commit 94994c4d6013dd29e089c5841975a1846745f4fe
parent f114e6a0c9b9c634e0dfcf984133f13fb428c032
Author: Andreas Gruhler <andreas.gruhler@adfinis.com>
Date: Mon, 27 May 2024 20:01:45 +0200
feat: transform hashi-pi.json to hcl
Diffstat:
| M | README.md | | | 4 | ++-- |
| D | hashi-pi.json | | | 164 | ------------------------------------------------------------------------------- |
| A | hashi-pi.pkr.hcl | | | 270 | +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
3 files changed, 272 insertions(+), 166 deletions(-)
diff --git a/README.md b/README.md
@@ -126,7 +126,7 @@ chmod +x qemu-aarch64-static
sudo mv qemu-aarch64-static /usr/bin/qemu-aarch64-static
```
-Also, make sure to choose the correct "static" binary for the OS architecture in [`hashi-pi.json`](./hashi-pi.json):
+Also, make sure to choose the correct "static" binary for the OS architecture in [`hashi-pi.pkr.hcl`](./hashi-pi.pkr.hcl):
```bash
"qemu_binary_source_path": "/usr/bin/qemu-aarch64-static",
"qemu_binary_destination_path": "/usr/bin/qemu-aarch64-static"
@@ -153,7 +153,7 @@ interpreter /usr/bin/qemu-aarch64-static
Don't forget to create a new set of [Consul TLS certificates](#Consul) before each run. Run packer with a value file to build an image for one host:
```bash
-./consul-tls.sh && sudo packer build -var-file=hosts/pi0.json hashi-pi.json
+./consul-tls.sh && sudo packer build -var-file=hosts/pi0.json hashi-pi.pkr.hcl
```
## Write Image to SD Card
diff --git a/hashi-pi.json b/hashi-pi.json
@@ -1,164 +0,0 @@
-{
- "variables": {
- "hostname": "HashiPi0",
- "username": "in0rdr",
- "authorized_keys": "",
- "img_url": "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2023-10-10/2023-10-10-raspios-bookworm-arm64-lite.img.xz",
- "img_name": "raspi.img",
- "flash_device_path": "/dev/sda",
- "img_size": "4G",
- "consul_version": "1.18.2",
- "consul_server": "true",
- "consul_encrypt": "",
- "consul_tls_ca": "./tls/consul/consul-agent-ca.pem",
- "consul_tls_certs": "./tls/consul/certs/",
- "consul_retry_join": "\"pi0.lan\", \"pi1.lan\", \"pi2.lan\", \"pi3.lan\", \"pi4.lan\"",
- "nomad_version": "1.7.7",
- "nomad_server": "true",
- "nomad_client": "true",
- "nomad_nfs_server": "",
- "nomad_nfs_mount": "",
- "nomad_nfs_target": "",
- "nomad_podman_driver_version": "0.5.2",
- "nomad_vault_token": "",
- "nomad_jenkins_uid": "1312",
- "nomad_jenkins_gid": "1312",
- "vault_version": "1.16.2",
- "vault_tls_ca_cert": "./tls/vault/ca/vault_ca.pem",
- "vault_tls_ca_key": "./tls/vault/ca/vault_ca.key",
- "vault_tls_subj_alt_name": "IP:127.0.0.1",
- "vault_transit_server": "",
- "vault_transit_token": ""
- },
- "sensitive-variables": [
- "consul_encrypt",
- "consul_tls_server_key",
- "consul_tls_client_key",
- "consul_tls_cli_key",
- "vault_transit_token"
- ],
- "builders": [{
- "type": "arm",
- "file_urls" : ["{{ user `img_url` }}"],
- "file_checksum_url": "{{ user `img_url` }}.sha256",
- "file_checksum_type": "sha256",
- "file_unarchive_cmd": ["xz", "-d", "$ARCHIVE_PATH"],
