From 52028964f2119341ad3ca07f1b61286f618eed02 Mon Sep 17 00:00:00 2001 From: Samuel Aubertin Date: Sun, 24 Sep 2023 23:48:17 +0200 Subject: [PATCH] opack cloud ? --- .gitignore | 7 +- README.md | 27 +++--- examples/cloud/.gitignore | 2 + examples/cloud/Makefile | 11 +++ Makefile => examples/shortest/Makefile | 2 +- src/defines.mk | 83 +++++++++++++++++++ src/opack.mk | 61 +++++++++----- src/options.mk | 35 +++++++- ...opack-provision.sh => packer-provision.sh} | 2 + src/packerfile-gcp.mk | 35 ++++---- src/packerfile.mk | 4 + 11 files changed, 205 insertions(+), 64 deletions(-) create mode 100644 examples/cloud/.gitignore create mode 100644 examples/cloud/Makefile rename Makefile => examples/shortest/Makefile (63%) rename src/{opack-provision.sh => packer-provision.sh} (80%) diff --git a/.gitignore b/.gitignore index d05c7be..6819f9c 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,5 @@ -src/cache/ -.vagrant +src/boxes/ +examples/*/.vagrant +examples/cloud/id_ed25519 +examples/cloud/id_ed25519.pub +examples/cloud/*.json diff --git a/README.md b/README.md index de72cac..6682b6f 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,6 @@ ░ ░ ░ ░ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ``` ------ *Samuel 'sk4nz' AUBERTIN* **skz-opack** is an automated [OpenBSD](https://www.openbsd.org) bootstrapper. @@ -27,8 +26,9 @@ To get started with **skz-opack**, follow these steps: 2. Ensure you have the following dependencies installed: - [GNU Make](https://www.gnu.org/software/make/) - [libvirt](https://libvirt.org/) - - [Vagrant](https://www.vagrantup.com/) + - [Vagrant](https://developer.hashicorp.com/vagrant/downloads) - [Vagrant-Libvirt module](https://github.com/vagrant-libvirt/vagrant-libvirt) + - [Terraform](https://developer.hashicorp.com/terraform/downloads) (for `opack-cloud`) 3. Use the project by including `path/to/skz-opack/src/opack.mk` and invoking the `opack` target in your Makefile to create a local OpenBSD virtual machine with Packer and Vagrant. Use the 'opack-cloud' target to run the same virtual machine in GCP with Terraform. @@ -41,7 +41,7 @@ To get started with **skz-opack**, follow these steps: ## Overridable default options -Every default option ending with an `?` in "src/options.mk" can be overrided in the invoking Makefile. Here is an short list of theses: +Every default option ending with an `?` in "src/options.mk" can be overrided in the invoking Makefile. Here is an short excerpt of theses: - `OPACK_SYS_HOSTNAME`: VM hostname - `OPACK_SYS_USER`: username to create @@ -65,7 +65,9 @@ Every default option ending with an `?` in "src/options.mk" can be overrided in - `OPACK_AUTODISKLABEL_FILE`: OpenBSD partitioning scheme for installation - `OPACK_PROVISION_FILE`: Script executed after installation - `OPACK_RUNTIME_PROVISION_FILE`: Script executed after VM creation - +- `OPACK_GCE_PROJECT`: The Google Cloud project name where the VM will be created +- `OPACK_GCE_JSON_KEY`: The filename of the Google Cloud service account JSON key +- `OPACK_GCE_BUCKET`: The Google Cloud Storage bucket name to use for the image import ## Examples @@ -74,8 +76,8 @@ Every default option ending with an `?