add amazon2 centos7 centos8stream

Makefile.config

@@ -10,6 +10,8 @@ PACKER_HEADLESS    := true
 DISTROS := alma8 alma9 \
            alpine316 alpine317 \
            alt9 alt10 \
+           amazon2 \
+           centos7 centos8stream \
            debian10 debian11 debian12 \
            devuan3 devuan4\
            fedora37 fedora38 \

packer/amazon/10-upgrade-distro.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+# (Auto)Removes unneeded packages and upgrades
+# the distro.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+# NOTE: in this old version of OL, dnf is not available.
+
+yum update -y --skip-broken
+
+yum upgrade -y util-linux
+
+# Ensure packages needed for post-processing scripts do exist.
+yum install -y curl gawk grep jq sed
+
+sync

packer/amazon/11-update-grub.sh

@@ -0,0 +1,62 @@
+#!/usr/bin/env bash
+
+# Sets kernel command line (net.ifnames=0 is particularily important),
+# then updates initramfs/initrd and grub2.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+rm -rf /etc/default/grub.d/
+
+# NOTE: in this old version of OL, gawk does not understand
+# the "-i inplace" option.
+
+# Drop unwanted.
+
+gawk -f- /etc/default/grub >/etc/default/grub.new <<'EOF'
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<quiet\>/, "") }
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<splash\>/, "") }
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<console=ttyS[^ ]*\>/, "") }
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<earlyprintk=ttyS[^ ]*\>/, "") }
+/^GRUB_CMDLINE_LINUX[^=]*=/ { gsub(/\<crashkernel=[^ ]*\>/, "crashkernel=no") }
+{ print }
+EOF
+mv /etc/default/grub{.new,}
+
+# Ensure required.
+
+gawk -f- /etc/default/grub >/etc/default/grub.new <<'EOF'
+/^GRUB_CMDLINE_LINUX=/ { found = 1 }
+/^GRUB_CMDLINE_LINUX=/ && !/net.ifnames=0/ { gsub(/"$/, " net.ifnames=0\"") }
+/^GRUB_CMDLINE_LINUX=/ && !/biosdevname=0/ { gsub(/"$/, " biosdevname=0\"") }
+{ print }
+END { if (!found) print "GRUB_CMDLINE_LINUX=\" net.ifnames=0 biosdevname=0\"" >> FILENAME }
+EOF
+mv /etc/default/grub{.new,}
+
+gawk -f- /etc/default/grub >/etc/default/grub.new <<'EOF'
+BEGIN { update = "GRUB_TIMEOUT=0" }
+/^GRUB_TIMEOUT=/ { $0 = update; found = 1 }
+{ print }
+END { if (!found) print update >> FILENAME }
+EOF
+mv /etc/default/grub{.new,}
+
+# Cleanup.
+
+gawk -f- /etc/default/grub >/etc/default/grub.new <<'EOF'
+{ gsub(/(" *| *")/, "\""); gsub(/  */, " ") }
+{ print }
+EOF
+mv /etc/default/grub{.new,}
+
+yum install -y dracut-config-generic dracut-network
+
+INITRAMFS_IMG=$(find /boot/ -maxdepth 1 -name 'initramfs-*.img' ! -name '*rescue*' ! -name '*kdump*' | sort -V | tail -1)
+INITRAMFS_VER=$(sed -e 's/^.*initramfs-//' -e 's/\.img$//' <<< "$INITRAMFS_IMG")
+dracut --force "$INITRAMFS_IMG" "$INITRAMFS_VER"
+
+grub2-mkconfig -o /boot/grub2/grub.cfg
+
+sync

