Added packer templates and infra

.github/workflows/pre-commit.yml

@@ -0,0 +1,27 @@
+name: pre-commit
+
+on:
+  push:
+  workflow_dispatch:
+
+env:
+  PACKER_VERSION: "1.9.2"
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup `packer`
+        uses: hashicorp/setup-packer@main
+        id: setup
+        with:
+          version: ${{ env.PACKER_VERSION }}
+
+      - name: Setup `Python3`
+        uses: actions/setup-python@v3
+
+      - name: Setup `pre-commit`
+        uses: pre-commit/actions@v3.0.0

.pre-commit-config.yaml

@@ -0,0 +1,13 @@
+repos:
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v4.4.0
+  hooks:
+  - id: trailing-whitespace
+  - id: end-of-file-fixer
+  - id: check-yaml
+  - id: check-shebang-scripts-are-executable
+- repo: git@github.com:exdial/pre-commit-hooks.git
+  rev: e3433e140adaa767ddf14f1abfa9066a7ec6fae7
+  hooks:
+  - id: packer-validate
+  - id: packer-fmt

20-04-focal.pkr.hcl

@@ -0,0 +1,143 @@
+packer {
+  required_version = ">= 1.9.0"
+
+  required_plugins {
+    virtualbox = {
+      version = ">= 1.0.0"
+      source  = "github.com/hashicorp/virtualbox"
+    }
+    vagrant = {
+      version = ">= 1.0.0"
+      source  = "github.com/hashicorp/vagrant"
+    }
+  }
+}
+
+variable "iso_url" {
+  type    = string
+  default = "https://releases.ubuntu.com/20.04.6/ubuntu-20.04.6-live-server-amd64.iso"
+}
+
+variable "iso_checksum" {
+  type    = string
+  default = "file:http://releases.ubuntu.com/20.04/SHA256SUMS"
+}
+
+variable "vm_name" {
+  type    = string
+  default = "focal"
+}
+
+variable "ssh_username" {
+  type    = string
+  default = "vagrant"
+}
+
+variable "ssh_password" {
+  type    = string
+  default = "vagrant"
+}
+
+variable "ssh_password_sha256" {
+  type = string
+  # First create a salt `openssl rand -base64 9`. Then create a password
+  # using the salt `mkpasswd -m sha-512 vagrant -S <output of openssl>`.
+  # Encrypted password here is vagrant.
+  default = "$6$ihLAVm9evpqz$tqwrwpxQ89UdQtIOdBohtHU/2xrQJ4RgPLpDUXtGc1AGi42U1TFqB2oupVOSdnfXvMPREVb1uL/E0lr37MQ840"
+}
+
+variable "ssh_forwarded_port" {
+  type    = string
+  default = "22222"
+}
+
+# Cloud-init will try to find "user-data" and "meta-data" files
+# right after the root location "/", so it is extremely important to use
+# the following datasource format: http://{{ .HTTPIP }}:{{ .HTTPPort }}/
+# Otherwise, cloud-init ignores "user-data" file and will use its own
+# fallback datasource.
+source "virtualbox-iso" "ubuntu" {
+  vm_name       = var.vm_name
+  guest_os_type = "Ubuntu_64"
+  headless      = true
+
+  iso_url      = var.iso_url
+  iso_checksum = var.iso_checksum
+
+  ssh_username           = var.ssh_username
+  ssh_password           = var.ssh_password
+  ssh_port               = 22
+  ssh_timeout            = "20m"
+  ssh_handshake_attempts = "40"
+  host_port_min          = var.ssh_forwarded_port
+  host_port_max          = var.ssh_forwarded_port
+
+  cpus      = "2"
+  memory    = "2048"
+  disk_size = "7000"
+  format    = "ova"
+
+  shutdown_command = "echo '${var.ssh_password}' | sudo -S shutdown -P now"
+  output_directory = "builds"
+
+  # Instead of keeping an empty meta-data file in the repository,
+  # serve the empty location "/meta-data" by HTTP.
+  http_content = {
+    "/user-data" = templatefile("http/user-data.pkrtpl.hcl", { var = var }),
+    "/meta-data" = ""
+  }
+
+  guest_additions_mode = "upload"
+  guest_additions_path = "/tmp/VBoxGuestAdditions.iso"
+
+  vboxmanage = [
+    ["modifyvm", "{{ .Name }}", "--rtcuseutc", "off"],
+    ["setextradata", "{{ .Name }}", "GUI/SuppressMessages", "all"],
+    ["modifyvm", "{{ .Name }}", "--nat-localhostreachable1", "on"],
+    # Scale factor can be useful when debugging with the GUI enabled,
+    # when `headless = false`.
+    ["setextradata", "{{ .Name }}", "GUI/ScaleFactor", "2.20"]
+  ]
+  boot_wait              = "5s"
+  boot_keygroup_interval = "500ms"
+  boot_command = [
+    "<tab><tab><tab><tab><tab><wait>",
+    "<esc><wait><f6><wait><esc><wait>",
+    "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
+    "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
+    "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
+    "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
+    "/casper/vmlinuz <wait>",
+    "initrd=/casper/initrd autoinstall <wait>",
+    "quiet fsck.mode=skip net.ifnames=0 <wait>",
+    "biosdevname=0 systemd.unified_cgroup_hierarchy=0 <wait>",
+    "ds=nocloud-net;s=http://{{.HTTPIP}}:{{ .HTTPPort }}/ ---<wait3>",
+    "<enter>"
+  ]
+}
+
+build {
+  sources = ["source.virtualbox-iso.ubuntu"]
+
+  provisioner "shell" {
+    execute_command = "echo '${var.ssh_password}' | {{ .Vars }} sudo -E -S '{{ .Path }}'"
+    inline_shebang  = "/bin/sh -exu"
+    inline = [
+      "echo '${var.ssh_username} ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/${var.ssh_username}",
+      "chmod 0440 /etc/sudoers.d/${var.ssh_username}"
+    ]
+  }
+
+  provisioner "shell" {
+    execute_command = "echo '${var.ssh_password}' | {{ .Vars }} sudo -E -S '{{ .Path }}'"
+    scripts = [
+      "http/provision.sh"
+    ]
+  }
+
+  post-processor "vagrant" {
+    keep_input_artifact = false
+    compression_level   = 9
+    output              = "output/{{ .Provider }}-ubuntu-20-04.box"
+  }
+}

