Merge dev branch.

.editorconfig

@@ -9,7 +9,7 @@ indent_style = tab
 
 [*.hcl]
 indent_style = space
-indent_size = 4
+indent_size = 2
 
 [*.yaml]
 indent_style = space

.github/workflows/ci.yml

@@ -0,0 +1,17 @@
+name: ci
+
+on:
+  push:
+    branches: [ dev, main ]
+  pull_request:
+    branches: [ dev, main ]
+
+jobs:
+  validate:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+
+      - uses: hashicorp/setup-packer@ae6b3ed3bec089bbfb576ab7d714df7cbc4b88a4
+        with:
+          version: latest

.gitignore

@@ -1,8 +1,8 @@
 output/*
 config/*
-!config/example
 .ssh
 .venv
 vehost.pkr.hcl
 *.pkrvars.hcl
 !example.pkrvars.hcl
+plugin.pkr.hcl.lock

Makefile

@@ -1,69 +1,62 @@
 -include config/config.mak
 
-build_only  ?= 0
-platform_ve ?= proxmox
+build_only      ?=
+platform_ve     ?= proxmox
+parallel_builds ?= $(shell nproc || sysctl -n hw.ncpu || echo 1)
+
+MAKEFLAGS += --jobs=$(parallel_builds)
 
 ifeq ($(ansible_groups),)
 $(error ansible_groups is not defined)
 endif
+.PHONY: $(sort $(ansible_groups))
 
-define assert_boolean
-$(if $(filter 1 0,$(value $(1))),,\
-	$(error $(1) is not a boolean value (1 or 0))\
-)
-endef
-
-$(call assert_boolean,build_only)
-
-post_build_targets = $(foreach group,$(ansible_groups),phony/$(group)/post_build)
+post_build_targets = $(foreach group,$(sort $(ansible_groups)),phony/$(group)/post_build)
+.PHONY: $(post_build_targets)
 
-all: $(ansible_groups)
-.PHONY: $(ansible_groups) all clean mostlyclean phony/build $(post_build_targets)
+.PHONY: all
+.DEFAULT_GOAL: all
+all: $(sort $(ansible_groups))
 
 sources = main.pkr.hcl sources.pkr.hcl variables.pkr.hcl \
-	config/ansible/requirements.yaml \
+	config/ansible/requirements.yaml plugin.pkr.hcl \
 	$(wildcard *.pkrvars.hcl)
 
 # allow build aliases for ansible groups and optionally skipping post-build tasks
-$(ansible_groups): %: output/%/packer-base \
-$(if $(filter 0,$(build_only)),phony/%/post_build)
-
-MAKEFLAGS += --no-print-directory
-.SECONDARY: output/%/packer-base
-output/%/packer-base: $(sources) config/ansible/%.yaml
-# 	ensure the temporary build keys are always removed
-	@ /usr/bin/env sh -c \
-		"trap 'trap - INT TERM; \
-			rm -f .ssh/id_rsa .ssh/id_rsa.pub; \
-			rmdir .ssh >/dev/null 2>&1' INT TERM ERR; \
-		'$(MAKE)' target='$*' phony/build"
-
-.venv/lock: requirements.txt
+$(ansible_groups): %: output/%/packer-kvm.img \
+$(if $(build_only),,phony/%/post_build)
+
+.SECONDARY: output/%/packer-kvm.img
+output/%/packer-kvm.img: $(sources) config/ansible/%.yaml \
+.venv/lock plugin.pkr.hcl.lock /tmp/packer/id_% /tmp/packer/id_%.pub | output/
+	. .venv/bin/activate && \
+	packer build --only "$*.qemu.kvm" \
+		--force \
+		--var "target=$*" . && \
+	packer build --only "$*.null.post" \
+		--var "target=$*" .
+
+	rm -f "/tmp/packer/id_$*" "/tmp/packer/id_$*.pub"
+
+.INTERMEDIATE: /tmp/packer/id_%.pub
+/tmp/packer/id_% /tmp/packer/id_%.pub:
+	mkdir -p -m 700 /tmp/packer/
+	echo y | ssh-keygen -q -N "" -C "" -f "$@" >/dev/null 2>&1
+
+.venv/lock: base-requirements.txt config/requirements.txt
 	python3 -m venv .venv
 
