| Date Added | Description | Link |
|---|---|---|
| 2019-11-24 | vmware-iso Packer Docs | https://www.packer.io/docs/builders/vmware-iso.html |
| 2019-11-24 | VMware Cloud-Init GuestInfo | https://github.com/vmware/cloud-init-vmware-guestinfo |
| 2019-11-24 | Configuring ESXi Prereqs | https://blog.ukotic.net/2019/03/05/configuring-esxi-prerequisites-for-packer/ |
A packer template and associated scripts to provision a hardened CentOS 7 build
Output images include cloud-init package to initialize system on first launch (cloud-init.sh) - resize partitions - change and lock default centos user - set up initial users to allow ssh key-based access in case of puppet failure (to be cleaned up/overwritten with puppet once the first check-in succeeds) - check in with puppet
A Makefile is included - to build: make build
This script currently leaves the machine built on ESXi server, it can be exported as OVF, or VMX/VMDK
More info here: https://www.packer.io/docs/builders/vmware-iso.html
In its final state, this script should be run from or on a machine that can provision guests using DHCP or an expected static range isolated from the rest of our network
This script currently builds machines with static IP addresses - this should be templated so we can re-use a single OVF and dynamically set IP before boot
brew install govmomi/tap/govc)esxcli system settings advanced set -o /Net/GuestIPHack -i 1chmod 644 /etc/vmware/firewall/service.xml
chmod +t /etc/vmware/firewall/service.xml
vi /etc/vmware/firewall/service.xml
add this right before /ConfigRoot
<service id="1000">
<id>packer-vnc</id>
<rule id="0000">
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>5900</begin>
<end>6000</end>
</port>
</rule>
<enabled>true</enabled>
<required>true</required>
</service>
chmod 444 /etc/vmware/firewall/service.xml
esxcli network firewall refresh
# list rules
esxcli network firewall ruleset list
esxcli network firewall ruleset rule list
packer build -force centos7-hardened-esx.json
# debug logging
PACKER_LOG=1 packer build -force centos7-hardened-esx.json