opack cloud ?

.gitignore

@@ -1,2 +1,5 @@
-src/cache/
+src/boxes/
-.vagrant
+examples/*/.vagrant
+examples/cloud/id_ed25519
+examples/cloud/id_ed25519.pub
+examples/cloud/*.json

README.md

@@ -9,7 +9,6 @@
        ░  ░  ░     ░ ░             ░ ░                 ░  ░░ ░      ░  ░
                  ░                                         ░
 ```
------
 *Samuel 'sk4nz' AUBERTIN*
 
 **skz-opack** is an automated [OpenBSD](https://www.openbsd.org) bootstrapper.
@@ -27,8 +26,9 @@ To get started with **skz-opack**, follow these steps:
 2. Ensure you have the following dependencies installed:
     - [GNU Make](https://www.gnu.org/software/make/)
     - [libvirt](https://libvirt.org/)
-    - [Vagrant](https://www.vagrantup.com/)
+    - [Vagrant](https://developer.hashicorp.com/vagrant/downloads)
     - [Vagrant-Libvirt module](https://github.com/vagrant-libvirt/vagrant-libvirt)
+    - [Terraform](https://developer.hashicorp.com/terraform/downloads) (for `opack-cloud`)
 
 3. Use the project by including `path/to/skz-opack/src/opack.mk` and invoking the `opack` target in your Makefile to create a local OpenBSD virtual machine with Packer and Vagrant. Use the 'opack-cloud' target to run the same virtual machine in GCP with Terraform.
 
@@ -41,7 +41,7 @@ To get started with **skz-opack**, follow these steps:
 
 ## Overridable default options
 
-Every default option ending with an `?` in "src/options.mk" can be overrided in the invoking Makefile. Here is an short list of theses:
+Every default option ending with an `?` in "src/options.mk" can be overrided in the invoking Makefile. Here is an short excerpt of theses:
 
 - `OPACK_SYS_HOSTNAME`: VM hostname
 - `OPACK_SYS_USER`: username to create
@@ -65,7 +65,9 @@ Every default option ending with an `?` in "src/options.mk" can be overrided in
 - `OPACK_AUTODISKLABEL_FILE`: OpenBSD partitioning scheme for installation
 - `OPACK_PROVISION_FILE`: Script executed after installation
 - `OPACK_RUNTIME_PROVISION_FILE`: Script executed after VM creation
-
+- `OPACK_GCE_PROJECT`: The Google Cloud project name where the VM will be created
+- `OPACK_GCE_JSON_KEY`: The filename of the Google Cloud service account JSON key
+- `OPACK_GCE_BUCKET`: The Google Cloud Storage bucket name to use for the image import
 
 ## Examples 
 
@@ -74,8 +76,8 @@ Every default option ending with an `?` in "src/options.mk" can be overrided in
 Here is the shortest Makefile that can be used to leverage skz-opack:
 
 ```make
-OPACK_TARGET=   demo # the VM name
+OPACK_TARGET=       demo
-include path/to/src/opack.mk # mandatory
+include path/to/src/opack.mk
 ```
 
 After invokation with `make opack`, it will download, install, and run the latest OpenBSD release in a local VM with the default options.
@@ -108,7 +110,7 @@ Making "opack" a dependency target of "all" will ensure **skz-opack** operates b
 
 Once the "opack" target dependency is finished, the VM is running and the system kernel version is outputted. This example showcases how to customize and run **skz-opack** for your specific needs. 
 
-### GCP example
+### GCE example
 
 TODO
 
@@ -132,9 +134,9 @@ In the "src" directory, are located the following files:
 - **autodisklabel**: This file provides the partitioning layout for the installer and can be customized by using the `OPACK_AUTODISKLABEL_FILE` option. 
 - **defines.mk**: Contains internal skz-opack definitions for Packer and Vagrant.
 - **opack.mk**: To use skz-opack in your projects, simply include this file in your Makefiles.
-- **opack-provision.sh**: This file is executed for post-installation provisioning with Packer and can be customized using the `OPACK_PROVISION_FILE` option.