` in "src/options.mk" can be overrided in Here is the shortest Makefile that can be used to leverage skz-opack: ```make -OPACK_TARGET= demo # the VM name -include path/to/src/opack.mk # mandatory +OPACK_TARGET= demo +include path/to/src/opack.mk ``` After invokation with `make opack`, it will download, install, and run the latest OpenBSD release in a local VM with the default options. @@ -108,7 +110,7 @@ Making "opack" a dependency target of "all" will ensure **skz-opack** operates b Once the "opack" target dependency is finished, the VM is running and the system kernel version is outputted. This example showcases how to customize and run **skz-opack** for your specific needs. -### GCP example +### GCE example TODO @@ -132,9 +134,9 @@ In the "src" directory, are located the following files: - **autodisklabel**: This file provides the partitioning layout for the installer and can be customized by using the `OPACK_AUTODISKLABEL_FILE` option. - **defines.mk**: Contains internal skz-opack definitions for Packer and Vagrant. - **opack.mk**: To use skz-opack in your projects, simply include this file in your Makefiles. -- **opack-provision.sh**: This file is executed for post-installation provisioning with Packer and can be customized using the `OPACK_PROVISION_FILE` option. +- **packer-provision.sh**: This file is executed for post-installation provisioning with Packer and can be customized using the `OPACK_PROVISION_FILE` option. - **options.mk**: This file is where all skz-opack options are declared. Options are always in the `OPACK_[OPTION NAME]` format. -- **packerfile-gcp.mk**: Special Packerfile for Google Cloud Compute upload. +- **packerfile-gcp.mk**: Special Packerfile for Google Compute Platform upload. - **packerfile.mk**: Generic Packerfile for local execution. - **vagrantfile.mk**: Contains Vagrantfile definitions for local execution. - **vagrant-provision.sh**: This file is executed for pre-run provisioning with Vagrant and can be customized using the `OPACK_RUNTIME_PROVISION_FILE` option. @@ -143,10 +145,3 @@ In the "src" directory, are located the following files: **skz-opack** is distributed under the [OpenBSD License](https://www.openbsd.org/policy.html). See the [LICENSE](LICENSE) file for more details. -## References - -For more information on the tools used in this project, refer to the following resources: - -- [Packer](https://www.packer.io/) -- [Vagrant](https://www.vagrantup.com/) - diff --git a/examples/cloud/.gitignore b/examples/cloud/.gitignore new file mode 100644 index 0000000..6354e20 --- /dev/null +++ b/examples/cloud/.gitignore @@ -0,0 +1,2 @@ +opack_deploy_* +opack_installer_* diff --git a/examples/cloud/Makefile b/examples/cloud/Makefile new file mode 100644 index 0000000..641267d --- /dev/null +++ b/examples/cloud/Makefile @@ -0,0 +1,11 @@ +OPACK_TARGET=testopack-cloud +OPACK_SYS_HEADLESS=false +OPACK_SYS_DISK_SIZE=10000 +OPACK_SYS_VERSION=snapshots +OPACK_GCE_PROJECT=testopack +OPACK_GCE_JSON_KEY=testopack-d1757c226a45.json +OPACK_GCE_BUCKET=testopack + +include ../../src/opack.mk + +all: opack-cloud diff --git a/Makefile b/examples/shortest/Makefile similarity index 63% rename from Makefile rename to