From eae0556dc518d97c80408477781d398d36cd090a Mon Sep 17 00:00:00 2001 From: Sergio Millan Rodriguez Date: Fri, 13 Jul 2018 17:56:04 +0200 Subject: [PATCH 1/6] Add option to enable/disable create firewall/acl rules --- builder/cloudstack/config.go | 2 ++ builder/cloudstack/step_configure_networking.go | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/builder/cloudstack/config.go b/builder/cloudstack/config.go index 7a617c6cd..b0c338272 100644 --- a/builder/cloudstack/config.go +++ b/builder/cloudstack/config.go @@ -40,6 +40,8 @@ type Config struct { PublicIPAddress string `mapstructure:"public_ip_address"` SecurityGroups []string `mapstructure:"security_groups"` ServiceOffering string `mapstructure:"service_offering"` + CreateNetworkACL bool `mapstructure:"create_network_acl"` + CreateFirewallRule bool `mapstructure:"create_firewall_rule"` SourceISO string `mapstructure:"source_iso"` SourceTemplate string `mapstructure:"source_template"` TemporaryKeypairName string `mapstructure:"temporary_keypair_name"` diff --git a/builder/cloudstack/step_configure_networking.go b/builder/cloudstack/step_configure_networking.go index 4dba63ef7..ccda39107 100644 --- a/builder/cloudstack/step_configure_networking.go +++ b/builder/cloudstack/step_configure_networking.go @@ -117,7 +117,7 @@ func (s *stepSetupNetworking) Run(_ context.Context, state multistep.StateBag) m // Store the port forward ID. state.Put("port_forward_id", forward.Id) - if network.Vpcid != "" { + if network.Vpcid != "" && config.CreateNetworkACL { ui.Message("Creating network ACL rule...") if network.Aclid == "" { @@ -149,7 +149,7 @@ func (s *stepSetupNetworking) Run(_ context.Context, state multistep.StateBag) m // Store the network ACL rule ID. state.Put("network_acl_rule_id", aclRule.Id) - } else { + } else if config.CreateFirewallRule { ui.Message("Creating firewall rule...") // Create a new parameter struct. From a41a4658ee6da942534389f6e6d57361e4bd7f4b Mon Sep 17 00:00:00 2001 From: Sergio Millan Rodriguez Date: Fri, 13 Jul 2018 17:56:27 +0200 Subject: [PATCH 2/6] make packer builder honour projectid setting if provided --- builder/cloudstack/step_create_instance.go | 5 ++++- builder/cloudstack/step_create_template.go | 7 +++++-- builder/cloudstack/step_keypair.go | 16 +++++++++++++--- 3 files changed, 22 insertions(+), 6 deletions(-) diff --git a/builder/cloudstack/step_create_instance.go b/builder/cloudstack/step_create_instance.go index 343d36c35..49c728f66 100644 --- a/builder/cloudstack/step_create_instance.go +++ b/builder/cloudstack/step_create_instance.go @@ -47,7 +47,9 @@ func (s *stepCreateInstance) Run(_ context.Context, state multistep.StateBag) mu p.SetDisplayname("Created by Packer") if keypair, ok := state.GetOk("keypair"); ok { - p.SetKeypair(keypair.(string)) + kp := keypair.(string) + ui.Message(fmt.Sprintf("Found keypair: %s", kp)) + p.SetKeypair(kp) } if securitygroups, ok := state.GetOk("security_groups"); ok { @@ -120,6 +122,7 @@ func (s *stepCreateInstance) Run(_ context.Context, state multistep.StateBag) mu } ui.Message("Instance has been created!") + ui.Message(fmt.Sprintf("Instance ID: %s", instance.Id)) // In debug-mode, we output the password if s.Debug { diff --git a/builder/cloudstack/step_create_template.go b/builder/cloudstack/step_create_template.go index 4afba8699..0a51e3cc4 100644 --- a/builder/cloudstack/step_create_template.go +++ b/builder/cloudstack/step_create_template.go @@ -51,7 +51,7 @@ func (s *stepCreateTemplate) Run(_ context.Context, state multistep.StateBag) mu } ui.Message("Retrieving the ROOT volume ID...") - volumeID, err := getRootVolumeID(client, instanceID) + volumeID, err := getRootVolumeID(client, instanceID, config) if err != nil { state.Put("error", err) ui.Error(err.Error()) @@ -89,13 +89,16 @@ func (s *stepCreateTemplate) Cleanup(state multistep.StateBag) { // Nothing to cleanup for this step. } -func getRootVolumeID(client *cloudstack.CloudStackClient, instanceID string) (string, error) { +func getRootVolumeID(client *cloudstack.CloudStackClient, instanceID string, config *Config) (string, error) { // Retrieve the virtual machine object. p := client.Volume.NewListVolumesParams() // Set the type and virtual machine ID p.SetType("ROOT") p.SetVirtualmachineid(instanceID) + if config.Project != "" { + p.SetProjectid(config.Project) + } volumes, err := client.Volume.ListVolumes(p) if err != nil { diff --git a/builder/cloudstack/step_keypair.go b/builder/cloudstack/step_keypair.go index e1f002b76..89e7e4d1f 100644 --- a/builder/cloudstack/step_keypair.go +++ b/builder/cloudstack/step_keypair.go @@ -60,6 +60,12 @@ func (s *stepKeypair) Run(_ context.Context, state multistep.StateBag) multistep ui.Say(fmt.Sprintf("Creating temporary keypair: %s ...", s.TemporaryKeyPairName)) p := client.SSH.NewCreateSSHKeyPairParams(s.TemporaryKeyPairName) + + cfg := state.Get("config").