I'm trying to create a Packer workflow that will create an encrypted centos based images for vagrant (qemu builder), KVM/libvirt (qemu builder), Azure and AWS. I want to be able to LUKS encrypt the entire LVM in the qemu based images. AWS and Azure do something else.
With virsh based tools I can use say virt-install and give it a Kickstarter file like the following: # Required settings lang en_GB.UTF-8 keyboard uk rootpw vagrant authconfig --enableshadow --enablemd5 timezone UTC # Optional settings install cdrom user --name=vagrant --plaintext --password vagrant unsupported_hardware network --bootproto=dhcp firewall --disabled selinux --enforcing bootloader --location=mbr text skipx zerombr clearpart --all --initlabel firstboot --disabled part /boot --fstype xfs --size=1000 # the following part command fails part pv.2 --size=0 --grow --encrypted --cipher="aes-xts-plain64" -- passphrase=<my encryption passphrase> # the following part command works as no encryption #part pv.2 --size=0 --grow volgroup vg00 --pesize=4096 pv.2 logvol swap --vgname=vg00 --fstype swap --size=1024 --name=lv_swap logvol / --vgname=vg00 --fstype xfs --size=1024 --grow --name=lv_root logvol /usr --vgname=vg00 --fstype xfs --percent=10 --name=lv_usr logvol /home --vgname=vg00 --fstype xfs --percent=30 --name=lv_home logvol /var --vgname=vg00 --fstype xfs --percent=10 --name=lv_var logvol /var/log --vgname=vg00 --fstype xfs --percent=10 --name=lv_varlog logvol /var/log/audit --vgname=vg00 --fstype xfs --percent=5 --name= lv_varlogaudit logvol /tmp --vgname=vg00 --fstype xfs --percent=8 --name=lv_tmp reboot If I don't use the encrypt arg in the part command the LVM is setup fine, but adding in encryption stalls the packer build at connecting with SSH. I assume as Anaconda finishes then reboots and there is no way to enter the encryption passphrase. I tried to get a console to the image during build but can't find it! e.g. sudo virsh list --all does not show the image being built. Reading the documentation and googling around showed me no examples of anyone encrypting their qemu images. The environment I am deploying in to can only be accessed via SSH so must use the serial console, there is no X-forwarding possible. Also, the VMs themselves must be encrypted, it is not acceptable to put an unencrypted VM in a LUKS container on the virtualisation host. Is it possible to encrypt images or the LVM with Packer? Are there other ways I can encrypt the packer image post build e.g. in the post section? Thanks. Hope someone can help, been at this 3 days and going to get my butt kicked soon:-/ -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/042f3599-eb8f-4eab-bd13-ed35f483b9d1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