 	. .venv/bin/activate; \
-	python3 -m pip install -U -r requirements.txt
+	python3 -m pip install -U -r base-requirements.txt -r config/requirements.txt
 
 	touch .venv/lock
 
-phony/build: .venv/lock
-	$(if $(target),,$(error target is not defined))
+plugin.pkr.hcl.lock: plugin.pkr.hcl
 	packer init .
+	touch "$@"
 
-	mkdir -p output/
-
-	mkdir -m 700 -p .ssh
-	echo y | ssh-keygen -q -N "" -f .ssh/id_rsa >/dev/null 2>&1
-
-	. .venv/bin/activate; \
-	packer build --only provision.qemu.base \
-		--force \
-		--var "ssh_public_key=$$(cat .ssh/id_rsa.pub)" \
-		--var "ssh_private_key_file_path=.ssh/id_rsa" \
-		--var "target=$(target)" .
-
-	rm -f .ssh/id_rsa .ssh/id_rsa.pub
-	rmdir .ssh
+output/:
+	mkdir output/
 
 # packer will error if the file doesn't exist, so create a placeholder
 define vehost_placeholder
@@ -76,21 +69,22 @@ source "null" "vehost" {
 }
 endef
 vehost.pkr.hcl:
-	@ echo Making placeholder file: vehost.pkr.hcl \
-		(HINT: replace with your actual values!)
+	@ printf "%s\n" "Making placeholder file: vehost.pkr.hcl" \
+		"HINT: replace with your actual values"
 	$(file >$@,$(vehost_placeholder))
 
 # ambiguous state of vehost, so remote operations should always be out of date
-$(post_build_targets): phony/%/post_build: output/%/packer-base
-	packer build --only veupload.null.vehost \
-		--var "target=$*" .
-
+$(post_build_targets): phony/%/post_build: output/%/packer-kvm.img
+	. .venv/bin/activate && \
+	packer build --only "veupload.null.vehost" \
+		--var "target=$*" . && \
 	packer build --only "$(platform_ve).null.vehost" \
 		--var "target=$*" .
 
-clean:
-	find output/ -mindepth 1 -delete
+.PHONY: clean
+clean: mostlyclean
 	rm -rf .venv/
 
+.PHONY: mostlyclean
 mostlyclean:
-	find output/ -mindepth 1 -delete
+	find /tmp/packer/ output/ -mindepth 1 -delete

base-requirements.txt

@@ -0,0 +1,2 @@
+ansible==8.3.0
+pip==23.2.1

config/example/config.mak → example-config/config.mak

@@ -1,3 +1,2 @@
-build_only = 0
 platform_ve = proxmox
 ansible_groups = example

example-config/requirements.txt

@@ -0,0 +1 @@
+netaddr==0.9.0

example.pkrvars.hcl

@@ -1,28 +1,33 @@
 # user build settings
 # hint: rename to *.auto.pkrvars.hcl to automatically load this file
 
-image_url = "https://cloud.debian.org/images/cloud/bookworm/20230910-1499/debian-12-genericcloud-amd64-20230910-1499.qcow2"
-image_checksum = "sha512:42f3565ef632bea438b55acffb24a87400c4e285c50a5b79083da1c2ba6eb02e381adb3b45fec387f2852b64170a451be46bcc3b50c0d79a229daaf641b96453"
-
-proxmox_settings = {
-    "memory" = "4096"
-    "cpu" = "8"
-    "net" = "virtio,bridge=vmbr0"
-    "scsihw" = "virtio-scsi-single"
-    "imagestorage" = "vmstore"
-    "ostype" = "l26"
-    "balloon" = "0"
-    "qemuagent" = "enabled=1,fstrim_cloned_disks=1"
-    "cache" = "none"
-    "discard" = "on"
-    "diskformat" = "raw"
+image = {
+  name             = "debian-12-amd64"
+  url              = "https://cloud.debian.org/images/cloud/bookworm/20240211-1654/debian-12-genericcloud-amd64-20240211-1654.qcow2"
+  checksum         = "sha512:6856277491c234fa1bc6f250cbd9f0d44f77524479536ecbc0ac536bc07e76322ebb4d42e09605056d6d3879c8eb87db40690a2b5dfe57cb19b0c673fc4c58ca"
+  shutdown_command = "sudo shutdown now"
+  user             = "packer"
 }
 