examples/shortest/Makefile index 1f82a30..7fa84b0 100644 --- a/Makefile +++ b/examples/shortest/Makefile @@ -1,3 +1,3 @@ OPACK_TARGET= demo OPACK_SYS_HEADLESS= false -include src/opack.mk +include ../../src/opack.mk diff --git a/src/defines.mk b/src/defines.mk index 6aa23cc..b390782 100644 --- a/src/defines.mk +++ b/src/defines.mk @@ -35,6 +35,39 @@ Location of sets? = done endef +define OPACK_INSTALL_CLOUD_CONTENT = +Choose your keyboard layout = fr +System hostname = $(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET) +Which network interface = vio0 +IPv4 address for vio0 = dhcp +IPv6 address for vio0 = none +Password for root account = $(OPACK_SYS_PASSWORD) +Public ssh key for root account = $(OPACK_SYS_SSH_PUBLIC_KEY) +Allow root ssh login = prohibit-password +Do you expect to run the X Window System = $(OPACK_SYS_XENOCARA) +Setup a user = $(OPACK_SYS_USER) +Password for user $(OPACK_SYS_USER) = $(OPACK_SYS_PASSWORD) +Public ssh key for $(OPACK_SYS_USER) = $(OPACK_SYS_SSH_PUBLIC_KEY) +Allow root ssh login = prohibit-password +What timezone = $(OPACK_SYS_TIMEZONE) +Which disk = sd0 +Use (W)hole disk or (E)dit the MBR = whole +URL to autopartitioning template for disklabel = file:/autodisklabel +Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = A +Location of sets = $(OPACK_SYS_SETS_LOCATION) +HTTP Server = $(OPACK_SYS_SERVER) +Server directory = pub/OpenBSD/$(OPACK_SYS_VERSION)/$(OPACK_SYS_ARCHITECTURE) +Unable to connect using https. Use http instead = yes +Pathname to the sets = $(OPACK_SYS_VERSION_MAJOR).$(OPACK_SYS_VERSION_MINOR)/amd64 +Set name(s) = $(OPACK_SYS_SETS) done +Directory does not contain SHA256.sig. Continue without verification = $(OPACK_NO_SIGCHK) +Signature check of SHA256.sig failed. Continue without verification = no +Cannot determine prefetch area. Continue without verification = yes +Location of sets? = done + +endef + + define OPACK_METADATA_CONTENT = { "name": "$(OPACK_BOX_TAG)", @@ -55,3 +88,53 @@ define OPACK_METADATA_CONTENT = } endef + +define OPACK_TERRAFORM_CONTENT = + +variable "credentials" { default = "../$(OPACK_GCE_JSON_KEY)" } +variable "project" { default = "$(OPACK_GCE_PROJECT)" } +variable "region" { default = "europe-west4" } +variable "zone" { default = "europe-west4-b" } + +provider "google" { + region = "$${var.region}" + credentials = "$${var.credentials}" + project = "$${var.project}" +} + +module "OPENBSD" { + source = "./module" + gce_zone = "$${var.zone}" +} + +endef + +define OPACK_TERRAFORM_MODULE_CONTENT = +variable "servers" {} +variable "gce_zone" {} + +resource "google_compute_instance" "$(OPACK_TARGET)" { + tags = ["skz-opack", "default"] + name = "$(OPACK_TARGET)" + machine_type = "$(OPACK_GCE_MACHINE)" + zone = "$${var.gce_zone}" + boot_disk { + initialize_params { + image = "openbsd" + } + } + network_interface { + network = "default" + access_config { + // Ephemeral IP + } + } + scheduling { + preemptible = false + on_host_maintenance = "MIGRATE" + automatic_restart = true + } +} + +endef + diff --git a/src/opack.mk b/src/opack.mk index 04b9e93..6f7efad 100644 --- a/src/opack.mk +++ b/src/opack.mk @@ -36,7 +36,7 @@ include $(OPACK_DIR)/packerfile-gcp.mk include $(OPACK_DIR)/vagrantfile.mk -$(OPACK_PACKER_HTTP_DIR) $(OPACK_PACKER_DIR) ../$(OPACK_CACHE_DIR): +$(OPACK_PACKER_HTTP_DIR) $(OPACK_PACKER_DIR) ../$(OPACK_CACHE_DIR) $(OPACK_TERRAFORM_DIR) $(OPACK_TERRAFORM_MODULE_DIR): mkdir -p $@ $(OPACK_PACKER_DIR)/vagrant.key: | $(OPACK_PACKER_DIR) @@ -46,36 +46,36 @@ $(OPACK_PACKER_DIR)/opack.json: | $(OPACK_PACKER_DIR) printf '$(subst $(newline),\n,$(OPACK_PACKER_CONTENT))' > $@ $(OPACK_PACKER_DIR)/bucket.json: - printf '{ "name": "$(GCE_BUCKET)", "location": "$(GCE_BUCKET_LOCATION)", "storageClass": "STANDARD", "iamConfiguration": {"uniformBucketLevelAccess": { "enabled": true }, } }' > $@ + if [ -z "$(OPACK_GCE_PROJECT)" ]; then echo "█ Error: OPACK_GCE_PROJECT is empty. Declare it in your Makefile."; echo "▒ To create a GCE project, use this documentation:"; echo "░ https://cloud.google.com/resource-manager/docs/creating-managing-projects"; exit 1; fi + if [ -z "$(OPACK_GCE_JSON_KEY)" ]; then echo "█ Error: OPACK_GCE_JSON_KEY is empty. Declare it in your Makefile."; echo "▒ To create a GCE service account and key, use this documentation:"; echo "░ https://cloud.google.com/iam/docs/service-accounts-create"; echo "░ https://cloud.google.com/iam/docs/keys-create-delete"; exit 1; fi + if [ -z "$(OPACK_GCE_BUCKET)" ]; then echo "█ Error: OPACK_GCE_BUCKET is empty. Declare it in your Makefile"; echo "▒ To create a GCE bucket, use this documentation:"; echo "░ https://cloud.google.com/storage/docs/creating-buckets"; exit 1; fi + printf '{ "name": "$(OPACK_GCE_BUCKET)", "location": "$(OPACK_GCE_BUCKET_LOCATION)", "storageClass": "STANDARD", "iamConfiguration": {"uniformBucketLevelAccess": { "enabled": true }, } }' > $@ $(OPACK_PACKER_DIR)/opack-cloud.json: | $(OPACK_PACKER_DIR) $(OPACK_PACKER_DIR)/bucket.json printf '$(subst $(newline),\n,$(OPACK_PACKER_CLOUD_CONTENT))' > $@ - curl -X POST -s -o /dev/null \ - --data-binary @$(OPACK_PACKER_DIR)/bucket.json \ - -H "Authorization: Bearer $(STORAGE_TOKEN)" \ - -H "Content-Type: application/json" \ - "https://storage.googleapis.com/storage/v1/b?project=$(GCE_PROJECT)" - curl -X DELETE -s -o /dev/null \ - -H "Authorization: Bearer $(IMAGE_TOKEN)" \ - "https://compute.googleapis.com/compute/v1/projects/$(GCE_PROJECT)/global/images/$(OPACK_TARGET)" $(OPACK_PACKER_HTTP_DIR)/install.conf: | $(OPACK_PACKER_HTTP_DIR) printf '$(subst $(newline),\n,$(OPACK_INSTALL_CONTENT))' > $@ +$(OPACK_PACKER_HTTP_DIR)/install-cloud.conf: | $(OPACK_PACKER_HTTP_DIR) + printf '$(subst $(newline),\n,$(OPACK_INSTALL_CLOUD_CONTENT))' > $@ + $(OPACK_PACKER_HTTP_DIR)/autodisklabel: | $(OPACK_PACKER_HTTP_DIR) cp $(OPACK_AUTODISKLABEL_FILE) $@ $(OPACK_PROVISION_FILE): echo you need to write $@ && exit 1 -../id_ed25519: - ssh-keygen -q -t ed25519 -f $@ -N '""' +id_ed25519: + echo "█ Generating $@" + ssh-keygen -q -t ed25519 -f $@ -P "" + $(eval OPACK_SYS_SSH_PUBLIC_KEY=$(shell cat id_ed25519.pub)) $(OPACK_BOX_FILE): | $(OPACK_PACKER_DIR)/opack.json $(OPACK_PACKER_DIR)/vagrant.key $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel ifndef OPACK_DEBUG - $(call spinner,cd $(OPACK_PACKER_DIR) && (CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR) packer build -timestamp-ui opack.json > opack.log && rm -rf $(OPACK_PACKER_DIR)) || echo Error Autoinstalling: check $(OPACK_PACKER_DIR)/opack.log,█ Autoinstalling $(OPACK_BOX_TAG) with Packer) + $(call spinner,cd $(OPACK_PACKER_DIR) && (CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=.