packer/amazon/80-install-context.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# Downloads and installs the latest one-context package.
+
+: "${CTX_SUFFIX:=.el7.noarch.rpm}"
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+if ! stat /context/one-context*$CTX_SUFFIX; then (
+    install -d /context/ && cd /context/
+    curl -fsSL https://api.github.com/repos/OpenNebula/addon-context-linux/releases \
+    | jq -r ".[0].assets[].browser_download_url | select(endswith(\"$CTX_SUFFIX\"))" \
+    | xargs -r -n1 curl -fsSLO
+) fi
+
+yum install -y /context/one-context*$CTX_SUFFIX open-vm-tools
+
+sync

packer/amazon/81-configure-ssh.sh

@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+# Configures critical settings for OpenSSH server.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+# NOTE: in this old version of OL, gawk does not understand
+# the "-i inplace" option.
+
+gawk -f- /etc/ssh/sshd_config >/etc/ssh/sshd_config.new <<'EOF'
+BEGIN { update = "PasswordAuthentication no" }
+/^[#\s]*PasswordAuthentication\s*/ { $0 = update; found = 1 }
+{ print }
+END { if (!found) print update >> FILENAME }
+EOF
+mv /etc/ssh/sshd_config{.new,}
+
+gawk -f- /etc/ssh/sshd_config >/etc/ssh/sshd_config.new <<'EOF'
+BEGIN { update = "PermitRootLogin without-password" }
+/^[#\s]*PermitRootLogin\s*/ { $0 = update; found = 1 }
+{ print }
+END { if (!found) print update >> FILENAME }
+EOF
+mv /etc/ssh/sshd_config{.new,}
+
+gawk -f- /etc/ssh/sshd_config >/etc/ssh/sshd_config.new <<'EOF'
+BEGIN { update = "UseDNS no" }
+/^[#\s]*UseDNS\s*/ { $0 = update; found = 1 }
+{ print }
+END { if (!found) print update >> FILENAME }
+EOF
+mv /etc/ssh/sshd_config{.new,}
+
+sync

packer/amazon/98-collect-garbage.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+
+# Cleans YUM caches, removes temporary files / logs,
+# removes leftover / temporary unneeded packages.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+systemctl mask gssproxy.service
+
+package-cleanup --oldkernels --count=1 -y
+
+yum remove -y NetworkManager
+yum remove -y fwupd linux-firmware
+
+yum clean -y all
+
+rm -rf /context/
+
+sync

packer/amazon/amazon.pkr.hcl

@@ -0,0 +1,76 @@
+# Build cloud init iso
+source "file" "user_data" {
+  source = "${var.input_dir}/cloud-init.yml"
+  target = "${var.input_dir}/${var.appliance_name}-userdata"
+}
+
+build {
+  sources = ["sources.file.user_data"]
+
+  provisioner "shell-local" {
+    inline = [
+      "cloud-localds ${var.input_dir}/${var.appliance_name}-cloud-init.iso ${var.input_dir}/${var.appliance_name}-userdata",
+    ]
+  }
+}
+
+# Build VM image
+source "qemu" "amazon" {
+  cpus             = 2
+  memory           = 2048
+  accelerator      = "kvm"
+
+  iso_url          = lookup(lookup(var.amazon, var.version, {}), "iso_url", "")
+  iso_checksum     = lookup(lookup(var.amazon, var.version, {}), "iso_checksum", "")
+
+  headless         = var.headless
+
+  disk_image       = true
+  disk_cache       = "unsafe"
+  disk_interface   = "virtio"
+  net_device       = "virtio-net"
+  format           = "qcow2"
+
+  output_directory = var.output_dir
+
+  qemuargs         = [ ["-serial", "stdio"],
+                       ["-cpu", "host"],
+                       ["-cdrom", "${var.input_dir}/${var.appliance_name}-cloud-init.iso"]
+                     ]
+
+  ssh_username     = "root"
+  ssh_password     = "opennebula"
+  ssh_wait_timeout = "900s"
+  vm_name          = "${var.appliance_name}"
+}
+
+build {
+  sources = ["source.qemu.amazon"]
+
+  provisioner "shell" { inline = ["mkdir /context"] }
+
+  provisioner "file" {
+    source      = "context-linux/out/"
+    destination = "/context"
+  }
+
+  provisioner "shell" {
+    execute_command = "sudo -iu root {{.Vars}} bash {{.Path}}"
+
+    # execute *.sh + *.sh.<version> from input_dir
+    scripts = sort(concat(
+      [for s in fileset(".", "*.sh") : "${var.input_dir}/${s}"],
+      [for s in fileset(".", "*.sh.${var.version}") : "${var.input_dir}/${s}"]
+    ))
+    expect_disconnect = true
+  }
+
+  post-processors {
+    post-processor "shell-local" {
+      inline = [
+        "virt-sysprep --add ${var.output_dir}/${var.appliance_name} --selinux-relabel --root-password disabled --hostname localhost.localdomain --run-command 'truncate -s0 -c /etc/machine-id' --delete /etc/resolv.conf",
+        "virt-sparsify --in-place ${var.output_dir}/${var.appliance_name}"
+      ]
+    }
+  }
+}

