Build ubuntu22/24 images (#23)

* Initial changes NO_JIRA

* update playbook NO_JIRA

* linting NO_JIRA

* Update ubuntu2204.pkrvars.hcl

* Support latest ubuntu 24 install NO_JIRA

* Fix bootcommand NO_JIRA

Author: layfield-ccdc

.gitignore

@@ -1,3 +1,4 @@
 /packer_cache
 /output
 vsphere-environment-do-not-add
+/ansible_provisioning/roles

ansible_provisioning/playbook.yaml

@@ -11,22 +11,9 @@
     - role: ccdc.install-vm-tools
     - role: devsec.hardening.ssh_hardening
       vars:
-        os_vars: {}
-        sshd_authenticationmethods: publickey,keyboard-interactive
-        ssh_host_keys_dir: /etc/ssh
-        sshd_path: /usr/sbin/sshd
-        sshd_moduli_file: /etc/ssh/moduli
-        ssh_owner: root
-        ssh_group: wheel
-        ssh_host_keys_owner: root
-        ssh_host_keys_group: wheel
-        ssh_host_keys_mode: "0600"
-        ssh_pam_support: false
-        ssh_kerberos_support: false
-        ssh_gssapi_support: false
-        ssh_client_compression: true
+        sshd_authenticationmethods: publickey password
         ssh_client_password_login: true
         ssh_server_password_login: true
-        ssh_challengeresponseauthentication: true
-        sshd_disable_crypto_policy: false
+        ssh_kerberos_support: false
+        ssh_pam_support: false
     - role: ccdc.compact-vm-image

ansible_provisioning/requirements.yaml

@@ -9,11 +9,5 @@ roles:
   - src: git@github.com:ccdc-opensource/ansible-role-compact-vm-image
     scm: git
     name: ccdc.compact-vm-image
-  - src: https://github.com/feffi/ansible-macos-standby.git
-    name: feffi.macos-standby
-  - src: https://github.com/florianpiesche/ansible-macos-defaults/
-    version: patch-1
-    name: feffi.macos-defaults
-
 collections:
   - devsec.hardening

build-vsphere.sh

@@ -3,11 +3,11 @@
 DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
 pushd $DIR
 
-if [[ -f /proc/version ]] && [[ "$( grep Microsoft /proc/version )" ]]; then
-  PACKER="packer.exe"
-else
+# if [[ -f /proc/version ]] && [[ "$( grep Microsoft /proc/version )" ]]; then
+#   PACKER="packer.exe"
+# else
   PACKER="packer"
-fi
+# fi
 
 if [[ ! -e ./vsphere-environment-do-not-add ]]
 then
@@ -23,14 +23,7 @@ rm -rf ./output/packer-ubuntu-22.04-amd64-vmware
 
 echo 'building base images'
 $PACKER build \
-  -only=vmware-iso \
   -except=vagrant \
-  -var 'customise_for_buildmachine=1' \
-  -var 'build_directory=./output/' \
-  -var 'disk_size=200000' \
-  -var 'cpus=2' \
-  -var 'memory=4096' \
-  -var 'vmx_remove_ethernet_interfaces=false' \
-  -var 'box_basename=ccdc-basebox/ubuntu-22.04' \
-  ./ubuntu-22.04-amd64.json
+  -var-file=ubuntu2204.pkrvars.hcl \
+  .
 

http/user-data

@@ -1,46 +1,34 @@
 #cloud-config
-chpasswd:
-    expire: false
-    list:
-        - installer:$1$vHRSqO5j$9BU7DaZGdW.28BGJ7LNhc1
-ssh_authorized_keys:
-    - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBjdgsKMvOSEGdtJ/oANgHtkr/bLdjI0zzk1WJKgq5mfw6OiD5vCc4mWM9P7KZOndLc7G3NB0ijQSgQ37PT99f2cHpzs6jTKi+OoAAhfeNImr/j+7KV3zJlFPXOBA0qdWQnSRp/HJNoNfL5AtcMPwaEIFy06kzKYS/Ukt80stzMOIcEGTh9Zw5H2Kag7x0CbZVXyh5Um3SuSw9uR2+BSDrnZBws9BVa6e3mNIZQQVM0508YcU0KyxZN2ablinipO/XrmwHOUzxvn98KsEv43dqXTV9IaE2dAr6H9cFhiTi9hnMQZhY/N8PHbiE8dVL7hNhmBJGDcgAkFW7HRgbKvzbJ installer
 autoinstall:
   version: 1
-  early-commands:
-  - systemctl stop ssh # otherwise packer tries to connect and exceed max attempts
-  debconf-selections: |
-    choose-mirror-bin mirror/http/proxy string
-    tasksel tasksel/first multiselect standard, server
-  packages:
-  - cryptsetup
-  - build-essential
-  - libssl-dev
-  - libreadline-dev
-  - zlib1g-dev
-  - linux-source
-  - dkms
-  - nfs-common
-  - linux-headers-generic
-  - perl
-  - cifs-utils
-  - software-properties-common
-  - rsync
-  - ifupdown
   identity:
-    hostname: ccdc-ubuntu2204-test
-    password: $1$vHRSqO5j$9BU7DaZGdW.28BGJ7LNhc1
-    realname: vagrant
+    hostname: vagrant
     username: vagrant
-  locale: en_GB.UTF-8
-  keyboard:
-    layout: uk
-    variant: UK
+    password: '$6$rounds=4096$5CU3LEj/MQvbkfPb$LmKEF9pCfU8R.dA.GemgE/8GT6r9blge3grJvdsVTMFKyLEQwzEF3SGWqAzjawY/XHRpWj4fOiLBrRyxJhIRJ1'
+  early-commands:
+    # otherwise packer tries to connect and exceed max attempts:
+    - systemctl stop ssh.service
+    - systemctl stop ssh.socket
+  package_upgrade: true
+  packages:
+    - cryptsetup
+    - build-essential
+    - libssl-dev
+    - libreadline-dev
+    - zlib1g-dev
+    - linux-source
+    - dkms
+    - nfs-common
+    - linux-headers-generic
+    - perl
+    - cifs-utils
+    - software-properties-common
+    - rsync
+    - ifupdown
   ssh:
-    install-server: true
-    allow-pw: true
-  user-data:
-    timezone: UTC
+    install-server: yes
+    allow-pw: yes
   late-commands:
-  - curtin in-target --target=/target -- apt update           
-  - curtin in-target --target=/target -- apt upgrade -y
+    - curtin in-target --target=/target -- apt update
+    - curtin in-target --target=/target -- apt upgrade -y
+    - echo 'vagrant ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/vagrant