Build a VMware virtual machine or template with HashiCorp's Packer. Enables IaaC by pulling hardware definitions from Ansible group / host vars. Comes packed with reasonable defaults.
- Packer, by HashiCorp
- VMware vSphere
- vsphere user with proper privileges
- RHEL ISO
- May work with CentOS or Rocky Linux, but untested
- RedHat Subscription highly encouraged
- Local user with firewall adjustment permissions
Mandatory variables are marked MANDATORY
convert_to_template: (boolean)- default: false
vm_boot_string: (string)- Default: empty
vm_ip:- default: 'dhcp'
packer_http_port: (string/tcp)- default: '8000-9000/tcp'
- Default value based on Packer defaults
vsphere_server: (string/hostname)- MANDATORY
vsphere_user: (string/username)- MANDATORY
vsphere_password: (string/plaintext password)- MANDATORY
vsphere_datacenter: (string)- default: empty
vm_cpu_num: (string/integer)- default: '1'
vm_mem_size: (string/integer)- RAM in MB
- default: '1536'
-
vm_name: (string)- MANDATORY
- Name of VM or template to create
- Can be either short, or FQDN
- Assumes
ansible_domainif short
-
vsphere_vm_folder: (string)- default: empty
-
vsphere_template_folder: (string)- default: empty
-
vsphere_folder: (string)- derived from:
vsphere_vm_foldervsphere_template_folderconvert_to_template
- derived from:
-
vsphere_cluster: (string)- MANDATORY
-
vsphere_datastore: (string)- MANDATORY
iso_url: (string/uri)- default: 'file:file://./rhel-8.iso'
iso_checksum: (string/checksum)- default: 'none'
- Highly recommended to set
vsphere_network: (string)- MANDATORY
vm_disk_size: (string/integer)- Primary disk size in MB
- default: '10000'
ssh_private_key: (string/pathname)- SSH private key, used for provisioning
- default: '~/.ssh/id_rsa'
rhsm_organization: (string)- default: empty
rhsm_activation_key: (string)- default: empty
rootpw: (string/encrypted password)- Password for root user of vm/template being built
- default: '!!'
ssh_public_key: (string/pathname)- See
ssh_public_key_value - SSH key used for provisioning
- default: '~/.ssh/id_rsa.pub'
- See
ssh_public_key_value: (string)- Added to
/root/.ssh/authorized_keysof vm/template being built - derived from
ssh_public_key
- Added to
playbook_file: (string/pathname)- relative to
files/playbooks - Ansible playbook used to provision the vm/template
- default: 'no-op.yml'
- relative to
force_build: (boolean)- default: false
This role does not rely upon the requested system to exist in the Ansible inventory. A wrapper playboook is required to make the temporary addition, and call the role.
---
- name: 'uclalib_role_packer.yml'
hosts: 'localhost'
gather_facts: false
connection: 'local'
tasks:
- name: 'Assert vm_name is set'
assert:
that: vm_name is defined
- name: 'Add host'
add_host:
name: '{{ vm_name }}'
- name: 'uclalib_role_packer.yml pt 2'
hosts: '{{ vm_name }}'
gather_facts: false
pre_tasks:
- name: 'Gathering Facts'
setup:
gather_subset: '!all'
connection: 'local'
roles:
- name: 'uclalib_role_packer'
connection: 'local'The ansible user needs to be able to manipulate the firewall. This role avoids
the use of become: to provide privilege escallation.
The following Policy Kit rule will allow the ansible user to modify the
firewall without requiring become: or invoking the role as root.
/etc/polkit-1/rules.d/10-ansible-firewalld.rules
/* Allow ansible user to manipulate firewalld */
polkit.addRule(function(action, subject) {
if (action.id == "org.fedoraproject.FirewallD1.config" &&
subject.user == "ansible") {
return polkit.Result.YES;
}
});John H. Robinson, IV
Powell Library, UCLA
jhriv@ucla.edu
Copyright 2023 Regents of the University of California