Adds VMWare Vagrant box build configuration

1 year ago · eef59510ca
parent 882617e945
commit eef59510ca
19 changed files with 567 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+.vscode
+*.box
--- a/README.md
+++ b/README.md
@ -4,6 +4,74 @@
 building MSVSphere images for various cloud platforms.


+## Build environment configuration
+
+Supported operating systems:
+
+  * MSVSphere 9 and other EL9-compatible distributions
+  * Fedora
+
+Follow the Packer installation [instructions](https://developer.hashicorp.com/packer/downloads?product_intent=packer).
+
+Alternatively, you can install a Packer binary from a Yandex
+[mirror](https://hashicorp-releases.yandexcloud.net/packer/): just download a
+latest version archive and unzip it somewhere in PATH (e.g. `~/.local/bin`).
+
+Verify that Packer works:
+
+```shell
+$ packer version
+Packer v1.9.1
+```
+
+Install required Packer plugins:
+
+```shell
+$ packer init -upgrade .
+```
+
+Dependently on your network configuration, you may also need to open the
+8000-9000 TCP port range so that Packer can serve kickstart files to VMs:
+
+```shell
+$ firewall-cmd --zone=public --add-port=8000-9000/tcp --permanent
+$ firewall-cmd --reload
+```
+
+
+## Building images
+
+In order to build an image use the following command syntax:
+
+```shell
+$ packer build -only=${BUILDER}.${CONFIGURATION} .
+```
+
+where `${BUILDER}` is a Packer builder (e.g. `virtualbox-iso`) and
+`${CONFIGURATION}` is an image configuration name (e.g. 
+`msvsphere-9-vagrant-x86_64`).
+
+A graphical VM console is disabled by default, but you can enable it for
+debugging purposes by setting the `headless` variable to `false`:
+
+```shell
+$ packer build -only=vmware-iso.msvsphere-9-vagrant-x86_64 \
+               -var headless=false .
+```
+
+See the [variables.pkr.hcl](variables.pkr.hcl) file for other supported
+variables.
+
+
+### Building Vagrant boxes
+
+VMWare Vagrant box build command:
+
+```shell
+$ packer build -only=vmware-iso.msvsphere-9-vagrant-x86_64 .
+```
+
+
 ## License

 Licensed under the MIT license, see the [LICENSE](LICENSE) file for details.
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -0,0 +1,3 @@
+---
+collections: []
+roles: []
--- a/ansible/roles/cleanup_vm/README.md
+++ b/ansible/roles/cleanup_vm/README.md
@ -0,0 +1,3 @@
+# cleanup_vm
+
+An Ansible role that cleans-up and deprovisions a virtual machine.
--- a/ansible/roles/cleanup_vm/meta/main.yml
+++ b/ansible/roles/cleanup_vm/meta/main.yml
@ -0,0 +1,14 @@
+galaxy_info:
+  role_name: cleanup_vm
+  author: Eugene Zamriy
+  description: Cleans-up and deprovisions a VM
+  license: MIT
+  min_ansible_version: '2.5'
+  platforms:
+    - name: EL
+      versions:
+        - '8'
+        - '9'
+  galaxy_tags: []
+
+dependencies: []
--- a/ansible/roles/cleanup_vm/tasks/main.yml
+++ b/ansible/roles/cleanup_vm/tasks/main.yml
@ -0,0 +1,148 @@
+---
+- name: Remove old kernels
+  ansible.builtin.shell: dnf remove -y $(dnf repoquery --installonly --latest-limit=-1 -q)
+
+- name: Delete DNF cache
+  ansible.builtin.command: dnf clean all
+
+- name: Find DNF history files
+  ansible.builtin.find:
+    paths: /var/lib/dnf
+    patterns: "history*"
+  register: dnf_history
+
+- name: Reset DNF history
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ dnf_history.files }}"
+
+- name: Find temporary files
+  ansible.builtin.find:
+    file_type: any
+    paths:
+      - /tmp
+      - /var/tmp
+    patterns: '*'
+  register: tmp_files
+
+- name: Remove temporary files
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ tmp_files.files }}"
+
+- name: Find SSH host keys
+  ansible.builtin.find:
+    paths: /etc/ssh
+    patterns: '*host*key*'
+  register: host_keys
+
+- name: Remove SSH host keys
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ host_keys.files }}"
+
+- name: Remove kickstart files
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /root/anaconda-ks.cfg
+    - /root/original-ks.cfg
+
+- name: Truncate files
+  ansible.builtin.command: "truncate -s 0 {{ item }}"
+  loop:
+    - /etc/machine-id
+    - /etc/resolv.conf
+    - /var/log/audit/audit.log
+    - /var/log/wtmp
+    - /var/log/lastlog
+    - /var/log/btmp
+    - /var/log/cron
+    - /var/log/maillog
+    - /var/log/messages
+    - /var/log/secure
+    - /var/log/spooler
+
+- name: Remove log folders.
