djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add upstream changes
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Danny Bessems
2021-02-15 09:24:21 +01:00
parent 4cb40df6e0
commit f61d381a9d
3 changed files with 111 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
README.md
View File

@ -1 +1,76 @@
# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/ADCS)](https://ci.spamasaurus.com/djpbessems/Packer.Images)
This OVA appliance allows deploying an Active Directory Certificate Authority fully automated:
The included `.ovf` file has the following XML contents (simplified for clarity) to facilitate the different `DeploymentOption`s:
```xml
<Envelope [...]>
[...]
<DeploymentOptionSection>
<Info>Deployment Type</Info>
<Configuration ovf:id="standalone-root">
<Label>Root Certificate Authority</Label>
<Description>Root CA with self-signed certificate; should be kept turned off</Description>
</Configuration>
<Configuration ovf:id="enterprise-intermediate">
<Label>Subordinate enterprise Certificate Authority</Label>
<Description>Subordinate CA on domain-member server; kept online to service certificate requests/enrollment and host CRL</Description>
</Configuration>
<Configuration ovf:id="standalone-intermediate">
<Label>Subordinate standalone Certificate Authority</Label>
<Description>Subordinate CA on standalone server; kept online to service certificate requests and host CRL</Description>
</Configuration>
</DeploymentOptionSection>
<VirtualSystem ovf:id="[...]">
[...]
<ProductSection>
[...]
<Category>1) Operating System</Category>
<Property ovf:configuration="standalone-root enterprise-intermediate standalone-intermediate" ovf:key="guestinfo.hostname" [...]>
<Label>Hostname*</Label>
</Property>
[...]
<Category>3) Active Directory Certificate Services</Category>
<Property ovf:configuration="secondary" ovf:key="adcsconfig.foo" [...]>
<Label>Foo*</Label>
</Property>
[...]
</Property>
</ProductSection>
</VirtualSystem>
</Envelope>
```
When **provisioning** the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible *Infrastructure as code* tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.
<table>
<tr>
<td><em>vSphere 'Deploy OVF template...' wizard</em></td> <td> <a href="https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine#deploying-vm-from-an-ovfova-template">HashiCorp Terraform vSphere provider</a> </td>
</tr>
<tr>
<td><img src=".assets/vAppConfigurations-ADCS-example.png" alt="vApp properties" width="400" /><br/><img src=".assets/vAppProperties-ADCS-example.png" alt="vApp properties" width="400" /></td>
<td>
```hcl
vapp {
properties = {
# "deployment.type" = "standalone-root"
"guestinfo.hostname" = "CA01"
"guestinfo.ipaddress" = "10.0.0.42"
"guestinfo.prefixlength" = "24"
"guestinfo.dnsserver" = "10.0.0.21"
"guestinfo.gateway" = "10.0.0.1"
"adcsconfig.foo" = "..."
"adcsconfig.bar" = "..."
}
}
```
</td>
</tr>
</table>
On first boot, the appliance will start **configuring** itself without any further user-input, by performing the following steps:
- *WIP*