+- **packer-provision.sh**: This file is executed for post-installation provisioning with Packer and can be customized using the `OPACK_PROVISION_FILE` option.
 - **options.mk**: This file is where all skz-opack options are declared. Options are always in the `OPACK_[OPTION NAME]` format.
-- **packerfile-gcp.mk**: Special Packerfile for Google Cloud Compute upload.
+- **packerfile-gcp.mk**: Special Packerfile for Google Compute Platform upload.
 - **packerfile.mk**: Generic Packerfile for local execution.
 - **vagrantfile.mk**: Contains Vagrantfile definitions for local execution.
 - **vagrant-provision.sh**: This file is executed for pre-run provisioning with Vagrant and can be customized using the `OPACK_RUNTIME_PROVISION_FILE` option.
@@ -143,10 +145,3 @@ In the "src" directory, are located the following files:
 
 **skz-opack** is distributed under the [OpenBSD License](https://www.openbsd.org/policy.html). See the [LICENSE](LICENSE) file for more details.
 
-## References
-
-For more information on the tools used in this project, refer to the following resources:
-
-- [Packer](https://www.packer.io/)
-- [Vagrant](https://www.vagrantup.com/)
-

examples/cloud/.gitignore

@@ -0,0 +1,2 @@
+opack_deploy_*
+opack_installer_*

examples/cloud/Makefile

@@ -0,0 +1,11 @@
+OPACK_TARGET=testopack-cloud
+OPACK_SYS_HEADLESS=false
+OPACK_SYS_DISK_SIZE=10000
+OPACK_SYS_VERSION=snapshots
+OPACK_GCE_PROJECT=testopack
+OPACK_GCE_JSON_KEY=testopack-d1757c226a45.json
+OPACK_GCE_BUCKET=testopack
+
+include ../../src/opack.mk 
+
+all: opack-cloud

examples/shortest/Makefile

@@ -1,3 +1,3 @@
 OPACK_TARGET=		demo
 OPACK_SYS_HEADLESS=	false
-include src/opack.mk
+include ../../src/opack.mk

src/defines.mk

@@ -35,6 +35,39 @@ Location of sets? = done
 
 endef
 
+define OPACK_INSTALL_CLOUD_CONTENT =
+Choose your keyboard layout = fr
+System hostname = $(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET)
+Which network interface = vio0
+IPv4 address for vio0 = dhcp
+IPv6 address for vio0 = none
+Password for root account = $(OPACK_SYS_PASSWORD)
+Public ssh key for root account = $(OPACK_SYS_SSH_PUBLIC_KEY)
+Allow root ssh login = prohibit-password
+Do you expect to run the X Window System = $(OPACK_SYS_XENOCARA)
+Setup a user = $(OPACK_SYS_USER)
+Password for user $(OPACK_SYS_USER) = $(OPACK_SYS_PASSWORD)
+Public ssh key for $(OPACK_SYS_USER) = $(OPACK_SYS_SSH_PUBLIC_KEY)
+Allow root ssh login = prohibit-password
+What timezone = $(OPACK_SYS_TIMEZONE)
+Which disk = sd0
+Use (W)hole disk or (E)dit the MBR = whole
+URL to autopartitioning template for disklabel = file:/autodisklabel
+Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = A
+Location of sets = $(OPACK_SYS_SETS_LOCATION)
+HTTP Server = $(OPACK_SYS_SERVER)
+Server directory = pub/OpenBSD/$(OPACK_SYS_VERSION)/$(OPACK_SYS_ARCHITECTURE)
+Unable to connect using https. Use http instead = yes
