djpbessems/Packer.Images
Archived
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add upstream changes
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
Danny Bessems
2021-02-15 09:24:21 +01:00
parent 4cb40df6e0
commit f61d381a9d
3 changed files with 111 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
.drone.yml
View File

@@ -2,6 +2,14 @@ kind: pipeline
type: kubernetes type: kubernetes
name: 'Packer Build' name: 'Packer Build'
volumes:
- name: output
claim:
name: flexvolsmb-drone-output
- name: scratch
claim:
name: flexvolsmb-drone-scratch
steps: steps:
- name: Active Directory Certificate Services - name: Active Directory Certificate Services
image: bv11-cr01.bessems.eu/library/packer-extended image: bv11-cr01.bessems.eu/library/packer-extended
@@ -9,15 +17,15 @@ steps:
- | - |
packer validate \ packer validate \
-var-file=packer/variables.vsphere.json \ -var-file=packer/variables.vsphere.json \
-var vm_name=${DRONE_COMMIT_SHA:0:10}-$DRONE_BUILD_NUMBER \ -var vm_name=$DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
-var vsphere_password=$${VSPHERE_PASSWORD} \ -var vsphere_password=$${VSPHERE_PASSWORD} \
-var winrm_password=$${WINRM_PASSWORD} \ -var winrm_password=$${WINRM_PASSWORD} \
packer/adcs.json packer/adcs.json
- | - |
packer build \ packer build \
-on-error=cleanup \ -on-error=cleanup -timestamp-ui \
-var-file=packer/variables.vsphere.json \ -var-file=packer/variables.vsphere.json \
-var vm_name=${DRONE_COMMIT_SHA:0:10}-$DRONE_BUILD_NUMBER \ -var vm_name=$DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
-var vsphere_password=$${VSPHERE_PASSWORD} \ -var vsphere_password=$${VSPHERE_PASSWORD} \
-var winrm_password=$${WINRM_PASSWORD} \ -var winrm_password=$${WINRM_PASSWORD} \
packer/adcs.json packer/adcs.json
@@ -29,9 +37,21 @@ steps:
# PACKER_LOG: 1 # PACKER_LOG: 1
volumes: volumes:
- name: output - name: output
path: /output path: /output
- name: scratch
volumes: path: /scratch
- name: output - name: Remove temporary resources
claim: image: bv11-cr01.bessems.eu/library/packer-extended
name: flexvolsmb-drone-output commands:
- |
pwsh -file scripts/Remove-Resources.ps1 \
-VMName $DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
-VSphereFQDN 'bv11-vc01.bessems.lan' \
-VSphereUsername 'administrator@vsphere.local' \
-VSpherePassword $${VSPHERE_PASSWORD}
environment:
VSPHERE_PASSWORD:
from_secret: vsphere_password
volumes:
- name: scratch
path: /scratch