 local_vm_settings = {
-    "cache" = "none"
-    "net_device" = "virtio-net"
-    "disk_interface" = "virtio-scsi"
-    "memory" = "8192"
-    "output_format" = "qcow2"
-    "virtual_disk_size" = "4G"
+  "cache"             = "none"
+  "net_device"        = "virtio-net"
+  "disk_interface"    = "virtio-scsi"
+  "memory"            = "512"
+  "output_format"     = "qcow2"
+  "virtual_disk_size" = "16G"
+}
+
+proxmox_settings = {
+  "memory"       = "2048"
+  "cpu"          = "1"
+  "net"          = "virtio,bridge=vmbr0"
+  "scsihw"       = "virtio-scsi-single"
+  "imagestorage" = "local-lvm"
+  "ostype"       = "l26"
+  "balloon"      = "0"
+  "qemuagent"    = "enabled=1,fstrim_cloned_disks=1"
+  "cache"        = "none"
+  "discard"      = "on"
+  "diskformat"   = "qcow2"
 }

main.pkr.hcl

@@ -1,57 +1,55 @@
-packer {
-  required_plugins {
-    qemu = {
-        source  = "github.com/hashicorp/qemu"
-        version = "=1.0.9"
-    }
-    ansible = {
-        source  = "github.com/hashicorp/ansible"
-        version = "=1.1.0"
-    }
+build {
+  name = var.target
+
+  sources = ["source.qemu.kvm"]
+
+  provisioner "shell" {
+    inline = ["/usr/bin/cloud-init status --wait"]
   }
-}
 
-locals {
-    output_directory = "output/${var.target}"
-    qemu_info_output = "${local.output_directory}/qemu-info.json"
+  provisioner "ansible" {
+    playbook_file = "config/ansible/${var.target}.yaml"
+    galaxy_file   = "config/ansible/requirements.yaml"
+    ansible_env_vars = [
+      "ANSIBLE_FORCE_COLOR=1",
+      "PYTHONUNBUFFERED=1",
+      "ANSIBLE_HOST_KEY_CHECKING=False"
+    ]
+    # https://github.com/hashicorp/packer/issues/11783
+    extra_arguments = ["--scp-extra-args", "'-O'"]
+    galaxy_force_install = true
+  }
+
+  post-processor "checksum" {
+    checksum_types      = ["sha512"]
+    keep_input_artifact = true
+    output              = "output/${var.target}/checksum.sha512sum"
+  }
 }
 
+# other post-processing in a separate block so that we don't destroy the artifact on error
 build {
-    name = "provision"
+  name = var.target
 
-    source "source.qemu.base" {
-        output_directory = "${local.output_directory}"
-    }
+  sources = ["source.null.post"]
 
-    provisioner "ansible" {
-        command = "scripts/playbook.sh" # needs to be an executable, scripting is not supported
-        host_alias = "default"
-        playbook_file = "config/ansible/${var.target}.yaml"
-        galaxy_file = "config/ansible/requirements.yaml" # requirements for all playbooks
-        extra_arguments = [
-            "--scp-extra-args", "'-O'" # https://github.com/hashicorp/packer/issues/11783
-        ]
-        galaxy_force_install = true # https://github.com/ansible/proposals/issues/181
+  post-processors {
+    post-processor "shell-local" {
+      environment_vars = [
+        "IMAGE=output/${var.target}/packer-kvm.img",
+        "OUTPUT=output/${var.target}/qemu-info.json"
+      ]
+      inline = ["json=\"$(qemu-img info --output=json \"$IMAGE\")\" && echo \"$json\" > \"$OUTPUT\""]
     }
 
-    post-processors {
-        post-processor "shell-local" {
-            name = "qemuinfo"
-            environment_vars = [
-                "IMAGE=${local.output_directory}/packer-base",
-                "OUTPUT=${local.qemu_info_output}"
-            ]
-            inline = ["qemu-img info --output=json \"$IMAGE\" > \"$OUTPUT\""]
-        }
-
-        post-processor "shell-local" {
-            script = "scripts/qemuinfo.py"
-            environment_vars = ["OUTPUT=${local.qemu_info_output}"]
-            execute_command  = [
-                "/bin/sh",
-                "-c",
-                "{{.Vars}} $(command -v python3) {{.Script}}"
-            ]
-        }
+    post-processor "shell-local" {
+      script           = "scripts/qemuinfo.py"
+      environment_vars = ["OUTPUT=output/${var.target}/qemu-info.json"]
+      execute_command = [
+        "/bin/sh",
+        "-c",
+        "{{.Vars}} $(command -v python3) {{.Script}}"
+      ]
     }
+  }
 }