-
Notifications
You must be signed in to change notification settings - Fork 2
/
source.pkr.hcl
168 lines (149 loc) · 5.26 KB
/
source.pkr.hcl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
// A dummy source to enable shell-local provisioners to run before the actual
// provisioning begins
source "null" "preprovision" {
communicator = "none"
}
source "amazon-ebs" "ubuntu" {
ami_name = local.image_id
instance_type = local.instance_type
region = var.default_aws_region
ami_regions = split(",", var.backup_aws_regions)
skip_create_ami = !var.upload_ami
shutdown_behavior = "terminate"
user_data_file = "./linux/init/user-data"
source_ami_filter {
filters = {
name = "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-${var.arch}-server-*"
}
most_recent = true
owners = ["099720109477"] // Canonical
}
vpc_filter {
filters = {
"is-default" : "true"
}
}
security_group_filter {
filters = {
"group-name" : "default"
}
}
ssh_username = "runner"
ssh_password = "runner"
ssh_interface = "session_manager"
iam_instance_profile = "runner_profile" // this profile is created in Terraform
// These tags are used for cleaning up resources during GHAs provisioning
// and cleaning up old AMIs when new ones are created.
run_tags = local.ami_run_tags
tags = local.ami_tags
}
source "qemu" "ubuntu" {
cpus = 4
disk_image = true
disk_size = "150G"
format = "qcow2"
headless = var.headless
iso_checksum = "file:https://cloud-images.ubuntu.com/jammy/current/SHA256SUMS"
iso_url = "https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-${var.arch}.img"
memory = 2048
output_directory = local.output_directory
qemu_binary = "qemu-system-${local.qemu_arch}"
qemuargs = [
["-machine", "${local.qemu_machine},accel=kvm"],
["-cpu", "host"],
["-device", "virtio-gpu-pci"], // this is needed for arm64 QEMU machine to boot
["-drive", "if=pflash,format=raw,id=ovmf_code,readonly=on,file=/usr/share/${local.uefi_imp}/${local.uefi_imp}_CODE.fd"],
["-drive", "if=pflash,format=raw,id=ovmf_vars,file=${local.uefi_imp}_VARS.fd"],
["-drive", "file=${local.output_directory}/${local.output_filename},format=qcow2"],
["-drive", "file=cloud-init.iso,format=raw"]
]
shutdown_command = "echo 'ubuntu' | sudo -S shutdown -P now"
ssh_handshake_attempts = 30
ssh_password = "runner"
ssh_username = "runner"
vm_name = local.output_filename
}
source "amazon-ebs" "windows" {
ami_name = local.image_id
instance_type = local.instance_type
region = var.default_aws_region
ami_regions = split(",", var.backup_aws_regions)
skip_create_ami = !var.upload_ami
aws_polling {
delay_seconds = 45
max_attempts = 120
}
shutdown_behavior = "terminate"
# the `user_data` file for AWS must be wrapped in a <powershell> tag
user_data = <<-EOF
<powershell>
${file("${path.root}/windows/init/bootstrap.ps1")}
</powershell>
EOF
source_ami_filter {
filters = {
name = "Windows_Server-2022-English-Core-Base*"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["amazon"]
}
vpc_filter {
filters = {
"is-default" : "true"
}
}
security_group_filter {
filters = {
"group-name" : "default"
}
}
communicator = "ssh"
ssh_username = "Administrator"
# password must meet complexity requirements:
# https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements
ssh_password = "Runner1!"
ssh_interface = "session_manager"
iam_instance_profile = "runner_profile" // this profile is created in Terraform
// These tags are used for cleaning up resources during GHAs provisioning
// and cleaning up old AMIs when new ones are created.
run_tags = local.ami_run_tags
tags = local.ami_tags
}
source "qemu" "windows" {
cpus = 8
disk_size = "150G"
memory = 8192
format = "qcow2"
headless = var.headless
iso_checksum = "sha256:3e4fa6d8507b554856fc9ca6079cc402df11a8b79344871669f0251535255325"
iso_urls = ["https://software-static.download.prss.microsoft.com/sg/download/888969d5-f34g-4e03-ac9d-1f9786c66749/SERVER_EVAL_x64FRE_en-us.iso"]
output_directory = local.output_directory
qemu_binary = "qemu-system-${local.qemu_arch}"
machine_type = "q35"
accelerator = "kvm"
net_device = "virtio-net-pci"
# Disk space optimizations for detecting TRIM on Windows
disk_interface = "virtio-scsi"
disk_discard = "unmap"
disk_detect_zeroes = "unmap"
# Disk compression is *not* fast, maybe we consider enabling this inside the VM instead
# Currently compresses to about 6gb
# disk_compression = true
skip_compaction = false
floppy_files = [
"windows/init/Autounattend.xml",
"windows/init/bootstrap.ps1"
]
qemuargs = [
["-cpu", "host"],
["-cdrom", "./local/virtio-win.iso"]
]
communicator = "ssh"
ssh_username = "Administrator"
# password must meet complexity requirements:
# https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/password-must-meet-complexity-requirements
ssh_password = "Runner1!"
vm_name = local.output_filename
}