First pass at base VM.

CDCgov · Jan 3, 2025 · b061fed · b061fed
1 parent 71bc419
commit b061fed
Show file tree

Hide file tree

Showing 7 changed files with 279 additions and 0 deletions.
diff --git a/.github/workflows/checkForChanges.yml b/.github/workflows/checkForChanges.yml
@@ -0,0 +1,33 @@
+name: Check for Changes
+# Reusable workflow, compatible with push and pull_request events
+on:
+  workflow_call:
+    inputs:
+      # can be a file or a folder
+      what_to_check:
+        required: true
+        type: string
+    outputs:
+      has_changes:
+        description: true or false string
+        value: ${{ jobs.check_for_changes.outputs.has_changes }}
+jobs:
+  check_for_changes:
+    runs-on: ubuntu-latest
+    outputs:
+      has_changes: ${{ steps.check_for_changes.outputs.has_changes }}
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+    - shell: bash
+      id: check_for_changes
+      run: |
+        echo "::group::Set has_changes output"
+        diff=$(git diff-tree --no-commit-id --name-only -r "origin/main" HEAD -- "${{ inputs.what_to_check }}")
+        echo "Diff: $diff"
+        diff_length=$(echo ${#diff})
+        has_diff=$([ $diff_length -gt 0 ] && echo "true" || echo "false")
+        echo "Has changes: ${has_diff}"
+        echo "has_changes=${has_diff}" >> "$GITHUB_OUTPUT"
+        echo "::endgroup::"
diff --git a/.github/workflows/packMachines.yml b/.github/workflows/packMachines.yml
@@ -0,0 +1,56 @@
+name: Pack Virtual Machine Images
+
+on:
+    push:
+        branches:
+            - main
+
+jobs:
+    workflow_changes:
+        with:
+            what_to_check: ./.github
+        uses: ./.github/workflows/checkForChanges.yml
+
+    packer_changes:
+        with:
+            what_to_check: ./packer
+        uses: ./.github/workflows/checkForChanges.yml
+
+    terraform_changes:
+        with:
+            what_to_check: ./terraform
+        uses: ./.github/workflows/checkForChanges.yml
+
+    packer_build:
+        if: needs.workflow_changes.outputs.has_changes == 'true' || needs.packer_changes.outputs.has_changes == 'true'
+        runs-on: ubuntu-latest
+        strategy:
+            matrix:
+                include:
+                    - provisioners: ${{ inputs.provisioners }}
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Set up Packer
+              uses: hashicorp/setup-packer@v3
+              with:
+                  version: 1.11.2
+
+            # Needed for ISO builder
+            - name: Set up QEMU
+              uses: docker/setup-qemu-action@v3
+
+            - name: Run `packer init`
+              working-directory: ./packer
+              id: init
+              run: "packer init ./ubuntu.pkr.hcl"
+
+            - name: Run `packer validate`
+              working-directory: ./packer
+              id: validate
+              run: "packer validate ./ubuntu.pkr.hcl"
+
+              ## TODO: Add matrixed provisioner build here
+            - name: Build Packer Image
+              working-directory: ./packer
+              run: packer build -var-file=variables.json -var "provisioners=${{ matrix.provisioners }}" packer.json
diff --git a/packer/ubuntu-server/http/meta-data b/packer/ubuntu-server/http/meta-data
diff --git a/packer/ubuntu-server/http/user-data b/packer/ubuntu-server/http/user-data
@@ -0,0 +1,83 @@
+#cloud-config
+autoinstall:
+  version: 1
+
+  apt:
+    geoip: true
+    preserve_sources_list: false
+    primary:
+    - arches: [amd64, i386]
+      uri: http://us.archive.ubuntu.com/ubuntu
+    - arches: [default]
+      uri: http://ports.ubuntu.com/ubuntu-ports
+
+  packages:
+    - qemu-guest-agent
+    - git
+    - ca-certificates
+    - curl
+
+  identity:
+    realname: ''
+    username: ubuntu
+    # A password hash is needed. `mkpasswd --method=SHA-512` can help.
+    # mkpasswd can be found in the package 'whois'
+    # password -> ubuntu
+    password: '$6$BY7tlmmh0KhsyCdF$mqL6Ud5FS645ylyOUT.qoim/ZcHrfLdE6vgDqAabDGyoj7LCV4Kpskj8POMmf7MmIcpVho0xc12rdstjjjW100'
+    hostname: ubuntu-server
+
+  ssh:
+    allow-pw: yes
+    install-server: true
+
+  locale: en_US
+  keyboard: 
+    layout: us
+
+  # Subiquity will, by default, configure a partition layout using LVM.
+  storage:
+    layout:
+      name: lvm
+
+  # The live-server ISO does not contain some of the required packages,
+  # such as ubuntu-desktop or the hwe kernel (or most of their depdendencies).
+  # The system being installed will need some sort of apt access.
+  # proxy: http://192.168.0.1:3142
+
+  late-commands:
+    - "echo 'Defaults:ubuntu !requiretty' > /target/etc/sudoers.d/ubuntu"
