├── .gitignore ├── 10.x ├── .bundle │ └── config ├── CHANGELOG.md ├── Gemfile ├── Gemfile.lock ├── Makefile ├── configure-qemu-image.sh ├── http │ └── preseed.cfg ├── inspec-tests.rb ├── kitchen.yml ├── packer.pkr.hcl └── post-process.sh ├── 9.x ├── .bundle │ └── config ├── CHANGELOG.md ├── Gemfile ├── Gemfile.lock ├── Makefile ├── configure-qemu-image.sh ├── http │ └── preseed.cfg ├── inspec-tests.rb ├── kitchen.yml ├── packer.yaml ├── post-process.sh └── variables.yaml └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | *.json 2 | .gems/ 3 | .kitchen/ 4 | output/ 5 | packer_cache/ 6 | -------------------------------------------------------------------------------- /10.x/.bundle/config: -------------------------------------------------------------------------------- 1 | --- 2 | BUNDLE_PATH: ".gems" 3 | -------------------------------------------------------------------------------- /10.x/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Releases 2 | 3 | ## 10.0.rc2-2 4 | 5 | * Provide `haveged` by default, to have more entropy when a new VM starts. 6 | 7 | 8 | ## 10.0.rc2-1 9 | 10 | * Based of Debian Buster RC2 11 | * Fixes cloud-init warning at startup 12 | * Provide more tools (rsync + Python 3's distutils) 13 | 14 | 15 | ## 10.0.rc1-1 16 | 17 | * Based of Debian Buster RC1 18 | -------------------------------------------------------------------------------- /10.x/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'test-kitchen' 4 | gem 'kitchen-sync' 5 | gem 'kitchen-qemu' 6 | gem 'kitchen-inspec' 7 | -------------------------------------------------------------------------------- /10.x/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | activesupport (6.1.4) 5 | concurrent-ruby (~> 1.0, >= 1.0.2) 6 | i18n (>= 1.6, < 2) 7 | minitest (>= 5.1) 8 | tzinfo (~> 2.0) 9 | zeitwerk (~> 2.3) 10 | addressable (2.8.0) 11 | public_suffix (>= 2.0.2, < 5.0) 12 | aws-eventstream (1.1.1) 13 | aws-partitions (1.477.0) 14 | aws-sdk-apigateway (1.62.0) 15 | aws-sdk-core (~> 3, >= 3.112.0) 16 | aws-sigv4 (~> 1.1) 17 | aws-sdk-apigatewayv2 (1.32.0) 18 | aws-sdk-core (~> 3, >= 3.112.0) 19 | aws-sigv4 (~> 1.1) 20 | aws-sdk-applicationautoscaling (1.51.0) 21 | aws-sdk-core (~> 3, >= 3.112.0) 22 | aws-sigv4 (~> 1.1) 23 | aws-sdk-athena (1.37.0) 24 | aws-sdk-core (~> 3, >= 3.112.0) 25 | aws-sigv4 (~> 1.1) 26 | aws-sdk-autoscaling (1.61.0) 27 | aws-sdk-core (~> 3, >= 3.112.0) 28 | aws-sigv4 (~> 1.1) 29 | aws-sdk-batch (1.47.0) 30 | aws-sdk-core (~> 3, >= 3.112.0) 31 | aws-sigv4 (~> 1.1) 32 | aws-sdk-budgets (1.38.0) 33 | aws-sdk-core (~> 3, >= 3.112.0) 34 | aws-sigv4 (~> 1.1) 35 | aws-sdk-cloudformation (1.53.0) 36 | aws-sdk-core (~> 3, >= 3.112.0) 37 | aws-sigv4 (~> 1.1) 38 | aws-sdk-cloudfront (1.53.0) 39 | aws-sdk-core (~> 3, >= 3.112.0) 40 | aws-sigv4 (~> 1.1) 41 | aws-sdk-cloudhsm (1.30.0) 42 | aws-sdk-core (~> 3, >= 3.112.0) 43 | aws-sigv4 (~> 1.1) 44 | aws-sdk-cloudhsmv2 (1.33.0) 45 | aws-sdk-core (~> 3, >= 3.112.0) 46 | aws-sigv4 (~> 1.1) 47 | aws-sdk-cloudtrail (1.35.0) 48 | aws-sdk-core (~> 3, >= 3.112.0) 49 | aws-sigv4 (~> 1.1) 50 | aws-sdk-cloudwatch (1.51.0) 51 | aws-sdk-core (~> 3, >= 3.112.0) 52 | aws-sigv4 (~> 1.1) 53 | aws-sdk-cloudwatchevents (1.46.0) 54 | aws-sdk-core (~> 3, >= 3.112.0) 55 | aws-sigv4 (~> 1.1) 56 | aws-sdk-cloudwatchlogs (1.41.0) 57 | aws-sdk-core (~> 3, >= 3.112.0) 58 | aws-sigv4 (~> 1.1) 59 | aws-sdk-codecommit (1.42.0) 60 | aws-sdk-core (~> 3, >= 3.112.0) 61 | aws-sigv4 (~> 1.1) 62 | aws-sdk-codedeploy (1.40.0) 63 | aws-sdk-core (~> 3, >= 3.112.0) 64 | aws-sigv4 (~> 1.1) 65 | aws-sdk-codepipeline (1.44.0) 66 | aws-sdk-core (~> 3, >= 3.112.0) 67 | aws-sigv4 (~> 1.1) 68 | aws-sdk-cognitoidentity (1.31.0) 69 | aws-sdk-core (~> 3, >= 3.112.0) 70 | aws-sigv4 (~> 1.1) 71 | aws-sdk-cognitoidentityprovider (1.51.0) 72 | aws-sdk-core (~> 3, >= 3.112.0) 73 | aws-sigv4 (~> 1.1) 74 | aws-sdk-configservice (1.62.0) 75 | aws-sdk-core (~> 3, >= 3.112.0) 76 | aws-sigv4 (~> 1.1) 77 | aws-sdk-core (3.117.0) 78 | aws-eventstream (~> 1, >= 1.0.2) 79 | aws-partitions (~> 1, >= 1.239.0) 80 | aws-sigv4 (~> 1.1) 81 | jmespath (~> 1.0) 82 | aws-sdk-costandusagereportservice (1.31.0) 83 | aws-sdk-core (~> 3, >= 3.112.0) 84 | aws-sigv4 (~> 1.1) 85 | aws-sdk-databasemigrationservice (1.53.0) 86 | aws-sdk-core (~> 3, >= 3.112.0) 87 | aws-sigv4 (~> 1.1) 88 | aws-sdk-dynamodb (1.60.0) 89 | aws-sdk-core (~> 3, >= 3.112.0) 90 | aws-sigv4 (~> 1.1) 91 | aws-sdk-ec2 (1.248.0) 92 | aws-sdk-core (~> 3, >= 3.112.0) 93 | aws-sigv4 (~> 1.1) 94 | aws-sdk-ecr (1.42.0) 95 | aws-sdk-core (~> 3, >= 3.112.0) 96 | aws-sigv4 (~> 1.1) 97 | aws-sdk-ecrpublic (1.3.0) 98 | aws-sdk-core (~> 3, >= 3.112.0) 99 | aws-sigv4 (~> 1.1) 100 | aws-sdk-ecs (1.80.0) 101 | aws-sdk-core (~> 3, >= 3.112.0) 102 | aws-sigv4 (~> 1.1) 103 | aws-sdk-efs (1.40.0) 104 | aws-sdk-core (~> 3, >= 3.112.0) 105 | aws-sigv4 (~> 1.1) 106 | aws-sdk-eks (1.58.0) 107 | aws-sdk-core (~> 3, >= 3.112.0) 108 | aws-sigv4 (~> 1.1) 109 | aws-sdk-elasticache (1.57.0) 110 | aws-sdk-core (~> 3, >= 3.112.0) 111 | aws-sigv4 (~> 1.1) 112 | aws-sdk-elasticbeanstalk (1.42.0) 113 | aws-sdk-core (~> 3, >= 3.112.0) 114 | aws-sigv4 (~> 1.1) 115 | aws-sdk-elasticloadbalancing (1.31.0) 116 | aws-sdk-core (~> 3, >= 3.112.0) 117 | aws-sigv4 (~> 1.1) 118 | aws-sdk-elasticloadbalancingv2 (1.62.0) 119 | aws-sdk-core (~> 3, >= 3.112.0) 120 | aws-sigv4 (~> 1.1) 121 | aws-sdk-elasticsearchservice (1.52.0) 122 | aws-sdk-core (~> 3, >= 3.112.0) 123 | aws-sigv4 (~> 1.1) 124 | aws-sdk-eventbridge (1.24.0) 125 | aws-sdk-core (~> 3, >= 3.112.0) 126 | aws-sigv4 (~> 1.1) 127 | aws-sdk-firehose (1.37.0) 128 | aws-sdk-core (~> 3, >= 3.112.0) 129 | aws-sigv4 (~> 1.1) 130 | aws-sdk-glue (1.87.0) 131 | aws-sdk-core (~> 3, >= 3.112.0) 132 | aws-sigv4 (~> 1.1) 133 | aws-sdk-guardduty (1.45.0) 134 | aws-sdk-core (~> 3, >= 3.112.0) 135 | aws-sigv4 (~> 1.1) 136 | aws-sdk-iam (1.56.0) 137 | aws-sdk-core (~> 3, >= 3.112.0) 138 | aws-sigv4 (~> 1.1) 139 | aws-sdk-kafka (1.36.0) 140 | aws-sdk-core (~> 3, >= 3.112.0) 141 | aws-sigv4 (~> 1.1) 142 | aws-sdk-kinesis (1.32.0) 143 | aws-sdk-core (~> 3, >= 3.112.0) 144 | aws-sigv4 (~> 1.1) 145 | aws-sdk-kms (1.44.0) 146 | aws-sdk-core (~> 3, >= 3.112.0) 147 | aws-sigv4 (~> 1.1) 148 | aws-sdk-lambda (1.63.0) 149 | aws-sdk-core (~> 3, >= 3.112.0) 150 | aws-sigv4 (~> 1.1) 151 | aws-sdk-organizations (1.59.0) 152 | aws-sdk-core (~> 3, >= 3.112.0) 153 | aws-sigv4 (~> 1.1) 154 | aws-sdk-ram (1.25.0) 155 | aws-sdk-core (~> 3, >= 3.112.0) 156 | aws-sigv4 (~> 1.1) 157 | aws-sdk-rds (1.121.0) 158 | aws-sdk-core (~> 3, >= 3.112.0) 159 | aws-sigv4 (~> 1.1) 160 | aws-sdk-redshift (1.64.0) 161 | aws-sdk-core (~> 3, >= 3.112.0) 162 | aws-sigv4 (~> 1.1) 163 | aws-sdk-route53 (1.49.0) 164 | aws-sdk-core (~> 3, >= 3.112.0) 165 | aws-sigv4 (~> 1.1) 166 | aws-sdk-route53domains (1.30.0) 167 | aws-sdk-core (~> 3, >= 3.112.0) 168 | aws-sigv4 (~> 1.1) 169 | aws-sdk-route53resolver (1.26.0) 170 | aws-sdk-core (~> 3, >= 3.112.0) 171 | aws-sigv4 (~> 1.1) 172 | aws-sdk-s3 (1.96.1) 173 | aws-sdk-core (~> 3, >= 3.112.0) 174 | aws-sdk-kms (~> 1) 175 | aws-sigv4 (~> 1.1) 176 | aws-sdk-secretsmanager (1.46.0) 177 | aws-sdk-core (~> 3, >= 3.112.0) 178 | aws-sigv4 (~> 1.1) 179 | aws-sdk-securityhub (1.47.0) 180 | aws-sdk-core (~> 3, >= 3.112.0) 181 | aws-sigv4 (~> 1.1) 182 | aws-sdk-servicecatalog (1.59.0) 183 | aws-sdk-core (~> 3, >= 3.112.0) 184 | aws-sigv4 (~> 1.1) 185 | aws-sdk-ses (1.38.0) 186 | aws-sdk-core (~> 3, >= 3.112.0) 187 | aws-sigv4 (~> 1.1) 188 | aws-sdk-shield (1.37.0) 189 | aws-sdk-core (~> 3, >= 3.112.0) 190 | aws-sigv4 (~> 1.1) 191 | aws-sdk-sms (1.29.0) 192 | aws-sdk-core (~> 3, >= 3.112.0) 193 | aws-sigv4 (~> 1.1) 194 | aws-sdk-sns (1.42.0) 195 | aws-sdk-core (~> 3, >= 3.112.0) 196 | aws-sigv4 (~> 1.1) 197 | aws-sdk-sqs (1.40.0) 198 | aws-sdk-core (~> 3, >= 3.112.0) 199 | aws-sigv4 (~> 1.1) 200 | aws-sdk-ssm (1.111.0) 201 | aws-sdk-core (~> 3, >= 3.112.0) 202 | aws-sigv4 (~> 1.1) 203 | aws-sdk-states (1.39.0) 204 | aws-sdk-core (~> 3, >= 3.112.0) 205 | aws-sigv4 (~> 1.1) 206 | aws-sdk-transfer (1.32.0) 207 | aws-sdk-core (~> 3, >= 3.112.0) 208 | aws-sigv4 (~> 1.1) 209 | aws-sigv4 (1.2.4) 210 | aws-eventstream (~> 1, >= 1.0.2) 211 | azure_graph_rbac (0.17.2) 212 | ms_rest_azure (~> 0.12.0) 213 | azure_mgmt_key_vault (0.17.7) 214 | ms_rest_azure (~> 0.12.0) 215 | azure_mgmt_resources (0.18.2) 216 | ms_rest_azure (~> 0.12.0) 217 | azure_mgmt_security (0.19.0) 218 | ms_rest_azure (~> 0.12.0) 219 | azure_mgmt_storage (0.23.0) 220 | ms_rest_azure (~> 0.12.0) 221 | bcrypt_pbkdf (1.1.0) 222 | builder (3.2.4) 223 | chef-config (17.2.29) 224 | addressable 225 | chef-utils (= 17.2.29) 226 | fuzzyurl 227 | mixlib-config (>= 2.2.12, < 4.0) 228 | mixlib-shellout (>= 2.0, < 4.0) 229 | tomlrb (~> 1.2) 230 | chef-telemetry (1.0.29) 231 | chef-config 232 | concurrent-ruby (~> 1.0) 233 | chef-utils (17.2.29) 234 | concurrent-ruby 235 | coderay (1.1.3) 236 | concurrent-ruby (1.1.9) 237 | declarative (0.0.20) 238 | diff-lcs (1.4.4) 239 | docker-api (2.2.0) 240 | excon (>= 0.47.0) 241 | multi_json 242 | domain_name (0.5.20190701) 243 | unf (>= 0.0.5, < 1.0.0) 244 | ed25519 (1.2.4) 245 | erubi (1.10.0) 246 | excon (0.84.0) 247 | faraday (1.4.3) 248 | faraday-em_http (~> 1.0) 249 | faraday-em_synchrony (~> 1.0) 250 | faraday-excon (~> 1.1) 251 | faraday-net_http (~> 1.0) 252 | faraday-net_http_persistent (~> 1.1) 253 | multipart-post (>= 1.2, < 3) 254 | ruby2_keywords (>= 0.0.4) 255 | faraday-cookie_jar (0.0.7) 256 | faraday (>= 0.8.0) 257 | http-cookie (~> 1.0.0) 258 | faraday-em_http (1.0.0) 259 | faraday-em_synchrony (1.0.0) 260 | faraday-excon (1.1.0) 261 | faraday-net_http (1.0.1) 262 | faraday-net_http_persistent (1.2.0) 263 | faraday_middleware (1.0.0) 264 | faraday (~> 1.0) 265 | ffi (1.15.3) 266 | fuzzyurl (0.9.0) 267 | google-api-client (0.52.0) 268 | addressable (~> 2.5, >= 2.5.1) 269 | googleauth (~> 0.9) 270 | httpclient (>= 2.8.1, < 3.0) 271 | mini_mime (~> 1.0) 272 | representable (~> 3.0) 273 | retriable (>= 2.0, < 4.0) 274 | rexml 275 | signet (~> 0.12) 276 | googleauth (0.14.0) 277 | faraday (>= 0.17.3, < 2.0) 278 | jwt (>= 1.4, < 3.0) 279 | memoist (~> 0.16) 280 | multi_json (~> 1.11) 281 | os (>= 0.9, < 2.0) 282 | signet (~> 0.14) 283 | gssapi (1.3.1) 284 | ffi (>= 1.0.1) 285 | gyoku (1.3.1) 286 | builder (>= 2.1.2) 287 | hashie (4.1.0) 288 | http-cookie (1.0.4) 289 | domain_name (~> 0.5) 290 | httpclient (2.8.3) 291 | i18n (1.8.10) 292 | concurrent-ruby (~> 1.0) 293 | inifile (3.0.0) 294 | inspec (4.38.3) 295 | faraday_middleware (>= 0.12.2, < 1.1) 296 | inspec-core (= 4.38.3) 297 | train (~> 3.0) 298 | train-aws (~> 0.1) 299 | train-habitat (~> 0.1) 300 | train-winrm (~> 0.2) 301 | inspec-core (4.38.3) 302 | addressable (~> 2.4) 303 | chef-telemetry (~> 1.0, >= 1.0.8) 304 | faraday (>= 0.9.0, < 1.5) 305 | faraday_middleware (~> 1.0) 306 | hashie (>= 3.4, < 5.0) 307 | license-acceptance (>= 0.2.13, < 3.0) 308 | method_source (>= 0.8, < 2.0) 309 | mixlib-log (~> 3.0) 310 | multipart-post (~> 2.0) 311 | parallel (~> 1.9) 312 | parslet (>= 1.5, < 2.0) 313 | pry (~> 0.13) 314 | rspec (>= 3.9, < 3.11) 315 | rspec-its (~> 1.2) 316 | rubyzip (>= 1.2.2, < 3.0) 317 | semverse (~> 3.0) 318 | sslshake (~> 1.2) 319 | thor (>= 0.20, < 2.0) 320 | tomlrb (>= 1.2, < 2.1) 321 | train-core (~> 3.0) 322 | tty-prompt (~> 0.17) 323 | tty-table (~> 0.10) 324 | jmespath (1.6.1) 325 | json (2.5.1) 326 | jwt (2.2.3) 327 | kitchen-inspec (2.5.0) 328 | hashie (>= 3.4, <= 5.0) 329 | inspec (>= 2.2.64, < 5.0) 330 | test-kitchen (>= 2.7, < 4) 331 | kitchen-qemu (0.2.11) 332 | test-kitchen (>= 1.4) 333 | kitchen-sync (2.2.1) 334 | net-sftp 335 | test-kitchen (>= 1.0.0) 336 | license-acceptance (2.1.13) 337 | pastel (~> 0.7) 338 | tomlrb (>= 1.2, < 3.0) 339 | tty-box (~> 0.6) 340 | tty-prompt (~> 0.20) 341 | little-plugger (1.1.4) 342 | logging (2.3.0) 343 | little-plugger (~> 1.1) 344 | multi_json (~> 1.14) 345 | memoist (0.16.2) 346 | method_source (1.0.0) 347 | mini_mime (1.1.0) 348 | minitest (5.14.4) 349 | mixlib-config (3.0.9) 350 | tomlrb 351 | mixlib-install (3.12.11) 352 | mixlib-shellout 353 | mixlib-versioning 354 | thor 355 | mixlib-log (3.0.9) 356 | mixlib-shellout (3.2.5) 357 | chef-utils 358 | mixlib-versioning (1.2.12) 359 | ms_rest (0.7.6) 360 | concurrent-ruby (~> 1.0) 361 | faraday (>= 0.9, < 2.0.0) 362 | timeliness (~> 0.3.10) 363 | ms_rest_azure (0.12.0) 364 | concurrent-ruby (~> 1.0) 365 | faraday (>= 0.9, < 2.0.0) 366 | faraday-cookie_jar (~> 0.0.6) 367 | ms_rest (~> 0.7.6) 368 | multi_json (1.15.0) 369 | multipart-post (2.1.1) 370 | net-scp (3.0.0) 371 | net-ssh (>= 2.6.5, < 7.0.0) 372 | net-sftp (3.0.0) 373 | net-ssh (>= 5.0.0, < 7.0.0) 374 | net-ssh (6.1.0) 375 | net-ssh-gateway (2.0.0) 376 | net-ssh (>= 4.0.0) 377 | nori (2.6.0) 378 | os (1.1.1) 379 | parallel (1.20.1) 380 | parslet (1.8.2) 381 | pastel (0.8.0) 382 | tty-color (~> 0.5) 383 | pry (0.14.1) 384 | coderay (~> 1.1) 385 | method_source (~> 1.0) 386 | public_suffix (4.0.6) 387 | representable (3.1.1) 388 | declarative (< 0.1.0) 389 | trailblazer-option (>= 0.1.1, < 0.2.0) 390 | uber (< 0.2.0) 391 | retriable (3.1.2) 392 | rexml (3.2.5) 393 | rspec (3.10.0) 394 | rspec-core (~> 3.10.0) 395 | rspec-expectations (~> 3.10.0) 396 | rspec-mocks (~> 3.10.0) 397 | rspec-core (3.10.1) 398 | rspec-support (~> 3.10.0) 399 | rspec-expectations (3.10.1) 400 | diff-lcs (>= 1.2.0, < 2.0) 401 | rspec-support (~> 3.10.0) 402 | rspec-its (1.3.0) 403 | rspec-core (>= 3.0.0) 404 | rspec-expectations (>= 3.0.0) 405 | rspec-mocks (3.10.2) 406 | diff-lcs (>= 1.2.0, < 2.0) 407 | rspec-support (~> 3.10.0) 408 | rspec-support (3.10.2) 409 | ruby2_keywords (0.0.4) 410 | rubyntlm (0.6.3) 411 | rubyzip (2.3.2) 412 | semverse (3.0.0) 413 | signet (0.15.0) 414 | addressable (~> 2.3) 415 | faraday (>= 0.17.3, < 2.0) 416 | jwt (>= 1.5, < 3.0) 417 | multi_json (~> 1.10) 418 | sslshake (1.3.1) 419 | strings (0.2.1) 420 | strings-ansi (~> 0.2) 421 | unicode-display_width (>= 1.5, < 3.0) 422 | unicode_utils (~> 1.4) 423 | strings-ansi (0.2.0) 424 | test-kitchen (3.0.0) 425 | bcrypt_pbkdf (~> 1.0) 426 | chef-utils (>= 16.4.35) 427 | ed25519 (~> 1.2) 428 | license-acceptance (>= 1.0.11, < 3.0) 429 | mixlib-install (~> 3.6) 430 | mixlib-shellout (>= 1.2, < 4.0) 431 | net-scp (>= 1.1, < 4.0) 432 | net-ssh (>= 2.9, < 7.0) 433 | net-ssh-gateway (>= 1.2, < 3.0) 434 | thor (>= 0.19, < 2.0) 435 | winrm (~> 2.0) 436 | winrm-elevated (~> 1.0) 437 | winrm-fs (~> 1.1) 438 | thor (1.1.0) 439 | timeliness (0.3.10) 440 | tomlrb (1.3.0) 441 | trailblazer-option (0.1.1) 442 | train (3.7.4) 443 | activesupport (>= 6.0.3.1) 444 | azure_graph_rbac (~> 0.16) 445 | azure_mgmt_key_vault (~> 0.17) 446 | azure_mgmt_resources (~> 0.15) 447 | azure_mgmt_security (~> 0.18) 448 | azure_mgmt_storage (~> 0.18) 449 | docker-api (>= 1.26, < 3.0) 450 | google-api-client (>= 0.23.9, <= 0.52.0) 451 | googleauth (>= 0.6.6, <= 0.14.0) 452 | inifile (~> 3.0) 453 | train-core (= 3.7.4) 454 | train-winrm (~> 0.2) 455 | train-aws (0.2.8) 456 | aws-sdk-apigateway (~> 1.0) 457 | aws-sdk-apigatewayv2 (~> 1.0) 458 | aws-sdk-applicationautoscaling (>= 1.46, < 1.52) 459 | aws-sdk-athena (~> 1.0) 460 | aws-sdk-autoscaling (>= 1.22, < 1.62) 461 | aws-sdk-batch (>= 1.36, < 1.48) 462 | aws-sdk-budgets (~> 1.0) 463 | aws-sdk-cloudformation (~> 1.0) 464 | aws-sdk-cloudfront (~> 1.0) 465 | aws-sdk-cloudhsm (~> 1.0) 466 | aws-sdk-cloudhsmv2 (~> 1.0) 467 | aws-sdk-cloudtrail (~> 1.8) 468 | aws-sdk-cloudwatch (~> 1.13) 469 | aws-sdk-cloudwatchevents (>= 1.36, < 1.47) 470 | aws-sdk-cloudwatchlogs (~> 1.13) 471 | aws-sdk-codecommit (~> 1.0) 472 | aws-sdk-codedeploy (~> 1.0) 473 | aws-sdk-codepipeline (~> 1.0) 474 | aws-sdk-cognitoidentity (>= 1.26, < 1.32) 475 | aws-sdk-cognitoidentityprovider (>= 1.46, < 1.52) 476 | aws-sdk-configservice (~> 1.21) 477 | aws-sdk-core (~> 3.0) 478 | aws-sdk-costandusagereportservice (~> 1.6) 479 | aws-sdk-databasemigrationservice (>= 1.42, < 1.54) 480 | aws-sdk-dynamodb (~> 1.31) 481 | aws-sdk-ec2 (~> 1.70) 482 | aws-sdk-ecr (~> 1.18) 483 | aws-sdk-ecrpublic (~> 1.3) 484 | aws-sdk-ecs (~> 1.30) 485 | aws-sdk-efs (~> 1.0) 486 | aws-sdk-eks (~> 1.9) 487 | aws-sdk-elasticache (~> 1.0) 488 | aws-sdk-elasticbeanstalk (~> 1.0) 489 | aws-sdk-elasticloadbalancing (~> 1.8) 490 | aws-sdk-elasticloadbalancingv2 (~> 1.0) 491 | aws-sdk-elasticsearchservice (~> 1.0) 492 | aws-sdk-eventbridge (~> 1.24.0) 493 | aws-sdk-firehose (~> 1.0) 494 | aws-sdk-glue (>= 1.71, < 1.88) 495 | aws-sdk-guardduty (~> 1.31) 496 | aws-sdk-iam (~> 1.13) 497 | aws-sdk-kafka (~> 1.0) 498 | aws-sdk-kinesis (~> 1.0) 499 | aws-sdk-kms (~> 1.13) 500 | aws-sdk-lambda (~> 1.0) 501 | aws-sdk-organizations (>= 1.17, < 1.60) 502 | aws-sdk-ram (>= 1.21, < 1.26) 503 | aws-sdk-rds (~> 1.43) 504 | aws-sdk-redshift (~> 1.0) 505 | aws-sdk-route53 (~> 1.0) 506 | aws-sdk-route53domains (~> 1.0) 507 | aws-sdk-route53resolver (~> 1.0) 508 | aws-sdk-s3 (~> 1.30) 509 | aws-sdk-secretsmanager (>= 1.42, < 1.47) 510 | aws-sdk-securityhub (~> 1.0) 511 | aws-sdk-servicecatalog (>= 1.48, < 1.60) 512 | aws-sdk-ses (~> 1.0) 513 | aws-sdk-shield (~> 1.30) 514 | aws-sdk-sms (~> 1.0) 515 | aws-sdk-sns (~> 1.9) 516 | aws-sdk-sqs (~> 1.10) 517 | aws-sdk-ssm (~> 1.0) 518 | aws-sdk-states (>= 1.35, < 1.40) 519 | aws-sdk-transfer (>= 1.26, < 1.33) 520 | train-core (3.7.4) 521 | addressable (~> 2.5) 522 | ffi (!= 1.13.0) 523 | json (>= 1.8, < 3.0) 524 | mixlib-shellout (>= 2.0, < 4.0) 525 | net-scp (>= 1.2, < 4.0) 526 | net-ssh (>= 2.9, < 7.0) 527 | train-habitat (0.2.22) 528 | train-winrm (0.2.12) 529 | winrm (>= 2.3.6, < 3.0) 530 | winrm-elevated (~> 1.2.2) 531 | winrm-fs (~> 1.0) 532 | tty-box (0.7.0) 533 | pastel (~> 0.8) 534 | strings (~> 0.2.0) 535 | tty-cursor (~> 0.7) 536 | tty-color (0.6.0) 537 | tty-cursor (0.7.1) 538 | tty-prompt (0.23.1) 539 | pastel (~> 0.8) 540 | tty-reader (~> 0.8) 541 | tty-reader (0.9.0) 542 | tty-cursor (~> 0.7) 543 | tty-screen (~> 0.8) 544 | wisper (~> 2.0) 545 | tty-screen (0.8.1) 546 | tty-table (0.12.0) 547 | pastel (~> 0.8) 548 | strings (~> 0.2.0) 549 | tty-screen (~> 0.8) 550 | tzinfo (2.0.4) 551 | concurrent-ruby (~> 1.0) 552 | uber (0.1.0) 553 | unf (0.1.4) 554 | unf_ext 555 | unf_ext (0.0.7.7) 556 | unicode-display_width (2.0.0) 557 | unicode_utils (1.4.0) 558 | winrm (2.3.6) 559 | builder (>= 2.1.2) 560 | erubi (~> 1.8) 561 | gssapi (~> 1.2) 562 | gyoku (~> 1.0) 563 | httpclient (~> 2.2, >= 2.2.0.2) 564 | logging (>= 1.6.1, < 3.0) 565 | nori (~> 2.0) 566 | rubyntlm (~> 0.6.0, >= 0.6.3) 567 | winrm-elevated (1.2.3) 568 | erubi (~> 1.8) 569 | winrm (~> 2.0) 570 | winrm-fs (~> 1.0) 571 | winrm-fs (1.3.5) 572 | erubi (~> 1.8) 573 | logging (>= 1.6.1, < 3.0) 574 | rubyzip (~> 2.0) 575 | winrm (~> 2.0) 576 | wisper (2.0.1) 577 | zeitwerk (2.4.2) 578 | 579 | PLATFORMS 580 | ruby 581 | 582 | DEPENDENCIES 583 | kitchen-inspec 584 | kitchen-qemu 585 | kitchen-sync 586 | test-kitchen 587 | 588 | BUNDLED WITH 589 | 2.1.4 590 | -------------------------------------------------------------------------------- /10.x/Makefile: -------------------------------------------------------------------------------- 1 | PACKER_FILE = packer.pkr.hcl 2 | 3 | OUTPUT_DIR = output 4 | VERSION = $(shell git describe) 5 | OUTPUT_NAME = debian-$(VERSION).qcow2 6 | OUTPUT = $(OUTPUT_DIR)/$(OUTPUT_NAME) 7 | 8 | PACKER_FLAGS = -var output_dir="$(OUTPUT_DIR)" -var output_name="$(OUTPUT_NAME)" 9 | PACKER_BUILD_FLAGS = 10 | 11 | 12 | all: 13 | $(MAKE) $(OUTPUT) create converge verify destroy 14 | 15 | clean: 16 | rm -rf $(OUTPUT_DIR) 17 | 18 | really-clean: clean 19 | rm -rf packer_cache/ .kitchen/ .gems/ 20 | 21 | 22 | $(OUTPUT): $(PACKER_FILE) 23 | $(MAKE) build 24 | 25 | build: validate $(PACKER_FILE) 26 | packer build $(PACKER_FLAGS) $(PACKER_BUILD_FLAGS) $(PACKER_FILE) 27 | 28 | validate: $(PACKER_FILE) 29 | packer validate $(PACKER_FLAGS) $(PACKER_FILE) 30 | 31 | $(KITCHEN_DISK): $(KITCHEN_BASE_IMAGE) 32 | qemu-img create -f qcow2 -o backing_file=$< $@ 10G 33 | 34 | test create setup converge destroy verify list login: .gems 35 | OUTPUT=./$(OUTPUT) bundle exec kitchen $@ 36 | 37 | .gems: Gemfile 38 | bundle install --path $@ 39 | touch $@ # Be sure the target is newer than the source 40 | -------------------------------------------------------------------------------- /10.x/configure-qemu-image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | 5 | # This provisions an very basic Debian installation, fresh from a basic netinst 6 | # installation, into something that could be used like a "cloud image", similar 7 | # to bare Debian VM images found on public cloud providers. 8 | 9 | 10 | # Boot more quickly 11 | sed -i 's/^GRUB_TIMEOUT=.*/GRUB_TIMEOUT=1/' /etc/default/grub 12 | update-grub 13 | 14 | # Configure localepurge to remove unused locales. This makes the image smaller. 15 | echo "localepurge localepurge/use-dpkg-feature boolean true" | debconf-set-selections 16 | echo "localepurge localepurge/nopurge multiselect en, en_US.UTF-8, fr, fr_CH.UTF-8, fr_FR.UTF-8" | debconf-set-selections 17 | 18 | # Disable floppy support - it's (probably!) not needed and prevent spurious warnings from displaying. 19 | echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf 20 | rmmod floppy 21 | update-initramfs -u 22 | 23 | # Default packages installed, which makes the image slightly more than just a 24 | # fresh Debian install, and ready to be started as a "cloud image". 25 | # These tools are pretty important to have for QEMU, as it makes the image smarter. 26 | apt-get update 27 | apt-get install --no-install-recommends \ 28 | acpid \ 29 | cloud-guest-utils \ 30 | cloud-init \ 31 | lsb-release \ 32 | net-tools \ 33 | qemu-guest-agent \ 34 | --yes 35 | 36 | # These tools are just "nice to have". 37 | apt-get install --no-install-recommends \ 38 | curl \ 39 | less \ 40 | localepurge \ 41 | python3-distutils \ 42 | rsync \ 43 | vim \ 44 | --yes 45 | 46 | 47 | # Configure the main network interface as "auto". 48 | # This ensures the main network interface is up when the systemd 49 | # "networking.service" has completed. 50 | # This in turn allows subsequent services to rely on the ability to query the 51 | # network settings of that main interface. 52 | cat < /etc/network/interfaces 53 | # This file describes the network interfaces available on your system 54 | # and how to activate them. For more information, see interfaces(5). 55 | 56 | source /etc/network/interfaces.d/* 57 | 58 | # The loopback network interface 59 | auto lo 60 | iface lo inet loopback 61 | 62 | # The primary network interface 63 | auto ens3 64 | allow-hotplug ens3 65 | iface ens3 inet dhcp 66 | EOF 67 | 68 | 69 | # Reconfigure cloud-init 70 | # Don't "lock" the "debian" user password. It is configured directly by the 71 | # preseeding and all the rest depends on it. Cloud-init, with the default 72 | # configuration, overrides this user's settings and prevents from using it 73 | # without a SSH key (which needs to be passed by the "cloud" user-data, which 74 | # we may not always have.) 75 | cat < /etc/cloud/cloud.cfg.d/91-debian-user.cfg 76 | # System and/or distro specific settings 77 | # (not accessible to handlers/transforms) 78 | system_info: 79 | # This will affect which distro class gets used 80 | distro: debian 81 | # Default user name + that default users groups (if added/used) 82 | default_user: 83 | name: debian 84 | lock_passwd: false 85 | gecos: Debian 86 | groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video] 87 | sudo: ["ALL=(ALL) NOPASSWD:ALL"] 88 | shell: /bin/bash 89 | # Other config here will be given to the distro class and/or path classes 90 | paths: 91 | cloud_dir: /var/lib/cloud/ 92 | templates_dir: /etc/cloud/templates/ 93 | upstart_dir: /etc/init/ 94 | package_mirrors: 95 | - arches: [default] 96 | failsafe: 97 | primary: http://deb.debian.org/debian 98 | security: http://security.debian.org/ 99 | ssh_svcname: ssh 100 | EOF 101 | 102 | # Don't let cloud-init to take over the network configuration. 103 | # This prevents to have more fine-grained configuration and enable lot of 104 | # automagic configuration on interfaces that could (should!) be managed outside 105 | # of cloud-init. 106 | cat < /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg 107 | network: 108 | config: disabled 109 | EOF 110 | 111 | # Configure cloud-init to allow image instanciation-time customization. 112 | # The only cloud-init "datasources" that make sense for this image are: 113 | # 114 | # * "None": this is the last resort when nothing works. This prevents 115 | # cloud-init from exiting with an error because it didn't find any datasource 116 | # at all. This in turns allow to start the QEMU image with no 117 | # 118 | # * "NoCloud": this fetches the cloud-init data from a ISO disk mounted into 119 | # the new VM or from other non-network resources. See 120 | # https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html 121 | # for more information. 122 | cat < /etc/cloud/cloud.cfg.d/99-nocloud-datasource.cfg 123 | datasource_list: 124 | - NoCloud 125 | - None 126 | EOF 127 | 128 | # Disable warning about missing datasource. This type of image may run in a 129 | # very special environment where we want to control what's happening, without 130 | # having a specific datasource provided. 131 | cat < /etc/cloud/cloud.cfg.d/99-warnings.cfg 132 | #cloud-config 133 | warnings: 134 | dsid_missing_source: off 135 | EOF 136 | 137 | # Configure cloud-init to start once multi-user has been started. 138 | systemctl add-wants multi-user.target cloud-init.target 139 | 140 | # Prevent clearing the terminal when systemd invokes the initial getty 141 | # From: https://wiki.debian.org/systemd#Missing_startup_messages_on_console.28tty1.29_after_the_boot 142 | SYSTEMD_NO_CLEAR_FILE=/etc/systemd/system/getty@tty1.service.d/no-clear.conf 143 | mkdir --parents "$(dirname "$SYSTEMD_NO_CLEAR_FILE")" 144 | cat < "$SYSTEMD_NO_CLEAR_FILE" 145 | [Service] 146 | TTYVTDisallocate=no 147 | EOF 148 | systemctl daemon-reload 149 | 150 | 151 | # Configure the ACPI daemon to gently turn off the VM when the "power button" 152 | # is pressed. 