README.md

@@ -0,0 +1,17 @@
+# Packer
+
+Packer is a tool from Hashicorp for making machine images in a reproducible way.
+It supports a large variety of cloud infrastructures.
+
+## What is this repository for?
+
+* No more ad hoc, manual creation of AMIs
+* Intended to be run from a CI system
+
+## Quick start
+
+`packer init .`
+
+## Building
+
+`packer -var-file=(ci|prod).pkrvars.hcl 20-04-focal.pkr.hcl`

http/provision.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+set -exu
+
+MOUNT_DIR="/tmp/isomount"
+HOME_DIR="/home/vagrant"
+ISO_FILE="/tmp/VBoxGuestAdditions.iso"
+
+errdebug() {
+  echo "Entering debug mode"
+  echo "Connect via \"ssh vagrant@127.0.0.1 -p 22222\""
+  sleep 999999
+}
+
+get_vagrant_key() {
+  mkdir -p "$HOME_DIR"/.ssh
+  curl -s -o "$HOME_DIR"/.ssh/authorized_keys \
+  https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub
+}
+
+if get_vagrant_key; then
+  chmod 0700 "$HOME_DIR"/.ssh
+  chmod 0600 "$HOME_DIR"/.ssh/authorized_keys
+else
+  echo "Download failed!"
+  errdebug
+fi
+
+mount_guest_additions() {
+  mkdir -p "$MOUNT_DIR"
+  mount -t iso9660 -o loop "$ISO_FILE" "$MOUNT_DIR"
+}
+
+if mount_guest_additions; then
+  apt-get update
+  apt-get install -y --no-install-recommends --fix-missing \
+    ca-certificates gcc make
+  # Hack: VBoxLinuxAdditions.run every time exited with non-zero code,
+  # so we will change the exit code to zero with the "true" command
+  "$MOUNT_DIR"/VBoxLinuxAdditions.run --nox11 && true
+else
+  echo "Mounting guest additions ISO failed!"
+  errdebug
+fi
+
+check_vbox_version() {
+  /usr/sbin/VBoxService --version &>/dev/null
+}
+
+check_module_loaded() {
+  /usr/sbin/lsmod | grep vboxguest &>/dev/null
+}
+
+if check_vbox_version && check_module_loaded; then
+  umount "$MOUNT_DIR" && \
+  rmdir "$MOUNT_DIR" && \
+  rm -f "$ISO_FILE"
+
+  # Cleanup
+  truncate -s 0 /etc/resolv.conf
+  rm -rf /tmp/*
+  rm -f /var/log/wtmp /var/log/btmp .bash_history
+else
+  echo "Installing guest additions failed!"
+  errdebug
+fi

http/user-data.pkrtpl.hcl

@@ -0,0 +1,34 @@
+#cloud-config
+autoinstall:
+  version: 1
+  locale: en_US.UTF-8
+  refresh-installer:
+    update: no
+  keyboard:
+    layout: us
+  network:
+    network:
+      version: 2
+      ethernets:
+        enp0s3:
+          dhcp4: yes
+  identity:
+    hostname: ${var.vm_name}
+    username: ${var.ssh_username}
+    password: ${var.ssh_password_sha256}
+  ssh:
+    install-server: true
+    allow-pw: true
+  early-commands:
+    - echo "Running early-commands ..."
+    - systemctl stop ssh.service
+  late-commands:
+    - echo "Running late-commands ..."
+    - systemctl enable ssh.service
+  storage:
+    version: 1
+    updates: security
+    swap:
+      size: 0
+    layout:
+      name: direct