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /var/log/anaconda
+    - /var/log/qemu-ga
+    - /var/log/tuned
+    - /var/lib/cloud
+    - /etc/hostname
+    - /etc/machine-info
+    - /var/lib/systemd/credential.secret
+
+- name: Find log files.
+  ansible.builtin.find:
+    paths:
+      - /var/log
+      - /var/log/sssd
+    patterns: '*log,*.old,*.log.gz,*.[0-9],*.gz,*-????????'
+  register: log_files
+
+- name: Remove log files
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: absent
+  loop: "{{ log_files.files }}"
+
+- name: Remove random-seed
+  ansible.builtin.file:
+    path: /var/lib/systemd/random-seed
+    state: absent
+
+- name: Disable root SSH login via password
+  ansible.builtin.file:
+    path: /etc/ssh/sshd_config.d/01-permitrootlogin.conf
+    state: absent
+  when: ansible_facts['distribution_major_version'] == '9'
+
+- name: Fill free space with zeroes
+  ansible.builtin.shell: dd if=/dev/zero of=/zeroed_file bs=1M oflag=direct || rm -f /zeroed_file
+
+- name: Detect swap partition
+  ansible.builtin.command: grep -oP '^/dev/[\w-]+' /proc/swaps
+  register: swaps
+  ignore_errors: true
+
+- name: Wipe out swap data
+  block:
+    - name: Get swap partition UUID
+      ansible.builtin.command: "blkid {{ swaps.stdout }} -s UUID -o value"
+      register: swap_blkid
+
+    - name: Unmount swap partition
+      ansible.builtin.command: "swapoff {{ swaps.stdout }}"
+
+    - name: Fill swap partition with zeroes
+      ansible.builtin.shell: "dd if=/dev/zero of={{ swaps.stdout }} bs=1M oflag=direct || /bin/true"
+
+    - name: Format swap partition
+      ansible.builtin.command: "mkswap -U {{ swap_blkid.stdout }} -f {{ swaps.stdout }}"
+
+    - name: Mount swap partition
+      ansible.builtin.command: "swapon {{ swaps.stdout }}"
+  when: swaps.rc == 0
+
+- name: Sync disc
+  ansible.builtin.command: sync
+
+- name: Clear shell history
+  ansible.builtin.shell: history -c
+
+- name: Check if WALinuxAgent is installed
+  ansible.builtin.stat:
+    path: /usr/sbin/waagent
+  register: cleanup_vm_waagent
+
+- name: Deprovision WALinuxAgent
+  ansible.builtin.command: waagent -deprovision+user -force
+  when: cleanup_vm_waagent.stat.exists
--- a/ansible/roles/nfs_client/README.md
+++ b/ansible/roles/nfs_client/README.md
@ -0,0 +1,3 @@
+# nfs_client
+
+An Ansible role that installs the `nfs-utils` package.