packer/amazon/cloud-init.yml

@@ -0,0 +1,22 @@
+#cloud-config
+growpart:
+  mode: auto
+  devices: [/]
+
+users:
+  - name: root
+    lock_passwd: false
+    hashed_passwd: $6$rounds=4096$2RFfXKGPKTcdF.CH$dzLlW9Pg1jbeojxRxEraHwEMAPAbpChBdrMFV1SOa6etSF2CYAe.hC1dRDM1icTOk7M4yhVS1BtwJjah9essD0
+
+disable_root: false
+ssh_pwauth:   true
+
+runcmd:
+  - |
+    gawk -i inplace -f- /etc/ssh/sshd_config <<'EOF'
+    BEGIN { update = "PermitRootLogin yes" }
+    /^#*PermitRootLogin/ { $0 = update; found = 1 }
+    { print }
+    END { if (!found) print update >>FILENAME }
+    EOF
+  - systemctl reload sshd

packer/amazon/plugins.pkr.hcl

@@ -0,0 +1 @@
+../plugins.pkr.hcl

packer/amazon/variables.pkr.hcl

@@ -0,0 +1,34 @@
+variable "appliance_name" {
+  type    = string
+  default = "amazon"
+}
+
+variable "version" {
+  type    = string
+  default = "2"
+}
+
+variable "input_dir" {
+  type    = string
+}
+
+variable "output_dir" {
+  type    = string
+}
+
+variable "headless" {
+  type    = bool
+  default = false
+}
+
+variable "amazon" {
+  type   = map(map(string))
+
+  default = {
+    "2" = {
+	               # navigate via https://cdn.amazonlinux.com/os-images/latest/kvm/
+      iso_url      = "https://cdn.amazonlinux.com/os-images/2.0.20231020.1/kvm/amzn2-kvm-2.0.20231020.1-x86_64.xfs.gpt.qcow2"
+      iso_checksum = "01d411368e724b6bc5fa448c4a97cc7641fcf0da6e8bba00543310681fa2cd2a"
+    }
+  }
+}

packer/centos/10-upgrade-distro.sh.7

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+
+# (Auto)Removes unneeded packages and upgrades
+# the distro.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+# NOTE: in this "ancient" version of OL, dnf is not available.
+
+yum install -y epel-release yum-utils
+
+yum update -y --skip-broken
+
+# Ensure packages needed for post-processing scripts do exist.
+yum install -y curl gawk grep jq sed
+
+sync

packer/centos/10-upgrade-distro.sh.8stream

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+# (Auto)Removes unneeded packages and upgrades
+# the distro.
+
+exec 1>&2
+set -o errexit -o nounset -o pipefail
+set -x
+
+dnf install -y epel-release
+
+dnf update -y --skip-broken
+
+# Ensure packages needed for post-processing scripts do exist.
+dnf install -y curl gawk grep jq sed
+
+sync