//go:generate mapstructure-to-hcl2 -type Config // Package puppetmasterless implements a provisioner for Packer that executes // Puppet on the remote machine, configured to apply a local manifest // versus connecting to a Puppet master. package puppetmasterless import ( "context" "fmt" "os" "path/filepath" "strings" "github.com/hashicorp/hcl/v2/hcldec" "github.com/hashicorp/packer-plugin-sdk/common" "github.com/hashicorp/packer-plugin-sdk/guestexec" packersdk "github.com/hashicorp/packer-plugin-sdk/packer" "github.com/hashicorp/packer-plugin-sdk/template/config" "github.com/hashicorp/packer-plugin-sdk/template/interpolate" ) type Config struct { common.PackerConfig `mapstructure:",squash"` ctx interpolate.Context // If true, staging directory is removed after executing puppet. CleanStagingDir bool `mapstructure:"clean_staging_directory"` // The Guest OS Type (unix or windows) GuestOSType string `mapstructure:"guest_os_type"` // The command used to execute Puppet. ExecuteCommand string `mapstructure:"execute_command"` // Additional arguments to pass when executing Puppet ExtraArguments []string `mapstructure:"extra_arguments"` // Additional facts to set when executing Puppet Facter map[string]string // Path to a hiera configuration file to upload and use. HieraConfigPath string `mapstructure:"hiera_config_path"` // If true, packer will ignore all exit-codes from a puppet run IgnoreExitCodes bool `mapstructure:"ignore_exit_codes"` // An array of local paths of modules to upload. ModulePaths []string `mapstructure:"module_paths"` // The main manifest file to apply to kick off the entire thing. ManifestFile string `mapstructure:"manifest_file"` // A directory of manifest files that will be uploaded to the remote // machine. ManifestDir string `mapstructure:"manifest_dir"` // If true, `sudo` will NOT be used to execute Puppet. PreventSudo bool `mapstructure:"prevent_sudo"` // The directory that contains the puppet binary. // E.g. if it can't be found on the standard path. PuppetBinDir string `mapstructure:"puppet_bin_dir"` // The directory where files will be uploaded. Packer requires write // permissions in this directory. StagingDir string `mapstructure:"staging_directory"` // The directory from which the command will be executed. // Packer requires the directory to exist when running puppet. WorkingDir string `mapstructure:"working_directory"` // Instructs the communicator to run the remote script as a Windows // scheduled task, effectively elevating the remote user by impersonating // a logged-in user ElevatedUser string `mapstructure:"elevated_user"` ElevatedPassword string `mapstructure:"elevated_password"` } type guestOSTypeConfig struct { executeCommand string facterVarsFmt string facterVarsJoiner string modulePathJoiner string stagingDir string tempDir string } // FIXME assumes both Packer host and target are same OS var guestOSTypeConfigs = map[string]guestOSTypeConfig{ guestexec.UnixOSType: { tempDir: "/tmp", stagingDir: "/tmp/packer-puppet-masterless", executeCommand: "cd {{.WorkingDir}} && " + `{{if ne .FacterVars ""}}{{.FacterVars}} {{end}}` + "{{if .Sudo}}sudo -E {{end}}" + `{{if ne .PuppetBinDir ""}}{{.PuppetBinDir}}/{{end}}` + "puppet apply --detailed-exitcodes " + "{{if .Debug}}--debug {{end}}" + `{{if ne .ModulePath ""}}--modulepath='{{.ModulePath}}' {{end}}` + `{{if ne .HieraConfigPath ""}}--hiera_config='{{.HieraConfigPath}}' {{end}}` + `{{if ne .ManifestDir ""}}--manifestdir='{{.ManifestDir}}' {{end}}` + `{{if ne .ExtraArguments ""}}{{.ExtraArguments}} {{end}}` + "{{.ManifestFile}}", facterVarsFmt: "FACTER_%s='%s'", facterVarsJoiner: " ", modulePathJoiner: ":", }, guestexec.WindowsOSType: { tempDir: filepath.ToSlash(os.Getenv("TEMP")), stagingDir: filepath.ToSlash(os.Getenv("SYSTEMROOT")) + "/Temp/packer-puppet-masterless", executeCommand: "cd {{.WorkingDir}} && " + `{{if ne .FacterVars ""}}{{.FacterVars}} && {{end}}` + `{{if ne .PuppetBinDir ""}}{{.PuppetBinDir}}/{{end}}` + "puppet apply --detailed-exitcodes " + "{{if .Debug}}--debug {{end}}" + `{{if ne .ModulePath ""}}--modulepath='{{.ModulePath}}' {{end}}` + `{{if