- "file_target_extension": "xz",
- "image_build_method": "resize",
- "image_path": "{{ user `img_name` }}",
- "image_size": "{{ user `img_size` }}",
- "image_type": "dos",
- "image_partitions": [
- {
- "name": "boot",
- "type": "c",
- "start_sector": "8192",
- "filesystem": "vfat",
- "size": "256M",
- "mountpoint": "/boot"
- },
- {
- "name": "root",
- "type": "83",
- "start_sector": "532480",
- "filesystem": "ext4",
- "size": "0",
- "mountpoint": "/"
- }
- ],
- "image_chroot_env": ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"],
- "qemu_binary_source_path": "/usr/bin/qemu-aarch64-static",
- "qemu_binary_destination_path": "/usr/bin/qemu-aarch64-static"
- }],
- "provisioners": [
- {
- "type": "file",
- "source": "arm-builder/scripts/resizerootfs/resizerootfs",
- "destination": "/tmp/resizerootfs"
- },
- {
- "type": "file",
- "source": "arm-builder/scripts/resizerootfs/resizerootfs.service",
- "destination": "/tmp/resizerootfs.service"
- },
- {
- "type": "shell",
- "script": "bootstrap.sh",
- "environment_vars": [
- "HOSTNAME={{ user `hostname` }}",
- "USERNAME={{ user `username` }}",
- "AUTHORIZED_KEYS={{ user `authorized_keys` }}",
- "NOMAD_VERSION={{ user `nomad_version` }}",
- "CONSUL_VERSION={{ user `consul_version` }}",
- "VAULT_VERSION={{ user `vault_version` }}"
- ]
- },
- {
- "type": "shell",
- "inline": ["mkdir /tmp/tls"]
- },
- {
- "type": "file",
- "source": "{{ user `consul_tls_ca` }}",
- "destination": "/tmp/tls/consul-agent-ca.pem"
- },
- {
- "type": "file",
- "source": "{{ user `consul_tls_certs` }}",
- "destination": "/tmp/tls/"
- },
- {
- "type": "shell",
- "script": "consul.sh",
- "remote_folder": "/home/{{ user `username` }}",
- "environment_vars": [
- "USERNAME={{ user `username` }}",
- "CONSUL_SERVER={{ user `consul_server` }}",
- "CONSUL_ENCRYPT={{ user `consul_encrypt` }}",
- "CONSUL_RETRY_JOIN={{ user `consul_retry_join` }}"
- ]
- },
- {
- "type": "shell",
- "script": "nomad.sh",
- "remote_folder": "/home/{{ user `username` }}",
- "environment_vars": [
- "USERNAME={{ user `username` }}",
- "NFS_SERVER={{ user `nomad_nfs_server` }}",
- "NFS_MOUNT={{ user `nomad_nfs_mount` }}",
- "NFS_MOUNT_TARGET={{ user `nomad_nfs_target` }}",
- "NOMAD_SERVER={{ user `nomad_server` }}",
- "NOMAD_CLIENT={{ user `nomad_client` }}",
- "NOMAD_PODMAN_DRIVER_VERSION={{ user `nomad_podman_driver_version` }}",
- "NOMAD_VAULT_TOKEN={{ user `nomad_vault_token` }}",
- "NOMAD_JENKINS_UID={{ user `nomad_jenkins_uid` }}",
- "NOMAD_JENKINS_GID={{ user `nomad_jenkins_gid` }}"
- ]
- },
- {
- "destination": "/tmp/vault_ca.pem",
- "source": "{{ user `vault_tls_ca_cert` }}",
- "type": "file"
- },
- {
- "destination": "/tmp/vault_ca.key",
- "source": "{{ user `vault_tls_ca_key` }}",
- "type": "file"
- },
- {
- "type": "shell",
- "script": "vault.sh",
- "remote_folder": "/home/{{ user `username` }}",
- "environment_vars": [
- "USERNAME={{ user `username` }}",
- "HOSTNAME={{ user `hostname` }}",
