = local.locations
timestamp = regex_replace(timestamp(), "[- TZ:]", "")
output_name = "${var.name}"
source_iso = "${var.source_url}/${var.arch}/iso-cd/debian-${var.version}-${var.arch}-netinst.iso"
iso_cd_checksum = "file:${var.source_url}/${var.arch}/iso-cd/SHA256SUMS"
ssh_user = "root"
ssh_password = "toor"
disk_size = 8000
memory = 512
headless = var.headless
}

43
recipes/debian/main.pkr.hcl Normal file
View File

@ -0,0 +1,43 @@
#Flavour base
build {
name = "base"
description = <<EOF
This builder builds a QEMU image from a Debian cloud image.
EOF
source "vmware-iso.debian" {
output_directory = "${var.output_dir}/${var.version}/base"
vm_name = "${local.output_name}-${var.version}"
disk_size = 10240
pcaseiro marked this conversation as resolved
pcaseiro commented 2023-10-23 10:33:34 +02:00
Review
Copy Link

Je ne penses pas que la VM fasse le resize automatique des partitions au boot, du coup peut importe la taille selectionnée par l'utilisateur lors de l'import de l'OVF, les fs feront toujours 10Go.

Je vais tester un import sur ma machine pour voir.

Je ne penses pas que la VM fasse le resize automatique des partitions au boot, du coup peut importe la taille selectionnée par l'utilisateur lors de l'import de l'OVF, les fs feront toujours 10Go. Je vais tester un import sur ma machine pour voir.
iso_url = "${local.source_iso}"
iso_checksum = "${var.iso_cd_checksum}"
guest_os_type = "ubuntu-64"
http_content = {
"/ssh-packer-pub.key" = data.sshkey.install.public_key
"/preseed.cfg" = templatefile("${local.locations.provisionning}/${var.name}/http/preseed.cfg.pkrtpl.hcl", { data: data, var: var, local: local })
}
boot_command = [
"<esc><wait>",
"auto url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg<enter><wait10s>",
"<enter>"
]
}
provisioner "shell" {
script = "${local.locations.provisionning}/${var.name}/${var.name}-${var.short_version}-install.sh"
}
provisioner "shell" {
script = "${local.locations.provisionning}/letsencrypt.sh"
}
post-processor "shell-local" {
inline = [
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/base ${var.image_version}",
]
}
post-processor "manifest" {
keep_input_artifact = true
}
}

24
recipes/debian/plugins.pkr.hcl Normal file
View File

@ -0,0 +1,24 @@
packer {
required_plugins {
sshkey = {
version = ">= 1.0.1"
source = "github.com/ivoronin/sshkey"
}
vmware = {
version = ">= 1.0.8"
source = "github.com/hashicorp/vmware"
}
qemu = {
source = "github.com/hashicorp/qemu"
version = "~> 1"
}
ansible = {
version = "~> 1"
source = "github.com/hashicorp/ansible"
}
}
}
data "sshkey" "install" {
type = "ed25519"
}

31
recipes/debian/post-processor/sparsify.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/sh
if [ "${#}" -ne 2 ]; then
echo Missing arguments
exit 2
fi
WORKDIR=${1}
VERSION=${2}
findImages() {
find ${1} -iname "*.img"
}
sleep 5
for imageName in $(findImages ${WORKDIR} ${DOMAIN}); do
if [ $(which virt-sparsify) ]; then
newName=$(echo $imageName | sed "s/.img/_${VERSION}.img/g")
virt-sparsify --compress --tmp ./ --format qcow2 ${imageName} ${newName}
if [ "${?}" -eq 0 ]; then
rm -rf ${imageName}
cd ${WORKDIR}
ln -s $(basename ${newName}) $(basename ${imageName})
echo ${newName} ${imageName}
cd -
fi
else
echo "Sparsify skipped 'virt-sparsify' command is missing"
fi
done

104
recipes/debian/provisionning/conf/common/templater.start Normal file
View File

@ -0,0 +1,104 @@
#!/usr/bin/env bash
#
# Generate all the configuration files
# Get all the values from the VLS_DIR
# Process each template from the TPL_DIR with this values
#
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
TPL_DIR="/usr/share/builder/templates"
VLS_DIR="/usr/share/builder/values"
CONFIG=""
if [ -f "${ENV_FILE}" ]; then
. ${ENV_FILE}
fi
BTR="$(command -v btr)"
if [ "${?}" -ne 0 ]; then
echo "Warning: Nothing to do the templater is not installed"
exit 0
fi
if [ ! -e "${TPL_DIR}" ]; then
echo "Error: The template dir is missing (${TPL_DIR})"
exit 1
fi
if [ ! -e "${VLS_DIR}" ]; then
echo "Error: The template dir is missing (${VLS_DIR})"
exit 1
fi
jsonQuery() {
local data="${1}"
local query="${2}"
echo "${data}" | jq -cr "${query}"
}
# NAME: @jsonMerge
# AIM: Merge two json structures
# NOTES:
# The last one has de last word
# if you have the same key in A and B
# this keeps the value of the B structure.
# PARAMS:
# $1: original JSON Structure
# $2: updated JSON Structure
jsonMerge() {
local data="${1}"
local data2="${2}"
echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]"
}
jsonUpdateVal() {
local json="${1}"
local key="${2}"
local value="${3}"
echo "${json}" | jq --arg a "${value}" "${key} = \$a"
}
getValues() {
local values=""
for file in $(find ${VLS_DIR} -name "*.json"); do
values="${values}$(cat ${file})"
done
if [ -n "${RAW_CONFIG}" ]; then
values="$(jsonMerge ${values} ${RAW_CONFIG})"
fi
for svc in $(echo ${values} | jq -cr '.Services|keys[]'); do
for key in $(echo ${values} | jq -cr ".Services.${svc}.Vars|keys[]"); do
ukey=${key^^}
vkeys="$(echo ${values} | jq -cr \".Services.${svc}.Vars.${key}\|keys[]\")"
if [ ${?} -eq 0 ]; then
for var in $(echo ${values} | jq -cr ".Services.${svc}.Vars.${key}|keys[]"); do
uvar=${var^^}
val=$(eval echo "\$${ukey}_${uvar}")
if [ -n "${val}" ]; then
values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}.${var}" "${val}")
fi
done
else
values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}" "${!ukey}")
fi
done
done
echo ${values}
}
processTemplates() {
${BTR} -t ${TPL_DIR} -c "${1}"
}
VALUES=$(getValues)
file=$(mktemp)
echo "${VALUES}" > "${file}"
processTemplates "${file}"
rm -rf "${file}"