$(OPACK_CACHE_DIR) packer build -timestamp-ui opack.json > opack.log && rm -rf $(OPACK_PACKER_DIR)) || echo Error Autoinstalling: check $(OPACK_PACKER_DIR)/opack.log,█ Autoinstalling $(OPACK_BOX_TAG) with Packer) else - cd $(OPACK_PACKER_DIR) && CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR) packer build -timestamp-ui opack.json && rm -rf $(OPACK_PACKER_DIR) + cd $(OPACK_PACKER_DIR) && CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=$(OPACK_CACHE_DIR) packer build -timestamp-ui opack.json && rm -rf $(OPACK_PACKER_DIR) endif $(OPACK_META_FILE): $(OPACK_BOX_FILE) @@ -86,6 +86,26 @@ else vagrant box add -f --name $(OPACK_BOX_TAG) $(OPACK_META_FILE) endif +$(OPACK_PACKER_DIR)/disk.raw.tar.gz: | $(OPACK_PACKER_DIR)/opack-cloud.json id_ed25519 $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install-cloud.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel +# -curl -X POST -s -o /dev/null \ +# --data-binary @$(OPACK_PACKER_DIR)/bucket.json \ +# -H "Authorization: Bearer $(STORAGE_TOKEN)" \ +# -H "Content-Type: application/json" \ +# "https://storage.googleapis.com/storage/v1/b?project=$(OPACK_GCE_PROJECT)" +# -curl -X DELETE -s -o /dev/null \ +# -H "Authorization: Bearer $(IMAGE_TOKEN)" \ +# "https://compute.googleapis.com/compute/v1/projects/$(OPACK_GCE_PROJECT)/global/images/$(OPACK_TARGET)" + (cd $(OPACK_PACKER_DIR) && CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=$(OPACK_CACHE_DIR) packer build -timestamp-ui opack-cloud.json) && rm -rf $(OPACK_PACKER_DIR) + +$(OPACK_TERRAFORM_DIR)/main.tf: $(OPACK_TERRAFORM_DIR) + printf '$(subst $(newline),\n,$(OPACK_TERRAFORM_CONTENT))' > $@ + +$(OPACK_TERRAFORM_MODULE_DIR)/main.tf: $(OPACK_TERRAFORM_MODULE_DIR) + printf '$(subst $(newline),\n,$(OPACK_TERRAFORM_MODULE_CONTENT))' > $@ + +$(OPACK_TERRAFORM_DIR)/terraform.tfstate: | $(OPACK_PACKER_DIR)/disk.raw.tar.gz $(OPACK_TERRAFORM_DIR)/main.tf $(OPACK_TERRAFORM_MODULE_DIR)/main.tf + cd $(OPACK_TERRAFORM_DIR) && terraform init && terraform apply -auto-approve -state=$@ + $(OPACK_VAGRANT_FILE): printf '$(subst $(newline),\n,$(OPACK_VAGRANT_CONTENT))' > $@ @@ -97,20 +117,15 @@ else endif echo "█ skz-opack complete, run 'vagrant ssh' to connect to the machine" -opack-cloud: | $(OPACK_PACKER_DIR)/opack-cloud.json ../id_ed25519 $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel - cd $(OPACK_PACKER_DIR) &&\ - CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR)\ - packer build\ - -timestamp-ui opack-cloud.json | tee -a ../$@ &&\ - rm -rf $(OPACK_PACKER_DIR) +opack-cloud: | $(OPACK_TERRAFORM_DIR)/terraform.tfstate opack-clean: ifndef OPACK_DEBUG - -$(call spinner,vagrant destroy -f >/dev/null; cd terraform_??????? 