+    - "echo 'ubuntu ALL=(ALL) NOPASSWD: ALL' >> /target/etc/sudoers.d/ubuntu"
+    - "chmod 440 /target/etc/sudoers.d/ubuntu"
+    - "truncate -s 0 /etc/machine-id /var/lib/dbus/machine-id"
+
+    # Install Docker
+    - curtin in-target -- apt-get update
+    - curtin in-target -- install -m 0755 -d /etc/apt/keyrings
+    - curtin in-target -- curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+    - curtin in-target -- chmod a+r /etc/apt/keyrings/docker.asc
+    - curtin in-target -- echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  tee /etc/apt/sources.list.d/docker.list > /dev/null
+    - curtin in-target -- apt-get update
+    - curtin in-target -- apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
+
+    # Clone Compose Files
+
+
+    # Set Compose to Autostart
+
+
+
+
+    # A postinstall script may optionally be used for further install
+    # customization. Deploy this postinstall.sh script on the webserver.
+    # - wget -O /target/postinstall.sh http://192.168.0.2/postinstall.sh
+    # - curtin in-target -- bash /postinstall.sh
+    # - rm /target/postinstall.sh
+
+  # Additional cloud-init configuration affecting the target
+  # system can be supplied underneath a user-data section inside of
+  # autoinstall.
+  # user-data:
+  #   …
diff --git a/packer/ubuntu-server/scripts/post-install.sh b/packer/ubuntu-server/scripts/post-install.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+# Install Docker
+apt-get update
+install -m 0755 -d /etc/apt/keyrings
+curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+echo \
+  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  tee /etc/apt/sources.list.d/docker.list > /dev/null
+apt-get update
+apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y
+
+
+# Clone Compose files
+
+
+
+# Set Docker as system service and enable container autostart
+
+docker compose up -d
diff --git a/packer/ubuntu-server/ubuntu.pkr.hcl b/packer/ubuntu-server/ubuntu.pkr.hcl
@@ -0,0 +1,85 @@
+packer {
+  required_plugins {
+    amazon = {
+      source  = "github.com/hashicorp/amazon"
+      version = "~> 1.3.4"
+    }
+    azure = {
+      source  = "github.com/hashicorp/azure"
+      version = "~> 2.2.0"
+    }
+    hyperv = {
+      source  = "github.com/hashicorp/hyperv"
+      version = "~> 1.1.4"
+    }
+    proxmox = {
+      version = ">= 1.2.2"
+      source  = "github.com/hashicorp/proxmox"
+    }
+    qemu = {
+      source  = "github.com/hashicorp/qemu"
+      version = "~> 1.1.0"
+    }
+    vsphere = {
+      source  = "github.com/hashicorp/vsphere"
+      version = "~> 1.4.2"
+    }
+    virtualbox = {
+      source  = "github.com/hashicorp/virtualbox"
+      version = "~> 1.1.1"
+    }
+  }
+}
+
+source "qemu" "iso" {
+vm_name              = "ubuntu-2404-ecrViewer.raw"
+  # Uncomment this block to use a basic Ubuntu 24.04 cloud image
+  # iso_url              = "https://cloud-images.ubuntu.com/releases/24.04/release/ubuntu-24.04-server-cloudimg-amd64.img"
+  # iso_checksum         = "sha256:b63f266fa4bdf146dea5b0938fceac694cb3393688fb12a048ba2fc72e7bfe1b"
+  # disk_image           = true
+
+  # Uncomment this block to configure Ubuntu 24.04 server from scratch
+  iso_url              = "http://releases.ubuntu.com/24.04.1/ubuntu-24.04.1-live-server-amd64.iso"
+  iso_checksum         = "sha256:e240e4b801f7bb68c20d1356b60968ad0c33a41d00d828e74ceb3364a0317be9"
+  disk_image           = false
+
+  memory               = 4096
+  output_directory     = "build/os-base"
+  //accelerator          = "hvf"
+  disk_size            = "8000M"
+  disk_interface       = "virtio"
+  format               = "raw"
+  net_device           = "virtio-net"
+  boot_wait            = "3s"
+  #boot_command         = [
+  #  "e<wait>",
+  #  "<down><down><down><end>",
+  #  " autoinstall ds=\"nocloud-net;s=http://{{.HTTPIP}}:{{.HTTPPort}}/\" ",
+  #  "<f10>"
+  #  ]
+  boot_command = [
+  "c<wait>linux /casper/vmlinuz --- autoinstall 'ds=nocloud;s=http://{{ .HTTPIP }}:{{ .HTTPPort }}/'<enter><wait>",
+  "initrd /casper/initrd<enter><wait><wait>",
+  "boot<enter><wait>"
+]
+  http_directory       = "http"
+  shutdown_command     = "echo 'packer' | sudo -S shutdown -P now"
+  ssh_username         = "packer"
+  ssh_password         = "packer"
+  ssh_timeout          = "60m"
+  machine_type         = "q35"
+  cpus                 = 2
+  headless             = true
+}
+
+/*source "virtualbox-iso" "ecr-viewer" {
+
+}*/
+
+build {
+  name = "iso"
+
+  sources = [
+    "source.qemu.iso"
+  ]
+}
diff --git a/packer/ubuntu-server/variables.pkr.hcl b/packer/ubuntu-server/variables.pkr.hcl