Yes. Exactly that's what am trying to do(Integration between KS and Secret manager). Might be CICD/ script will be the option for it.
--- Best regards, Gowtham 07798838879 ===================== Learn from mistakes.... Please consider the environment before printing this email - Thanks On Sun, Jan 24, 2021 at 8:48 AM Gabriel Buenader <[email protected]> wrote: > I meant "Well the integration between you Secrets Manager and *KS File* > is probably where you need to focus on" > > On Sun, Jan 24, 2021 at 9:47 AM Gabriel Buenader <[email protected]> > wrote: > >> Well the integration between you Secrets Manager and packer is probably >> where you need to focus on.. If you can save and retrieve your root >> password from your Secret Manager tool, you can do a script, I'd recommend >> you to use your CI/CD pipelines if you have one, to pull the root password >> from your Secrets Manager and Inject it in your KS file >> >> The root password for your VM should be injected in your KS file not in >> your Packer JSON file >> >> On Sun, Jan 24, 2021 at 9:14 AM Gowtham <[email protected]> >> wrote: >> >>> Thanks for the reply and apologies for the late response. Am using the >>> Secret manager for the packers secrets and which is working fine. >>> >>> My issue is, Am creating the superuser and normal users using the >>> kickstart file for the image. We are keeping the kickstart files in >>> the repo(for versioning purpose) and would like to avoid saving the secrets >>> into the same. So would like to variable the secrets and pass the values >>> from secret managers via packer Json or some script. >>> >>> >>> Kickstart file entries <Pasted the relevant lines> >>> >>> ``` >>> rootpw --iscrypted <encrypted password> >>> >>> user --name=normal-user1 --groups=wheel --password=<encrypted password>/ >>> --iscrypted >>> >>> ``` >>> >>> --- >>> Best regards, >>> Gowtham >>> 07798838879 >>> >>> >>> ===================== >>> Learn from mistakes.... >>> >>> Please consider the environment before printing this email - Thanks >>> >>> >>> On Thu, Jan 21, 2021 at 8:53 AM Gabo Kete <[email protected]> wrote: >>> >>>> Other suggestion you can do, to retrieve a password and not type it, it >>>> is to integrate Packer with Vault, where in Vault you will have the root >>>> password or any other secret you need and inject it in your packer >>>> provisioning process >>>> >>>> https://www.packer.io/docs/templates/user-variables#vault-variables >>>> >>>> On Wednesday, January 20, 2021 at 7:10:13 PM UTC+1 Gabo Kete wrote: >>>> >>>>> Yes, you can do that.. in my case, I did a wrapper script that capture >>>>> extra attributes in the script which later are used to build the packer >>>>> json file >>>>> >>>>> something like >>>>> >>>>> *script.sh -c root_pwd * >>>>> >>>>> then you can create within the script the Packer Json file dynamically >>>>> >>>>> something similar to this >>>>> >>>>> *create_json_template () {* >>>>> >>>>> cat > $_JSONFILE << __EOF >>>>> { >>>>> "_comment": "This is a centos7-x64 Machine for VmWare ESXi 6.0", >>>>> "variables": { >>>>> "nameVm": "`echo *$_HN*`-centos-7.1-vmware", >>>>> "ks_file": "simple-ks-integrado-CIS-BitbyBit-packer.ks", >>>>> "ks_server": "192.168.1.150", >>>>> "ks_path": "centos7.1511_x64/ks/", >>>>> "vmware_host": "192.168.1.250", >>>>> "http_dir": "/packer", >>>>> "vmlinuz_file": "centos7.1503_x64/images/pxeboot/vmlinuz", >>>>> "initrd_file": "centos7.1503_x64/images/pxeboot/initrd.img", >>>>> "iso_image":" >>>>> http://192.168.1.150/isos/CentOS-7-x86_64-NetInstall-1503.iso";, >>>>> "iso_md5":"111379a06402e1e445c6aeee9401d031", >>>>> "datastore":"datastore1", >>>>> "esx_host":"192.168.1.250", >>>>> "esx_user":"root", >>>>> "esx_user_key":"/var/tmp/id_rsa", >>>>> "os_type":"centos-64", >>>>> "esx_network":"VM Network", >>>>> "vms_dir_path":"`echo *$_HN*`", >>>>> "vmdk":"`echo *$_HN*`-root" >>>>> >>>>> }, >>>>> >>>>> >>>>> https://github.com/macgahe/packer/blob/master/Centos7_packer_template.json >>>>> On Wednesday, January 20, 2021 at 11:07:25 AM UTC+1 >>>>> [email protected] wrote: >>>>> >>>>>> Team, >>>>>> >>>>>> Is there a way to pass variable values from packer to >>>>>> kickstart file? We would like to pass the secrets (like root passwords) >>>>>> from packer to kickstart. Is there a way to do the same? >>>>>> >>>>>> --- >>>>>> Best regards, >>>>>> Gowtham >>>>>> 07798838879 >>>>>> >>>>>> >>>>>> ===================== >>>>>> Learn from mistakes.... >>>>>> >>>>>> Please consider the environment before printing this email - Thanks >>>>>> >>>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/hashicorp/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/packer-tool/6f51e3d1-4eeb-44ef-918d-ad5337932ab1n%40googlegroups.com >>>> <https://groups.google.com/d/msgid/packer-tool/6f51e3d1-4eeb-44ef-918d-ad5337932ab1n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/hashicorp/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Packer" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/packer-tool/d8jlbnOAOJ4/unsubscribe. >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/packer-tool/CADB0oFybAr0PshA_sfz%2B1fjTsOB%2Bt1HnVeKs3OEQPMRPzuJESw%40mail.gmail.com >>> <https://groups.google.com/d/msgid/packer-tool/CADB0oFybAr0PshA_sfz%2B1fjTsOB%2Bt1HnVeKs3OEQPMRPzuJESw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/hashicorp/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/CABC_gGac34fS7PLqjSQDW42sF-B1ZG%2B8eFbf4%3DHKFaEOWZYRuA%40mail.gmail.com > <https://groups.google.com/d/msgid/packer-tool/CABC_gGac34fS7PLqjSQDW42sF-B1ZG%2B8eFbf4%3DHKFaEOWZYRuA%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/hashicorp/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CADB0oFxj0Jhk%3DX4cCD6Vskn7DZdddiYjdMEwoKLQdVGXUVxGgg%40mail.gmail.com.