153 | cp /usr/share/doc/acpid/examples/powerbtn /etc/acpi/events/powerbtn 154 | cp /usr/share/doc/acpid/examples/powerbtn.sh /etc/acpi/powerbtn.sh 155 | chmod +x /etc/acpi/powerbtn.sh 156 | systemctl enable acpid 157 | 158 | 159 | # The QEMU guest agent helps the host to run the VM more optimally. 160 | # See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/chap-qemu_guest_agent 161 | systemctl enable qemu-guest-agent 162 | 163 | # Remove all but the lastest kernel 164 | apt-get autoremove --yes --purge $(dpkg -l "linux-image*" | grep "^ii" | grep -v linux-image-amd64 | head -n -1 | cut -d " " -f 3) 165 | 166 | # Finally, cleanup all the things 167 | apt-get install --yes deborphan # Let's try to remove some more 168 | apt-get autoremove \ 169 | $(deborphan) \ 170 | deborphan \ 171 | dictionaries-common \ 172 | iamerican \ 173 | ibritish \ 174 | localepurge \ 175 | task-english \ 176 | tasksel \ 177 | tasksel-data \ 178 | --purge --yes 179 | 180 | # Remove downloaded .deb files 181 | apt-get clean 182 | 183 | # Remove instance-specific files: we want this image to be as "impersonal" as 184 | # possible. 185 | find \ 186 | /var/cache/apt \ 187 | /var/lib/apt \ 188 | /var/lib/dhcp \ 189 | /var/log \ 190 | -mindepth 1 -print -delete 191 | 192 | rm -vf \ 193 | /etc/network/interfaces.d/50-cloud-init.cfg \ 194 | /etc/adjtime \ 195 | /etc/hostname \ 196 | /etc/hosts \ 197 | /etc/ssh/*key* \ 198 | /var/cache/ldconfig/aux-cache \ 199 | /var/lib/systemd/random-seed \ 200 | ~/.bash_history \ 201 | ${SUDO_USER}/.bash_history 202 | 203 | 204 | # From https://www.freedesktop.org/software/systemd/man/machine-id.html: 205 | # For operating system images which are created once and used on multiple 206 | # machines, [...] /etc/machine-id should be an empty file in the generic file 207 | # system image. 208 | truncate -s 0 /etc/machine-id 209 | 210 | # Recreate some useful files. 211 | touch /var/log/lastlog 212 | chown root:utmp /var/log/lastlog 213 | chmod 664 /var/log/lastlog 214 | 215 | 216 | # Free all unused storage block. This makes the final image smaller. 217 | fstrim --all --verbose 218 | 219 | 220 | # Display some usage information 221 | df -h 222 | 223 | 224 | # Finally, remove this very script. 225 | rm -f $(readlink -f $0) 226 | -------------------------------------------------------------------------------- /10.x/http/preseed.cfg: -------------------------------------------------------------------------------- 1 | d-i partman/early_command \ 2 | string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" 3 | 4 | #### Contents of the preconfiguration file (for stretch) 5 | ### Localization 6 | # Preseeding only locale sets language, country and locale. 7 | d-i debian-installer/locale string en_US.UTF-8 8 | 9 | # The values can also be preseeded individually for greater flexibility. 10 | #d-i debian-installer/language string en 11 | #d-i debian-installer/country string NL 12 | #d-i debian-installer/locale string en_GB.UTF-8 13 | # Optionally specify additional locales to be generated. 14 | d-i localechooser/supported-locales multiselect en_US.UTF-8, fr_CH.UTF-8, fr_FR.UTF-8 15 | 16 | # Keyboard selection. 17 | d-i keyboard-configuration/xkb-keymap select us 18 | # d-i keyboard-configuration/toggle select No toggling 19 | 20 | ### Network configuration 21 | # Disable network configuration entirely. This is useful for cdrom 22 | # installations on non-networked devices where the network questions, 23 | # warning and long timeouts are a nuisance. 24 | #d-i netcfg/enable boolean false 25 | 26 | # netcfg will choose an interface that has link if possible. This makes it 27 | # skip displaying a list if there is more than one interface. 28 | d-i netcfg/choose_interface select auto 29 | 30 | # To pick a particular interface instead: 31 | #d-i netcfg/choose_interface select eth1 32 | 33 | # To set a different link detection timeout (default is 3 seconds). 34 | # Values are interpreted as seconds. 35 | #d-i netcfg/link_wait_timeout string 10 36 | 37 | # If you have a slow dhcp server and the installer times out waiting for 38 | # it, this might be useful. 39 | #d-i netcfg/dhcp_timeout string 60 40 | #d-i netcfg/dhcpv6_timeout string 60 41 | 42 | # If you prefer to configure the network manually, uncomment this line and 43 | # the static network configuration below. 44 | #d-i netcfg/disable_autoconfig boolean true 45 | 46 | # If you want the preconfiguration file to work on systems both with and 47 | # without a dhcp server, uncomment these lines and the static network 48 | # configuration below. 49 | #d-i netcfg/dhcp_failed note 50 | #d-i netcfg/dhcp_options select Configure network manually 51 | 52 | # Static network configuration. 53 | # 54 | # IPv4 example 55 | #d-i netcfg/get_ipaddress string 192.168.1.42 56 | #d-i netcfg/get_netmask string 255.255.255.0 57 | #d-i netcfg/get_gateway string 192.168.1.1 58 | #d-i netcfg/get_nameservers string 192.168.1.1 59 | #d-i netcfg/confirm_static boolean true 60 | # 61 | # IPv6 example 62 | #d-i netcfg/get_ipaddress string fc00::2 63 | #d-i netcfg/get_netmask string ffff:ffff:ffff:ffff:: 64 | #d-i netcfg/get_gateway string fc00::1 65 | #d-i netcfg/get_nameservers string fc00::1 66 | #d-i netcfg/confirm_static boolean true 67 | 68 | # Any hostname and domain names assigned from dhcp take precedence over 69 | # values set here. However, setting the values still prevents the questions 70 | # from being shown, even if values come from dhcp. 71 | d-i netcfg/get_hostname string packer 72 | d-i netcfg/get_domain string test 73 | 74 | # If you want to force a hostname, regardless of what either the DHCP 75 | # server returns or what the reverse DNS entry for the IP is, uncomment 76 | # and adjust the following line. 77 | #d-i netcfg/hostname string somehost 78 | 79 | # Disable that annoying WEP key dialog. 80 | d-i netcfg/wireless_wep string 81 | # The wacky dhcp hostname that some ISPs use as a password of sorts. 82 | #d-i netcfg/dhcp_hostname string radish 83 | 84 | # If non-free firmware is needed for the network or other hardware, you can 85 | # configure the installer to always try to load it, without prompting. Or 86 | # change to false to disable asking. 87 | #d-i hw-detect/load_firmware boolean true 88 | 89 | ### Network console 90 | # Use the following settings if you wish to make use of the network-console 91 | # component for remote installation over SSH. This only makes sense if you 92 | # intend to perform the remainder of the installation manually. 93 | #d-i anna/choose_modules string network-console 94 | #d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key 95 | #d-i network-console/password password r00tme 96 | #d-i network-console/password-again password r00tme 97 | 98 | ### Mirror settings 99 | # If you select ftp, the mirror/country string does not need to be set. 100 | #d-i mirror/protocol string https 101 | d-i mirror/country string manual 102 | d-i mirror/http/hostname string deb.debian.org 103 | d-i mirror/http/directory string /debian 104 | d-i mirror/http/proxy string 105 | 106 | # Suite to install. 107 | #d-i mirror/suite string testing 108 | # Suite to use for loading installer components (optional). 109 | #d-i mirror/udeb/suite string testing 110 | 111 | ### Account setup 112 | # Skip creation of a root account (normal user account will be able to 113 | # use sudo). 114 | #d-i passwd/root-login boolean false 115 | # Alternatively, to skip creation of a normal user account. 116 | #d-i passwd/make-user boolean false 117 | 118 | # Root password, either in clear text 119 | d-i passwd/root-password password root 120 | d-i passwd/root-password-again password root 121 | # or encrypted using a crypt(3) hash. 122 | #d-i passwd/root-password-crypted password [crypt(3) hash] 123 | 124 | # To create a normal user account. 125 | d-i passwd/user-fullname string debian 126 | d-i passwd/username string debian 127 | # Normal user's password, either in clear text 128 | d-i passwd/user-password password debian 129 | d-i passwd/user-password-again password debian 130 | # or encrypted using a crypt(3) hash. 131 | #d-i passwd/user-password-crypted password [crypt(3) hash] 132 | # Create the first user with the specified UID instead of the default. 133 | #d-i passwd/user-uid string 1010 134 | 135 | # The user account will be added to some standard initial groups. To 136 | # override that, use this. 137 | #d-i passwd/user-default-groups string audio cdrom video 138 | 139 | ### Clock and time zone setup 140 | # Controls whether or not the hardware clock is set to UTC. 141 | d-i clock-setup/utc boolean true 142 | 143 | # You may set this to any valid setting for $TZ; see the contents of 144 | # /usr/share/zoneinfo/ for valid values. 145 | d-i time/zone string Europe/Zurich 146 | 147 | # Controls whether to use NTP to set the clock during the install 148 | d-i clock-setup/ntp boolean true 149 | # NTP server to use. The default is almost always fine here. 150 | #d-i clock-setup/ntp-server string ntp.example.com 151 | 152 | ### Partitioning 153 | ## Partitioning example 154 | # If the system has free space you can choose to only partition that space. 155 | # This is only honoured if partman-auto/method (below) is not set. 156 | #d-i partman-auto/init_automatically_partition select biggest_free 157 | 158 | # Alternatively, you may specify a disk to partition. If the system has only 159 | # one disk the installer will default to using that, but otherwise the device 160 | # name must be given in traditional, non-devfs format (so e.g. /dev/sda 161 | # and not e.g. /dev/discs/disc0/disc). 162 | # For example, to use the first SCSI/SATA hard disk: 163 | #d-i partman-auto/disk string /dev/sda 164 | # In addition, you'll need to specify the method to use. 165 | # The presently available methods are: 166 | # - regular: use the usual partition types for your architecture 167 | # - lvm: use LVM to partition the disk 168 | # - crypto: use LVM within an encrypted partition 169 | d-i partman-auto/method string regular 170 | 171 | d-i partman-auto/choose_recipe select single-root-no-swap 172 | 173 | # Or provide a recipe of your own... 174 | # If you have a way to get a recipe file into the d-i environment, you can 175 | # just point at it. 176 | #d-i partman-auto/expert_recipe_file string /hd-media/recipe 177 | d-i partman-auto/expert_recipe string \ 178 | single-root-no-swap :: \ 179 | 1000 50 -1 ext4 \ 180 | filesystem{ ext4 } \ 181 | method{ format } format{ } \ 182 | use_filesystem{ } \ 183 | mountpoint{ / } \ 184 | . 185 | 186 | # If not, you can put an entire recipe into the preconfiguration file in one 187 | # (logical) line. This example creates a small /boot partition, suitable 188 | # swap, and uses the rest of the space for the root partition: 189 | #d-i partman-auto/expert_recipe string \ 190 | # boot-root :: \ 191 | # 40 50 100 ext3 \ 192 | # $primary{ } $bootable{ } \ 193 | # method{ format } format{ } \ 194 | # use_filesystem{ } filesystem{ ext3 } \ 195 | # mountpoint{ /boot } \ 196 | # . \ 197 | # 500 10000 1000000000 ext3 \ 198 | # method{ format } format{ } \ 199 | # use_filesystem{ } filesystem{ ext3 } \ 200 | # mountpoint{ / } \ 201 | # . \ 202 | # 64 512 300% linux-swap \ 203 | # method{ swap } format{ } \ 204 | # . 205 | 206 | 207 | #d-i partman-auto/init_automatically_partition \ 208 | # select Guided - use entire disk and set up LVM 209 | 210 | d-i partman-partitioning/confirm_write_new_label boolean true 211 | d-i partman/choose_partition select finish 212 | d-i partman/confirm boolean true 213 | d-i partman/confirm_nooverwrite boolean true 214 | 215 | # No swap 216 | d-i partman-basicfilesystems/no_swap boolean false 217 | 218 | 219 | ## Controlling how partitions are mounted 220 | # The default is to mount by UUID, but you can also choose "traditional" to 221 | # use traditional device names, or "label" to try filesystem labels before 222 | # falling back to UUIDs. 223 | #d-i partman/mount_style select uuid 224 | d-i partman/mount_style select traditional 225 | 226 | ### Base system installation 227 | # Configure APT to not install recommended packages by default. Use of this 228 | # option can result in an incomplete system and should only be used by very 229 | # experienced users. 230 | #d-i base-installer/install-recommends boolean false 231 | d-i base-installer/install-recommends boolean false 232 | 233 | # The kernel image (meta) package to be installed; "none" can be used if no 234 | # kernel is to be installed. 235 | #d-i base-installer/kernel/image string linux-image-686 236 | 237 | ### Apt setup 238 | # You can choose to install non-free and contrib software. 