+Pathname to the sets = $(OPACK_SYS_VERSION_MAJOR).$(OPACK_SYS_VERSION_MINOR)/amd64
+Set name(s) = $(OPACK_SYS_SETS) done
+Directory does not contain SHA256.sig. Continue without verification = $(OPACK_NO_SIGCHK)
+Signature check of SHA256.sig failed. Continue without verification = no
+Cannot determine prefetch area. Continue without verification = yes
+Location of sets? = done
+
+endef
+
+
 define OPACK_METADATA_CONTENT =
 {
   "name": "$(OPACK_BOX_TAG)",
@@ -55,3 +88,53 @@ define OPACK_METADATA_CONTENT =
 }
 
 endef
+
+define OPACK_TERRAFORM_CONTENT =
+
+variable "credentials"		{ default = "../$(OPACK_GCE_JSON_KEY)" } 
+variable "project"		{ default = "$(OPACK_GCE_PROJECT)" } 
+variable "region"		{ default = "europe-west4" }
+variable "zone"			{ default = "europe-west4-b" }
+
+provider "google" {
+  region      = "$${var.region}"
+  credentials = "$${var.credentials}"
+  project     = "$${var.project}"
+}
+
+module "OPENBSD" {
+   source       = "./module"
+   gce_zone     = "$${var.zone}"
+}
+
+endef
+
+define OPACK_TERRAFORM_MODULE_CONTENT =
+variable "servers" {}
+variable "gce_zone" {}
+
+resource "google_compute_instance" "$(OPACK_TARGET)" {
+    tags = ["skz-opack", "default"]
+    name = "$(OPACK_TARGET)"
+    machine_type = "$(OPACK_GCE_MACHINE)"
+    zone = "$${var.gce_zone}"
+    boot_disk {
+      initialize_params {
+        image = "openbsd" 
+      }
+    }
+    network_interface {
+        network = "default"
+        access_config {
+            // Ephemeral IP
+        }
+    }
+    scheduling {
+        preemptible = false
+        on_host_maintenance = "MIGRATE"
+        automatic_restart = true
+    }
+}
+
+endef
+

src/opack.mk

@@ -36,7 +36,7 @@ include $(OPACK_DIR)/packerfile-gcp.mk
 include $(OPACK_DIR)/vagrantfile.mk
 
 
-$(OPACK_PACKER_HTTP_DIR) $(OPACK_PACKER_DIR) ../$(OPACK_CACHE_DIR): 
+$(OPACK_PACKER_HTTP_DIR) $(OPACK_PACKER_DIR) ../$(OPACK_CACHE_DIR) $(OPACK_TERRAFORM_DIR) $(OPACK_TERRAFORM_MODULE_DIR): 
 	mkdir -p $@
 
 $(OPACK_PACKER_DIR)/vagrant.key: | $(OPACK_PACKER_DIR)
@@ -46,36 +46,36 @@ $(OPACK_PACKER_DIR)/opack.json: | $(OPACK_PACKER_DIR)
 	printf '$(subst $(newline),\n,$(OPACK_PACKER_CONTENT))' > $@
 
 $(OPACK_PACKER_DIR)/bucket.json:
-	printf '{ "name": "$(GCE_BUCKET)", "location": "$(GCE_BUCKET_LOCATION)", "storageClass": "STANDARD", "iamConfiguration": {"uniformBucketLevelAccess": { "enabled": true }, } }' > $@
+	if [ -z "$(OPACK_GCE_PROJECT)" ]; then echo "█ Error: OPACK_GCE_PROJECT is empty. Declare it in your Makefile."; echo "▒ To create a GCE project, use this documentation:"; echo "░ https://cloud.google.com/resource-manager/docs/creating-managing-projects"; exit 1; fi
+	if [ -z "$(OPACK_GCE_JSON_KEY)" ]; then echo "█ Error: OPACK_GCE_JSON_KEY is empty. Declare it in your Makefile."; echo "▒ To create a GCE service account and key, use this documentation:"; echo "░ https://cloud.google.com/iam/docs/service-accounts-create"; echo "░ https://cloud.google.com/iam/docs/keys-create-delete"; exit 1; fi