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf terraform_???????; rm -rf $(OPACK_VAGRANT_FILE) opack_build_$(OPACK_SHORT_REV) *.log ssh-config .vagrant *.json,█ Cleaning up) + -$(call spinner,vagrant destroy -f >/dev/null; cd opack_deploy_$(OPACK_SHORT_REV) 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf opack_deploy_$(OPACK_SHORT_REV); rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant *.json,█ Cleaning up) else -vagrant destroy -f - -cd terraform_??????? 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf terraform_??????? - -rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant *.json + -cd opack_deploy_$(OPACK_SHORT_REV) 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf opack_deploy_$(OPACK_SHORT_REV) + -rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant endif opack-cleancache: diff --git a/src/options.mk b/src/options.mk index 7e2c771..da5003d 100644 --- a/src/options.mk +++ b/src/options.mk @@ -77,7 +77,7 @@ OPACK_NO_SIGCHK?=no OPACK_SYS_HEADLESS?=true # Define the directory for caching -OPACK_CACHE_DIR?=$(OPACK_DIR)cache +OPACK_CACHE_DIR?=$(OPACK_DIR)boxes # Define the path to the Vagrant box file and output info OPACK_BOX_FILE?=$(OPACK_CACHE_DIR)/$(OPACK_TARGET).box @@ -98,7 +98,7 @@ OPACK_BOX_TAG?=opack/$(OPACK_TARGET) OPACK_PACKER_DIR?=opack_installer_$(OPACK_SHORT_REV) # Define the provisioning script for Packer -OPACK_PROVISION_FILE?=$(OPACK_DIR)opack-provision.sh +OPACK_PROVISION_FILE?=$(OPACK_DIR)packer-provision.sh # Define the autodisklabel file OPACK_AUTODISKLABEL_FILE?=$(OPACK_DIR)autodisklabel @@ -109,6 +109,37 @@ OPACK_VAGRANT_FILE=Vagrantfile # Define the runtime provisioning script for Vagrant OPACK_RUNTIME_PROVISION_FILE?=$(OPACK_DIR)vagrant-provision.sh +#OPACK_GCE_JSON_KEY?=skz-mkobsd-92b7a3e770a0.json +#OPACK_GCE_PROJECT?=skz-mkobsd +#OPACK_GCE_BUCKET?=$(GCE_PROJECT) + +# OPACK_GCE_PROJECT: The Google Cloud project name where the VM will be created. +OPACK_GCE_PROJECT?= + +# OPACK_GCE_JSON_KEY: The filename of the Google Cloud service account JSON key. +OPACK_GCE_JSON_KEY?= + +# OPACK_GCE_BUCKET: The Google Cloud Storage bucket name, typically associated with the project, for the image import. +OPACK_GCE_BUCKET?=$(OPACK_GCE_PROJECT) + +# Define the machine type for the VM +OPACK_GCE_MACHINE?=e2-micro + +# The SSH key to use to connect to the cloud VM +OPACK_SYS_SSH_PRIVATE_KEY=id_ed25519 +OPACK_SYS_SSH_PUBLIC_KEY=$(shell cat $(OPACK_SYS_SSH_PRIVATE_KEY).pub) + +# Define the directory for Terraform deployment +OPACK_TERRAFORM_DIR?=opack_deploy_$(OPACK_SHORT_REV) + +# Terraform module dir +OPACK_TERRAFORM_MODULE_DIR?=$(OPACK_TERRAFORM_DIR)/module + +OPACK_TERRAFORM_DNS_ZONE=sk4-nz-zone +OPACK_TERRAFORM_DNS_NAME=sk4.nz. + + + ifdef OPACK_DEBUG $(info ░ BOX $(OPACK_BOX_FILE)) $(info ▒ HOSTNAME $(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)) diff --git a/src/opack-provision.sh b/src/packer-provision.sh similarity index 80% rename from src/opack-provision.sh rename to src/packer-provision.sh index 949357a..2fec230 100644 --- a/src/opack-provision.sh +++ b/src/packer-provision.sh @@ -7,6 +7,8 @@ set +x sysctl -n kern.version printf 'permit nopass :wheel\n' > /etc/doas.conf pkg_add -u 2> /dev/null || pkg_add -u -D snap 2> /dev/null + while(pgrep -f reorder_kernel > /dev/null) do echo Waiting for reorder_kernel to finish...; sleep 10; done + syspatch || (echo "Continuing"; true) rm -f /etc/ssh/ssh_host* find /var/log -type f | while read f; do echo -ne '' > $f; done find /tmp -type f | while read f; do echo -ne '' > $f; done diff --git a/src/packerfile-gcp.mk b/src/packerfile-gcp.mk index ceedbd4..114894f 100644 --- a/src/packerfile-gcp.mk +++ b/src/packerfile-gcp.mk @@ -6,8 +6,8 @@ define OPACK_PACKER_CLOUD_CONTENT = "disk_size": "$(OPACK_SYS_DISK_SIZE)", "memory": "$(OPACK_SYS_MEMORY)", "cpus": "$(OPACK_SYS_CPU)", - "gcloud_account_json": "../../$(GCE_JSON_KEY)", - "gcloud_project_id": "$(GCE_PROJECT)", + "gcloud_account_json": "../$(OPACK_GCE_JSON_KEY)", + "gcloud_project_id": "$(OPACK_GCE_PROJECT)", "version": "$(OPACK_BOX_VERSION)" }, "builders": [ { "type": "qemu", @@ -26,7 +26,7 @@ define OPACK_PACKER_CLOUD_CONTENT = "net_device": "virtio-net", "communicator": "ssh", "ssh_username": "root", - "ssh_private_key_file": "$(OPACK_SYS_SSH_PRIVATE_KEY)", + "ssh_private_key_file": "../$(OPACK_SYS_SSH_PRIVATE_KEY)", "ssh_wait_timeout": "60m", "shutdown_command": "shutdown -p now", "boot_wait": "30s", @@ -35,30 +35,25 @@ define OPACK_PACKER_CLOUD_CONTENT = "# $(OPACK_COMMIT) ", "ifconfig vio0 inet autoconf & ", "sleep 1 && ", - "wait && " - "ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install.conf && ", + "wait && ", + "ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install-cloud.conf && ", "ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/autodisklabel && ", - "install -af install.conf && ", + "install -af install-cloud.conf && ", "echo permit nopass :wheel > /mnt/etc/doas.conf && ", "echo inet autoconf > /mnt/etc/hostname.vio0 && ", - "echo PubkeyAcceptedAlgorithms +ssh-rsa >> /mnt/etc/ssh/sshd_config && ", + "echo PubkeyAcceptedAlgorithms +ssh-rsa,ssh-ed25519 >> /mnt/etc/ssh/sshd_config && ", + "echo 'set tty com0' >> /mnt/etc/boot.conf &&", "reboot" ] } ], "provisioners": [ - { - "type": "file", - "source": "$(PROTECME_TOP_DIR)/src", - "destination": "/root/magma" - }, - { - "type": "file", - "source": "$(PROTECME_SPEC_DIR)/openbsd", - "destination": "/var/spec2006src" - }, { "type": "shell", "scripts": ["$(OPACK_PROVISION_FILE)"] - } + }, + { + "type": "shell", + "inline": ["cp /root/.ssh/authorized_keys /home/opack/.ssh/authorized_keys; chown opack /home/opack/.ssh/authorized_keys"] + } ], "post-processors": [ [ { "name": "Compress", @@ -66,11 +61,11 @@ define OPACK_PACKER_CLOUD_CONTENT = "compression_level": 9, "output": "disk.raw.tar.gz" }, - { "name": "GCP Import", + { "name": "Image import", "type": "googlecompute-import", "project_id": "{{user `gcloud_project_id`}}", "account_file": "{{user `gcloud_account_json`}}", - "bucket": "$(GCE_BUCKET)", + "bucket": "$(OPACK_GCE_BUCKET)", "image_name": "$(OPACK_TARGET)", "image_description": "$(OPACK_COMMIT)", "image_family": "openbsd", diff --git a/src/packerfile.mk b/src/packerfile.mk index 9531a1e..6d3ea46 100644 --- a/src/packerfile.mk +++ b/src/packerfile.mk @@ -45,6 +45,10 @@ define OPACK_PACKER_CONTENT = { "type": "shell", "scripts": ["$(OPACK_PROVISION_FILE)"] + }, + { + "type": "shell", + "inline": ["cp /root/.ssh/authorized_keys /home/opack/.ssh/authorized_keys; chown opack /home/opack/.ssh/authorized_keys"] } ], "post-processors": [ [