- "NOMAD_CLIENT={{ user `nomad_client` }}",
- "VAULT_TLS_CA_CERT=/tmp/vault_ca.pem",
- "VAULT_TLS_CA_KEY=/tmp/vault_ca.key",
- "VAULT_TLS_SUBJ_ALT_NAME={{ user `vault_tls_subj_alt_name` }}",
- "VAULT_TRANSIT_SERVER={{ user `vault_transit_server` }}",
- "VAULT_TRANSIT_TOKEN={{ user `vault_transit_token` }}"
- ]
- }
- ]
-}
diff --git a/hashi-pi.pkr.hcl b/hashi-pi.pkr.hcl
@@ -0,0 +1,270 @@
+variable "authorized_keys" {
+ type = string
+ default = ""
+}
+
+variable "consul_encrypt" {
+ type = string
+ default = ""
+ sensitive = true
+}
+
+variable "consul_retry_join" {
+ type = string
+ default = "\"pi0.lan\", \"pi1.lan\", \"pi2.lan\", \"pi3.lan\", \"pi4.lan\""
+}
+
+variable "consul_server" {
+ type = string
+ default = "true"
+}
+
+variable "consul_tls_ca" {
+ type = string
+ default = "./tls/consul/consul-agent-ca.pem"
+}
+
+variable "consul_tls_certs" {
+ type = string
+ default = "./tls/consul/certs/"
+}
+
+variable "consul_version" {
+ type = string
+ default = "1.18.2"
+}
+
+variable "flash_device_path" {
+ type = string
+ default = "/dev/sda"
+}
+
+variable "hostname" {
+ type = string
+ default = "HashiPi0"
+}
+
+variable "img_name" {
+ type = string
+ default = "raspi.img"
+}
+
+variable "img_size" {
+ type = string
+ default = "4G"
+}
+
+variable "img_url" {
+ type = string
+ default = "https://downloads.raspberrypi.org/raspios_lite_arm64/images/raspios_lite_arm64-2023-10-10/2023-10-10-raspios-bookworm-arm64-lite.img.xz"
+}
+
+variable "nomad_client" {
+ type = string
+ default = "true"
+}
+
+variable "nomad_jenkins_gid" {
+ type = string
+ default = "1312"
+}
+
+variable "nomad_jenkins_uid" {
+ type = string
+ default = "1312"
+}
+
+variable "nomad_nfs_mount" {
+ type = string
+ default = ""
+}
+
+variable "nomad_nfs_server" {
+ type = string
+ default = ""
+}
+
+variable "nomad_nfs_target" {
+ type = string
+ default = ""
+}
+
+variable "nomad_podman_driver_version" {
+ type = string
+ default = "0.5.2"
+}
+
+variable "nomad_server" {
+ type = string
+ default = "true"
+}
+
+variable "nomad_vault_token" {
+ type = string
+ default = ""
+}
+
+variable "nomad_version" {
+ type = string
+ default = "1.7.7"
+}
+
+variable "username" {
+ type = string
+ default = "in0rdr"
+}
+
+variable "vault_tls_ca_cert" {
+ type = string
+ default = "./tls/vault/ca/vault_ca.pem"
+}
+
+variable "vault_tls_ca_key" {
+ type = string
+ default = "./tls/vault/ca/vault_ca.key"
+}
+
+variable "vault_tls_subj_alt_name" {
+ type = string
+ default = "IP:127.0.0.1"
+}
+
+variable "vault_transit_server" {
+ type = string
+ default = ""
+}
+
+variable "vault_transit_token" {
+ type = string
+ default = ""
+ sensitive = true
+}
+
+variable "vault_version" {
+ type = string
+ default = "1.16.2"
+}
+
+source "arm" "hashipi" {
+ file_checksum_type = "sha256"
+ file_checksum_url = "${var.img_url}.sha256"
+ file_target_extension = "xz"
+ file_unarchive_cmd = ["xz", "-d", "$ARCHIVE_PATH"]
+ file_urls = ["${var.img_url}"]
+ image_build_method = "resize"