80
recipes/debian/provisionning/conf/one-context/net-96-templater Normal file
View File

@ -0,0 +1,80 @@
#!/usr/bin/env bash
#
# Generate all the configuration files
# Get all the values from the VLS_DIR
# Process each template from the TPL_DIR with this values
#
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
TPL_DIR="/usr/share/builder/templates"
VLS_DIR="/usr/share/builder/values"
CONFIG=""
. ${ENV_FILE}
BTR="$(command -v btr)"
if [ "${?}" -ne 0 ]; then
echo "Warning: Nothing to do the templater is not installed"
exit 0
fi
if [ ! -e "${TPL_DIR}" ]; then
echo "Error: The template dir is missing (${TPL_DIR})"
exit 1
fi
if [ ! -e "${VLS_DIR}" ]; then
echo "Error: The template dir is missing (${VLS_DIR})"
exit 1
fi
jsonQuery() {
local data="${1}"
local query="${2}"
echo "${data}" | jq -cr "${query}"
}
# NAME: @jsonMerge
# AIM: Merge two json structures
# NOTES:
# The last one has de last word
# if you have the same key in A and B
# this keeps the value of the B structure.
# PARAMS:
# $1: original JSON Structure
# $2: updated JSON Structure
jsonMerge() {
local data="${1}"
local data2="${2}"
echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]"
}
getValues() {
local values=""
for file in $(find ${VLS_DIR} -name "*.json"); do
values="${values}$(cat ${file})"
done
if [ -n "${RAW_CONFIG}" ]; then
values="$(jsonMerge ${values} ${RAW_CONFIG})"
fi
for key in $(echo ${values} | jq -cr '.|keys[]'); do
ukey=${key^^}
if [ -n "${!ukey}" ]; then
values="$(jsonMerge "${values}" "{\"${key}\":\"${!ukey}\"}")"
fi
done
echo ${values}
}
processTemplates() {
${BTR} -t ${TPL_DIR} -c "${1}"
}
VALUES=$(getValues)
echo ${VALUES}
processTemplates "${VALUES}"

3
recipes/debian/provisionning/debian/cloud-init/meta-data Normal file
View File

@ -0,0 +1,3 @@
{
"instance-id": "iid-local01"
}

11
recipes/debian/provisionning/debian/debian-12-install.sh Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
echo "${1}" >/etc/hostname
apt-get update
apt-get -y dist-upgrade
apt-get install wget curl open-vm-tools -y
systemctl enable --now open-vm-tools.service
touch /etc/cloud/cloud-init.disabled

115
recipes/debian/provisionning/debian/http/preseed.cfg.pkrtpl.hcl Normal file
View File