ne .HieraConfigPath ""}}--hiera_config='{{.HieraConfigPath}}' {{end}}` + `{{if ne .ManifestDir ""}}--manifestdir='{{.ManifestDir}}' {{end}}` + `{{if ne .ExtraArguments ""}}{{.ExtraArguments}} {{end}}` + "{{.ManifestFile}}", facterVarsFmt: `SET "FACTER_%s=%s"`, facterVarsJoiner: " & ", modulePathJoiner: ";", }, } type Provisioner struct { config Config communicator packersdk.Communicator guestOSTypeConfig guestOSTypeConfig guestCommands *guestexec.GuestCommands generatedData map[string]interface{} } type ExecuteTemplate struct { Debug bool ExtraArguments string FacterVars string HieraConfigPath string ModulePath string ModulePathJoiner string ManifestFile string ManifestDir string PuppetBinDir string Sudo bool WorkingDir string } type EnvVarsTemplate struct { WinRMPassword string } func (p *Provisioner) ConfigSpec() hcldec.ObjectSpec { return p.config.FlatMapstructure().HCL2Spec() } func (p *Provisioner) Prepare(raws ...interface{}) error { err := config.Decode(&p.config, &config.DecodeOpts{ PluginType: "puppet-masterless", Interpolate: true, InterpolateContext: &p.config.ctx, InterpolateFilter: &interpolate.RenderFilter{ Exclude: []string{ "execute_command", "extra_arguments", }, }, }, raws...) if err != nil { return err } // Set some defaults if p.config.GuestOSType == "" { p.config.GuestOSType = guestexec.DefaultOSType } p.config.GuestOSType = strings.ToLower(p.config.GuestOSType) var ok bool p.guestOSTypeConfig, ok = guestOSTypeConfigs[p.config.GuestOSType] if !ok { return fmt.Errorf("Invalid guest_os_type: \"%s\"", p.config.GuestOSType) } p.guestCommands, err = guestexec.NewGuestCommands(p.config.GuestOSType, !p.config.PreventSudo) if err != nil { return fmt.Errorf("Invalid guest_os_type: \"%s\"", p.config.GuestOSType) } if p.config.ExecuteCommand == "" { p.config.ExecuteCommand = p.guestOSTypeConfig.executeCommand } if p.config.StagingDir == "" { p.config.StagingDir = p.guestOSTypeConfig.stagingDir } if p.config.WorkingDir == "" { p.config.WorkingDir = p.config.StagingDir } if p.config.Facter == nil { p.config.Facter = make(map[string]string) } p.config.Facter["packer_build_name"] = p.config.PackerBuildName p.config.Facter["packer_builder_type"] = p.config.PackerBuilderType // Validation var errs *packersdk.MultiError if p.config.HieraConfigPath != "" { info, err := os.Stat(p.config.HieraConfigPath) if err != nil { errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("hiera_config_path is invalid: %s", err)) } else if info.IsDir() { errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("hiera_config_path must point to a file")) } } if p.config.ManifestDir != "" { info, err := os.Stat(p.config.ManifestDir) if err != nil { errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("manifest_dir is invalid: %s", err)) } else if !info.IsDir() { errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("manifest_dir must point to a directory")) } } if p.config.ManifestFile == "" { errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("A manifest_file must be specified.")) } else { _, err := os.Stat(p.config.ManifestFile) if err != nil { errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("manifest_file is invalid: %s", err)) } } for i, path := range p.config.ModulePaths { info, err := os.Stat(path) if err != nil { errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("module_path[%d] is invalid: %s", i, err)) } else if !info.IsDir() { errs = packersdk.MultiErrorAppend(errs, fmt.Errorf("module_path[%d] must point to a directory", i)) } } if errs != nil && len(errs.Errors) > 0 { return errs } return nil } func (p *Provisioner) Provision(ctx context.Context, ui packersdk.Ui, comm packersdk.Communicator, generatedData map[string]interface{}) error { ui.Say("Provisioning with Puppet...") p.communicator = comm p.generatedData = generatedData ui.Message("Creating Puppet staging directory...") if err := p.createDir(ui, comm, p.config.StagingDir); err != nil { return fmt.Errorf("Error creating staging directory: %s", err) } // Upload hiera config if set remoteHieraConfigPath := "" if