--- a/ansible/roles/nfs_client/meta/main.yml
+++ b/ansible/roles/nfs_client/meta/main.yml
@ -0,0 +1,15 @@
+galaxy_info:
+  role_name: nfs_client
+  author: Eugene Zamriy
+  description: Installs nfs-utils package
+  license: MIT
+  min_ansible_version: '2.5'
+  platforms:
+    - name: EL
+      versions:
+        - '8'
+        - '9'
+  galaxy_tags:
+    - nfs
+
+dependencies: []
--- a/ansible/roles/nfs_client/tasks/main.yml
+++ b/ansible/roles/nfs_client/tasks/main.yml
@ -0,0 +1,5 @@
+---
+- name: Install nfs-utils
+  ansible.builtin.dnf:
+    name: nfs-utils
+    state: present
--- a/ansible/roles/vagrant_pubkey/README.md
+++ b/ansible/roles/vagrant_pubkey/README.md
@ -0,0 +1,4 @@
+# vagrant_pubkey
+
+An Ansible role that adds a Vagrant public SSH key to the `vagrant` user's
+`~/.ssh/authorized_keys` file.
--- a/ansible/roles/vagrant_pubkey/meta/main.yml
+++ b/ansible/roles/vagrant_pubkey/meta/main.yml
@ -0,0 +1,15 @@
+galaxy_info:
+  role_name: vagrant_pubkey
+  author: Eugene Zamriy
+  description: Adds Vagrant public SSH key
+  license: MIT
+  min_ansible_version: '2.5'
+  platforms:
+    - name: EL
+      versions:
+        - '8'
+        - '9'
+  galaxy_tags:
+    - vagrant
+
+dependencies: []
--- a/ansible/roles/vagrant_pubkey/tasks/main.yml
+++ b/ansible/roles/vagrant_pubkey/tasks/main.yml
@ -0,0 +1,16 @@
+---
+- name: Create /home/vagrant/.ssh directory
+  ansible.builtin.file:
+    path: /home/vagrant/.ssh
+    state: directory
+    owner: vagrant
+    group: vagrant
+    mode: 0o700
+
+- name: Download Vagrant public SSH key
+  ansible.builtin.get_url:
+    url: https://raw.githubusercontent.com/hashicorp/vagrant/main/keys/vagrant.pub
+    dest: /home/vagrant/.ssh/authorized_keys
+    owner: vagrant
+    group: vagrant
+    mode: 0o600
--- a/ansible/roles/vmware_guest/README.md
+++ b/ansible/roles/vmware_guest/README.md
@ -0,0 +1,4 @@
+# vmware_guest
+
+An Ansible role that installs the `open-vm-tools` package on a virtual
+machine.
