I am using Makefile and Ansible to create the kickstart file from a template and get the secret from the secret manager. Which is helping me to avoid saving the KS file(with secrets) in repo. Thanks for your suggestions Gabriel.
--- Best regards, Gowtham 07798838879 ===================== Learn from mistakes.... Please consider the environment before printing this email - Thanks On Mon, Jan 25, 2021 at 9:21 AM Gowtham <[email protected]> wrote: > Yes. Exactly that's what am trying to do(Integration between KS and Secret > manager). Might be CICD/ script will be the option for it. > > --- > Best regards, > Gowtham > 07798838879 > > > ===================== > Learn from mistakes.... > > Please consider the environment before printing this email - Thanks > > > On Sun, Jan 24, 2021 at 8:48 AM Gabriel Buenader <[email protected]> > wrote: > >> I meant "Well the integration between you Secrets Manager and *KS File* >> is probably where you need to focus on" >> >> On Sun, Jan 24, 2021 at 9:47 AM Gabriel Buenader <[email protected]> >> wrote: >> >>> Well the integration between you Secrets Manager and packer is probably >>> where you need to focus on.. If you can save and retrieve your root >>> password from your Secret Manager tool, you can do a script, I'd recommend >>> you to use your CI/CD pipelines if you have one, to pull the root password >>> from your Secrets Manager and Inject it in your KS file >>> >>> The root password for your VM should be injected in your KS file not in >>> your Packer JSON file >>> >>> On Sun, Jan 24, 2021 at 9:14 AM Gowtham <[email protected]> >>> wrote: >>> >>>> Thanks for the reply and apologies for the late response. Am using the >>>> Secret manager for the packers secrets and which is working fine. >>>> >>>> My issue is, Am creating the superuser and normal users using the >>>> kickstart file for the image. We are keeping the kickstart files in >>>> the repo(for versioning purpose) and would like to avoid saving the secrets >>>> into the same. So would like to variable the secrets and pass the values >>>> from secret managers via packer Json or some script. >>>> >>>> >>>> Kickstart file entries <Pasted the relevant lines> >>>> >>>> ``` >>>> rootpw --iscrypted <encrypted password> >>>> >>>> user --name=normal-user1 --groups=wheel --password=<encrypted >>>> password>/ --iscrypted >>>> >>>> ``` >>>> >>>> --- >>>> Best regards, >>>> Gowtham >>>> 07798838879 >>>> >>>> >>>> ===================== >>>> Learn from mistakes.... >>>> >>>> Please consider the environment before printing this email - Thanks >>>> >>>> >>>> On Thu, Jan 21, 2021 at 8:53 AM Gabo Kete <[email protected]> wrote: >>>> >>>>> Other suggestion you can do, to retrieve a password and not type it, >>>>> it is to integrate Packer with Vault, where in Vault you will have the >>>>> root >>>>> password or any other secret you need and inject it in your packer >>>>> provisioning process >>>>> >>>>> https://www.packer.io/docs/templates/user-variables#vault-variables >>>>> >>>>> On Wednesday, January 20, 2021 at 7:10:13 PM UTC+1 Gabo Kete wrote: >>>>> >>>>>> Yes, you can do that.. in my case, I did a wrapper script that >>>>>> capture extra attributes in the script which later are used to build the >>>>>> packer json file >>>>>> >>>>>> something like >>>>>> >>>>>> *script.sh -c root_pwd * >>>>>> >>>>>> then you can create within the script the Packer Json file dynamically >>>>>> >>>>>> something similar to this >>>>>> >>>>>> *create_json_template () {* >>>>>> >>>>>> cat > $_JSONFILE << __EOF >>>>>> { >>>>>> "_comment": "This is a centos7-x64 Machine for VmWare ESXi 6.0", >>>>>> "variables": { >>>>>> "nameVm": "`echo *$_HN*`-centos-7.1-vmware", >>>>>> "ks_file": "simple-ks-integrado-CIS-BitbyBit-packer.ks", >>>>>> "ks_server": "192.168.1.150", >>>>>> "ks_path": "centos7.1511_x64/ks/", >>>>>> "vmware_host": "192.168.1.250", >>>>>> "http_dir": "/packer", >>>>>> "vmlinuz_file": "centos7.1503_x64/images/pxeboot/vmlinuz", >>>>>> "initrd_file": "centos7.1503_x64/images/pxeboot/initrd.img", >>>>>> "iso_image":" >>>>>> http://192.168.1.150/isos/CentOS-7-x86_64-NetInstall-1503.iso";, >>>>>> "iso_md5":"111379a06402e1e445c6aeee9401d031", >>>>>> "datastore":"datastore1", >>>>>> "esx_host":"192.168.1.250", >>>>>> "esx_user":"root", >>>>>> "esx_user_key":"/var/tmp/id_rsa", >>>>>> "os_type":"centos-64", >>>>>> "esx_network":"VM Network", >>>>>> "vms_dir_path":"`echo *$_HN*`", >>>>>> "vmdk":"`echo *$_HN*`-root" >>>>>> >>>>>> }, >>>>>> >>>>>> >>>>>> https://github.com/macgahe/packer/blob/master/Centos7_packer_template.json >>>>>> On Wednesday, January 20, 2021 at 11:07:25 AM UTC+1 >>>>>> [email protected] wrote: >>>>>> >>>>>>> Team, >>>>>>> >>>>>>> Is there a way to pass variable values from packer to >>>>>>> kickstart file? We would like to pass the secrets (like root passwords) >>>>>>> from packer to kickstart. Is there a way to do the same? >>>>>>> >>>>>>> --- >>>>>>> Best regards, >>>>>>> Gowtham >>>>>>> 07798838879 >>>>>>> >>>>>>> >>>>>>> ===================== >>>>>>> Learn from mistakes.... >>>>>>> >>>>>>> Please consider the environment before printing this email - Thanks >>>>>>> >>>>>> -- >>>>> This mailing list is governed under the HashiCorp Community Guidelines >>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>>> violation of those guidelines may result in your removal from this mailing >>>>> list. >>>>> >>>>> GitHub Issues: https://github.com/hashicorp/packer/issues >>>>> IRC: #packer-tool on Freenode >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Packer" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/packer-tool/6f51e3d1-4eeb-44ef-918d-ad5337932ab1n%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/packer-tool/6f51e3d1-4eeb-44ef-918d-ad5337932ab1n%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/hashicorp/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to a topic in the >>>> Google Groups "Packer" group. >>>> To unsubscribe from this topic, visit >>>> https://groups.google.com/d/topic/packer-tool/d8jlbnOAOJ4/unsubscribe. >>>> To unsubscribe from this group and all its topics, send an email to >>>> [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/packer-tool/CADB0oFybAr0PshA_sfz%2B1fjTsOB%2Bt1HnVeKs3OEQPMRPzuJESw%40mail.gmail.com >>>> <https://groups.google.com/d/msgid/packer-tool/CADB0oFybAr0PshA_sfz%2B1fjTsOB%2Bt1HnVeKs3OEQPMRPzuJESw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/hashicorp/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/CABC_gGac34fS7PLqjSQDW42sF-B1ZG%2B8eFbf4%3DHKFaEOWZYRuA%40mail.gmail.com >> <https://groups.google.com/d/msgid/packer-tool/CABC_gGac34fS7PLqjSQDW42sF-B1ZG%2B8eFbf4%3DHKFaEOWZYRuA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/hashicorp/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CADB0oFz44wQgPno%2BSRi5cwy2n1%3DUUpFq_UFwG0e6YFTDPkGojA%40mail.gmail.com.