@ -0,0 +1,115 @@
# To see all available options execute this command once the install is done:
# sudo less /var/log/installer/cdebconf/questions.dat
# If you need information about an option use the command below (example for keymap):
# grep -A 4 "keyboard-configuration/xkb-keymap" /var/log/installer/cdebconf/templates.dat
# Use network mirror for package installation
# d-i apt-setup/use_mirror boolean true
# Automatic installation
d-i auto-install/enable boolean true
# "linux-server" is substituted by "linux-image-amd64"
# Possible options : "linux-image-amd64"(default) or "linux-image-rt-amd64"
d-i base-installer/kernel/override-image string linux-server
# Configure hardware clock
d-i clock-setup/utc boolean true
d-i clock-setup/utc-auto boolean true
d-i netcfg/choose_interface select auto
d-i netcfg/use_dhcp boolean true
# d-i console-setup/ask_detect boolean false
# d-i debconf/frontend select noninteractive
# Set OS locale
d-i debian-installer/language string fr
d-i debian-installer/country string FR
d-i debian-installer/locale string fr_FR.UTF-8
# d-i debian-installer/framebuffer boolean false
# Reboot once the install is done
d-i finish-install/reboot_in_progress note
# Bootloader options
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev string /dev/sda
# Set the keyboard layout
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/variant select France
d-i keyboard-configuration/xkb-keymap select fr
d-i console-keymaps-at/keymap select fr-latin9
d-i debian-installer/keymap string fr-latin9
# Mirror from which packages will be downloaded
d-i mirror/country string manual
d-i mirror/http/directory string /debian
d-i mirror/http/hostname string httpredir.debian.org
# Configure http proxy if needed "http://[[user][:pass]@]host[:port]/"
d-i mirror/http/proxy string
# Disk configuration
d-i partman-efi/non_efi_system boolean true
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select atomic
d-i partman-auto/method string lvm
d-i partman-lvm/confirm boolean true
d-i partman-lvm/confirm_nooverwrite boolean true
d-i partman-lvm/device_remove_lvm boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
d-i partman/confirm_write_new_label boolean true
# User configuration
d-i passwd/root-login boolean true
d-i passwd/root-password password ${local.ssh_password}
d-i passwd/root-password-again password ${local.ssh_password}
d-i passwd/user-fullname string packer
d-i passwd/user-uid string 1000
d-i passwd/username string packer
d-i passwd/user-password password ${local.ssh_password}
d-i passwd/user-password-again password ${local.ssh_password}
# Extra packages to be installed
d-i pkgsel/include string sudo
d-i pkgsel/include string openssh-server
d-i pkgsel/include string wget
d-i pkgsel/include string cloud-init
d-i pkgsel/install-language-support boolean false
d-i pkgsel/update-policy select none
# Whether to upgrade packages after debootstrap
d-i pkgsel/upgrade select full-upgrade
# Set timezone
d-i time/zone string Europe/Paris
# Allow weak user password
d-i user-setup/allow-password-weak boolean true
# Home folder encryption
d-i user-setup/encrypt-home boolean false
# Do not scan additional CDs
apt-cdrom-setup apt-setup/cdrom/set-first boolean false
# Use network mirror
apt-mirror-setup apt-setup/use_mirror boolean true
# Disable polularity contest
popularity-contest popularity-contest/participate boolean false
# Select base install
tasksel tasksel/first multiselect standard, ssh-server
d-i preseed/late_command string in-target mkdir -p /root/.ssh; \
in-target /bin/sh -c "echo '${data.sshkey.install.public_key}' >> /root/.ssh/authorized_keys"; \
in-target chown -R root:root /root/.ssh/

26
recipes/debian/provisionning/letsencrypt.sh Normal file
View File

@ -0,0 +1,26 @@
#!/bin/bash
set -eo pipefail
DESTDIR=/usr/local/share/ca-certificates
UPDATE_CERTS_CMD=update-ca-certificates
CERTS="$(cat <<EOF
https://letsencrypt.org/certs/isrgrootx1.pem
https://letsencrypt.org/certs/isrg-root-x2.pem
https://letsencrypt.org/certs/lets-encrypt-r3.pem
https://letsencrypt.org/certs/lets-encrypt-e1.pem
https://letsencrypt.org/certs/lets-encrypt-r4.pem
https://letsencrypt.org/certs/lets-encrypt-e2.pem
EOF
)"
cd "$DESTDIR"
for cert in $CERTS; do
echo "Downloading '$cert'..."
filename=$(basename "$cert")
wget --tries=10 --timeout=30 -O "$filename" "$cert"
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
done
$UPDATE_CERTS_CMD

12
recipes/debian/provisionning/one-context.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/bash
set -e
ONE_CONTEXT_VERSION="6.4.0"
ONE_CONTEXT_PKG_VERSION="1"
PKG="one-context-${ONE_CONTEXT_VERSION}-r${ONE_CONTEXT_PKG_VERSION}.apk"
PKG_URL="https://github.com/OpenNebula/addon-context-linux/releases/download/v${ONE_CONTEXT_VERSION}/${PKG}"
cd /tmp || exit 3
wget -q --no-check-certificate ${PKG_URL}
apk add --allow-untrusted --no-cache ${PKG}
pcaseiro marked this conversation as resolved
pcaseiro commented 2023-10-23 10:35:21 +02:00
Review
Copy Link

Pas certain que ce fichier soit à jour pour Debian ... :'D

Pas certain que ce fichier soit à jour pour Debian ... :'D

102
recipes/debian/provisionning/one-context/net-96-templater Normal file
View File