+	if [ -z "$(OPACK_GCE_BUCKET)" ]; then echo "█ Error: OPACK_GCE_BUCKET is empty. Declare it in your Makefile"; echo "▒ To create a GCE bucket, use this documentation:"; echo "░ https://cloud.google.com/storage/docs/creating-buckets"; exit 1; fi
+	printf '{ "name": "$(OPACK_GCE_BUCKET)", "location": "$(OPACK_GCE_BUCKET_LOCATION)", "storageClass": "STANDARD", "iamConfiguration": {"uniformBucketLevelAccess": { "enabled": true }, } }' > $@
 
 $(OPACK_PACKER_DIR)/opack-cloud.json: | $(OPACK_PACKER_DIR) $(OPACK_PACKER_DIR)/bucket.json
 	printf '$(subst $(newline),\n,$(OPACK_PACKER_CLOUD_CONTENT))' > $@
-	curl -X POST -s -o /dev/null \
-		--data-binary @$(OPACK_PACKER_DIR)/bucket.json \
-		-H "Authorization: Bearer $(STORAGE_TOKEN)" \
-		-H "Content-Type: application/json" \
-		"https://storage.googleapis.com/storage/v1/b?project=$(GCE_PROJECT)"
-	curl -X DELETE -s -o /dev/null \
-		-H "Authorization: Bearer $(IMAGE_TOKEN)" \
-		"https://compute.googleapis.com/compute/v1/projects/$(GCE_PROJECT)/global/images/$(OPACK_TARGET)"
 
 $(OPACK_PACKER_HTTP_DIR)/install.conf: | $(OPACK_PACKER_HTTP_DIR)
 	printf '$(subst $(newline),\n,$(OPACK_INSTALL_CONTENT))' > $@
 
+$(OPACK_PACKER_HTTP_DIR)/install-cloud.conf: | $(OPACK_PACKER_HTTP_DIR)
+	printf '$(subst $(newline),\n,$(OPACK_INSTALL_CLOUD_CONTENT))' > $@
+
 $(OPACK_PACKER_HTTP_DIR)/autodisklabel: | $(OPACK_PACKER_HTTP_DIR)
 	cp $(OPACK_AUTODISKLABEL_FILE) $@
 
 $(OPACK_PROVISION_FILE):
 	echo you need to write $@ && exit 1
 
-../id_ed25519:
+id_ed25519:
-	ssh-keygen -q -t ed25519 -f $@ -N '""'
+	echo "█ Generating $@"
+	ssh-keygen -q -t ed25519 -f $@ -P ""
+	$(eval OPACK_SYS_SSH_PUBLIC_KEY=$(shell cat id_ed25519.pub))
 
 $(OPACK_BOX_FILE): | $(OPACK_PACKER_DIR)/opack.json $(OPACK_PACKER_DIR)/vagrant.key $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
 ifndef OPACK_DEBUG
-	$(call spinner,cd $(OPACK_PACKER_DIR) && (CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR) packer build -timestamp-ui opack.json > opack.log && rm -rf $(OPACK_PACKER_DIR)) || echo Error Autoinstalling: check $(OPACK_PACKER_DIR)/opack.log,█ Autoinstalling $(OPACK_BOX_TAG) with Packer)
+	$(call spinner,cd $(OPACK_PACKER_DIR) && (CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=.$(OPACK_CACHE_DIR) packer build -timestamp-ui opack.json > opack.log && rm -rf $(OPACK_PACKER_DIR)) || echo Error Autoinstalling: check $(OPACK_PACKER_DIR)/opack.log,█ Autoinstalling $(OPACK_BOX_TAG) with Packer)
 else
-	cd $(OPACK_PACKER_DIR) && CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR) packer build -timestamp-ui opack.json && rm -rf $(OPACK_PACKER_DIR)
+	cd $(OPACK_PACKER_DIR) && CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=$(OPACK_CACHE_DIR) packer build -timestamp-ui opack.json && rm -rf $(OPACK_PACKER_DIR)