--- a/ansible/roles/vmware_guest/meta/main.yml
+++ b/ansible/roles/vmware_guest/meta/main.yml
@ -0,0 +1,17 @@
+galaxy_info:
+  role_name: vmware_guest
+  author: Eugene Zamriy
+  description: Installs open-vm-tools
+  license: MIT
+  min_ansible_version: '2.5'
+  platforms:
+    - name: EL
+      versions:
+        - '8'
+        - '9'
+  galaxy_tags:
+    - guest
+    - system
+    - vmware
+
+dependencies: []
--- a/ansible/roles/vmware_guest/tasks/main.yml
+++ b/ansible/roles/vmware_guest/tasks/main.yml
@ -0,0 +1,5 @@
+---
+- name: Install open-vm-tools
+  ansible.builtin.dnf:
+    name: open-vm-tools
+    state: present
--- a/ansible/vagrant.yml
+++ b/ansible/vagrant.yml
@ -0,0 +1,11 @@
+---
+- name: MSVSphere Vagrant box
+  hosts: default
+  become: true
+
+  roles:
+    - role: vmware_guest
+      when: packer_provider == 'vmware-iso'
+    - nfs_client
+    - vagrant_pubkey
+    - cleanup_vm
--- a/http/msvsphere-9-vagrant.x86_64.ks
+++ b/http/msvsphere-9-vagrant.x86_64.ks
@ -0,0 +1,69 @@
+# MSVSphere 9 Vagrant boxes kickstart file
+
+# TODO: change url to the kickstart one when we have it
+url --url https://rsync.inferitos.ru/msvsphere/9.2/BaseOS/x86_64/os/
+repo --name=BaseOS --baseurl=https://rsync.inferitos.ru/msvsphere/9.2/BaseOS/x86_64/os/
+repo --name=AppStream --baseurl=https://rsync.inferitos.ru/msvsphere/9.2/AppStream/x86_64/os/
+
+text
+skipx
+eula --agreed
+firstboot --disabled
+
+lang C.UTF-8
+keyboard us
+timezone UTC --utc
+
+network --bootproto=dhcp
+firewall --disabled
+services --enabled=sshd
+selinux --enforcing
+
+bootloader --location=mbr
+zerombr
+clearpart --all --initlabel
+autopart --type=plain --nohome --noboot --noswap
+
+rootpw vagrant
+user --name=vagrant --plaintext --password vagrant
+
+reboot --eject
+
+
+%packages --inst-langs=en
+@core
+bzip2
+dracut-config-generic
+tar
+usermode
+-biosdevname
+-dnf-plugin-spacewalk
+-dracut-config-rescue
+-iprutils
+-iwl*-firmware
+-langpacks-*
+-mdadm
+-open-vm-tools
+-plymouth
+-rhn*
+%end
+
+
+# disable kdump service
+%addon com_redhat_kdump --disable
+%end
+
+
+%post
+# allow passwordless sudo for the vagrant user
+echo "vagrant     ALL=(ALL)     NOPASSWD: ALL" >> /etc/sudoers.d/vagrant
+
+# see Vagrant documentation (https://docs.vagrantup.com/v2/boxes/base.html)
+# for details about the requiretty.
+sed -i "s/^.*requiretty/# Defaults requiretty/" /etc/sudoers
+yum clean all
+
+# permit root login via SSH with password authentication
+echo "PermitRootLogin yes" > /etc/ssh/sshd_config.d/01-permitrootlogin.conf
+
+%end
--- a/msvsphere-9-vagrant.pkr.hcl
+++ b/msvsphere-9-vagrant.pkr.hcl
@ -0,0 +1,58 @@
+/**
+ * Packer template for building MSVSphere 9 Vagrant boxes.
+ */
+
+source "vmware-iso" "msvsphere-9-vagrant-x86_64" {
+  iso_url          = var.iso_url_9_x86_64
+  iso_checksum     = var.iso_checksum_9_x86_64
+  boot_command     = var.vagrant_boot_cmd_9_x86_64_bios
+  boot_wait        = var.boot_wait
+  cpus             = var.cpus
+  memory           = var.memory
+  disk_size        = var.vagrant_disk_size
+  headless         = var.headless
+  http_directory   = var.http_directory
+  guest_os_type    = "centos-64"
+  shutdown_command = var.vagrant_shutdown_command
+  ssh_username     = var.vagrant_ssh_username
+  ssh_password     = var.vagrant_ssh_password
+  ssh_timeout      = var.ssh_timeout
+  vmx_data = {
+    "cpuid.coresPerSocket" : "1"
+  }
+  vmx_data_post = {
+    "memsize" : var.post_memory
+    "numvcpus" : var.post_cpus
+  }
+  vmx_remove_ethernet_interfaces = true
+}
+
+
+build {
+  sources = [
+    "sources.vmware-iso.msvsphere-9-vagrant-x86_64"
+  ]
+
+  provisioner "ansible" {
+    playbook_file    = "ansible/vagrant.yml"
+    galaxy_file      = "ansible/requirements.yml"
+    roles_path       = "ansible/roles"
+    collections_path = "ansible/collections"
+    ansible_env_vars = [
+      "ANSIBLE_PIPELINING=True",
+      "ANSIBLE_REMOTE_TEMP=/tmp",
+      "ANSIBLE_SSH_ARGS='-o ControlMaster=no -o ControlPersist=180s -o ServerAliveInterval=120s -o TCPKeepAlive=yes -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa'"
+    ]
+    extra_arguments = [
+      "--extra-vars",
+      "packer_provider=${source.type}"
+    ]
+  }
+
+  post-processors {
+    post-processor "vagrant" {
+      compression_level = "9"
+      output            = "MSVSphere-${var.os_version_9}-${formatdate("YYYYMMDD", timestamp())}.{{.Provider}}.x86_64.box"
+    }
+  }
+}
--- a/variables.pkr.hcl
+++ b/variables.pkr.hcl
@ -0,0 +1,107 @@
+/**
+ * MSVSphere Packer template variables.