239 | #d-i apt-setup/non-free boolean true 240 | #d-i apt-setup/contrib boolean true 241 | # Uncomment this if you don't want to use a network mirror. 242 | #d-i apt-setup/use_mirror boolean false 243 | # Select which update services to use; define the mirrors to be used. 244 | # Values shown below are the normal defaults. 245 | #d-i apt-setup/services-select multiselect security, updates 246 | #d-i apt-setup/security_host string security.debian.org 247 | 248 | # Additional repositories, local[0-9] available 249 | #d-i apt-setup/local0/repository string \ 250 | # http://local.server/debian stable main 251 | #d-i apt-setup/local0/comment string local server 252 | # Enable deb-src lines 253 | #d-i apt-setup/local0/source boolean true 254 | 255 | # Don't ask for more CDROM 256 | apt-cdrom-setup apt-setup/disable-cdrom-entries boolean true 257 | apt-cdrom-setup apt-setup/cdrom/set-first boolean false 258 | 259 | # URL to the public key of the local repository; you must provide a key or 260 | # apt will complain about the unauthenticated repository and so the 261 | # sources.list line will be left commented out 262 | #d-i apt-setup/local0/key string http://local.server/key 263 | 264 | # By default the installer requires that repositories be authenticated 265 | # using a known gpg key. This setting can be used to disable that 266 | # authentication. Warning: Insecure, not recommended. 267 | #d-i debian-installer/allow_unauthenticated boolean true 268 | 269 | # Uncomment this to add multiarch configuration for i386 270 | #d-i apt-setup/multiarch string i386 271 | 272 | 273 | ### Package selection 274 | #tasksel tasksel/first multiselect standard, web-server, kde-desktop 275 | tasksel tasksel/first multiselect SSH server 276 | 277 | # Individual additional packages to install 278 | # We need at least these to continue the preseeding later on. 279 | # Provide also haveged so we (hopefully) have more entropy when our VM starts 280 | # for the first time. 281 | d-i pkgsel/include string haveged openssh-server sudo 282 | 283 | # Whether to upgrade packages after debootstrap. 284 | # Allowed values: none, safe-upgrade, full-upgrade 285 | #d-i pkgsel/upgrade select none 286 | d-i pkgsel/upgrade select full-upgrade 287 | 288 | # Some versions of the installer can report back on what software you have 289 | # installed, and what software you use. The default is not to report back, 290 | # but sending reports helps the project determine what software is most 291 | # popular and include it on CDs. 292 | #popularity-contest popularity-contest/participate boolean false 293 | popularity-contest popularity-contest/participate boolean false 294 | 295 | ### Boot loader installation 296 | # Grub is the default boot loader (for x86). If you want lilo installed 297 | # instead, uncomment this: 298 | #d-i grub-installer/skip boolean true 299 | # To also skip installing lilo, and install no bootloader, uncomment this 300 | # too: 301 | #d-i lilo-installer/skip boolean true 302 | 303 | 304 | # This is fairly safe to set, it makes grub install automatically to the MBR 305 | # if no other operating system is detected on the machine. 306 | d-i grub-installer/only_debian boolean true 307 | 308 | # This one makes grub-installer install to the MBR if it also finds some other 309 | # OS, which is less safe as it might not be able to boot that other OS. 310 | d-i grub-installer/with_other_os boolean true 311 | 312 | # Due notably to potential USB sticks, the location of the MBR can not be 313 | # determined safely in general, so this needs to be specified: 314 | #d-i grub-installer/bootdev string /dev/sda 315 | # To install to the first device (assuming it is not a USB stick): 316 | #d-i grub-installer/bootdev string default 317 | d-i grub-installer/bootdev string default 318 | 319 | # Alternatively, if you want to install to a location other than the mbr, 320 | # uncomment and edit these lines: 321 | #d-i grub-installer/only_debian boolean false 322 | #d-i grub-installer/with_other_os boolean false 323 | #d-i grub-installer/bootdev string (hd0,1) 324 | # To install grub to multiple disks: 325 | #d-i grub-installer/bootdev string (hd0,1) (hd1,1) (hd2,1) 326 | 327 | # Optional password for grub, either in clear text 328 | #d-i grub-installer/password password r00tme 329 | #d-i grub-installer/password-again password r00tme 330 | # or encrypted using an MD5 hash, see grub-md5-crypt(8). 331 | #d-i grub-installer/password-crypted password [MD5 hash] 332 | 333 | # Use the following option to add additional boot parameters for the 334 | # installed system (if supported by the bootloader installer). 335 | # Note: options passed to the installer will be added automatically. 336 | #d-i debian-installer/add-kernel-opts string nousb 337 | 338 | ### Finishing up the installation 339 | # During installations from serial console, the regular virtual consoles 340 | # (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next 341 | # line to prevent this. 342 | #d-i finish-install/keep-consoles boolean true 343 | 344 | # Avoid that last message about the install being complete. 345 | d-i finish-install/reboot_in_progress note 346 | 347 | # This will prevent the installer from ejecting the CD during the reboot, 348 | # which is useful in some situations. 349 | #d-i cdrom-detect/eject boolean false 350 | 351 | # This is how to make the installer shutdown when finished, but not 352 | # reboot into the installed system. 353 | #d-i debian-installer/exit/halt boolean true 354 | # This will power off the machine instead of just halting it. 355 | #d-i debian-installer/exit/poweroff boolean true 356 | 357 | ### Preseeding other packages 358 | # Depending on what software you choose to install, or if things go wrong 359 | # during the installation process, it's possible that other questions may 360 | # be asked. You can preseed those too, of course. To get a list of every 361 | # possible question that could be asked during an install, do an 362 | # installation, and then run these commands: 363 | # debconf-get-selections --installer > file 364 | # debconf-get-selections >> file 365 | 366 | 367 | #### Advanced options 368 | ### Running custom commands during the installation 369 | # d-i preseeding is inherently not secure. Nothing in the installer checks 370 | # for attempts at buffer overflows or other exploits of the values of a 371 | # preconfiguration file like this one. Only use preconfiguration files from 372 | # trusted locations! To drive that home, and because it's generally useful, 373 | # here's a way to run any shell command you'd like inside the installer, 374 | # automatically. 375 | 376 | # This first command is run as early as possible, just after 377 | # preseeding is read. 378 | #d-i preseed/early_command string anna-install some-udeb 379 | # This command is run immediately before the partitioner starts. It may be 380 | # useful to apply dynamic partitioner preseeding that depends on the state 381 | # of the disks (which may not be visible when preseed/early_command runs). 382 | #d-i partman/early_command \ 383 | # string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" 384 | # This command is run just before the install finishes, but when there is 385 | # still a usable /target directory. You can chroot to /target and use it 386 | # directly, or use the apt-install and in-target commands to easily install 387 | # packages and run commands in the target system. 388 | #d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh 389 | 390 | d-i preseed/late_command string echo 'debian ALL = (root) NOPASSWD: ALL' > /target/etc/sudoers.d/debian 391 | -------------------------------------------------------------------------------- /10.x/inspec-tests.rb: -------------------------------------------------------------------------------- 1 | control 'final-image' do 2 | title 'Ensure the Debian QEMU image is correctly configured' 3 | 4 | describe sys_info do 5 | its('hostname') { should eq 'kitchen-ci' } 6 | end 7 | 8 | describe file('/var/lib/cloud/instance/datasource') do 9 | its('content') { should match 'DataSourceNone' } 10 | end 11 | 12 | describe command('systemctl status') do 13 | its('stdout') { should match 'State: running' } 14 | end 15 | 16 | describe command('systemctl status networking.service') do 17 | its('stdout') { should match 'ifup: waiting for lock' } 18 | end 19 | end 20 | -------------------------------------------------------------------------------- /10.x/kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: qemu 4 | 5 | verifier: 6 | name: inspec 7 | 8 | provisioner: 9 | name: shell 10 | command: hostname 11 | 12 | lifecycle: 13 | pre_verify: 14 | - local: echo "Waiting for instance to complete startup..." 15 | - local: sleep 2 16 | 17 | platforms: 18 | - name: test 19 | driver: 20 | image: 21 | - file: <%= ENV['OUTPUT'] || './output/debian.qcow2' %> 22 | hostname: kitchen-ci.test 23 | username: debian 24 | password: debian 25 | 26 | suites: 27 | - name: default 28 | verifier: 29 | inspec_tests: 30 | - inspec-tests.rb 31 | 32 | # vim:ft=eruby 33 | -------------------------------------------------------------------------------- /10.x/packer.pkr.hcl: -------------------------------------------------------------------------------- 1 | variable "output_dir" { 2 | type = string 3 | default = "output" 4 | } 5 | 6 | variable "output_name" { 7 | type = string 8 | default = "debian.qcow2" 9 | } 10 | 11 | variable "source_checksum_url" { 12 | type = string 13 | default = "file:https://cdimage.debian.org/cdimage/release/10.10.0/amd64/iso-cd/SHA256SUMS" 14 | } 15 | 16 | variable "source_iso" { 17 | description = <", # non-graphical install 115 | "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ", 116 | "language=en locale=en_US.UTF-8 ", 117 | "country=CH keymap=fr ", 118 | "hostname=packer domain=test ", # Should be overriden after DHCP, if available 119 | "", 120 | ] 121 | } 122 | -------------------------------------------------------------------------------- /10.x/post-process.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | 5 | set -x 6 | 7 | IMAGE_PATH=$1 8 | 9 | cd $(dirname $IMAGE_PATH) 10 | sha256sum $(basename $IMAGE_PATH) > SHA256SUMS 11 | -------------------------------------------------------------------------------- /9.x/.bundle/config: -------------------------------------------------------------------------------- 1 | --- 2 | BUNDLE_PATH: ".gems" 3 | -------------------------------------------------------------------------------- /9.x/CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Releases 2 | 3 | ## 9.7.0-1 4 | 5 | * Follow new Debian release 9.7.0 6 | 7 | ## 9.6.0-3 8 | 9 | * Fix the reinitialisation of /etc/machine-id. 10 | The file must be there but empty. 11 | 12 | ## 9.6.0-2 13 | 14 | * Add the `cloud-guest-utils` in the image. 15 | This allows the cloud-init `growpart` module to be used by default. 16 | 17 | ## 9.6.0-1 18 | 19 | * Initial release using Debian 9.6.0 20 | -------------------------------------------------------------------------------- /9.x/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | 3 | gem 'test-kitchen' 4 | gem 'kitchen-sync' 5 | gem 'kitchen-qemu' 6 | gem 'kitchen-inspec' 7 | -------------------------------------------------------------------------------- /9.x/Gemfile.lock: -------------------------------------------------------------------------------- 1 | GEM 2 | remote: https://rubygems.org/ 3 | specs: 4 | activesupport (6.1.4) 5 | concurrent-ruby (~> 1.0, >= 1.0.2) 6 | i18n (>= 1.6, < 2) 7 | minitest (>= 5.1) 8 | tzinfo (~> 2.0) 9 | zeitwerk (~> 2.3) 10 | addressable (2.8.0) 11 | public_suffix (>= 2.0.2, < 5.0) 12 | aws-eventstream (1.1.1) 13 | aws-partitions (1.477.0) 14 | aws-sdk-apigateway (1.62.0) 15 | aws-sdk-core (~> 3, >= 3.112.0) 16 | aws-sigv4 (~> 1.1) 17 | aws-sdk-apigatewayv2 (1.32.0) 18 | aws-sdk-core (~> 3, >= 3.112.0) 19 | aws-sigv4 (~> 1.1) 20 | aws-sdk-applicationautoscaling (1.51.0) 21 | aws-sdk-core (~> 3, >= 3.112.0) 22 | aws-sigv4 (~> 1.1) 23 | aws-sdk-athena (1.37.0) 24 | aws-sdk-core (~> 3, >= 3.112.0) 25 | aws-sigv4 (~> 1.1) 26 | aws-sdk-autoscaling (1.61.0) 27 | aws-sdk-core (~> 3, >= 3.112.0) 28 | aws-sigv4 (~> 1.1) 29 | aws-sdk-batch (1.47.0) 30 | aws-sdk-core (~> 3, >= 3.112.0) 31 | aws-sigv4 (~> 1.1) 32 | aws-sdk-budgets (1.38.0) 33 | aws-sdk-core (~> 3, >= 3.112.0) 34 | aws-sigv4 (~> 1.1) 35 | aws-sdk-cloudformation (1.53.0) 36 | aws-sdk-core (~> 3, >= 3.112.0) 37 | aws-sigv4 (~> 1.1) 38 | aws-sdk-cloudfront (1.53.0) 39 | aws-sdk-core (~> 3, >= 3.112.0) 40 | aws-sigv4 (~> 1.1) 41 | aws-sdk-cloudhsm (1.30.0) 42 | aws-sdk-core (~> 3, >= 3.112.0) 43 | aws-sigv4 (~> 1.1) 44 | aws-sdk-cloudhsmv2 (1.33.0) 45 | aws-sdk-core (~> 3, >= 3.112.0) 46 | aws-sigv4 (~> 1.1) 47 | aws-sdk-cloudtrail (1.35.0) 48 | aws-sdk-core (~> 3, >= 3.112.0) 49 | aws-sigv4 (~> 1.1) 50 | aws-sdk-cloudwatch (1.51.0) 51 | aws-sdk-core (~> 3, >= 3.112.0) 52 | aws-sigv4 (~> 1.1) 53 | aws-sdk-cloudwatchevents (1.46.0) 54 | aws-sdk-core (~> 3, >= 3.112.0) 55 | aws-sigv4 (~> 1.1) 56 | aws-sdk-cloudwatchlogs (1.41.0) 57 | aws-sdk-core (~> 3, >= 3.112.0) 58 | aws-sigv4 (~> 1.1) 59 | aws-sdk-codecommit (1.42.0) 60 | aws-sdk-core (~> 3, >= 3.112.0) 61 | aws-sigv4 (~> 1.1) 62 | aws-sdk-codedeploy (1.40.0) 63 | aws-sdk-core (~> 3, >= 3.112.0) 64 | aws-sigv4 (~> 1.1) 65 | aws-sdk-codepipeline (1.44.0) 66 | aws-sdk-core (~> 3, >= 3.112.0) 67 | aws-sigv4 (~> 1.1) 68 | aws-sdk-cognitoidentity (1.31.0) 69 | aws-sdk-core (~> 3, >= 3.112.0) 70 | aws-sigv4 (~> 1.1) 71 | aws-sdk-cognitoidentityprovider (1.51.0) 72 | aws-sdk-core (~> 3, >= 3.112.0) 73 | aws-sigv4 (~> 1.1) 74 | aws-sdk-configservice (1.62.0) 75 | aws-sdk-core (~> 3, >= 3.112.0) 76 | aws-sigv4 (~> 1.1) 77 | aws-sdk-core (3.117.0) 78 | aws-eventstream (~> 1, >= 1.0.2) 79 | aws-partitions (~> 1, >= 1.239.0) 80 | aws-sigv4 (~> 1.1) 81 | jmespath (~> 1.0) 82 | aws-sdk-costandusagereportservice (1.31.0) 83 | aws-sdk-core (~> 3, >= 3.112.0) 84 | aws-sigv4 (~> 1.1) 85 | aws-sdk-databasemigrationservice (1.53.0) 86 | aws-sdk-core (~> 3, >= 3.112.0) 87 | aws-sigv4 (~> 1.1) 88 | aws-sdk-dynamodb (1.60.0) 89 | aws-sdk-core (~> 3, >= 3.112.0) 90 | aws-sigv4 (~> 1.1) 91 | aws-sdk-ec2 (1.248.0) 92 | aws-sdk-core (~> 3, >= 3.112.0) 93 | aws-sigv4 (~> 1.1) 94 | aws-sdk-ecr (1.42.0) 95 | aws-sdk-core (~> 3, >= 3.112.0) 96 | aws-sigv4 (~> 1.1) 97 | aws-sdk-ecrpublic (1.3.0) 98 | aws-sdk-core (~> 3, >= 3.112.0) 99 | aws-sigv4 (~> 1.1) 100 | aws-sdk-ecs (1.80.0) 101 | aws-sdk-core (~> 3, >= 3.112.0) 102 | aws-sigv4 (~> 1.1) 103 | aws-sdk-efs (1.40.0) 104 | aws-sdk-core (~> 3, >= 3.112.0) 105 | aws-sigv4 (~> 1.1) 106 | aws-sdk-eks (1.58.0) 107 | aws-sdk-core (~> 3, >= 3.112.0) 108 | aws-sigv4 (~> 1.1) 109 | aws-sdk-elasticache (1.57.0) 110 | aws-sdk-core (~> 3, >= 3.112.0) 111 | aws-sigv4 (~> 1.1) 112 | aws-sdk-elasticbeanstalk (1.42.0) 113 | aws-sdk-core (~> 3, >= 3.112.0) 114 | aws-sigv4 (~> 1.1) 115 | aws-sdk-elasticloadbalancing (1.31.0) 116 | aws-sdk-core (~> 3, >= 3.112.0) 117 | aws-sigv4 (~> 1.1) 118 | aws-sdk-elasticloadbalancingv2 (1.62.0) 119 | aws-sdk-core (~> 3, >= 3.112.0) 120 | aws-sigv4 (~> 1.1) 121 | aws-sdk-elasticsearchservice (1.52.0) 122 | aws-sdk-core (~> 3, >= 3.112.0) 123 | aws-sigv4 (~> 1.1) 124 | aws-sdk-eventbridge (1.24.0) 125 | aws-sdk-core (~> 3, >= 3.112.0) 126 | aws-sigv4 (~> 1.1) 127 | aws-sdk-firehose (1.37.0) 128 | aws-sdk-core (~> 3, >= 3.112.0) 129 | aws-sigv4 (~> 1.1) 130 | aws-sdk-glue (1.87.0) 131 | aws-sdk-core (~> 3, >= 3.112.0) 132 | aws-sigv4 (~> 1.1) 133 | aws-sdk-guardduty (1.45.0) 134 | aws-sdk-core (~> 3, >= 3.112.0) 135 | aws-sigv4 (~> 1.1) 136 | aws-sdk-iam (1.56.0) 137 | aws-sdk-core (~> 3, >= 3.112.0) 138 | aws-sigv4 (~> 1.1) 139 | aws-sdk-kafka (1.36.0) 140 | aws-sdk-core (~> 3, >= 3.112.0) 141 | aws-sigv4 (~> 1.1) 142 | aws-sdk-kinesis (1.32.0) 143 | aws-sdk-core (~> 3, >= 3.112.0) 144 | aws-sigv4 (~> 1.1) 145 | aws-sdk-kms (1.44.0) 146 | aws-sdk-core (~> 3, >= 3.112.0) 147 | aws-sigv4 (~> 1.1) 148 | aws-sdk-lambda (1.63.0) 149 | aws-sdk-core (~> 3, >= 3.112.0) 150 | aws-sigv4 (~> 1.1) 151 | aws-sdk-organizations (1.59.0) 152 | aws-sdk-core (~> 3, >= 3.112.0) 153 | aws-sigv4 (~> 1.1) 154 | aws-sdk-ram (1.25.0) 155 | aws-sdk-core (~> 3, >= 3.112.0) 156 | aws-sigv4 (~> 1.1) 157 | aws-sdk-rds (1.121.0) 158 | aws-sdk-core (~> 3, >= 3.112.0) 159 | aws-sigv4 (~> 1.1) 160 | aws-sdk-redshift (1.64.0) 161 | aws-sdk-core (~> 3, >= 3.112.0) 162 | aws-sigv4 (~> 1.1) 163 | aws-sdk-route53 (1.49.0) 164 | aws-sdk-core (~> 3, >= 3.112.0) 165 | aws-sigv4 (~> 1.1) 166 | aws-sdk-route53domains (1.30.0) 167 | aws-sdk-core (~> 3, >= 3.112.0) 168 | aws-sigv4 (~> 1.1) 169 | aws-sdk-route53resolver (1.26.0) 170 | aws-sdk-core (~> 3, >= 3.112.0) 171 | aws-sigv4 (~> 1.1) 172 | aws-sdk-s3 (1.96.1) 173 | aws-sdk-core (~> 3, >= 3.112.0) 174 | aws-sdk-kms (~> 1) 175 | aws-sigv4 (~> 1.1) 176 | aws-sdk-secretsmanager (1.46.0) 177 | aws-sdk-core (~> 3, >= 3.112.0) 178 | aws-sigv4 (~> 1.1) 179 | aws-sdk-securityhub (1.47.0) 180 | aws-sdk-core (~> 3, >= 3.112.0) 181 | aws-sigv4 (~> 1.1) 182 | aws-sdk-servicecatalog (1.59.0) 183 | aws-sdk-core (~> 3, >= 3.112.0) 184 | aws-sigv4 (~> 1.1) 185 | aws-sdk-ses (1.38.0) 186 | aws-sdk-core (~> 3, >= 3.112.0) 187 | aws-sigv4 (~> 1.1) 188 | aws-sdk-shield (1.37.0) 189 | aws-sdk-core (~> 3, >= 3.112.0) 190 | aws-sigv4 (~> 1.1) 191 | aws-sdk-sms (1.29.0) 192 | aws-sdk-core (~> 3, >= 3.112.0) 193 | aws-sigv4 (~> 1.1) 194 | aws-sdk-sns (1.42.0) 195 | aws-sdk-core (~> 3, >= 3.112.0) 196 | aws-sigv4 (~> 1.1) 197 | aws-sdk-sqs (1.40.0) 198 | aws-sdk-core (~> 3, >= 3.112.0) 199 | aws-sigv4 (~> 1.1) 200 | aws-sdk-ssm (1.111.0) 201 | aws-sdk-core (~> 3, >= 3.112.0) 202 | aws-sigv4 (~> 1.1) 203 | aws-sdk-states (1.39.0) 204 | aws-sdk-core (~> 3, >= 3.112.0) 205 | aws-sigv4 (~> 1.1) 206 | aws-sdk-transfer (1.32.0) 207 | aws-sdk-core (~> 3, >= 3.112.0) 208 | aws-sigv4 (~> 1.1) 209 | aws-sigv4 (1.2.4) 210 | aws-eventstream (~> 1, >= 1.0.2) 211 | azure_graph_rbac (0.17.2) 212 | ms_rest_azure (~> 0.12.0) 213 | azure_mgmt_key_vault (0.17.7) 214 | ms_rest_azure (~> 0.12.0) 215 | azure_mgmt_resources (0.18.2) 216 | ms_rest_azure (~> 0.12.0) 217 | azure_mgmt_security (0.19.0) 218 | ms_rest_azure (~> 0.12.0) 219 | azure_mgmt_storage (0.23.0) 220 | ms_rest_azure (~> 0.12.0) 221 | bcrypt_pbkdf (1.1.0) 222 | builder (3.2.4) 223 | chef-config (17.2.29) 224 | addressable 225 | chef-utils (= 17.2.29) 226 | fuzzyurl 227 | mixlib-config (>= 2.2.12, < 4.0) 228 | mixlib-shellout (>= 2.0, < 4.0) 229 | tomlrb (~> 1.2) 230 | chef-telemetry (1.0.29) 231 | chef-config 232 | concurrent-ruby (~> 1.0) 233 | chef-utils (17.2.29) 234 | concurrent-ruby 235 | coderay (1.1.3) 236 | concurrent-ruby (1.1.9) 237 | declarative (0.0.20) 238 | diff-lcs (1.4.4) 239 | docker-api (2.2.0) 240 | excon (>= 0.47.0) 241 | multi_json 242 | domain_name (0.5.20190701) 243 | unf (>= 0.0.5, < 1.0.0) 244 | ed25519 (1.2.4) 245 | erubi (1.10.0) 246 | excon (0.84.0) 247 | faraday (1.4.3) 248 | faraday-em_http (~> 1.0) 249 | faraday-em_synchrony (~> 1.0) 250 | faraday-excon (~> 1.1) 251 | faraday-net_http (~> 1.0) 252 | faraday-net_http_persistent (~> 1.1) 253 | multipart-post (>= 1.2, < 3) 254 | ruby2_keywords (>= 0.0.4) 255 | faraday-cookie_jar (0.0.7) 256 | faraday (>= 0.8.0) 257 | http-cookie (~> 1.0.0) 258 | faraday-em_http (1.0.0) 259 | faraday-em_synchrony (1.0.0) 260 | faraday-excon (1.1.0) 261 | faraday-net_http (1.0.1) 262 | faraday-net_http_persistent (1.2.0) 263 | faraday_middleware (1.0.0) 264 | faraday (~> 1.0) 265 | ffi (1.15.3) 266 | fuzzyurl (0.9.0) 267 | google-api-client (0.52.0) 268 | addressable (~> 2.5, >= 2.5.1) 269 | googleauth (~> 0.9) 270 | httpclient (>= 2.8.1, < 3.0) 271 | mini_mime (~> 1.0) 272 | representable (~> 3.0) 273 | retriable (>= 2.0, < 4.0) 274 | rexml 275 | signet (~> 0.12) 276 | googleauth (0.14.0) 277 | faraday (>= 0.17.3, < 2.0) 278 | jwt (>= 1.4, < 3.0) 279 | memoist (~> 0.16) 280 | multi_json (~> 1.11) 281 | os (>= 0.9, < 2.0) 282 | signet (~> 0.14) 283 | gssapi (1.3.1) 284 | ffi (>= 1.0.1) 285 | gyoku (1.3.1) 286 | builder (>= 2.1.2) 287 | hashie (4.1.0) 288 | http-cookie (1.0.4) 289 | domain_name (~> 0.5) 290 | httpclient (2.8.3) 291 | i18n (1.8.10) 292 | concurrent-ruby (~> 1.0) 293 | inifile (3.0.0) 294 | inspec (4.38.3) 295 | faraday_middleware (>= 0.12.2, < 1.1) 296 | inspec-core (= 4.38.3) 297 | train (~> 3.0) 298 | train-aws (~> 0.1) 299 | train-habitat (~> 0.1) 300 | train-winrm (~> 0.2) 301 | inspec-core (4.38.3) 302 | addressable (~> 2.4) 303 | chef-telemetry (~> 1.0, >= 1.0.8) 304 | faraday (>= 0.9.0, < 1.5) 305 | faraday_middleware (~> 1.0) 306 | hashie (>= 3.4, < 5.0) 307 | license-acceptance (>= 0.2.13, < 3.0) 308 | method_source (>= 0.8, < 2.0) 309 | mixlib-log (~> 3.0) 310 | multipart-post (~> 2.0) 311 | parallel (~> 1.9) 312 | parslet (>= 1.5, < 2.0) 313 | pry (~> 0.13) 314 | rspec (>= 3.9, < 3.11) 315 | rspec-its (~> 1.2) 316 | rubyzip (>= 1.2.2, < 3.0) 317 | semverse (~> 3.0) 318 | sslshake (~> 1.2) 319 | thor (>= 0.20, < 2.0) 320 | tomlrb (>= 1.2, < 2.1) 321 | train-core (~> 3.0) 322 | tty-prompt (~> 0.17) 323 | tty-table (~> 0.10) 324 | jmespath (1.6.1) 325 | json (2.5.1) 326 | jwt (2.2.3) 327 | kitchen-inspec (2.5.0) 328 | hashie (>= 3.4, <= 5.0) 329 | inspec (>= 2.2.64, < 5.0) 330 | test-kitchen (>= 2.7, < 4) 331 | kitchen-qemu (0.2.11) 332 | test-kitchen (>= 1.4) 333 | kitchen-sync (2.2.1) 334 | net-sftp 335 | test-kitchen (>= 1.0.0) 336 | license-acceptance (2.1.13) 337 | pastel (~> 0.7) 338 | tomlrb (>= 1.2, < 3.0) 339 | tty-box (~> 0.6) 340 | tty-prompt (~> 0.20) 341 | little-plugger (1.1.4) 342 | logging (2.3.0) 343 | little-plugger (~> 1.1) 344 | multi_json (~> 1.14) 345 | memoist (0.16.2) 346 | method_source (1.0.0) 347 | mini_mime (1.1.0) 348 | minitest (5.14.4) 349 | mixlib-config (3.0.9) 350 | tomlrb 351 | mixlib-install (3.12.11) 352 | mixlib-shellout 353 | mixlib-versioning 354 | thor 355 | mixlib-log (3.0.9) 356 | mixlib-shellout (3.2.5) 357 | chef-utils 358 | mixlib-versioning (1.2.12) 359 | ms_rest (0.7.6) 360 | concurrent-ruby (~> 1.0) 361 | faraday (>= 0.9, < 2.0.0) 362 | timeliness (~> 0.3.10) 363 | ms_rest_azure (0.12.0) 364 | concurrent-ruby (~> 1.0) 365 | faraday (>= 0.9, < 2.0.0) 366 | faraday-cookie_jar (~> 0.0.6) 367 | ms_rest (~> 0.7.6) 368 | multi_json (1.15.0) 369 | multipart-post (2.1.1) 370 | net-scp (3.0.0) 371 | net-ssh (>= 2.6.5, < 7.0.0) 372 | net-sftp (3.0.0) 373 | net-ssh (>= 5.0.0, < 7.0.0) 374 | net-ssh (6.1.0) 375 | net-ssh-gateway (2.0.0) 376 | net-ssh (>= 4.0.0) 377 | nori (2.6.0) 378 | os (1.1.1) 379 | parallel (1.20.1) 380 | parslet (1.8.2) 381 | pastel (0.8.0) 382 | tty-color (~> 0.5) 383 | pry (0.14.1) 384 | coderay (~> 1.1) 385 | method_source (~> 1.0) 386 | public_suffix (4.0.6) 387 | representable (3.1.1) 388 | declarative (< 0.1.0) 389 | trailblazer-option (>= 0.1.1, < 0.2.0) 390 | uber (< 0.2.0) 391 | retriable (3.1.2) 392 | rexml (3.2.5) 393 | rspec (3.10.0) 394 | rspec-core (~> 3.10.0) 395 | rspec-expectations (~> 3.10.0) 396 | rspec-mocks (~> 3.10.0) 397 | rspec-core (3.10.1) 398 | rspec-support (~> 3.10.0) 399 | rspec-expectations (3.10.1) 400 | diff-lcs (>= 1.2.0, < 2.0) 401 | rspec-support (~> 3.10.0) 402 | rspec-its (1.3.0) 403 | rspec-core (>= 3.0.0) 404 | rspec-expectations (>= 3.0.0) 405 | rspec-mocks (3.10.2) 406 | diff-lcs (>= 1.2.0, < 2.0) 407 | rspec-support (~> 3.10.0) 408 | rspec-support (3.10.2) 409 | ruby2_keywords (0.0.4) 410 | rubyntlm (0.6.3) 411 | rubyzip (2.3.2) 412 | semverse (3.0.0) 413 | signet (0.15.0) 414 | addressable (~> 2.3) 415 | faraday (>= 0.17.3, < 2.0) 416 | jwt (>= 1.5, < 3.0) 417 | multi_json (~> 1.10) 418 | sslshake (1.3.1) 419 | strings (0.2.1) 420 | strings-ansi (~> 0.2) 421 | unicode-display_width (>= 1.5, < 3.0) 422 | unicode_utils (~> 1.4) 423 | strings-ansi (0.2.0) 424 | test-kitchen (3.0.0) 425 | bcrypt_pbkdf (~> 1.0) 426 | chef-utils (>= 16.4.35) 427 | ed25519 (~> 1.2) 428 | license-acceptance (>= 1.0.11, < 3.0) 429 | mixlib-install (~> 3.6) 430 | mixlib-shellout (>= 1.2, < 4.0) 431 | net-scp (>= 1.1, < 4.0) 432 | net-ssh (>= 2.9, < 7.0) 433 | net-ssh-gateway (>= 1.2, < 3.0) 434 | thor (>= 0.19, < 2.0) 435 | winrm (~> 2.0) 436 | winrm-elevated (~> 1.0) 437 | winrm-fs (~> 1.1) 438 | thor (1.1.0) 439 | timeliness (0.3.10) 440 | tomlrb (1.3.0) 441 | trailblazer-option (0.1.1) 442 | train (3.7.4) 443 | activesupport (>= 6.0.3.1) 444 | azure_graph_rbac (~> 0.16) 445 | azure_mgmt_key_vault (~> 0.17) 446 | azure_mgmt_resources (~> 0.15) 447 | azure_mgmt_security (~> 0.18) 448 | azure_mgmt_storage (~> 0.18) 449 | docker-api (>= 1.26, < 3.0) 450 | google-api-client (>= 0.23.9, <= 0.52.0) 451 | googleauth (>= 0.6.6, <= 0.14.0) 452 | inifile (~> 3.0) 453 | train-core (= 3.7.4) 454 | train-winrm (~> 0.2) 455 | train-aws (0.2.8) 456 | aws-sdk-apigateway (~> 1.0) 457 | aws-sdk-apigatewayv2 (~> 1.0) 458 | aws-sdk-applicationautoscaling (>= 1.46, < 1.52) 459 | aws-sdk-athena (~> 1.0) 460 | aws-sdk-autoscaling (>= 1.22, < 1.62) 461 | aws-sdk-batch (>= 1.36, < 1.48) 462 | aws-sdk-budgets (~> 1.0) 463 | aws-sdk-cloudformation (~> 1.0) 464 | aws-sdk-cloudfront (~> 1.0) 465 | aws-sdk-cloudhsm (~> 1.0) 466 | aws-sdk-cloudhsmv2 (~> 1.0) 467 | aws-sdk-cloudtrail (~> 1.8) 468 | aws-sdk-cloudwatch (~> 1.13) 469 | aws-sdk-cloudwatchevents (>= 1.36, < 1.47) 470 | aws-sdk-cloudwatchlogs (~> 1.13) 471 | aws-sdk-codecommit (~> 1.0) 472 | aws-sdk-codedeploy (~> 1.0) 473 | aws-sdk-codepipeline (~> 1.0) 474 | aws-sdk-cognitoidentity (>= 1.26, < 1.32) 475 | aws-sdk-cognitoidentityprovider (>= 1.46, < 1.52) 476 | aws-sdk-configservice (~> 1.21) 477 | aws-sdk-core (~> 3.0) 478 | aws-sdk-costandusagereportservice (~> 1.6) 479 | aws-sdk-databasemigrationservice (>= 1.42, < 1.54) 480 | aws-sdk-dynamodb (~> 1.31) 481 | aws-sdk-ec2 (~> 1.70) 482 | aws-sdk-ecr (~> 1.18) 483 | aws-sdk-ecrpublic (~> 1.3) 484 | aws-sdk-ecs (~> 1.30) 485 | aws-sdk-efs (~> 1.0) 486 | aws-sdk-eks (~> 1.9) 487 | aws-sdk-elasticache (~> 1.0) 488 | aws-sdk-elasticbeanstalk (~> 1.0) 489 | aws-sdk-elasticloadbalancing (~> 1.8) 490 | aws-sdk-elasticloadbalancingv2 (~> 1.0) 491 | aws-sdk-elasticsearchservice (~> 1.0) 492 | aws-sdk-eventbridge (~> 1.24.0) 493 | aws-sdk-firehose (~> 1.0) 494 | aws-sdk-glue (>= 1.71, < 1.88) 495 | aws-sdk-guardduty (~> 1.31) 496 | aws-sdk-iam (~> 1.13) 497 | aws-sdk-kafka (~> 1.0) 498 | aws-sdk-kinesis (~> 1.0) 499 | aws-sdk-kms (~> 1.13) 500 | aws-sdk-lambda (~> 1.0) 501 | aws-sdk-organizations (>= 1.17, < 1.60) 502 | aws-sdk-ram (>= 1.21, < 1.26) 503 | aws-sdk-rds (~> 1.43) 504 | aws-sdk-redshift (~> 1.0) 505 | aws-sdk-route53 (~> 1.0) 506 | aws-sdk-route53domains (~> 1.0) 507 | aws-sdk-route53resolver (~> 1.0) 508 | aws-sdk-s3 (~> 1.30) 509 | aws-sdk-secretsmanager (>= 1.42, < 1.47) 510 | aws-sdk-securityhub (~> 1.0) 511 | aws-sdk-servicecatalog (>= 1.48, < 1.60) 512 | aws-sdk-ses (~> 1.0) 513 | aws-sdk-shield (~> 1.30) 514 | aws-sdk-sms (~> 1.0) 515 | aws-sdk-sns (~> 1.9) 516 | aws-sdk-sqs (~> 1.10) 517 | aws-sdk-ssm (~> 1.0) 518 | aws-sdk-states (>= 1.35, < 1.40) 519 | aws-sdk-transfer (>= 1.26, < 1.33) 520 | train-core (3.7.4) 521 | addressable (~> 2.5) 522 | ffi (!