@ -0,0 +1,102 @@
#!/usr/bin/env bash
#
# Generate all the configuration files
# Get all the values from the VLS_DIR
# Process each template from the TPL_DIR with this values
#
ENV_FILE=${ENV_FILE:-/var/run/one-context/one_env}
TPL_DIR="/usr/share/builder/templates"
VLS_DIR="/usr/share/builder/values"
CONFIG=""
. ${ENV_FILE}
BTR="$(command -v btr)"
if [ "${?}" -ne 0 ]; then
echo "Warning: Nothing to do the templater is not installed"
exit 0
fi
if [ ! -e "${TPL_DIR}" ]; then
echo "Error: The template dir is missing (${TPL_DIR})"
exit 1
fi
if [ ! -e "${VLS_DIR}" ]; then
echo "Error: The template dir is missing (${VLS_DIR})"
exit 1
fi
jsonQuery() {
local data="${1}"
local query="${2}"
echo "${data}" | jq -cr "${query}"
}
# NAME: @jsonMerge
# AIM: Merge two json structures
# NOTES:
# The last one has de last word
# if you have the same key in A and B
# this keeps the value of the B structure.
# PARAMS:
# $1: original JSON Structure
# $2: updated JSON Structure
jsonMerge() {
local data="${1}"
local data2="${2}"
echo "${data} ${data2}" | jq -cr -s ".[0] * .[1]"
}
jsonUpdateVal() {
local json="${1}"
local key="${2}"
local value="${3}"
echo "${json}" | jq --arg a "${value}" "${key} = \$a"
}
getValues() {
local values=""
for file in $(find ${VLS_DIR} -name "*.json"); do
values="${values}$(cat ${file})"
done
if [ -n "${RAW_CONFIG}" ]; then
values="$(jsonMerge ${values} ${RAW_CONFIG})"
fi
for svc in $(echo ${values} | jq -cr '.Services|keys[]'); do
for key in $(echo ${values} | jq -cr ".Services.${svc}.Vars|keys[]"); do
ukey=${key^^}
vkeys="$(echo ${values} | jq -cr \".Services.${svc}.Vars.${key}\|keys[]\")"
if [ ${?} -eq 0 ]; then
for var in $(echo ${values} | jq -cr ".Services.${svc}.Vars.${key}|keys[]"); do
uvar=${var^^}
val=$(eval echo "\$${ukey}_${uvar}")
if [ -n "${val}" ]; then
values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}.${var}" "${val}")
fi
done
else
values=$(jsonUpdateVal "${values}" ".Services.${svc}.Vars.${key}" "${!ukey}")
fi
done
done
echo ${values}
}
processTemplates() {
${BTR} -t ${TPL_DIR} -c "${1}"
}
VALUES=$(getValues)
file=$(mktemp)
echo "${VALUES}" > "${file}"
processTemplates "${file}"
rm -rf "${file}"

2
recipes/debian/provisionning/quid/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
/quid-ansible
/.ansible_vault_passphrase

