I meant "Well the integration between you Secrets Manager and *KS File* is probably where you need to focus on"
On Sun, Jan 24, 2021 at 9:47 AM Gabriel Buenader <[email protected]> wrote: > Well the integration between you Secrets Manager and packer is probably > where you need to focus on.. If you can save and retrieve your root > password from your Secret Manager tool, you can do a script, I'd recommend > you to use your CI/CD pipelines if you have one, to pull the root password > from your Secrets Manager and Inject it in your KS file > > The root password for your VM should be injected in your KS file not in > your Packer JSON file > > On Sun, Jan 24, 2021 at 9:14 AM Gowtham <[email protected]> wrote: > >> Thanks for the reply and apologies for the late response. Am using the >> Secret manager for the packers secrets and which is working fine. >> >> My issue is, Am creating the superuser and normal users using the >> kickstart file for the image. We are keeping the kickstart files in >> the repo(for versioning purpose) and would like to avoid saving the secrets >> into the same. So would like to variable the secrets and pass the values >> from secret managers via packer Json or some script. >> >> >> Kickstart file entries <Pasted the relevant lines> >> >> ``` >> rootpw --iscrypted <encrypted password> >> >> user --name=normal-user1 --groups=wheel --password=<encrypted password>/ >> --iscrypted >> >> ``` >> >> --- >> Best regards, >> Gowtham >> 07798838879 >> >> >> ===================== >> Learn from mistakes.... >> >> Please consider the environment before printing this email - Thanks >> >> >> On Thu, Jan 21, 2021 at 8:53 AM Gabo Kete <[email protected]> wrote: >> >>> Other suggestion you can do, to retrieve a password and not type it, it >>> is to integrate Packer with Vault, where in Vault you will have the root >>> password or any other secret you need and inject it in your packer >>> provisioning process >>> >>> https://www.packer.io/docs/templates/user-variables#vault-variables >>> >>> On Wednesday, January 20, 2021 at 7:10:13 PM UTC+1 Gabo Kete wrote: >>> >>>> Yes, you can do that.. in my case, I did a wrapper script that capture >>>> extra attributes in the script which later are used to build the packer >>>> json file >>>> >>>> something like >>>> >>>> *script.sh -c root_pwd * >>>> >>>> then you can create within the script the Packer Json file dynamically >>>> >>>> something similar to this >>>> >>>> *create_json_template () {* >>>> >>>> cat > $_JSONFILE << __EOF >>>> { >>>> "_comment": "This is a centos7-x64 Machine for VmWare ESXi 6.0", >>>> "variables": { >>>> "nameVm": "`echo *$_HN*`-centos-7.1-vmware", >>>> "ks_file": "simple-ks-integrado-CIS-BitbyBit-packer.ks", >>>> "ks_server": "192.168.1.150", >>>> "ks_path": "centos7.1511_x64/ks/", >>>> "vmware_host": "192.168.1.250", >>>> "http_dir": "/packer", >>>> "vmlinuz_file": "centos7.1503_x64/images/pxeboot/vmlinuz", >>>> "initrd_file": "centos7.1503_x64/images/pxeboot/initrd.img", >>>> "iso_image":" >>>> http://192.168.1.150/isos/CentOS-7-x86_64-NetInstall-1503.iso";, >>>> "iso_md5":"111379a06402e1e445c6aeee9401d031", >>>> "datastore":"datastore1", >>>> "esx_host":"192.168.1.250", >>>> "esx_user":"root", >>>> "esx_user_key":"/var/tmp/id_rsa", >>>> "os_type":"centos-64", >>>> "esx_network":"VM Network", >>>> "vms_dir_path":"`echo *$_HN*`", >>>> "vmdk":"`echo *$_HN*`-root" >>>> >>>> }, >>>> >>>> >>>> https://github.com/macgahe/packer/blob/master/Centos7_packer_template.json >>>> On Wednesday, January 20, 2021 at 11:07:25 AM UTC+1 >>>> [email protected] wrote: >>>> >>>>> Team, >>>>> >>>>> Is there a way to pass variable values from packer to kickstart file? >>>>> We would like to pass the secrets (like root passwords) from packer to >>>>> kickstart. Is there a way to do the same? >>>>> >>>>> --- >>>>> Best regards, >>>>> Gowtham >>>>> 07798838879 >>>>> >>>>> >>>>> ===================== >>>>> Learn from mistakes.... >>>>> >>>>> Please consider the environment before printing this email - Thanks >>>>> >>>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/hashicorp/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/packer-tool/6f51e3d1-4eeb-44ef-918d-ad5337932ab1n%40googlegroups.com >>> <https://groups.google.com/d/msgid/packer-tool/6f51e3d1-4eeb-44ef-918d-ad5337932ab1n%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/hashicorp/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to a topic in the >> Google Groups "Packer" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/packer-tool/d8jlbnOAOJ4/unsubscribe. >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/CADB0oFybAr0PshA_sfz%2B1fjTsOB%2Bt1HnVeKs3OEQPMRPzuJESw%40mail.gmail.com >> <https://groups.google.com/d/msgid/packer-tool/CADB0oFybAr0PshA_sfz%2B1fjTsOB%2Bt1HnVeKs3OEQPMRPzuJESw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/hashicorp/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CABC_gGac34fS7PLqjSQDW42sF-B1ZG%2B8eFbf4%3DHKFaEOWZYRuA%40mail.gmail.com.