+ image_chroot_env = ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"]
+ image_partitions {
+ filesystem = "vfat"
+ mountpoint = "/boot"
+ name = "boot"
+ size = "256M"
+ start_sector = "8192"
+ type = "c"
+ }
+ image_partitions {
+ filesystem = "ext4"
+ mountpoint = "/"
+ name = "root"
+ size = "0"
+ start_sector = "532480"
+ type = "83"
+ }
+ image_path = "${var.img_name}"
+ image_size = "${var.img_size}"
+ image_type = "dos"
+ qemu_binary_destination_path = "/usr/bin/qemu-aarch64-static"
+ qemu_binary_source_path = "/usr/bin/qemu-aarch64-static"
+}
+
+build {
+ sources = ["source.arm.hashipi"]
+
+ provisioner "file" {
+ destination = "/tmp/resizerootfs"
+ source = "arm-builder/scripts/resizerootfs/resizerootfs"
+ }
+
+ provisioner "file" {
+ destination = "/tmp/resizerootfs.service"
+ source = "arm-builder/scripts/resizerootfs/resizerootfs.service"
+ }
+
+ provisioner "shell" {
+ script = "bootstrap.sh"
+ environment_vars = [
+ "HOSTNAME=${var.hostname}",
+ "USERNAME=${var.username}",
+ "AUTHORIZED_KEYS=${var.authorized_keys}",
+ "NOMAD_VERSION=${var.nomad_version}",
+ "CONSUL_VERSION=${var.consul_version}",
+ "VAULT_VERSION=${var.vault_version}"
+ ]
+ }
+
+ provisioner "shell" {
+ inline = ["mkdir /tmp/tls"]
+ }
+
+ provisioner "file" {
+ destination = "/tmp/tls/consul-agent-ca.pem"
+ source = "${var.consul_tls_ca}"
+ }
+
+ provisioner "file" {
+ destination = "/tmp/tls/"
+ source = "${var.consul_tls_certs}"
+ }
+
+ provisioner "shell" {
+ script = "consul.sh"
+ remote_folder = "/home/${var.username}"
+ environment_vars = [
+ "USERNAME=${var.username}",
+ "CONSUL_SERVER=${var.consul_server}",
+ "CONSUL_ENCRYPT=${var.consul_encrypt}",
+ "CONSUL_RETRY_JOIN=${var.consul_retry_join}"
+ ]
+ }
+
+ provisioner "shell" {
+ script = "nomad.sh"
+ remote_folder = "/home/${var.username}"
+ environment_vars = [
+ "USERNAME=${var.username}",
+ "NFS_SERVER=${var.nomad_nfs_server}",
+ "NFS_MOUNT=${var.nomad_nfs_mount}",
+ "NFS_MOUNT_TARGET=${var.nomad_nfs_target}",
+ "NOMAD_SERVER=${var.nomad_server}",
+ "NOMAD_CLIENT=${var.nomad_client}",
+ "NOMAD_PODMAN_DRIVER_VERSION=${var.nomad_podman_driver_version}",
+ "NOMAD_VAULT_TOKEN=${var.nomad_vault_token}",
+ "NOMAD_JENKINS_UID=${var.nomad_jenkins_uid}",
+ "NOMAD_JENKINS_GID=${var.nomad_jenkins_gid}"
+ ]
+ }
+
+ provisioner "file" {
+ destination = "/tmp/vault_ca.pem"
+ source = "${var.vault_tls_ca_cert}"
+ }
+
+ provisioner "file" {
+ destination = "/tmp/vault_ca.key"
+ source = "${var.vault_tls_ca_key}"
+ }
+
+ provisioner "shell" {
+ script = "vault.sh"
+ remote_folder = "/home/${var.username}"
+ environment_vars = [
+ "USERNAME=${var.username}",
+ "HOSTNAME=${var.hostname}",
+ "NOMAD_CLIENT=${var.nomad_client}",
+ "VAULT_TLS_CA_CERT=/tmp/vault_ca.pem",
+ "VAULT_TLS_CA_KEY=/tmp/vault_ca.key",
+ "VAULT_TLS_SUBJ_ALT_NAME=${var.vault_tls_subj_alt_name}",
+ "VAULT_TRANSIT_SERVER=${var.vault_transit_server}",
+ "VAULT_TRANSIT_TOKEN=${var.vault_transit_token}"
+ ]
+ }
+}
