Well the integration between you Secrets Manager and packer is probably where you need to focus on.. If you can save and retrieve your root password from your Secret Manager tool, you can do a script, I'd recommend you to use your CI/CD pipelines if you have one, to pull the root password from your Secrets Manager and Inject it in your KS file
The root password for your VM should be injected in your KS file not in your Packer JSON file On Sun, Jan 24, 2021 at 9:14 AM Gowtham <[email protected]> wrote: > Thanks for the reply and apologies for the late response. Am using the > Secret manager for the packers secrets and which is working fine. > > My issue is, Am creating the superuser and normal users using the > kickstart file for the image. We are keeping the kickstart files in > the repo(for versioning purpose) and would like to avoid saving the secrets > into the same. So would like to variable the secrets and pass the values > from secret managers via packer Json or some script. > > > Kickstart file entries <Pasted the relevant lines> > > ``` > rootpw --iscrypted <encrypted password> > > user --name=normal-user1 --groups=wheel --password=<encrypted password>/ > --iscrypted > > ``` > > --- > Best regards, > Gowtham > 07798838879 > > > ===================== > Learn from mistakes.... > > Please consider the environment before printing this email - Thanks > > > On Thu, Jan 21, 2021 at 8:53 AM Gabo Kete <[email protected]> wrote: > >> Other suggestion you can do, to retrieve a password and not type it, it >> is to integrate Packer with Vault, where in Vault you will have the root >> password or any other secret you need and inject it in your packer >> provisioning process >> >> https://www.packer.io/docs/templates/user-variables#vault-variables >> >> On Wednesday, January 20, 2021 at 7:10:13 PM UTC+1 Gabo Kete wrote: >> >>> Yes, you can do that.. in my case, I did a wrapper script that capture >>> extra attributes in the script which later are used to build the packer >>> json file >>> >>> something like >>> >>> *script.sh -c root_pwd * >>> >>> then you can create within the script the Packer Json file dynamically >>> >>> something similar to this >>> >>> *create_json_template () {* >>> >>> cat > $_JSONFILE << __EOF >>> { >>> "_comment": "This is a centos7-x64 Machine for VmWare ESXi 6.0", >>> "variables": { >>> "nameVm": "`echo *$_HN*`-centos-7.1-vmware", >>> "ks_file": "simple-ks-integrado-CIS-BitbyBit-packer.ks", >>> "ks_server": "192.168.1.150", >>> "ks_path": "centos7.1511_x64/ks/", >>> "vmware_host": "192.168.1.250", >>> "http_dir": "/packer", >>> "vmlinuz_file": "centos7.1503_x64/images/pxeboot/vmlinuz", >>> "initrd_file": "centos7.1503_x64/images/pxeboot/initrd.img", >>> "iso_image":" >>> http://192.168.1.150/isos/CentOS-7-x86_64-NetInstall-1503.iso";, >>> "iso_md5":"111379a06402e1e445c6aeee9401d031", >>> "datastore":"datastore1", >>> "esx_host":"192.168.1.250", >>> "esx_user":"root", >>> "esx_user_key":"/var/tmp/id_rsa", >>> "os_type":"centos-64", >>> "esx_network":"VM Network", >>> "vms_dir_path":"`echo *$_HN*`", >>> "vmdk":"`echo *$_HN*`-root" >>> >>> }, >>> >>> >>> https://github.com/macgahe/packer/blob/master/Centos7_packer_template.json >>> On Wednesday, January 20, 2021 at 11:07:25 AM UTC+1 [email protected] >>> wrote: >>> >>>> Team, >>>> >>>> Is there a way to pass variable values from packer to kickstart file? >>>> We would like to pass the secrets (like root passwords) from packer to >>>> kickstart. Is there a way to do the same? >>>> >>>> --- >>>> Best regards, >>>> Gowtham >>>> 07798838879 >>>> >>>> >>>> ===================== >>>> Learn from mistakes.... >>>> >>>> Please consider the environment before printing this email - Thanks >>>> >>> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/hashicorp/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/6f51e3d1-4eeb-44ef-918d-ad5337932ab1n%40googlegroups.com >> <https://groups.google.com/d/msgid/packer-tool/6f51e3d1-4eeb-44ef-918d-ad5337932ab1n%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/hashicorp/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to a topic in the > Google Groups "Packer" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/packer-tool/d8jlbnOAOJ4/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/CADB0oFybAr0PshA_sfz%2B1fjTsOB%2Bt1HnVeKs3OEQPMRPzuJESw%40mail.gmail.com > <https://groups.google.com/d/msgid/packer-tool/CADB0oFybAr0PshA_sfz%2B1fjTsOB%2Bt1HnVeKs3OEQPMRPzuJESw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/hashicorp/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CABC_gGaxwHx0fmjyk_DnbFM72H%3DqXqv%3Dr%3DS_3EjVgmXPPhGajg%40mail.gmail.com.