= 1.13.0) 523 | json (>= 1.8, < 3.0) 524 | mixlib-shellout (>= 2.0, < 4.0) 525 | net-scp (>= 1.2, < 4.0) 526 | net-ssh (>= 2.9, < 7.0) 527 | train-habitat (0.2.22) 528 | train-winrm (0.2.12) 529 | winrm (>= 2.3.6, < 3.0) 530 | winrm-elevated (~> 1.2.2) 531 | winrm-fs (~> 1.0) 532 | tty-box (0.7.0) 533 | pastel (~> 0.8) 534 | strings (~> 0.2.0) 535 | tty-cursor (~> 0.7) 536 | tty-color (0.6.0) 537 | tty-cursor (0.7.1) 538 | tty-prompt (0.23.1) 539 | pastel (~> 0.8) 540 | tty-reader (~> 0.8) 541 | tty-reader (0.9.0) 542 | tty-cursor (~> 0.7) 543 | tty-screen (~> 0.8) 544 | wisper (~> 2.0) 545 | tty-screen (0.8.1) 546 | tty-table (0.12.0) 547 | pastel (~> 0.8) 548 | strings (~> 0.2.0) 549 | tty-screen (~> 0.8) 550 | tzinfo (2.0.4) 551 | concurrent-ruby (~> 1.0) 552 | uber (0.1.0) 553 | unf (0.1.4) 554 | unf_ext 555 | unf_ext (0.0.7.7) 556 | unicode-display_width (2.0.0) 557 | unicode_utils (1.4.0) 558 | winrm (2.3.6) 559 | builder (>= 2.1.2) 560 | erubi (~> 1.8) 561 | gssapi (~> 1.2) 562 | gyoku (~> 1.0) 563 | httpclient (~> 2.2, >= 2.2.0.2) 564 | logging (>= 1.6.1, < 3.0) 565 | nori (~> 2.0) 566 | rubyntlm (~> 0.6.0, >= 0.6.3) 567 | winrm-elevated (1.2.3) 568 | erubi (~> 1.8) 569 | winrm (~> 2.0) 570 | winrm-fs (~> 1.0) 571 | winrm-fs (1.3.5) 572 | erubi (~> 1.8) 573 | logging (>= 1.6.1, < 3.0) 574 | rubyzip (~> 2.0) 575 | winrm (~> 2.0) 576 | wisper (2.0.1) 577 | zeitwerk (2.4.2) 578 | 579 | PLATFORMS 580 | ruby 581 | 582 | DEPENDENCIES 583 | kitchen-inspec 584 | kitchen-qemu 585 | kitchen-sync 586 | test-kitchen 587 | 588 | BUNDLED WITH 589 | 2.1.4 590 | -------------------------------------------------------------------------------- /9.x/Makefile: -------------------------------------------------------------------------------- 1 | PACKER_FILE = packer.json 2 | 3 | OUTPUT_DIR = output 4 | OUTPUT_NAME = debian-9.9.0-1.qcow2 5 | OUTPUT = $(OUTPUT_DIR)/$(OUTPUT_NAME) 6 | 7 | PACKER_FLAGS = -var output_dir="$(OUTPUT_DIR)" -var output_name="$(OUTPUT_NAME)" 8 | PACKER_BUILD_FLAGS = 9 | 10 | 11 | all: 12 | $(MAKE) $(OUTPUT) create converge verify destroy 13 | 14 | clean: 15 | rm -rf $(OUTPUT_DIR) *.json 16 | 17 | really-clean: clean 18 | rm -rf packer_cache/ .kitchen/ .gems/ 19 | 20 | 21 | %.json: %.yaml 22 | @echo "Convert YAML to JSON: $< => $@" 23 | @python3 -c "import yaml, json, sys; json.dump(yaml.load(sys.stdin), sys.stdout, indent=2, sort_keys=True)" < $< > $@ 24 | 25 | variables.yaml: 26 | @if [ ! -f "$(@:.json=.yaml)" ]; then \ 27 | echo "{}" > $@; \ 28 | fi 29 | 30 | $(OUTPUT): $(PACKER_FILE) 31 | $(MAKE) build 32 | 33 | build: validate $(PACKER_FILE) 34 | packer build $(PACKER_FLAGS) $(PACKER_BUILD_FLAGS) $(PACKER_FILE) 35 | 36 | validate: $(PACKER_FILE) 37 | packer validate $(PACKER_FLAGS) $(PACKER_FILE) 38 | 39 | $(KITCHEN_DISK): $(KITCHEN_BASE_IMAGE) 40 | qemu-img create -f qcow2 -o backing_file=$< $@ 10G 41 | 42 | test create setup converge destroy verify list: .gems 43 | OUTPUT=./$(OUTPUT) bundle exec kitchen $@ 44 | 45 | .gems: Gemfile 46 | bundle install --path $@ 47 | touch $@ # Be sure the target is newer than the source 48 | -------------------------------------------------------------------------------- /9.x/configure-qemu-image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | 5 | # This provisions an very basic Debian installation, fresh from a basic netinst 6 | # installation, into something that could be used like a "cloud image", similar 7 | # to bare Debian VM images found on public cloud providers. 8 | 9 | 10 | # Boot more quickly 11 | sed -i 's/^GRUB_TIMEOUT=.*/GRUB_TIMEOUT=1/' /etc/default/grub 12 | update-grub 13 | 14 | 15 | # Configure cloud-init to allow image instanciation-time customization. 16 | # The only cloud-init "datasources" that make sense for this image are: 17 | # 18 | # * "None": this is the last resort when nothing works. This prevents 19 | # cloud-init from exiting with an error because it didn't find any datasource 20 | # at all. This in turns allow to start the QEMU image with no 21 | # 22 | # * "NoCloud": this fetches the cloud-init data from a ISO disk mounted into 23 | # the new VM or from other non-network resources. See 24 | # https://cloudinit.readthedocs.io/en/latest/topics/datasources/nocloud.html 25 | # for more information. 26 | # 27 | # Ultimately, this configures "datasource_list" in 28 | # /etc/cloud/cloud.cfg.d/90_dpkg.cfg. 29 | echo "cloud-init cloud-init/datasources multiselect NoCloud, None" | debconf-set-selections 30 | 31 | # Configure localepurge to remove unused locales. This makes the image smaller. 32 | echo "localepurge localepurge/use-dpkg-feature boolean true" | debconf-set-selections 33 | echo "localepurge localepurge/nopurge multiselect en, en_US.UTF-8, fr, fr_CH.UTF-8, fr_FR.UTF-8" | debconf-set-selections 34 | 35 | 36 | # Default packages installed, which makes the image slightly more than just a 37 | # fresh Debian install, and ready to be started as a "cloud image". 38 | # These tools are pretty important to have for QEMU, as it makes the image smarter. 39 | apt-get update 40 | apt-get install --no-install-recommends \ 41 | acpid \ 42 | cloud-init \ 43 | cloud-guest-utils \ 44 | lsb-release \ 45 | net-tools \ 46 | qemu-guest-agent \ 47 | --yes 48 | 49 | # These tools are just "nice to have". 50 | apt-get install --no-install-recommends \ 51 | curl \ 52 | less \ 53 | localepurge \ 54 | vim \ 55 | --yes 56 | 57 | 58 | # Reconfigure cloud-init 59 | # Don't "lock" the "debian" user password. It is configured directly by the 60 | # preseeding and all the rest depends on it. Cloud-init, with the default 61 | # configuration, overrides this user's settings and prevents from using it 62 | # without a SSH key (which needs to be passed by the "cloud" user-data, which 63 | # we may not always have.) 64 | cat < /etc/cloud/cloud.cfg.d/91-debian-user.cfg 65 | # System and/or distro specific settings 66 | # (not accessible to handlers/transforms) 67 | system_info: 68 | # This will affect which distro class gets used 69 | distro: debian 70 | # Default user name + that default users groups (if added/used) 71 | default_user: 72 | name: debian 73 | lock_passwd: false 74 | gecos: Debian 75 | groups: [adm, audio, cdrom, dialout, dip, floppy, netdev, plugdev, sudo, video] 76 | sudo: ["ALL=(ALL) NOPASSWD:ALL"] 77 | shell: /bin/bash 78 | # Other config here will be given to the distro class and/or path classes 79 | paths: 80 | cloud_dir: /var/lib/cloud/ 81 | templates_dir: /etc/cloud/templates/ 82 | upstart_dir: /etc/init/ 83 | package_mirrors: 84 | - arches: [default] 85 | failsafe: 86 | primary: http://deb.debian.org/debian 87 | security: http://security.debian.org/ 88 | ssh_svcname: ssh 89 | EOF 90 | 91 | # Don't let cloud-init to take over the network configuration. 92 | # This prevents to have more fine-grained configuration and enable lot of 93 | # automagic configuration on interfaces that could (should!) be managed outside 94 | # of cloud-init. 95 | cat < /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg 96 | network: 97 | config: disabled 98 | EOF 99 | 100 | 101 | # Prevent clearing the terminal when systemd invokes the initial getty 102 | # From: https://wiki.debian.org/systemd#Missing_startup_messages_on_console.28tty1.29_after_the_boot 103 | SYSTEMD_NO_CLEAR_FILE=/etc/systemd/system/getty@tty1.service.d/no-clear.conf 104 | mkdir --parents "$(dirname "$SYSTEMD_NO_CLEAR_FILE")" 105 | cat < "$SYSTEMD_NO_CLEAR_FILE" 106 | [Service] 107 | TTYVTDisallocate=no 108 | EOF 109 | systemctl daemon-reload 110 | 111 | 112 | # Configure the ACPI daemon to gently turn off the VM when the "power button" 113 | # is pressed. 114 | cp /usr/share/doc/acpid/examples/powerbtn /etc/acpi/events/powerbtn 115 | cp /usr/share/doc/acpid/examples/powerbtn.sh /etc/acpi/powerbtn.sh 116 | chmod +x /etc/acpi/powerbtn.sh 117 | systemctl enable acpid 118 | 119 | 120 | # The QEMU guest agent helps the host to run the VM more optimally. 121 | # See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/virtualization_deployment_and_administration_guide/chap-qemu_guest_agent 122 | systemctl enable qemu-guest-agent 123 | 124 | 125 | # Finally, cleanup all the things 126 | apt-get install --yes deborphan # Let's try to remove some more 127 | apt-get autoremove \ 128 | $(deborphan) \ 129 | deborphan \ 130 | dictionaries-common \ 131 | iamerican \ 132 | ibritish \ 133 | localepurge \ 134 | task-english \ 135 | tasksel \ 136 | tasksel-data \ 137 | --purge --yes 138 | 139 | # Remove downloaded .deb files 140 | apt-get clean 141 | 142 | # Remove instance-specific files: we want this image to be as "impersonal" as 143 | # possible. 144 | find \ 145 | /var/cache/apt \ 146 | /var/lib/apt \ 147 | /var/lib/dhcp \ 148 | /var/log \ 149 | -mindepth 1 -print -delete 150 | 151 | rm -vf \ 152 | /etc/network/interfaces.d/50-cloud-init.cfg \ 153 | /etc/adjtime \ 154 | /etc/hostname \ 155 | /etc/hosts \ 156 | /etc/ssh/*key* \ 157 | /var/cache/ldconfig/aux-cache \ 158 | /var/lib/systemd/random-seed \ 159 | ~/.bash_history \ 160 | ${SUDO_USER}/.bash_history 161 | 162 | 163 | # From https://www.freedesktop.org/software/systemd/man/machine-id.html: 164 | # For operating system images which are created once and used on multiple 165 | # machines, [...] /etc/machine-id should be an empty file in the generic file 166 | # system image. 167 | truncate -s 0 /etc/machine-id 168 | 169 | # Recreate some useful files. 170 | touch /var/log/lastlog 171 | chown root:utmp /var/log/lastlog 172 | chmod 664 /var/log/lastlog 173 | 174 | 175 | # Free all unused storage block. This makes the final image smaller. 176 | fstrim --all --verbose 177 | 178 | 179 | # Display some usage information 180 | df -h 181 | 182 | 183 | # Finally, remove this very script. 184 | rm -f $(readlink -f $0) 185 | -------------------------------------------------------------------------------- /9.x/http/preseed.cfg: -------------------------------------------------------------------------------- 1 | d-i partman/early_command \ 2 | string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" 3 | 4 | #### Contents of the preconfiguration file (for stretch) 5 | ### Localization 6 | # Preseeding only locale sets language, country and locale. 7 | d-i debian-installer/locale string en_US.UTF-8 8 | 9 | # The values can also be preseeded individually for greater flexibility. 10 | #d-i debian-installer/language string en 11 | #d-i debian-installer/country string NL 12 | #d-i debian-installer/locale string en_GB.UTF-8 13 | # Optionally specify additional locales to be generated. 14 | d-i localechooser/supported-locales multiselect en_US.UTF-8, fr_CH.UTF-8, fr_FR.UTF-8 15 | 16 | # Keyboard selection. 17 | d-i keyboard-configuration/xkb-keymap select us 18 | # d-i keyboard-configuration/toggle select No toggling 19 | 20 | ### Network configuration 21 | # Disable network configuration entirely. This is useful for cdrom 22 | # installations on non-networked devices where the network questions, 23 | # warning and long timeouts are a nuisance. 24 | #d-i netcfg/enable boolean false 25 | 26 | # netcfg will choose an interface that has link if possible. This makes it 27 | # skip displaying a list if there is more than one interface. 28 | d-i netcfg/choose_interface select auto 29 | 30 | # To pick a particular interface instead: 31 | #d-i netcfg/choose_interface select eth1 32 | 33 | # To set a different link detection timeout (default is 3 seconds). 34 | # Values are interpreted as seconds. 35 | #d-i netcfg/link_wait_timeout string 10 36 | 37 | # If you have a slow dhcp server and the installer times out waiting for 38 | # it, this might be useful. 39 | #d-i netcfg/dhcp_timeout string 60 40 | #d-i netcfg/dhcpv6_timeout string 60 41 | 42 | # If you prefer to configure the network manually, uncomment this line and 43 | # the static network configuration below. 