137
recipes/debian/provisionning/quid/ansible-vars.yml Normal file
View File

@ -0,0 +1,137 @@
---
quid_ansible_repo_private_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
63356330363932313165663737383634623039383935333233316532643433643930663630663337
3938373061393535383638356438396264363132333939320a616463333939643036396266653435
32373265633439633663306433393037376235323965343530333239356633326266336333333961
6663613239393639370a663135333562663264376533336166323062656333613636393263356233
66653132386131613436356364636432336166353938373837333036393931343063343632613832
32303862623536356638396337373661623666393839303861653837393032666366396334383466
66373866366662353062653939393631373535666261323965666465383566343064653838313237
64396466393834373538613430636134663463313331336330393238636561663566343535663537
35643434313030636139326362613832346536333166613061653136346439653231336239626363
33376362383034303033343539306134313033386434366534633033306564636661386530306431
34656461323164656135303931626536643330653338656162386262633033393030363333336534
31343732636363623061303238386137316464333030343733316262646639366531633566383635
64653166393134623835363865326639613732353562303665643331663431333034373337653336
65313563333439613938396264626464393037396264646237303034356638323139373665613265
62623933623064333332313265326431333931643332393166373765383962333639643033393736
39666365666662396334316666323933306561343032386436613932396666653330653936656635
64353361366539363034316434306239646463336564643939353238393264633235633737656365
31313130396532313839613764393636656365303636323437643939313030373464353636363037
35376439383531633265613734383463643562333763646131643134383262313736613261346237
36633839323833316165393439386136343161306266666331396163363464343132393936313231
35663530633132386633313138333835346630383265666638373836663737623933376661633936
31623863396439623661396135633537306132306435303430613433346362333934383033656434
31363437626463383039336438666662316664353536393139383236323835333738393332623138
30343264633964393461616633313837353632373935623462326461663965363962306337396231
36623661333934616237306137663130316533613461616136306334666138656534383539393331
32623464333030653930393563343031383362383233373235623433643037636463656638386334
38316362643736313038366339396165626164336230663538303166316332633337396231646663
35303130666135313632326162643632356534646630383163653966346365646334396532313335
38353539383630663936313939613638346536623739366164313132636463353666636338353562
65336663333937353630636565396537366261646464626163623465313962353039623432653335
39653662366335646437366639303736653434623137613633353664336534373965616436643837
37396239633533616136636165396333366162313736666366396363303536373235656234393332
34663330653738643931373465313939313236363935316237303566363234346330303534353736
35336639313233346437666236653931366331393530363432303065323234376436373830346664
30613335333062633563643565383065663361613737343537396230353339656234613264666232
36393831663264393437316362653734356236333165666361623134626438653536303862653965
62636431643738393437663762376261653231633038343365666361626466653634353030356566
65333436353939623233623964393833363461356133653564633164366630303034633237653138
64343230383036336430306164636134623930656532366232353561656237306435353839396661
36633861363830633964376165633339376264363735613965376437303666326665303839363566
36306239376230303463663836653931656231353531383561353838383565356363376134343334
33363430613935643839316137333765383537326231343734643766373865306262336166313763
33666530633938636537663539616334643933396232653665373335663964343631623233366430
63306361383332323936343461313231343730373333346337656461346136656531326332613537
39323335313061376439343034336466643934306538333030616139353564323432376531663464
35613462396430346533383061636132323961303938613365306531386462313730326639363461
36313839336232373938353537356663363034356238383264303462396534343035633461336334
38613737373430396132313465366363386365303265396261303434653463623265323237393734
38616262326461383739353235353835316638653263383938653233326336633532323561656433
34326634623130336135333931633635316464383139393639353731636432613832633265376332
32346161396332356530316365316362393130643833633264643136623733313963326161333535
61623835643931613461333033643636386339323137306663366563393463383266356433306362
32626430316137336536663232633061396232313935656562346437653238313130383837336361
61323865646637333037336335656462303065616237356463616631663539633433613263623932
61333236653836653436616161666330616239393331393139333231626464326339666433663461
33343539356634613363616662333562653162366532396337643163373738363637313738386362
30356634626536336264616263313438366336373962636438303634333130626433366536366436
33393461386337663366663132336136343930623464663062663930363663333566323734336631
63643866643262333735386433386662303263323038613862653563363230643065356439663264
36323666323331613663626533366130663766643036366430643734303561393234623539646463
38376132653234346633363238303265376431653663363861653037323436393037306436623962
66376536343032303863323138326334626166363930323530353161333737616261346631326364
36343239373365306266323832303531313037316234353537383436363866326533663437373537
31353038326439303839353139303362613264386434303236363336386665303861663438626135
39633361656130316335333965643966616263303563326639653534653931343261356133616461
63353664633636343438303936636632393963343235323537393064646138623934633237646139
33366664636664373135316366316163343266646435626636366534343061323464633464666430
36653231633565346334333362343734613861313465366530376266653939656163323236613139
31363165646134343236326663343534383031323431323162343566353938666365323265663931
62396466333730363261626465366431316332626236346364396536636165653330653531306330
63633564613330323637633761613066623135396132316636303130663534306562326535363733
31636639643632633232383938363563643732623364303732663133386434326236353635326439
37656138663166616231383264353763623066646337656363663839376536633235353838373465
37343237376138326337623565306137363833333165383166343233373438373261306433653734
65376361633165383034666337623832336262393831313831626564346231376561393365633437
65383236633036616538623861656439323866633864666434643262346632343865643462393237
36386463393936376437643065356461306235656233373561393965613461643035356634626335
38633664323265303563363636613130383236393339333330613239633765636232326265653864
31346361346364396166663930663435313230366631623363306136353833346138346433373730
36326536323166396562303733353835663234636136383539356139623433316537343039623761
66373231353639623533323837386339323462366137376363373030333762323830623535626433
36636162396439363436343330636162383864383837663236626237396562333032383162636165
36663833343062613362663739303639396139376166376234646663316239306261356561396535
30316331656464333137313333396132656636653932363834336336303635633865313165316434
63376461333137343164333634333139336539613839393237343336646261643038643833303461
30663763653864626133356439646664663331613666616133383830346331636438656639633065
38346562343531633166666436643138366235373562386137326535333936383832313962313233
65613265313538626565666339643866393165316363663664373066623962303435663635653738
65363262633236333339633636363233333232333332643837326163633061656135653763663539
39346365356266353336316461613336343039656330306530303961346133343765363036633734
65643563633631373133633031343532356461633461616430313331306335336131333062643230
33623331313566646130373833373137333733343534383239306630396335383539373736613862
39323265393438376437386261636162303535346638316464366431316439643463623237323563
31326633373964626266356435376231333933646139666166663232633132323832353034626132
37316235376265633762613536323735653134616233396439326239323933623465613932363332
61663862613330366134633534653632343865666562376438386563653066363635666136613534
62356433653861666634653536353163306539613061373936346538306134326561323564353936
62666139646238663230376132613334323138313261336338666433613231323633623636333938
31356334613334383839396535643764393938303931613835643037626530333534323063646164
33346363366334333063363564663638306461613838616564643938396234373961613130373738
32636533653666626261336138326335623366643737633763353066643263663161396239663432
66646233303739623032313439643763656464623865353963333330653833323763633362303434
61343530613530336461363038383731646663343764383262393534623530613033636665656233
38666162336332376436363335626365666134646532356534346264316465613336653664326461
66626537643465326661636164313166393761343231643831366362386431323664633134303062
37623863616165633236643139633736336537326533636632646666633466336230653165666333
39326566326665366364636631646237663534393631646633316231303835343837303233333565
65663163646566306331343766636461326333306662633337356135663938383166303532313566
31393932333037366237663465626434643564663036336139316636313163646439643934343436
65343462393337333161323236303233376532363963616433343133383631643937333662363063
39646536373865626230633466616162613333623462616139386166316662343034393761343339
63313263316662626563343130633837303932383134656432383232626163323634636462343662
62326665366431656239663564663838653631396366313861323935623364633266333739383861
63326264333236373333313566323937336232326461343839616533633639346435333162313237
38646638373735663163623231313463326263656531373536393934626632326433363634616337
61303035356263366166656565393565343733626439376533316266343038366366656538663830
61656661323936633964333433306165613334306436343832666561363565343631383538643631
35623839643133376335393331643962386532346437313933366133336364326533373436613833
66326237386161623332323130333839336363373330313435636634663532346130626230393333
61323361646537623235376135363033636261343365343735623963643066373631343235356536
39653136376661353837383839663965643334393861373235353035356235396235613562363061
33353339663165656432383230663033363861343032326663373632346634303231346462663836
65313963373139383765303838666634666431343734313532626438373961393839656236646263
32623264636434636531663138373466663032333463373232353333363534336435353664353238
66663562653238396637613463636133656133386163376637353439626133373032373762623465
63316335336662623039633837613666363766363931343865313330316362316561626438626533
65383465396536306562363163653132343263636363613434333966346166326263373038653266
62353734326365616361303135303561313131633637633461636539636666363162646238343265
32363065326330303666336638333439356135633764643830353135346139306366353831613564
36303763363031613531623336656637393337323035343532623239623735383932626463643866
30363138313964643664653834363861616565393065633231623961353532623434623832343930
66666330633633653030613237383063353064373661393965373333323565336434653837616336
32613737623064316233613434363031623238326132653434646237306234663538616463643230
3261376331343330613739346434313636613561626230656334