75
README.md
View File

@@ -1 +1,76 @@
# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/ADCS)](https://ci.spamasaurus.com/djpbessems/Packer.Images) # Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/ADCS)](https://ci.spamasaurus.com/djpbessems/Packer.Images)
This OVA appliance allows deploying an Active Directory Certificate Authority fully automated:
The included `.ovf` file has the following XML contents (simplified for clarity) to facilitate the different `DeploymentOption`s:
```xml
<Envelope [...]>
[...]
<DeploymentOptionSection>
<Info>Deployment Type</Info>
<Configuration ovf:id="standalone-root">
<Label>Root Certificate Authority</Label>
<Description>Root CA with self-signed certificate; should be kept turned off</Description>
</Configuration>
<Configuration ovf:id="enterprise-intermediate">
<Label>Subordinate enterprise Certificate Authority</Label>
<Description>Subordinate CA on domain-member server; kept online to service certificate requests/enrollment and host CRL</Description>
</Configuration>
<Configuration ovf:id="standalone-intermediate">
<Label>Subordinate standalone Certificate Authority</Label>
<Description>Subordinate CA on standalone server; kept online to service certificate requests and host CRL</Description>
</Configuration>
</DeploymentOptionSection>
<VirtualSystem ovf:id="[...]">
[...]
<ProductSection>
[...]
<Category>1) Operating System</Category>
<Property ovf:configuration="standalone-root enterprise-intermediate standalone-intermediate" ovf:key="guestinfo.hostname" [...]>
<Label>Hostname*</Label>
</Property>
[...]
<Category>3) Active Directory Certificate Services</Category>
<Property ovf:configuration="secondary" ovf:key="adcsconfig.foo" [...]>
<Label>Foo*</Label>
</Property>
[...]
</Property>
</ProductSection>
</VirtualSystem>
</Envelope>
```
When **provisioning** the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible *Infrastructure as code* tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.
<table>
<tr>
<td><em>vSphere 'Deploy OVF template...' wizard</em></td> <td> <a href="https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine#deploying-vm-from-an-ovfova-template">HashiCorp Terraform vSphere provider</a> </td>
</tr>
<tr>
<td><img src=".assets/vAppConfigurations-ADCS-example.png" alt="vApp properties" width="400" /><br/><img src=".assets/vAppProperties-ADCS-example.png" alt="vApp properties" width="400" /></td>
<td>
```hcl
vapp {
properties = {
# "deployment.type" = "standalone-root"
"guestinfo.hostname" = "CA01"
"guestinfo.ipaddress" = "10.0.0.42"
"guestinfo.prefixlength" = "24"
"guestinfo.dnsserver" = "10.0.0.21"
"guestinfo.gateway" = "10.0.0.1"
"adcsconfig.foo" = "..."
"adcsconfig.bar" = "..."
}
}
```
</td>
</tr>
</table>
On first boot, the appliance will start **configuring** itself without any further user-input, by performing the following steps:
- *WIP*

24
packer/adcs.json
View File

@@ -37,7 +37,8 @@
"shutdown_timeout": "1h", "shutdown_timeout": "1h",
"export": { "export": {
"images": false "images": false,
"output_directory": "/scratch/adcs"
} }
} }
], ],
@@ -65,26 +66,15 @@
{ {
"type": "shell-local", "type": "shell-local",
"inline": [ "inline": [
"pwsh -file scripts/Update-OvfConfiguration.ps1 \\", "pwsh -command \"& scripts/Update-OvfConfiguration.ps1 \\",
" -OVFFile './output-adcs/adcs-{{user `vm_name`}}.ovf'", " -OVFFile '/scratch/adcs/adcs-{{user `vm_name`}}.ovf' \\",
" -Parameter @{'appliance.name'='ADCS';'appliance.version'='{{user `vm_name`}}'}\"",
"pwsh -file scripts/Update-Manifest.ps1 \\", "pwsh -file scripts/Update-Manifest.ps1 \\",
" -ManifestFileName './output-adcs/adcs-{{user `vm_name`}}.mf'", " -ManifestFileName '/scratch/adcs/adcs-{{user `vm_name`}}.mf'",
"ovftool --acceptAllEulas --allowExtraConfig --overwrite \\", "ovftool --acceptAllEulas --allowExtraConfig --overwrite \\",
" './output-adcs/adcs-{{user `vm_name`}}.ovf' \\", " '/scratch/adcs/adcs-{{user `vm_name`}}.ovf' \\",
" /output/ADCS-appliance.ova" " /output/ADCS-appliance.ova"
] ]
} }
],
[
{
"type": "shell-local",
"inline": [
"pwsh -file scripts/Remove-Resources.ps1 \\",
" -VMName 'adcs-{{user `vm_name`}}' \\",
" -VSphereFQDN '{{user `vcenter_server`}}' \\",
" -VSphereUsername '{{user `vsphere_username`}}' \\",
" -VSpherePassword '{{user `vsphere_password`}}'"
]
}
]] ]]
} }