 endif
 
 $(OPACK_META_FILE): $(OPACK_BOX_FILE)
@@ -86,6 +86,26 @@ else
 	vagrant box add -f --name $(OPACK_BOX_TAG) $(OPACK_META_FILE)
 endif
 
+$(OPACK_PACKER_DIR)/disk.raw.tar.gz: | $(OPACK_PACKER_DIR)/opack-cloud.json id_ed25519 $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install-cloud.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel 
+#	-curl -X POST -s -o /dev/null \
+#		--data-binary @$(OPACK_PACKER_DIR)/bucket.json \
+#		-H "Authorization: Bearer $(STORAGE_TOKEN)" \
+#		-H "Content-Type: application/json" \
+#		"https://storage.googleapis.com/storage/v1/b?project=$(OPACK_GCE_PROJECT)"
+#	-curl -X DELETE -s -o /dev/null \
+#		-H "Authorization: Bearer $(IMAGE_TOKEN)" \
+#		"https://compute.googleapis.com/compute/v1/projects/$(OPACK_GCE_PROJECT)/global/images/$(OPACK_TARGET)"
+	(cd $(OPACK_PACKER_DIR) && CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=$(OPACK_CACHE_DIR) packer build -timestamp-ui opack-cloud.json) && rm -rf $(OPACK_PACKER_DIR)
+
+$(OPACK_TERRAFORM_DIR)/main.tf: $(OPACK_TERRAFORM_DIR)
+	printf '$(subst $(newline),\n,$(OPACK_TERRAFORM_CONTENT))' > $@
+
+$(OPACK_TERRAFORM_MODULE_DIR)/main.tf: $(OPACK_TERRAFORM_MODULE_DIR)
+	printf '$(subst $(newline),\n,$(OPACK_TERRAFORM_MODULE_CONTENT))' > $@
+
+$(OPACK_TERRAFORM_DIR)/terraform.tfstate: | $(OPACK_PACKER_DIR)/disk.raw.tar.gz $(OPACK_TERRAFORM_DIR)/main.tf $(OPACK_TERRAFORM_MODULE_DIR)/main.tf
+	cd $(OPACK_TERRAFORM_DIR) && terraform init && terraform apply -auto-approve -state=$@
+
 $(OPACK_VAGRANT_FILE):
 	printf '$(subst $(newline),\n,$(OPACK_VAGRANT_CONTENT))' > $@
 
@@ -97,20 +117,15 @@ else
 endif
 	echo "█ skz-opack complete, run 'vagrant ssh' to connect to the machine"
 
-opack-cloud: | $(OPACK_PACKER_DIR)/opack-cloud.json ../id_ed25519 $(OPACK_PROVISION_FILE) $(OPACK_PACKER_HTTP_DIR)/install.conf $(OPACK_PACKER_HTTP_DIR)/autodisklabel
+opack-cloud: | $(OPACK_TERRAFORM_DIR)/terraform.tfstate
-	cd $(OPACK_PACKER_DIR) &&\
-		CHECKPOINT_DISABLE=1 PACKER_CACHE_DIR=../../$(OPACK_CACHE_DIR)\
-		packer build\
-		-timestamp-ui opack-cloud.json | tee -a ../$@ &&\
-		rm -rf $(OPACK_PACKER_DIR)
 
 opack-clean: 
 ifndef OPACK_DEBUG
-	-$(call spinner,vagrant destroy -f >/dev/null; cd terraform_??????? 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf terraform_???????; rm -rf $(OPACK_VAGRANT_FILE) opack_build_$(OPACK_SHORT_REV) *.log ssh-config .vagrant *.json,█ Cleaning up)
+	-$(call spinner,vagrant destroy -f >/dev/null; cd opack_deploy_$(OPACK_SHORT_REV) 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf opack_deploy_$(OPACK_SHORT_REV); rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant *.json,█ Cleaning up)
 else
 	-vagrant destroy -f
-	-cd terraform_??????? 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf terraform_???????