10
recipes/debian/provisionning/quid/clone-quid-ansible.yml Normal file
View File

@ -0,0 +1,10 @@
---
- name: Ciblage de la machine locale
hosts: localhost
connection: local
tasks:
- name: Clonage du projet "EFS/quid-ansible"
ansible.builtin.git:
repo: "ssh://git@forge.cadoles.com:2222/EFS/quid-ansible.git"
dest: "quid-ansible"
version: "master"

2
recipes/debian/provisionning/quid/run-quid-ansible.yml Normal file
View File

@ -0,0 +1,2 @@
---
- import_playbook: quid-ansible/deploy.yml

1
recipes/debian/provisionning/ssh/cadoles/pcaseiro.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDph3zh6ojSvH44k13z9B6xj+Hargo3uzkxnYv5s5NI4yagNuBXEc3aS++KdocND+FtVfLK+iVE8qHo2bvmpMmVkqU6WU2apN7DfIP0QGLlSGeo+UOZ9hGeEDlgVO4AOnZKZ5kPGBEPZ84JXuE9CmhKfwEVCK8w3B8XQttA8alFl4A4/4F14x2w4njsSLY1H3b0qah7hgYKU5zHIGLg8Lxx+1BxGIF0l5n5m5rqAskRNaF+aYbs0CcWHv49bPK0sJJ0qPV2r2sq8BlzuZFHExnZRIxpsIXdce4Bm4rdlGi7tBmmurLk4OOtDkwvhD0LMaNJf10k6QLSmRUTVzgsYz/dmGxopbMtwwIXkwi014uSZgi8wAuznXx5I4j2TUGPZHOVf+1iw/yaxWlgTVOSoX7ZxyhDgW5cCgZZGNzU5UWe0vUuVTB+hfSMj50/Q6+Vi92/mDMbPhm4nBoVzD5DT15mB+yGyN45Ej61m0JzVUyZexfvVaffEug1/u5dnwilP0WGKr4i2OXxOXtvSdAs5rlZjvppZk6IxRCwXIcPwEFL97ZrQZAxlVS5Nh+ZnlSwTe3zfQhzHj1ao0AdCAHFPUEdoUPJhSb0OjyCvZ9XZ1KCkXhuhuN/3IUhuoWl4soNCeC3KmU/USx1wda438Exj0hM1mTyBZScDPGyD9nw78DGw== Philippe Caseiro

1
recipes/debian/provisionning/ssh/cadoles/vfebvre.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZxr8C81Dm5Zl2AtDzTVa8hFs04aV1z8ANrXYVHnLf7gEG4c1BI9iWbm94gVCQT4IvoKR5oZxjxGnx1a7VaX6h6dt33+p/s2IJiwG+9/DykPnImw+ALTcnMcyrwOYh68jnQIOGkYzK/VaHRzrvFNuoVWIU+FqfN+sW+bLQWi9v/K5oiup83xQBze6kjMEL2PT48bJwT/dQgP5cnTTEYwcOK/Yes1Cmb+VqjAs5B3uiHDoch10fy4b4duuALozPGhgoOfTLqe9Ekbt8PdIhUzGxFCw79W7IBA9vw79tYBy4B2et8Zb9sf+sMmxPINDkouYmfSnU0PjNjida7Tii2IEWbrb/qbSkRNcyIBmpGKz6VnSIvomv4FA9dGkOLYRyvTjAM6Shy5aiGV8F7T9hMxm3zGDjiVseyPVtMdSjM2SCx95uPCH5oSrj8M1OIjC2D+w3DsmTPFvTjA1gmKEYnXfFj82DvO+wDcbb6/DF2qS6y5rNpdnPWDb57iBqKeZISQ5x+h8arV0U3yItHoi7z4Cb51V29pdBE0xgFx5DE5akuPO3RC+BP0CK242HBdb94YXQCfmoQ1dV59mvu0ObAhP4CH/efOqONHXjTG9eurQyJWUr8yYO9DI7HkQHwvYDS7xuEO9yvs7gizm22FOTcxBPc4M/KFhPfnUs7Nyfw6I0Nw== vfebvre@cadoles.com

23
recipes/debian/provisionning/templater-install.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
set -ex
TOOL_DIR="${1:-/usr/local/bin}"
TOOL_USER="${2:-root}"
TOOL_GROUP="${3:-root}"
ATTACHMENT_URL="https://forge.cadoles.com/attachments/"
installTool() {
NAME="${1}"
URL="${2}"
curl -k -o ${TOOL_DIR}/${NAME} ${URL}
chmod +x ${TOOL_DIR}/${NAME}
}
apk add curl
pcaseiro marked this conversation as resolved
pcaseiro commented 2023-10-23 10:37:04 +02:00
Review
Copy Link

Ce fichier n'est pas non plus à jour pour Debian, mais d'un autre côté pas certain qu'il y ai un paquet templater pour Debian :D