44 | #d-i netcfg/disable_autoconfig boolean true 45 | 46 | # If you want the preconfiguration file to work on systems both with and 47 | # without a dhcp server, uncomment these lines and the static network 48 | # configuration below. 49 | #d-i netcfg/dhcp_failed note 50 | #d-i netcfg/dhcp_options select Configure network manually 51 | 52 | # Static network configuration. 53 | # 54 | # IPv4 example 55 | #d-i netcfg/get_ipaddress string 192.168.1.42 56 | #d-i netcfg/get_netmask string 255.255.255.0 57 | #d-i netcfg/get_gateway string 192.168.1.1 58 | #d-i netcfg/get_nameservers string 192.168.1.1 59 | #d-i netcfg/confirm_static boolean true 60 | # 61 | # IPv6 example 62 | #d-i netcfg/get_ipaddress string fc00::2 63 | #d-i netcfg/get_netmask string ffff:ffff:ffff:ffff:: 64 | #d-i netcfg/get_gateway string fc00::1 65 | #d-i netcfg/get_nameservers string fc00::1 66 | #d-i netcfg/confirm_static boolean true 67 | 68 | # Any hostname and domain names assigned from dhcp take precedence over 69 | # values set here. However, setting the values still prevents the questions 70 | # from being shown, even if values come from dhcp. 71 | d-i netcfg/get_hostname string packer 72 | d-i netcfg/get_domain string test 73 | 74 | # If you want to force a hostname, regardless of what either the DHCP 75 | # server returns or what the reverse DNS entry for the IP is, uncomment 76 | # and adjust the following line. 77 | #d-i netcfg/hostname string somehost 78 | 79 | # Disable that annoying WEP key dialog. 80 | d-i netcfg/wireless_wep string 81 | # The wacky dhcp hostname that some ISPs use as a password of sorts. 82 | #d-i netcfg/dhcp_hostname string radish 83 | 84 | # If non-free firmware is needed for the network or other hardware, you can 85 | # configure the installer to always try to load it, without prompting. Or 86 | # change to false to disable asking. 87 | #d-i hw-detect/load_firmware boolean true 88 | 89 | ### Network console 90 | # Use the following settings if you wish to make use of the network-console 91 | # component for remote installation over SSH. This only makes sense if you 92 | # intend to perform the remainder of the installation manually. 93 | #d-i anna/choose_modules string network-console 94 | #d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key 95 | #d-i network-console/password password r00tme 96 | #d-i network-console/password-again password r00tme 97 | 98 | ### Mirror settings 99 | # If you select ftp, the mirror/country string does not need to be set. 100 | #d-i mirror/protocol string https 101 | d-i mirror/country string manual 102 | d-i mirror/http/hostname string deb.debian.org 103 | d-i mirror/http/directory string /debian 104 | d-i mirror/http/proxy string 105 | 106 | # Suite to install. 107 | #d-i mirror/suite string testing 108 | # Suite to use for loading installer components (optional). 109 | #d-i mirror/udeb/suite string testing 110 | 111 | ### Account setup 112 | # Skip creation of a root account (normal user account will be able to 113 | # use sudo). 114 | #d-i passwd/root-login boolean false 115 | # Alternatively, to skip creation of a normal user account. 116 | #d-i passwd/make-user boolean false 117 | 118 | # Root password, either in clear text 119 | d-i passwd/root-password password root 120 | d-i passwd/root-password-again password root 121 | # or encrypted using a crypt(3) hash. 122 | #d-i passwd/root-password-crypted password [crypt(3) hash] 123 | 124 | # To create a normal user account. 125 | d-i passwd/user-fullname string debian 126 | d-i passwd/username string debian 127 | # Normal user's password, either in clear text 128 | d-i passwd/user-password password debian 129 | d-i passwd/user-password-again password debian 130 | # or encrypted using a crypt(3) hash. 131 | #d-i passwd/user-password-crypted password [crypt(3) hash] 132 | # Create the first user with the specified UID instead of the default. 133 | #d-i passwd/user-uid string 1010 134 | 135 | # The user account will be added to some standard initial groups. To 136 | # override that, use this. 137 | #d-i passwd/user-default-groups string audio cdrom video 138 | 139 | ### Clock and time zone setup 140 | # Controls whether or not the hardware clock is set to UTC. 141 | d-i clock-setup/utc boolean true 142 | 143 | # You may set this to any valid setting for $TZ; see the contents of 144 | # /usr/share/zoneinfo/ for valid values. 145 | d-i time/zone string Europe/Zurich 146 | 147 | # Controls whether to use NTP to set the clock during the install 148 | d-i clock-setup/ntp boolean true 149 | # NTP server to use. The default is almost always fine here. 150 | #d-i clock-setup/ntp-server string ntp.example.com 151 | 152 | ### Partitioning 153 | ## Partitioning example 154 | # If the system has free space you can choose to only partition that space. 155 | # This is only honoured if partman-auto/method (below) is not set. 156 | #d-i partman-auto/init_automatically_partition select biggest_free 157 | 158 | # Alternatively, you may specify a disk to partition. If the system has only 159 | # one disk the installer will default to using that, but otherwise the device 160 | # name must be given in traditional, non-devfs format (so e.g. /dev/sda 161 | # and not e.g. /dev/discs/disc0/disc). 162 | # For example, to use the first SCSI/SATA hard disk: 163 | #d-i partman-auto/disk string /dev/sda 164 | # In addition, you'll need to specify the method to use. 165 | # The presently available methods are: 166 | # - regular: use the usual partition types for your architecture 167 | # - lvm: use LVM to partition the disk 168 | # - crypto: use LVM within an encrypted partition 169 | d-i partman-auto/method string regular 170 | 171 | d-i partman-auto/choose_recipe select single-root-no-swap 172 | 173 | # Or provide a recipe of your own... 174 | # If you have a way to get a recipe file into the d-i environment, you can 175 | # just point at it. 176 | #d-i partman-auto/expert_recipe_file string /hd-media/recipe 177 | d-i partman-auto/expert_recipe string \ 178 | single-root-no-swap :: \ 179 | 1000 50 -1 ext4 \ 180 | filesystem{ ext4 } \ 181 | method{ format } format{ } \ 182 | use_filesystem{ } \ 183 | mountpoint{ / } \ 184 | . 185 | 186 | # If not, you can put an entire recipe into the preconfiguration file in one 187 | # (logical) line. This example creates a small /boot partition, suitable 188 | # swap, and uses the rest of the space for the root partition: 189 | #d-i partman-auto/expert_recipe string \ 190 | # boot-root :: \ 191 | # 40 50 100 ext3 \ 192 | # $primary{ } $bootable{ } \ 193 | # method{ format } format{ } \ 194 | # use_filesystem{ } filesystem{ ext3 } \ 195 | # mountpoint{ /boot } \ 196 | # . \ 197 | # 500 10000 1000000000 ext3 \ 198 | # method{ format } format{ } \ 199 | # use_filesystem{ } filesystem{ ext3 } \ 200 | # mountpoint{ / } \ 201 | # . \ 202 | # 64 512 300% linux-swap \ 203 | # method{ swap } format{ } \ 204 | # . 205 | 206 | 207 | #d-i partman-auto/init_automatically_partition \ 208 | # select Guided - use entire disk and set up LVM 209 | 210 | d-i partman-partitioning/confirm_write_new_label boolean true 211 | d-i partman/choose_partition select finish 212 | d-i partman/confirm boolean true 213 | d-i partman/confirm_nooverwrite boolean true 214 | 215 | # No swap 216 | d-i partman-basicfilesystems/no_swap boolean false 217 | 218 | 219 | ## Controlling how partitions are mounted 220 | # The default is to mount by UUID, but you can also choose "traditional" to 221 | # use traditional device names, or "label" to try filesystem labels before 222 | # falling back to UUIDs. 223 | #d-i partman/mount_style select uuid 224 | d-i partman/mount_style select traditional 225 | 226 | ### Base system installation 227 | # Configure APT to not install recommended packages by default. Use of this 228 | # option can result in an incomplete system and should only be used by very 229 | # experienced users. 230 | #d-i base-installer/install-recommends boolean false 231 | d-i base-installer/install-recommends boolean false 232 | 233 | # The kernel image (meta) package to be installed; "none" can be used if no 234 | # kernel is to be installed. 235 | #d-i base-installer/kernel/image string linux-image-686 236 | 237 | ### Apt setup 238 | # You can choose to install non-free and contrib software. 239 | #d-i apt-setup/non-free boolean true 240 | #d-i apt-setup/contrib boolean true 241 | # Uncomment this if you don't want to use a network mirror. 242 | #d-i apt-setup/use_mirror boolean false 243 | # Select which update services to use; define the mirrors to be used. 244 | # Values shown below are the normal defaults. 245 | #d-i apt-setup/services-select multiselect security, updates 246 | #d-i apt-setup/security_host string security.debian.org 247 | 248 | # Additional repositories, local[0-9] available 249 | #d-i apt-setup/local0/repository string \ 250 | # http://local.server/debian stable main 251 | #d-i apt-setup/local0/comment string local server 252 | # Enable deb-src lines 253 | #d-i apt-setup/local0/source boolean true 254 | 255 | # Don't ask for more CDROM 256 | apt-cdrom-setup apt-setup/disable-cdrom-entries boolean true 257 | apt-cdrom-setup apt-setup/cdrom/set-first boolean false 258 | 259 | # URL to the public key of the local repository; you must provide a key or 260 | # apt will complain about the unauthenticated repository and so the 261 | # sources.list line will be left commented out 262 | #d-i apt-setup/local0/key string http://local.server/key 263 | 264 | # By default the installer requires that repositories be authenticated 265 | # using a known gpg key. This setting can be used to disable that 266 | # authentication. Warning: Insecure, not recommended. 267 | #d-i debian-installer/allow_unauthenticated boolean true 268 | 269 | # Uncomment this to add multiarch configuration for i386 270 | #d-i apt-setup/multiarch string i386 271 | 272 | 273 | ### Package selection 274 | #tasksel tasksel/first multiselect standard, web-server, kde-desktop 275 | tasksel tasksel/first multiselect SSH server 276 | 277 | # Individual additional packages to install 278 | # We need at least these to continue the preseeding later on. 279 | d-i pkgsel/include string openssh-server sudo 280 | 281 | # Whether to upgrade packages after debootstrap. 282 | # Allowed values: none, safe-upgrade, full-upgrade 283 | #d-i pkgsel/upgrade select none 284 | d-i pkgsel/upgrade select full-upgrade 285 | 286 | # Some versions of the installer can report back on what software you have 287 | # installed, and what software you use. The default is not to report back, 288 | # but sending reports helps the project determine what software is most 289 | # popular and include it on CDs. 290 | #popularity-contest popularity-contest/participate boolean false 291 | popularity-contest popularity-contest/participate boolean false 292 | 293 | ### Boot loader installation 294 | # Grub is the default boot loader (for x86). If you want lilo installed 295 | # instead, uncomment this: 296 | #d-i grub-installer/skip boolean true 297 | # To also skip installing lilo, and install no bootloader, uncomment this 298 | # too: 299 | #d-i lilo-installer/skip boolean true 300 | 301 | 302 | # This is fairly safe to set, it makes grub install automatically to the MBR 303 | # if no other operating system is detected on the machine. 304 | d-i grub-installer/only_debian boolean true 305 | 306 | # This one makes grub-installer install to the MBR if it also finds some other 307 | # OS, which is less safe as it might not be able to boot that other OS. 308 | d-i grub-installer/with_other_os boolean true 309 | 310 | # Due notably to potential USB sticks, the location of the MBR can not be 311 | # determined safely in general, so this needs to be specified: 312 | #d-i grub-installer/bootdev string /dev/sda 313 | # To install to the first device (assuming it is not a USB stick): 314 | #d-i grub-installer/bootdev string default 315 | d-i grub-installer/bootdev string default 316 | 317 | # Alternatively, if you want to install to a location other than the mbr, 318 | # uncomment and edit these lines: 319 | #d-i grub-installer/only_debian boolean false 320 | #d-i grub-installer/with_other_os boolean false 321 | #d-i grub-installer/bootdev string (hd0,1) 322 | # To install grub to multiple disks: 323 | #d-i grub-installer/bootdev string (hd0,1) (hd1,1) (hd2,1) 324 | 325 | # Optional password for grub, either in clear text 326 | #d-i grub-installer/password password r00tme 327 | #d-i grub-installer/password-again password r00tme 328 | # or encrypted using an MD5 hash, see grub-md5-crypt(8). 329 | #d-i grub-installer/password-crypted password [MD5 hash] 330 | 331 | # Use the following option to add additional boot parameters for the 332 | # installed system (if supported by the bootloader installer). 