+	-cd opack_deploy_$(OPACK_SHORT_REV) 2>/dev/null && terraform destroy -auto-approve && cd .. && rm -rf opack_deploy_$(OPACK_SHORT_REV)
-	-rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant *.json
+	-rm -rf $(OPACK_VAGRANT_FILE) opack_installer_$(OPACK_SHORT_REV) *.log ssh-config .vagrant
 endif
 
 opack-cleancache:

src/options.mk

@@ -77,7 +77,7 @@ OPACK_NO_SIGCHK?=no
 OPACK_SYS_HEADLESS?=true
 
 # Define the directory for caching
-OPACK_CACHE_DIR?=$(OPACK_DIR)cache
+OPACK_CACHE_DIR?=$(OPACK_DIR)boxes
 
 # Define the path to the Vagrant box file and output info
 OPACK_BOX_FILE?=$(OPACK_CACHE_DIR)/$(OPACK_TARGET).box
@@ -98,7 +98,7 @@ OPACK_BOX_TAG?=opack/$(OPACK_TARGET)
 OPACK_PACKER_DIR?=opack_installer_$(OPACK_SHORT_REV)
 
 # Define the provisioning script for Packer
-OPACK_PROVISION_FILE?=$(OPACK_DIR)opack-provision.sh
+OPACK_PROVISION_FILE?=$(OPACK_DIR)packer-provision.sh
 
 # Define the autodisklabel file
 OPACK_AUTODISKLABEL_FILE?=$(OPACK_DIR)autodisklabel
@@ -109,6 +109,37 @@ OPACK_VAGRANT_FILE=Vagrantfile
 # Define the runtime provisioning script for Vagrant
 OPACK_RUNTIME_PROVISION_FILE?=$(OPACK_DIR)vagrant-provision.sh
 
+#OPACK_GCE_JSON_KEY?=skz-mkobsd-92b7a3e770a0.json
+#OPACK_GCE_PROJECT?=skz-mkobsd
+#OPACK_GCE_BUCKET?=$(GCE_PROJECT)
+
+# OPACK_GCE_PROJECT: The Google Cloud project name where the VM will be created.
+OPACK_GCE_PROJECT?=
+
+# OPACK_GCE_JSON_KEY: The filename of the Google Cloud service account JSON key.
+OPACK_GCE_JSON_KEY?=
+
+# OPACK_GCE_BUCKET: The Google Cloud Storage bucket name, typically associated with the project, for the image import.
+OPACK_GCE_BUCKET?=$(OPACK_GCE_PROJECT)
+
+# Define the machine type for the VM 
+OPACK_GCE_MACHINE?=e2-micro
+
+# The SSH key to use to connect to the cloud VM
+OPACK_SYS_SSH_PRIVATE_KEY=id_ed25519
+OPACK_SYS_SSH_PUBLIC_KEY=$(shell cat $(OPACK_SYS_SSH_PRIVATE_KEY).pub)
+
+# Define the directory for Terraform deployment
+OPACK_TERRAFORM_DIR?=opack_deploy_$(OPACK_SHORT_REV)
+
+# Terraform module dir
+OPACK_TERRAFORM_MODULE_DIR?=$(OPACK_TERRAFORM_DIR)/module
+
+OPACK_TERRAFORM_DNS_ZONE=sk4-nz-zone
+OPACK_TERRAFORM_DNS_NAME=sk4.nz.
+
+
+
 ifdef OPACK_DEBUG
 $(info ░ BOX        $(OPACK_BOX_FILE))
 $(info ▒ HOSTNAME   $(OPACK_SYS_HOSTNAME)-$(OPACK_TARGET))

src/packer-provision.sh

@@ -7,6 +7,8 @@ set +x
         sysctl -n kern.version
         printf 'permit nopass :wheel\n' > /etc/doas.conf
 	pkg_add -u 2> /dev/null || pkg_add -u -D snap 2> /dev/null
+	while(pgrep -f reorder_kernel > /dev/null) do echo Waiting for reorder_kernel to finish...; sleep 10; done
+	syspatch || (echo "Continuing"; true)
 	rm -f /etc/ssh/ssh_host*
         find /var/log -type f | while read f; do echo -ne '' > $f; done
         find /tmp -type f | while read f; do echo -ne '' > $f; done

src/packerfile-gcp.mk

@@ -6,8 +6,8 @@ define OPACK_PACKER_CLOUD_CONTENT =
 			"disk_size": "$(OPACK_SYS_DISK_SIZE)",
 			"memory": "$(OPACK_SYS_MEMORY)",
 			"cpus": "$(OPACK_SYS_CPU)",