Ce fichier n'est pas non plus à jour pour Debian, mais d'un autre côté pas certain qu'il y ai un paquet templater pour Debian :D
# Install templater
installTool "tpr" "https://forge.cadoles.com/attachments/242b3cba-8d07-4b89-80ab-7c12253a8524"
# Install bootstraper
installTool "btr" "https://forge.cadoles.com/attachments/e8442b2a-2065-4282-b4a4-648681fa044c"

27
recipes/debian/provisionning/tools/additionnal-disk Normal file
View File

@ -0,0 +1,27 @@
#!/bin/sh
#
# Quick and dirty script to add disk space
# It creates a new PV (with the additionnal disk),
# a new VG and a new LV with 100% disk space
# The names and devices are provided with env variables:
# - PV_DEVICE : The /dev/xxx device
# - VG_NAME: The new vg name
# - LV_NAME: Then new lv name
# - LV_MTP: The mount point for the FS created on the LV
# - LV_FS: The fstype of the new FS
#
if [ -e ${PV_DEVICE} ]; then
pvcreate ${PV_DEVICE}
vgcreate ${VG_NAME} ${PV_DEVICE}
lvcreate -Ay -l 100%FREE -n ${LV_NAME} ${VG_NAME}
mkfs.${LV_FS} /dev/${VG_NAME}/${LV_NAME}
if [ ! -d ${LV_MTP} ]; then
mkdir -p ${LV_MTP}
fi
mount /dev/${VG_NAME}/${LV_NAME} ${LV_MTP}
echo "/dev/${VG_NAME}/${LV_NAME} ${LV_MTP} ${LV_FS} rw,relatime 0 1" >> /etc/fstab
else
echo "${PV_DEVICE} is missing"
exit 3
fi

74
recipes/debian/quid.pkr.hcl Normal file
View File

@ -0,0 +1,74 @@
#Flavour base
build {
name = "quid"
description = <<EOF
This builder builds a QEMU image from a Debian cloud image.
EOF
source "vmware-vmx.debian" {
output_directory = "${var.output_dir}/${var.version}/quid"
vm_name = "quid-${local.output_name}-${var.version}"
source_path = "${var.output_dir}/${var.version}/base/${local.output_name}-${var.version}.vmx"
boot_command = [ "<enter><enter><wait>" ]
ssh_clear_authorized_keys = true
disk_additional_size = [ 102400 ]
vmx_data = {
"scsi1.pcislotnumber" = "16"
"scsi1.present" = "TRUE"
"scsi1.virtualdev" = "lsilogic"
"scsi1:0.filename" = "disk-1.vmdk"
"scsi1:0.present" = "TRUE"
"scsi1:0.redo" = ""
}
vmx_data_post = {
"memsize" = "4096",
"numvcpus" = "2",
}
}
// Extend root logical volume with additional disk space
provisioner "shell" {
inline = [
"pvcreate /dev/sdb",
"vgextend debian-vg /dev/sdb",
"lvextend -l +100%FREE /dev/debian-vg/root",
"resize2fs /dev/debian-vg/root"
]
}
// Store temporarily ansible vault password in local file
provisioner "shell-local" {
inline = ["echo '${var.quid_ansible_vault_passphrase}' > '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
}
// Clone quid-ansible repository
provisioner "ansible" {
playbook_file = "${local.locations.provisionning}/quid/clone-quid-ansible.yml"
// Manjaro/Arch OpenSSH version compatibility mode
// See https://github.com/hashicorp/packer/issues/11783
extra_arguments = [ "--scp-extra-args", "'-O'", "-v" ]
}
// Run quid-ansible playbook from cloned repository
provisioner "ansible" {
playbook_file = "${local.locations.provisionning}/quid/run-quid-ansible.yml"
groups = ["quid_server"]
// Manjaro/Arch OpenSSH version compatibility mode
// See https://github.com/hashicorp/packer/issues/11783
extra_arguments = [ "--scp-extra-args", "'-O'", "-v", "--vault-password-file=${local.locations.provisionning}/quid/.ansible_vault_passphrase", "--extra-vars=@${local.locations.provisionning}/quid/ansible-vars.yml" ]
}
// Remove ansible vault password file
provisioner "shell-local" {
inline = ["rm -f '${local.locations.provisionning}/quid/.ansible_vault_passphrase'"]
}
post-processor "shell-local" {
inline = [
"/bin/sh ${path.cwd}/post-processors/sparsify.sh ${var.output_dir}/${var.version}/quid ${var.image_version}",
]
}
post-processor "manifest" {
keep_input_artifact = true
}
}