+ */
+
+variable "os_version_9" {
+  description = "The target MSVSphere 9 version"
+  type        = string
+  default     = "9.2"
+}
+
+// TODO: switch to the boot ISO on production
+variable "iso_url_9_x86_64" {
+  description = "MSVSphere 9 x86_64 installation ISO URL"
+  type        = string
+  default     = "https://rsync.inferitos.ru/msvsphere/9.2/isos/x86_64/MSVSphere-9.2-alpha-x86_64-minimal.iso"
+}
+
+variable "iso_checksum_9_x86_64" {
+  description = "MSVSphere 9 x86_64 installation ISO checksum"
+  type        = string
+  default     = "file:https://rsync.inferitos.ru/msvsphere/9.2/isos/x86_64/CHECKSUM"
+}
+
+variable "headless" {
+  description = "Start the VM without a GUI console if true"
+  type        = bool
+  default     = true
+}
+
+variable "cpus" {
+  description = "The number of CPUs for a VM"
+  type        = number
+  default     = 2
+}
+
+variable "memory" {
+  description = "The amount of RAM in megabytes"
+  type        = number
+  default     = 2048
+}
+
+variable "boot_wait" {
+  description = "Time to wait before interacting with an OS bootloader menu"
+  type        = string
+  default     = "10s"
+}
+
+variable "ssh_timeout" {
+  description = "The SSH connection timeout"
+  type        = string
+  default     = "1800s"
+}
+
+variable "post_cpus" {
+  description = "The number of CPUs to set for the VM after build"
+  type        = number
+  default     = 1
+}
+
+variable "post_memory" {
+  description = "The amount of RAM to set for the VM after build"
+  type        = number
+  default     = 1024
+}
+
+variable "http_directory" {
+  description = "The kickstart files directory path"
+  type        = string
+  default     = "http"
+}
+
+/**
+ * Vagrant-specific settings.
+ */
+variable "vagrant_disk_size" {
+  description = "The VM disk size in megabytes"
+  type        = number
+  default     = 20000
+}
+
+variable "vagrant_boot_cmd_9_x86_64_bios" {
+  description = "The boot command for x86_64 VMs in a BIOS mode"
+  type        = list(string)
+  default = [
+    "<tab> inst.text inst.gpt ",
+    "inst.ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/msvsphere-9-vagrant.x86_64.ks",
+    "<enter><wait>"
+  ]
+}
+
+variable "vagrant_ssh_username" {
+  description = "A login to use for SSH authentication"
+  type        = string
+  default     = "vagrant"
+}
+
+variable "vagrant_ssh_password" {
+  description = "A password to use for SSH authentication"
+  type        = string
+  default     = "vagrant"
+}
+
+variable "vagrant_shutdown_command" {
+  description = "The VM shutdown command"
+  type        = string
+  default     = "echo vagrant | sudo -S /sbin/shutdown -hP now"
+}