-			"gcloud_account_json": "../../$(GCE_JSON_KEY)",
+			"gcloud_account_json": "../$(OPACK_GCE_JSON_KEY)",
-			"gcloud_project_id": "$(GCE_PROJECT)",
+			"gcloud_project_id": "$(OPACK_GCE_PROJECT)",
 			"version": "$(OPACK_BOX_VERSION)" },
 		"builders": [ {
 			"type": "qemu",
@@ -26,7 +26,7 @@ define OPACK_PACKER_CLOUD_CONTENT =
 			"net_device": "virtio-net",
 			"communicator": "ssh",
 			"ssh_username": "root",
-			"ssh_private_key_file": "$(OPACK_SYS_SSH_PRIVATE_KEY)",
+			"ssh_private_key_file": "../$(OPACK_SYS_SSH_PRIVATE_KEY)",
 			"ssh_wait_timeout": "60m",
 			"shutdown_command": "shutdown -p now",
 			"boot_wait": "30s",
@@ -35,30 +35,25 @@ define OPACK_PACKER_CLOUD_CONTENT =
 				"# $(OPACK_COMMIT) <enter>",
 				"ifconfig vio0 inet autoconf & ",
 				"sleep 1 && ",
-				"wait && "
+				"wait && ",
-				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install.conf && ",
+				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/install-cloud.conf && ",
 				"ftp http://{{ .HTTPIP }}:{{ .HTTPPort }}/autodisklabel && ",
-				"install -af install.conf && ",
+				"install -af install-cloud.conf && ",
 				"echo permit nopass :wheel > /mnt/etc/doas.conf && ",
 				"echo inet autoconf > /mnt/etc/hostname.vio0 && ",
-				"echo PubkeyAcceptedAlgorithms +ssh-rsa >> /mnt/etc/ssh/sshd_config && ",
+				"echo PubkeyAcceptedAlgorithms +ssh-rsa,ssh-ed25519 >> /mnt/etc/ssh/sshd_config && ",
+				"echo 'set tty com0' >> /mnt/etc/boot.conf &&",
 				"reboot<enter>" ]
 		} ],
 		"provisioners": [ 
-			{
-				"type": "file",
-				"source": "$(PROTECME_TOP_DIR)/src",
-				"destination": "/root/magma"
-			},
-			{
-				"type": "file",
-				"source": "$(PROTECME_SPEC_DIR)/openbsd",
-				"destination": "/var/spec2006src"
-			},
 			{
 				"type": "shell",
 				"scripts": ["$(OPACK_PROVISION_FILE)"]
-    			}
+    			},
+	                {
+                        "type": "shell",
+                        "inline": ["cp /root/.ssh/authorized_keys /home/opack/.ssh/authorized_keys; chown opack /home/opack/.ssh/authorized_keys"]
+	                }
 		],
 		"post-processors": [ [
 				{	"name": "Compress",
@@ -66,11 +61,11 @@ define OPACK_PACKER_CLOUD_CONTENT =
 					"compression_level": 9,
 					"output": "disk.raw.tar.gz"
 				},
-				{	"name": "GCP Import",
+				{	"name": "Image import",
 					"type": "googlecompute-import",
 					"project_id": "{{user `gcloud_project_id`}}",
 					"account_file": "{{user `gcloud_account_json`}}",
-					"bucket": "$(GCE_BUCKET)",
+					"bucket": "$(OPACK_GCE_BUCKET)",
 					"image_name": "$(OPACK_TARGET)",
 					"image_description": "$(OPACK_COMMIT)",
 					"image_family": "openbsd",

src/packerfile.mk

@@ -45,6 +45,10 @@ define OPACK_PACKER_CONTENT =
 		{
 			"type": "shell",
 			"scripts": ["$(OPACK_PROVISION_FILE)"]
+    		},
+		{
+			"type": "shell",
+			"inline": ["cp /root/.ssh/authorized_keys /home/opack/.ssh/authorized_keys; chown opack /home/opack/.ssh/authorized_keys"]
     		}
 		],
 		"post-processors": [ [