search

hashicorp / packer-plugin-vsphere

Packer plugin for VMware vSphere Builder
https://www.packer.io/docs/builders/vsphere
Mozilla Public License 2.0
93 stars 91 forks source link

`vsphere-iso`: Add support for vApp properties #44

Open ghost opened 3 years ago

ghost commented 3 years ago

This issue was originally opened by @jpbuecken as hashicorp/packer#10319. It was migrated here as a result of the Packer plugin split. The original body of the issue is below.

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request. If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

In vSphere, you can enable vApp Options of a VM via Configure -> vApp Options -> Edit After that, you can add Properties to the vApp / VM (same window)

image

This should be possible via the vsphere-iso builder.

Use Case(s)

With this, you can create a VM with vApp Properties. Use Case 1: You can add a public-keys property. Configure your Suse autoyast / Redhat/Ubuntu kickstart / Ubuntu preseed to make use of the value during boot (write your own script or make use of cloud-init). After you have done this, your new vm can be used in turn as a source for vsphere-clone builder. Since vsphere-clone supports temporary keys for the public-keys property, there is no need to store a password or public-key file in your source image. I see this as an absolut security win.

Use Case 2: Similar to vsphere-clone, vsphere-iso may use the public-keys property itself: 1) vsphere-iso creates the vapp property public-keys 2) vsphere-iso is able to generate temporary key pairs and add them as value to the public-keys (additional new feature, same logic as vsphere-clone) 3) Your automatic installation process make use of the value in public-keys and add them to your connect user (e.g. root) 4) vsphere-iso can connect with the ssh communicator with the temporary key pair Now the same argument as above applies, there is no need to store a hardcoded password or key files inside your vm before you connect with vsphere-iso. E.g. we have the policy to recreate key files regularly. If they are created and removed "on the fly" temporary, this policy is easily fulfilled.

Potential configuration

     "builders": [
      {
         "type":                      "vsphere-iso",
[...]

        "vapp": {
             "enable_vapp_options": true
            "properties": {
                "public-keys": "",
            }
        }
     ]

Potential References

https://www.packer.io/docs/builders/vmware/vsphere-clone#ssh (search for public-keys and vapp on the side)

khelansible commented 2 years ago

Any ETA on this feature will help my planning.

Many Thanks

theunknownport commented 1 year ago

In the need of this feature. Setting vApps like this: 

configuration_parameters = {
    "disk.EnableUUID" = "true",
        "vAppConfig" = <<EOF
ALOT OF XML CODE HERE

doesn't work for me.

MrKeiKun commented 1 year ago

Any update regarding this feature?

Gankarloo commented 1 year ago

Also very interested in an update for this feature

aatzer commented 9 months ago

Any updates regarding this feature?

consummo commented 9 months ago

I'm also very interested in this feature.