333 | # Note: options passed to the installer will be added automatically. 334 | #d-i debian-installer/add-kernel-opts string nousb 335 | 336 | ### Finishing up the installation 337 | # During installations from serial console, the regular virtual consoles 338 | # (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next 339 | # line to prevent this. 340 | #d-i finish-install/keep-consoles boolean true 341 | 342 | # Avoid that last message about the install being complete. 343 | d-i finish-install/reboot_in_progress note 344 | 345 | # This will prevent the installer from ejecting the CD during the reboot, 346 | # which is useful in some situations. 347 | #d-i cdrom-detect/eject boolean false 348 | 349 | # This is how to make the installer shutdown when finished, but not 350 | # reboot into the installed system. 351 | #d-i debian-installer/exit/halt boolean true 352 | # This will power off the machine instead of just halting it. 353 | #d-i debian-installer/exit/poweroff boolean true 354 | 355 | ### Preseeding other packages 356 | # Depending on what software you choose to install, or if things go wrong 357 | # during the installation process, it's possible that other questions may 358 | # be asked. You can preseed those too, of course. To get a list of every 359 | # possible question that could be asked during an install, do an 360 | # installation, and then run these commands: 361 | # debconf-get-selections --installer > file 362 | # debconf-get-selections >> file 363 | 364 | 365 | #### Advanced options 366 | ### Running custom commands during the installation 367 | # d-i preseeding is inherently not secure. Nothing in the installer checks 368 | # for attempts at buffer overflows or other exploits of the values of a 369 | # preconfiguration file like this one. Only use preconfiguration files from 370 | # trusted locations! To drive that home, and because it's generally useful, 371 | # here's a way to run any shell command you'd like inside the installer, 372 | # automatically. 373 | 374 | # This first command is run as early as possible, just after 375 | # preseeding is read. 376 | #d-i preseed/early_command string anna-install some-udeb 377 | # This command is run immediately before the partitioner starts. It may be 378 | # useful to apply dynamic partitioner preseeding that depends on the state 379 | # of the disks (which may not be visible when preseed/early_command runs). 380 | #d-i partman/early_command \ 381 | # string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" 382 | # This command is run just before the install finishes, but when there is 383 | # still a usable /target directory. You can chroot to /target and use it 384 | # directly, or use the apt-install and in-target commands to easily install 385 | # packages and run commands in the target system. 386 | #d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh 387 | 388 | d-i preseed/late_command string echo 'debian ALL = (root) NOPASSWD: ALL' > /target/etc/sudoers.d/debian 389 | -------------------------------------------------------------------------------- /9.x/inspec-tests.rb: -------------------------------------------------------------------------------- 1 | control 'final-image' do 2 | title 'Ensure the Debian QEMU image is correctly configured' 3 | 4 | describe sys_info do 5 | its('hostname') { should eq 'kitchen-ci' } 6 | end 7 | 8 | describe file('/var/lib/cloud/instance/datasource') do 9 | its('content') { should match 'DataSourceNone' } 10 | end 11 | 12 | describe command('systemctl status') do 13 | its('stdout') { should match 'State: running' } 14 | end 15 | end 16 | -------------------------------------------------------------------------------- /9.x/kitchen.yml: -------------------------------------------------------------------------------- 1 | --- 2 | driver: 3 | name: qemu 4 | 5 | verifier: 6 | name: inspec 7 | 8 | provisioner: 9 | name: shell 10 | command: hostname 11 | 12 | lifecycle: 13 | pre_verify: 14 | - local: echo "Waiting for instance to complete startup..." 15 | - local: sleep 2 16 | 17 | platforms: 18 | - name: test 19 | driver: 20 | image: 21 | - file: <%= ENV['OUTPUT'] || './output/debian.qcow2' %> 22 | hostname: kitchen-ci.test 23 | username: debian 24 | password: debian 25 | 26 | suites: 27 | - name: default 28 | verifier: 29 | inspec_tests: 30 | - inspec-tests.rb 31 | 32 | # vim:ft=eruby 33 | -------------------------------------------------------------------------------- /9.x/packer.yaml: -------------------------------------------------------------------------------- 1 | # vim:tabstop=2 shiftwidth=2 softtabstop=2 2 | 3 | # `disk_detect_zeroes` needs Packer 1.3.2+ 4 | min_packer_version: "1.3.2" 5 | 6 | 7 | description: | 8 | This builder builds a QEMU image from a Debian "netinst" CD ISO file. 9 | It contains a few basic tools and can be use as a "cloud image" alternative. 10 | 11 | variables: 12 | # Current images in https://cdimage.debian.org/cdimage/release/ 13 | # Previous versions are in https://cdimage.debian.org/cdimage/archive/ 14 | source_iso: https://cdimage.debian.org/cdimage/release/9.9.0/amd64/iso-cd/debian-9.9.0-amd64-netinst.iso 15 | source_checksum_url: https://cdimage.debian.org/cdimage/release/9.9.0/amd64/iso-cd/SHA256SUMS 16 | 17 | output_dir: output 18 | output_name: debian.qcow2 19 | ssh_username: debian 20 | ssh_password: debian 21 | 22 | 23 | builders: 24 | - type: qemu 25 | 26 | iso_url: "{{ user `source_iso` }}" 27 | iso_checksum_url: "{{ user `source_checksum_url` }}" 28 | iso_checksum_type: sha256 29 | 30 | disk_size: 2000 31 | format: qcow2 32 | accelerator: kvm 33 | 34 | headless: true 35 | 36 | # Serve the `http` directory via HTTP, used for preseeding the Debian installer. 37 | http_directory: http 38 | http_port_min: 9990 39 | http_port_max: 9999 40 | 41 | # SSH ports to redirect to the VM being built 42 | ssh_host_port_min: 2222 43 | ssh_host_port_max: 2229 44 | # This user is configured in the preseed file. 45 | ssh_username: "{{ user `ssh_username` }}" 46 | ssh_password: "{{ user `ssh_password` }}" 47 | ssh_wait_timeout: 1000s 48 | 49 | shutdown_command: "echo '{{ user `ssh_password` }}' | sudo -S /sbin/shutdown -hP now" 50 | 51 | # Builds a compact image 52 | disk_compression: true 53 | disk_discard: unmap 54 | skip_compaction: false 55 | disk_detect_zeroes: unmap # Requires Packer 1.3.2+ 56 | 57 | output_directory: "{{ user `output_dir` }}" 58 | vm_name: "{{ user `output_name` }}" 59 | 60 | boot_wait: 1s 61 | boot_command: 62 | - "" # non-graphical install 63 | - "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg " 64 | - "language=en locale=en_US.UTF-8 " 65 | - "country=CH keymap=fr " 66 | - "hostname=packer domain=test " # Should be overriden after DHCP, if available 67 | - "" 68 | 69 | 70 | provisioners: 71 | - type: file 72 | source: configure-qemu-image.sh 73 | destination: /tmp/configure-qemu-image.sh 74 | 75 | - type: shell 76 | inline: 77 | - sh -cx "sudo bash /tmp/configure-qemu-image.sh" 78 | 79 | post-processors: 80 | - type: manifest 81 | keep_input_artifact: true 82 | 83 | - type: shell-local 84 | inline: 85 | - "./post-process.sh {{ user `output_dir` }}/{{ user `output_name` }}" 86 | keep_input_artifact: true 87 | -------------------------------------------------------------------------------- /9.x/post-process.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | set -euo pipefail 3 | IFS=$'\n\t' 4 | 5 | set -x 6 | 7 | IMAGE_PATH=$1 8 | 9 | cd $(dirname $IMAGE_PATH) 10 | sha256sum $(basename $IMAGE_PATH) > SHA256SUMS 11 | -------------------------------------------------------------------------------- /9.x/variables.yaml: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Debian image for QEMU 2 | 3 | This repository contains [Packer](https://www.packer.io) configuration to build 4 | "cloud-like" Debian images for QEMU. 5 | 6 | 7 | ## How to use these images? 8 | 9 | ### As an alternative Packer builder 10 | 11 | You can reuse these images to test locally your own Packer configuration 12 | instead of building images on your favorite cloud provider. 13 | 14 | You can start with the following configuration: 15 | 16 | * it downloads the image built using this repository from Github 17 | * configures a new, larger QCOW disk to host the VM while Packer is building 18 | * runs a basic provisioner (you may want to change this!) 19 | 20 | ```json 21 | { 22 | "min_packer_version": "1.3.3", 23 | "variables": { 24 | "qemu_output_dir": "qemu-images", 25 | "qemu_output_name": "my-build.qcow2", 26 | "qemu_source_checksum_url": "https://github.com/multani/packer-qemu-debian/releases/download/10.0.0-1/SHA256SUMS", 27 | "qemu_source_iso": "https://github.com/multani/packer-qemu-debian/releases/download/10.0.0-1/debian-10.0.0-1.qcow2", 28 | "qemu_ssh_password": "debian", 29 | "qemu_ssh_username": "debian" 30 | }, 31 | 32 | "builders": [ 33 | { 34 | "type": "qemu", 35 | "iso_url": "{{ user `qemu_source_iso` }}", 36 | "iso_checksum_url": "{{ user `qemu_source_checksum_url` }}", 37 | "iso_checksum_type": "sha256", 38 | 39 | "disk_image": true, 40 | "accelerator": "kvm", 41 | "boot_wait": "1s", 42 | "format": "qcow2", 43 | "use_backing_file": true, 44 | 45 | "disk_size": 8000, 46 | 47 | "headless": true, 48 | "shutdown_command": "echo '{{ user `qemu_ssh_password` }}' | sudo -S /sbin/shutdown -hP now", 49 | 50 | "ssh_host_port_max": 2229, 51 | "ssh_host_port_min": 2222, 52 | "ssh_password": "{{ user `qemu_ssh_password` }}", 53 | "ssh_username": "{{ user `qemu_ssh_username` }}", 54 | "ssh_wait_timeout": "1000s", 55 | 56 | "output_directory": "{{ user `qemu_output_dir` }}", 57 | "vm_name": "{{ user `qemu_output_name` }}" 58 | } 59 | ], 60 | 61 | "provisioners": [ 62 | { 63 | "type": "shell", 64 | "inline": [ 65 | "echo ' *** Running my favorite provisioner'" 66 | ] 67 | } 68 | ] 69 | } 70 | ``` 71 | 72 | Save this file as `packer.json`, then you can run: 73 | 74 | ``` 75 | $ packer validate packer.json 76 | Template validated successfully. 77 | $ packer build -timestamp-ui packer.json 78 | qemu output will be in this color. 79 | 80 | 2019-01-20T12:09:19+01:00: ==> qemu: Retrieving ISO 81 | 2019-01-20T12:09:20+01:00: qemu: Found already downloaded, initial checksum matched, no download needed: https://github.com/multani/packer-qemu-debian/releases/download/10.0.0-1/debian-10.0.0-1.qcow2 82 | 2019-01-20T12:09:20+01:00: ==> qemu: Creating hard drive... 83 | 2019-01-20T12:09:20+01:00: ==> qemu: Resizing hard drive... 84 | 2019-01-20T12:09:20+01:00: ==> qemu: Found port for communicator (SSH, WinRM, etc): 2226. 85 | 2019-01-20T12:09:20+01:00: ==> qemu: Looking for available port between 5900 and 6000 on 127.0.0.1 86 | 2019-01-20T12:09:20+01:00: ==> qemu: Starting VM, booting disk image 87 | 2019-01-20T12:09:20+01:00: ==> qemu: Overriding defaults Qemu arguments with QemuArgs... 88 | 2019-01-20T12:09:22+01:00: ==> qemu: Waiting 1s for boot... 89 | 2019-01-20T12:09:23+01:00: ==> qemu: Connecting to VM via VNC (127.0.0.1:5957) 90 | 2019-01-20T12:09:23+01:00: ==> qemu: Typing the boot command over VNC... 91 | 2019-01-20T12:09:23+01:00: ==> qemu: Using ssh communicator to connect: 127.0.0.1 92 | 2019-01-20T12:09:23+01:00: ==> qemu: Waiting for SSH to become available... 93 | 2019-01-20T12:09:29+01:00: ==> qemu: Connected to SSH! 94 | 2019-01-20T12:09:29+01:00: ==> qemu: Provisioning with shell script: /tmp/packer-shell962483776 95 | 2019-01-20T12:09:29+01:00: qemu: *** Running my favorite provisioner 96 | 2019-01-20T12:09:29+01:00: ==> qemu: Gracefully halting virtual machine... 97 | 2019-01-20T12:09:31+01:00: ==> qemu: Converting hard drive... 98 | 2019-01-20T12:09:36+01:00: Build 'qemu' finished. 99 | 100 | ==> Builds finished. The artifacts of successful builds are: 101 | --> qemu: VM files in directory: qemu-images 102 | ``` 103 | 104 | This gives you a test image in which you can test your provisioning and 105 | configuration in less than 10 seconds. 106 | 107 | This creates a pretty large image in the end, you can pass these additional 108 | flags to Packer to reduce the final size (at the expense of a longer build): 109 | 110 | ```json 111 | "disk_compression": true, 112 | "disk_detect_zeroes": "unmap", 113 | "disk_discard": "unmap", 114 | "skip_compaction": false, 115 | ``` 116 | 117 | 118 | ### As a virtual machine image for libvirt 119 | 120 | Using the [Terraform provider for 121 | libvirt](https://github.com/dmacvicar/terraform-provider-libvirt) you can 122 | create a new VM with libvirt in order to test your 123 | [cloud-init](https://cloudinit.readthedocs.io/) configuration for example: 124 | 125 | ```hcl 126 | provider "libvirt" { 127 | uri = "qemu:///system" 128 | } 129 | 130 | resource "libvirt_volume" "debian" { 131 | name = "debian.qcow2" 132 | pool = "default" 133 | source = "https://github.com/multani/packer-qemu-debian/releases/download/10.0.0-1/debian-10.0.0-1.qcow2" 134 | format = "qcow2" 135 | } 136 | 137 | data "template_file" "user_data" { 138 | template = <