Variables in packer

[Gowtham]

Team,

Is there a way to pass variable values from packer to kickstart file?  We would like to pass the secrets (like root passwords) from packer to kickstart. Is there a way to do the same?

---
Best regards,
Gowtham

07798838879 

=====================
Learn from mistakes....

Please consider the environment before printing this email - Thanks

[Gabo Kete]

Yes, you can do that.. in my case, I did a wrapper script that capture extra attributes in the script which later are used to build the packer json file 

something like

script.sh -c root_pwd 

then you can create within the script the Packer Json file dynamically

something similar to this

create_json_template () {

cat > $_JSONFILE << __EOF

{

  "_comment": "This is a centos7-x64 Machine for VmWare ESXi 6.0",

  "variables": {

    "nameVm": "`echo $_HN`-centos-7.1-vmware",

    "ks_file": "simple-ks-integrado-CIS-BitbyBit-packer.ks",

    "ks_server": "192.168.1.150",

    "ks_path": "centos7.1511_x64/ks/",

    "vmware_host": "192.168.1.250",

    "http_dir": "/packer",

    "vmlinuz_file": "centos7.1503_x64/images/pxeboot/vmlinuz",

    "initrd_file": "centos7.1503_x64/images/pxeboot/initrd.img",

    "iso_image":"http://192.168.1.150/isos/CentOS-7-x86_64-NetInstall-1503.iso",

    "iso_md5":"111379a06402e1e445c6aeee9401d031",

    "datastore":"datastore1",

    "esx_host":"192.168.1.250",

    "esx_user":"root",

    "esx_user_key":"/var/tmp/id_rsa",

    "os_type":"centos-64",

    "esx_network":"VM Network",

    "vms_dir_path":"`echo $_HN`",

    "vmdk":"`echo $_HN`-root"

  },

https://github.com/macgahe/packer/blob/master/Centos7_packer_template.json

[Gabo Kete]

Other suggestion you can do, to retrieve a password and not type it, it is to integrate Packer with Vault, where in Vault you will have the root password or any other secret you need and inject it in your packer provisioning process

https://www.packer.io/docs/templates/user-variables#vault-variables

[Gowtham]

Thanks for the reply and apologies for the late response.  Am using the Secret manager for the packers secrets and which is working fine.

My issue is, Am creating the superuser and normal users using the kickstart file for the image. We are keeping the kickstart files in the repo(for versioning purpose) and would like to avoid saving the secrets into the same.  So would like to variable the secrets and pass the values from secret managers via packer Json or some script.

Kickstart file entries <Pasted the relevant lines>

```

rootpw --iscrypted <encrypted password>

user --name=normal-user1 --groups=wheel --password=<encrypted password>/ --iscrypted

```

---
Best regards,
Gowtham

07798838879 

=====================
Learn from mistakes....

Please consider the environment before printing this email - Thanks

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/6f51e3d1-4eeb-44ef-918d-ad5337932ab1n%40googlegroups.com.

[Gabriel Buenader]

Well the integration between you Secrets Manager and packer is probably where you need to focus on..  If you can save and retrieve your root password from your Secret Manager tool, you can do a script, I'd recommend you to use your CI/CD pipelines if you have one, to pull the root password from your Secrets Manager and Inject it in your KS file

The root password for your VM should be injected in your KS file not in your Packer JSON file

You received this message because you are subscribed to a topic in the Google Groups "Packer" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/packer-tool/d8jlbnOAOJ4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CADB0oFybAr0PshA_sfz%2B1fjTsOB%2Bt1HnVeKs3OEQPMRPzuJESw%40mail.gmail.com.

[Gabriel Buenader]

I meant "Well the integration between you Secrets Manager and KS File is probably where you need to focus on"

[Gowtham]

Yes. Exactly that's what am trying to do(Integration between KS and Secret manager). Might be CICD/ script will be the option for it. 

---
Best regards,
Gowtham

07798838879 

=====================
Learn from mistakes....

Please consider the environment before printing this email - Thanks

To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CABC_gGac34fS7PLqjSQDW42sF-B1ZG%2B8eFbf4%3DHKFaEOWZYRuA%40mail.gmail.com.

[Gowtham]

I am using Makefile and Ansible to create the kickstart file from a template and get the secret from the secret manager. Which is helping me to avoid saving the KS file(with secrets) in repo.  Thanks for your suggestions Gabriel.

---
Best regards,
Gowtham

07798838879 

=====================
Learn from mistakes....

Please consider the environment before printing this email - Thanks