Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 18 additions & 6 deletions .github/workflows/packMachines.yml
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,6 @@ jobs:
echo "ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}" >> $GITHUB_ENV
shell: bash


- name: Set up Packer
uses: hashicorp/setup-packer@1aa358be5cf73883762b302a3a03abd66e75b232
with:
Expand Down Expand Up @@ -180,24 +179,37 @@ jobs:
echo "ARM_TENANT_ID=${{ secrets.AZURE_TENANT_ID }}" >> $GITHUB_ENV
shell: bash

- name: Install QEMU
run: sudo apt-get update && sudo apt-get install -y qemu-system-x86 openssl whois

- name: Generate user-data with hashed password
working-directory: ./packer/ubuntu-server
run: |
plain_pass=$(openssl rand -base64 12)
echo "Random password: $plain_pass"
echo "PLAIN_PASSWORD=$plain_pass" >> $GITHUB_ENV
hashed_pass=$(mkpasswd --method=SHA-512 "$plain_pass")
sed -i "s|{{password_hash}}|$hashed_pass|g" http/user-data
echo "user-data file is ready with hashed password."

- name: Set up Packer
uses: hashicorp/setup-packer@1aa358be5cf73883762b302a3a03abd66e75b232
with:
version: 1.11.2

- name: Install QEMU
run: sudo apt-get update && sudo apt-get install -y qemu-system-x86


- name: Run `packer init ${{ inputs.service }}`
working-directory: ./packer/ubuntu-server
run: packer init .

- name: Run `packer validate ${{ inputs.service }}`
working-directory: ./packer/ubuntu-server
run: packer validate --var dibbs_service=${{ inputs.service }} --var dibbs_version=${{ inputs.version }} .
run: packer validate --var dibbs_service=${{ inputs.service }} --var dibbs_version=${{ inputs.version }} --var ssh_password='${{ env.PLAIN_PASSWORD }}' .


- name: Run `packer build ${{ inputs.service }}`
working-directory: ./packer/ubuntu-server
run: packer build --var dibbs_service=${{ inputs.service }} --var dibbs_version=${{ inputs.version }} .
run: packer build --var dibbs_service=${{ inputs.service }} --var dibbs_version=${{ inputs.version }} --var ssh_password='${{ env.PLAIN_PASSWORD }}' .


## TODO: Decide how to export artifact.
2 changes: 1 addition & 1 deletion packer/ubuntu-server/jails/jail.local
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ mta = sendmail
# configured above.
action_mw = %(action_)s
%(mta)s-whois[sender="%(sender)s", dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
action = $(action_)s
action = iptables


[ssh]
Expand Down
49 changes: 34 additions & 15 deletions packer/ubuntu-server/ubuntu.pkr.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ source "amazon-ebs" "aws-ami" {
most_recent = true
}

//TODO: CHANGE ME! Change the password to use the random one, too!
# Packer connects as ubuntu user during build, then we create dibbs-user via provisioning
ssh_username = "ubuntu"

launch_block_device_mappings {
Expand Down Expand Up @@ -121,25 +121,48 @@ source "azure-arm" "azure-image" {
managed_image_resource_group_name = "skylight-dibbs-vm1"
os_type = "Linux"

//TODO: CHANGE ME! Change the password to use the random one, too!
ssh_username = "ubuntu"

# Packer connects as ubuntu user during build, then we create dibbs-user via provisioning
ssh_username = "ubuntu"
}


build {
name = "multi-cloud-build"
sources = [
"source.qemu.raw"
//"source.amazon-ebs.aws-ami",
//"source.azure-arm.azure-image"
"source.qemu.raw",
"source.amazon-ebs.aws-ami",
"source.azure-arm.azure-image"
]

# Create dibbs-user account on cloud instances during build
provisioner "shell" {
only = ["amazon-ebs.aws-ami", "azure-arm.azure-image"]
inline = [
"sudo useradd -m -s /bin/bash -G sudo dibbs-user",
"echo 'dibbs-user:${var.ssh_password}' | sudo chpasswd",
"echo 'dibbs-user ALL=(ALL) ALL' | sudo tee /etc/sudoers.d/dibbs-user",
"sudo chmod 0440 /etc/sudoers.d/dibbs-user" ,
"sudo gpasswd -d ubuntu docker || true" ,
"echo 'ubuntu ALL=(ALL) NOPASSWD: ALL, !/usr/bin/docker' | sudo tee /etc/sudoers.d/ubuntu-docker-block",
"sudo chmod 0440 /etc/sudoers.d/ubuntu-docker-block"
]
}

provisioner "file" {
source = "./jails/jail.local"
destination = "~/jail.local"
}

# Wait for dibbs-user to be created on cloud instances
provisioner "shell" {
only = ["amazon-ebs.aws-ami", "azure-arm.azure-image"]
inline = [
"while ! id dibbs-user >/dev/null 2>&1; do echo 'Waiting for dibbs-user...'; sleep 5; done",
"echo 'dibbs-user is ready'"
]
}

# Switch to dibbs-user for subsequent provisioning on cloud instances
provisioner "shell" {
only = ["azure-arm.azure-image"]
scripts = [
Expand All @@ -153,9 +176,7 @@ build {
"USE_SUDO=sudo",
"BUILD_TYPE=azure"
]

//TODO: Add new password here!
execute_command = "echo 'ubuntu' | {{.Vars}} sudo -S -E bash '{{.Path}}'"
execute_command = "echo '${var.ssh_password}' | {{.Vars}} sudo -S -E bash '{{.Path}}'"
}

provisioner "shell" {
Expand All @@ -168,12 +189,10 @@ build {
environment_vars = [
"DIBBS_SERVICE=${var.dibbs_service}",
"DIBBS_VERSION=${var.dibbs_version}",
"USE_SUDO=",
"USE_SUDO=sudo",
"BUILD_TYPE=aws"
]

//TODO: Add new password here!
execute_command = "echo 'ubuntu' | {{.Vars}} sudo -S -E bash '{{.Path}}'"
execute_command = "echo '${var.ssh_password}' | {{.Vars}} sudo -S -E bash '{{.Path}}'"
}

provisioner "shell" {
Expand Down Expand Up @@ -203,4 +222,4 @@ build {
source = "./scripts/apt-updates.sh.home"
destination = "~/apt-updates.sh"
}
}
}