(*Config) + if cfg.Project != "" { + p.SetProjectid(cfg.Project) + } + keypair, err := client.SSH.CreateSSHKeyPair(p) if err != nil { err := fmt.Errorf("Error creating temporary keypair: %s", err) @@ -120,12 +126,16 @@ func (s *stepKeypair) Cleanup(state multistep.StateBag) { ui := state.Get("ui").(packer.Ui) client := state.Get("client").(*cloudstack.CloudStackClient) + cfg := state.Get("config").(*Config) + + p := client.SSH.NewDeleteSSHKeyPairParams(s.TemporaryKeyPairName) + if cfg.Project != "" { + p.SetProjectid(cfg.Project) + } ui.Say(fmt.Sprintf("Deleting temporary keypair: %s ...", s.TemporaryKeyPairName)) - _, err := client.SSH.DeleteSSHKeyPair(client.SSH.NewDeleteSSHKeyPairParams( - s.TemporaryKeyPairName, - )) + _, err := client.SSH.DeleteSSHKeyPair(p) if err != nil { ui.Error(err.Error()) ui.Error(fmt.Sprintf( From e729b21212851719cfd6020ac53fe8bd6825dcdb Mon Sep 17 00:00:00 2001 From: Sergio Millan Rodriguez Date: Mon, 16 Jul 2018 11:38:14 +0200 Subject: [PATCH 3/6] passing projectid to getRootVolumeID rather than the whole config struct --- builder/cloudstack/step_create_template.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/builder/cloudstack/step_create_template.go b/builder/cloudstack/step_create_template.go index 0a51e3cc4..706d570f6 100644 --- a/builder/cloudstack/step_create_template.go +++ b/builder/cloudstack/step_create_template.go @@ -51,7 +51,7 @@ func (s *stepCreateTemplate) Run(_ context.Context, state multistep.StateBag) mu } ui.Message("Retrieving the ROOT volume ID...") - volumeID, err := getRootVolumeID(client, instanceID, config) + volumeID, err := getRootVolumeID(client, instanceID, config.Project) if err != nil { state.Put("error", err) ui.Error(err.Error()) @@ -89,15 +89,15 @@ func (s *stepCreateTemplate) Cleanup(state multistep.StateBag) { // Nothing to cleanup for this step. } -func getRootVolumeID(client *cloudstack.CloudStackClient, instanceID string, config *Config) (string, error) { +func getRootVolumeID(client *cloudstack.CloudStackClient, instanceID, projectID string) (string, error) { // Retrieve the virtual machine object. p := client.Volume.NewListVolumesParams() // Set the type and virtual machine ID p.SetType("ROOT") p.SetVirtualmachineid(instanceID) - if config.Project != "" { - p.SetProjectid(config.Project) + if projectID != "" { + p.SetProjectid(projectID) } volumes, err := client.Volume.ListVolumes(p) From 472a7820eb75df758616d90286a3f6fdbb4d24e0 Mon Sep 17 00:00:00 2001 From: Sergio Millan Rodriguez Date: Mon, 16 Jul 2018 11:39:15 +0200 Subject: [PATCH 4/6] Using UI keypair meaningful message --- builder/cloudstack/step_create_instance.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/builder/cloudstack/step_create_instance.go b/builder/cloudstack/step_create_instance.go index 49c728f66..81f0c0699 100644 --- a/builder/cloudstack/step_create_instance.go +++ b/builder/cloudstack/step_create_instance.go @@ -48,7 +48,7 @@ func (s *stepCreateInstance) Run(_ context.Context, state multistep.StateBag) mu if keypair, ok := state.GetOk("keypair"); ok { kp := keypair.(string) - ui.Message(fmt.Sprintf("Found keypair: %s", kp)) + ui.Message(fmt.Sprintf("Using keypair: %s", kp)) p.SetKeypair(kp) } From f4020835d609f3a4408d1b2ffd209aee8a0313e5 Mon Sep 17 00:00:00 2001 From: Sergio Millan Rodriguez Date: Mon, 16 Jul 2018 13:06:51 +0200 Subject: [PATCH 5/6] flag to setup networking without firewall rules --- builder/cloudstack/config.go | 43 +++++++++---------- .../cloudstack/step_configure_networking.go | 9 +++- 2 files changed, 28 insertions(+), 24 deletions(-) diff --git a/builder/cloudstack/config.go b/builder/cloudstack/config.go index b0c338272..3d15d27a2 100644 --- a/builder/cloudstack/config.go +++ b/builder/cloudstack/config.go @@ -27,28 +27,27 @@ type Config struct { HTTPGetOnly bool `mapstructure:"http_get_only"` SSLNoVerify bool `mapstructure:"ssl_no_verify"` - CIDRList []string `mapstructure:"cidr_list"` - CreateSecurityGroup bool `mapstructure:"create_security_group"` - DiskOffering string `mapstructure:"disk_offering"` - DiskSize int64 `mapstructure:"disk_size"` - Expunge bool `mapstructure:"expunge"` - Hypervisor string `mapstructure:"hypervisor"` - InstanceName string `mapstructure:"instance_name"` - Keypair string `mapstructure:"keypair"` - Network string `mapstructure:"network"` - Project string `mapstructure:"project"` - PublicIPAddress string `mapstructure:"public_ip_address"` - SecurityGroups []string `mapstructure:"security_groups"` - ServiceOffering string `mapstructure:"service_offering"` - CreateNetworkACL bool `mapstructure:"create_network_acl"` - CreateFirewallRule bool `mapstructure:"create_firewall_rule"` - SourceISO string `mapstructure:"source_iso"` - SourceTemplate string `mapstructure:"source_template"` - TemporaryKeypairName string `mapstructure:"temporary_keypair_name"` - UseLocalIPAddress bool `mapstructure:"use_local_ip_address"` - UserData string `mapstructure:"user_data"` - UserDataFile string `mapstructure:"user_data_file"` - Zone string `mapstructure:"zone"` + CIDRList []string `mapstructure:"cidr_list"` + CreateSecurityGroup bool `mapstructure:"create_security_group"` + DiskOffering string `mapstructure:"disk_offering"` + DiskSize int64 `mapstructure:"disk_size"` + Expunge bool `mapstructure:"expunge"` + Hypervisor string `mapstructure:"hypervisor"` + InstanceName string `mapstructure:"instance_name"` + Keypair string `mapstructure:"keypair"` + Network string `mapstructure:"network"` + Project string `mapstructure:"project"` + PublicIPAddress string `mapstructure:"public_ip_address"` + SecurityGroups []string `mapstructure:"security_groups"` + ServiceOffering string `mapstructure:"service_offering"` + PreventFirewallChanges bool `mapstructure:"prevent_firewall_changes"` + SourceISO string `mapstructure:"source_iso"` + SourceTemplate string `mapstructure:"source_template"` + TemporaryKeypairName string `mapstructure:"temporary_keypair_name"` + UseLocalIPAddress bool `mapstructure:"use_local_ip_address"` + UserData string `mapstructure:"user_data"` + UserDataFile string `mapstructure:"user_data_file"` + Zone string `mapstructure:"zone"` TemplateName string `mapstructure:"template_name"` TemplateDisplayText string `mapstructure:"template_display_text"` diff --git a/builder/cloudstack/step_configure_networking.go b/builder/cloudstack/step_configure_networking.go index ccda39107..577b4b1f2 100644 --- a/builder/cloudstack/step_configure_networking.go +++ b/builder/cloudstack/step_configure_networking.go @@ -117,7 +117,12 @@ func (s *stepSetupNetworking) Run(_ context.Context, state multistep.StateBag) m // Store the port forward ID. state.Put("port_forward_id", forward.Id) - if network.Vpcid != "" && config.CreateNetworkACL { + if config.PreventFirewallChanges { + ui.Message("Networking has been setup (without firewall changes)!") + return multistep.ActionContinue + } + + if network.Vpcid != "" { ui.Message("Creating network ACL rule...") if network.Aclid == "" { @@ -149,7 +154,7 @@ func (s *stepSetupNetworking) Run(_ context.Context, state multistep.StateBag) m // Store the network ACL rule ID. state.Put("network_acl_rule_id", aclRule.Id) - } else if config.CreateFirewallRule { + } else { ui.Message("Creating firewall rule...") // Create a new parameter struct. From 742bcf5afbfcc4706c5c7c26310c8134184f54f9 Mon Sep 17 00:00:00 2001 From: Sergio Millan Rodriguez Date: Mon, 16 Jul 2018 13:31:29 +0200 Subject: [PATCH 6/6] added documentation for prevent_firewall_changes flag --- website/source/docs/builders/cloudstack.html.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/website/source/docs/builders/cloudstack.html.md b/website/source/docs/builders/cloudstack.html.md index 9268d628b..22b9f91d1 100644 --- a/website/source/docs/builders/cloudstack.html.md +++ b/website/source/docs/builders/cloudstack.html.md @@ -117,6 +117,9 @@ builder. - `instance_name` (string) - The name of the instance. Defaults to "packer-UUID" where UUID is dynamically generated. +- `prevent_firewall_changes` (boolean) - Set to `true` to prevent network ACLs + or firewall rules creation. Defaults to `false`. + - `project` (string) - The name or ID of the project to deploy the instance to. - `public_ip_address` (string) - The public IP address or it's ID used for