37
recipes/debian/readme.quid.md Normal file
View File

@ -0,0 +1,37 @@
# Flavor "Quid"
## Construction de l'image
1. Récupérer la phrase de passe pour les données chiffrées via `ansible-vault` dans le coffre-fort partagé (Section "Cadoles" -> "Kube").
2. Lancer la construction de l'image de la machine virtuelle
```
QUID_ANSIBLE_VAULT_PASSPHRASE="<passphrase>" PACKER_OPTS="-var headless=false" ./build start debian 12
```
ou si l'image Debian de base est déjà construite
```
QUID_ANSIBLE_VAULT_PASSPHRASE="<passphrase>" PACKER_OPTS="-var headless=false" BUILDER="vmware-vmx" ./build run debian 12 quid
```
> **Tip** Le paramètre `PACKER_OPTS="-var headless=false"` n'est nécessaire que dans le cas où vous souhaitez l'exécuteur VMWare avec son interface graphique.
## Générer le fichier OVF à partir de l'OVA
```
ovftool output/debian/12.2.0/quid/quid-debian-12.2.0.ova output/debian/12.2.0/quid/quid-debian-12.2.0.ovf
```
## Configuration de l'environnement Quid sur la machine virtuelle
1. Ajouter l'image de la machine sur votre environnement de virtualisation. Les fichiers sont normalement générés dans le répertoire `output/debian/12.2.0/quid`.
2. Démarrer la machine virtuelle. Le mot de passe par défaut du compte administrateur est `toor`.
3. Éditer le fichier `/etc/quid-ansible/config.yml` avec les valeurs correspondant à votre environnement de déploiement ([voir les valeurs par défaut](https://forge.cadoles.com/EFS/quid-ansible/src/branch/master/roles/quid-server/files/quid_ansible_default_config.yml))
4. Exécuter la commande `apply-config` pour mettre à jour la machine avec les valeurs présentes dans le fichier précédemment édité.
Pour plus d'informations voir la documentation du projet [`quid-ansible`](https://forge.cadoles.com/EFS/quid-ansible).

101
recipes/debian/sources.pkr.hcl Normal file
View File

@ -0,0 +1,101 @@
source qemu "debian" {
cpus = 1
memory = "${local.memory}"
accelerator = "kvm"
vnc_bind_address = "0.0.0.0"
headless = local.headless
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
http_port_min = 9990
http_port_max = 9999
# SSH ports to redirect to the VM being built
host_port_min = 2222
host_port_max = 2229
# This user is configured in the preseed file.
ssh_username = "${local.ssh_user}"
ssh_private_key_file = data.sshkey.install.private_key_path
ssh_wait_timeout = "1000s"
shutdown_command = "/sbin/poweroff"
# Builds a compact image
disk_compression = true
disk_discard = "unmap"
skip_compaction = false
disk_detect_zeroes = "unmap"
format = "qcow2"
boot_wait = "5s"
}
source "vmware-iso" "debian" {
cpus = 1
disk_type_id = 0
memory = "${local.memory}"
vnc_bind_address = "0.0.0.0"
headless = local.headless
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
http_port_min = 9990
http_port_max = 9999
# SSH ports to redirect to the VM being built
#host_port_min = 2222
#host_port_max = 2229
# This user is configured in the preseed file.
ssh_username = "${local.ssh_user}"
ssh_private_key_file = data.sshkey.install.private_key_path
ssh_wait_timeout = "1000s"
shutdown_command = "/sbin/poweroff"
# Builds a compact image
#disk_compression = true
#disk_discard = "unmap"
skip_compaction = false
#disk_detect_zeroes = "unmap"
format = "ova"
boot_wait = "5s"
}
source "vmware-vmx" "debian" {
vnc_bind_address = "0.0.0.0"
headless = local.headless
# Serve the `http` directory via HTTP, used for preseeding the Debian installer.
#http_directory = "${path.cwd}/recipes/${var.name}/provisionning/${var.name}/http"
http_port_min = 9990
http_port_max = 9999
# SSH ports to redirect to the VM being built
#host_port_min = 2222
#host_port_max = 2229
# This user is configured in the preseed file.
ssh_username = "${local.ssh_user}"
ssh_private_key_file = data.sshkey.install.private_key_path
ssh_wait_timeout = "1000s"
shutdown_command = "/sbin/poweroff"
# Builds a compact image
#disk_compression = true
#disk_discard = "unmap"
skip_compaction = false
#disk_detect_zeroes = "unmap"
format = "ova"
boot_wait = "5s"
}

12
recipes/debian/templates/conf/cloud-init/user-data Normal file
View File

@ -0,0 +1,12 @@
#cloud-config
ssh_pwauth: True
user: ${user}
password: ${password}
chpasswd:
expire: False
# Work around network interface down after boot
runcmd:
%{ for cmd in runcmd ~}
- ${cmd}
%{ endfor ~}

64
recipes/debian/variables.pkr.hcl Normal file
View File

@ -0,0 +1,64 @@
variable "name" {
type = string
default = "debian"
}
variable "version" {
type = string
default = "12.2.0"
}
variable "short_version" {
type = string
default = "12"
}
variable "arch" {
type = string
default = "amd64"
}
variable "output_dir" {
type = string
default = "output/debian/"
}
variable "source_url" {
type = string
default = "https://cdimage.debian.org/cdimage/release/12.2.0"
}
variable "iso_cd_checksum" {
type = string
default = "file:https://cdimage.debian.org/cdimage/release/12.2.0/amd64/iso-cd/SHA256SUMS"
}
variable "image_version" {
type = string
default = "0.0.1"
}
variable "one_user" {
type = string
default = env("ONE_USER")
}
variable "one_token" {
type = string
default = env("ONE_TOKEN")
}
variable "boot_command" {
type = list(string)
default = []
}
variable "cloud_init_runcmd" {
type = list(string)
default = [ "uname" ]
}
variable "headless" {
type = bool
default = true
}

6
recipes/debian/variables.quid.pkr.hcl Normal file
View File

@ -0,0 +1,6 @@
variable "quid_ansible_vault_passphrase" {
type = string
default = env("QUID_ANSIBLE_VAULT_PASSPHRASE")
sensitive = true
}