0

I configured Packer to build unattended ISO installs of various Debian-derived distros to VMware fusion. As I configure the VMs manually for ssh access, it times out and the build artifacts created are erased.

How do you go about pre-installing ssh access as part of an OS installation image similar to how its done for cloud service VM instances? I am going to try to configure it via kickstart or Debian preseed late-command into the remastered ISO image to resolve my problem but i would be interested to hear other methods that are more flexible. The goal of all this is to create a development infrastructure that can easily be brought up and down in an automated fashion that can be used to simulate a cloud environment locally.

Misha Brukman
  • 768
  • 8
  • 22
mamusr
  • 61
  • 1
  • 1
  • 6
  • On a cloud service like AWS, Openstack, etc., you would install cloud-init and it would get the ssh key from the hypervisor manager on first boot. If you're stuck on VMware Fusion then your options are pretty limited. – Michael Hampton Nov 22 '14 at 05:56
  • Thanks Michael for your insight. I was hoping to accomplish something similar for my desktop and server images to AWS does when you request ssh key from them for access to an ec2 instance. I definitely look into utilizing the cloud-init tool for my ISO images. Thanks again. – mamusr Nov 22 '14 at 17:24
  • If you've got the RAM to spare, and a modern Mac (e.g. 2012 or later?) that will do nested virtualization, you can always run OpenStack inside VMware Fusion, and build within that. – Michael Hampton Nov 22 '14 at 17:26

3 Answers3

0

You could pre-install the Userify agent on the ISO's. These will keep your SSH keys updated over time and allow you to create users (sudo perms, etc) remotely. It only needs outbound HTTPS, so it should easily work from a VM unless you've shut off outbound net access.

fatal_error
  • 1,152
  • 1
  • 11
  • 18
  • Thanks Jamieson for the suggestion. Are there similar dynamic ssh key services that are free? – mamusr Nov 22 '14 at 17:46
  • Sure! disclaimer: I wrote Userify. ;) Userify is almost free... no billing happening at all yet, no credit cards. but check out my open source cloudadmins script as well: https://github.com/jamiesonbecker/cloudadmins (needs a basic ssh setup to start with). This was how I used to do it before userify. – fatal_error Nov 23 '14 at 08:46
0

You could install git and puppet agent on the box, and set up rc.local to run git pull && puppet apply.

You will need http(s) accessible git repo, which you can host in your environment too (for example laptop), and a puppet manifest with user/key definitions, which is super easy to write.

In case you update your keys definitions in the repo, git pull would update local clone, and puppet would pull it's data from there. Puppet is idempotent so consecutive runs won't change the system if all the users are created and all the ssh keys are identical to those in the local git clone, and git pull before each run would ensure that local repo clone is synced with upstream.

You can probably use other cfg mgmt tools also.

Jakov Sosic
  • 5,267
  • 4
  • 24
  • 35
  • Good Idea Jakov. To be specific, do mean installing git and puppet after the OS image has been installed or specified as part of the packages to be downloaded by kickstart or debian preseed? – mamusr Nov 22 '14 at 19:34
  • Doesn't matter, but I would set it up within kickstart/preseed. And hosting your own git repo is free :) All you have to come up with to mimic Userify is some gui which will edit file(s) in repo and add/remove keys + commit. – Jakov Sosic Nov 22 '14 at 19:39
0

Shortly after asking this question, i ended up resolving my issue by configuring a static ssh-key via Debian pressed late-command. By no means a definitive solution (as the ssh-keys are not dynamically generated), but for an local development infrastructure that is a work in progress, it will suffice. I would also consider the other answers posted to be equally valid solutions to consider if you arrive in this situation.

mamusr
  • 61
  • 1
  • 1
  • 6