p.config.HieraConfigPath != "" { var err error remoteHieraConfigPath, err = p.uploadHieraConfig(ui, comm) if err != nil { return fmt.Errorf("Error uploading hiera config: %s", err) } } // Upload manifest dir if set remoteManifestDir := "" if p.config.ManifestDir != "" { ui.Message(fmt.Sprintf( "Uploading manifest directory from: %s", p.config.ManifestDir)) remoteManifestDir = fmt.Sprintf("%s/manifests", p.config.StagingDir) err := p.uploadDirectory(ui, comm, remoteManifestDir, p.config.ManifestDir) if err != nil { return fmt.Errorf("Error uploading manifest dir: %s", err) } } // Upload all modules modulePaths := make([]string, 0, len(p.config.ModulePaths)) for i, path := range p.config.ModulePaths { ui.Message(fmt.Sprintf("Uploading local modules from: %s", path)) targetPath := fmt.Sprintf("%s/module-%d", p.config.StagingDir, i) if err := p.uploadDirectory(ui, comm, targetPath, path); err != nil { return fmt.Errorf("Error uploading modules: %s", err) } modulePaths = append(modulePaths, targetPath) } // Upload manifests remoteManifestFile, err := p.uploadManifests(ui, comm) if err != nil { return fmt.Errorf("Error uploading manifests: %s", err) } // Compile the facter variables facterVars := make([]string, 0, len(p.config.Facter)) for k, v := range p.config.Facter { facterVars = append(facterVars, fmt.Sprintf(p.guestOSTypeConfig.facterVarsFmt, k, v)) } data := ExecuteTemplate{ ExtraArguments: "", FacterVars: strings.Join(facterVars, p.guestOSTypeConfig.facterVarsJoiner), HieraConfigPath: remoteHieraConfigPath, ManifestDir: remoteManifestDir, ManifestFile: remoteManifestFile, ModulePath: strings.Join(modulePaths, p.guestOSTypeConfig.modulePathJoiner), ModulePathJoiner: p.guestOSTypeConfig.modulePathJoiner, PuppetBinDir: p.config.PuppetBinDir, Sudo: !p.config.PreventSudo, WorkingDir: p.config.WorkingDir, } p.config.ctx.Data = &data _ExtraArguments, err := interpolate.Render(strings.Join(p.config.ExtraArguments, " "), &p.config.ctx) if err != nil { return err } data.ExtraArguments = _ExtraArguments command, err := interpolate.Render(p.config.ExecuteCommand, &p.config.ctx) if err != nil { return err } if p.config.ElevatedUser != "" { command, err = guestexec.GenerateElevatedRunner(command, p) if err != nil { return err } } cmd := &packersdk.RemoteCmd{ Command: command, } ui.Message(fmt.Sprintf("Running Puppet: %s", command)) if err := cmd.RunWithUi(ctx, comm, ui); err != nil { return fmt.Errorf("Got an error starting command: %s", err) } if cmd.ExitStatus() != 0 && cmd.ExitStatus() != 2 && !p.config.IgnoreExitCodes { return fmt.Errorf("Puppet exited with a non-zero exit status: %d", cmd.ExitStatus()) } if p.config.CleanStagingDir { if err := p.removeDir(ui, comm, p.config.StagingDir); err != nil { return fmt.Errorf("Error removing staging directory: %s", err) } } return nil } func (p *Provisioner) uploadHieraConfig(ui packersdk.Ui, comm packersdk.Communicator) (string, error) { ui.Message("Uploading hiera configuration...") f, err := os.Open(p.config.HieraConfigPath) if err != nil { return "", err } defer f.Close() path := fmt.Sprintf("%s/hiera.yaml", p.config.StagingDir) if err := comm.Upload(path, f, nil); err != nil { return "", err } return path, nil } func (p *Provisioner) uploadManifests(ui packersdk.Ui, comm packersdk.Communicator) (string, error) { // Create the remote manifests directory... ui.Message("Uploading manifests...") remoteManifestsPath := fmt.Sprintf("%s/manifests", p.config.StagingDir) if err := p.createDir(ui, comm, remoteManifestsPath); err != nil { return "", fmt.Errorf("Error creating manifests directory: %s", err) } // NOTE! manifest_file may either be a directory or a file, as puppet apply // now accepts either one. fi, err := os.Stat(p.config.ManifestFile) if err != nil { return "", fmt.Errorf("Error inspecting manifest file: %s", err) } if fi.IsDir() { // If manifest_file is a directory we'll upload the whole thing ui.Message(fmt.Sprintf( "Uploading manifest directory from: %s", p.config.ManifestFile)) remoteManifestDir := fmt.Sprintf("%s/manifests", p.config.StagingDir) err := p.uploadDirectory(ui, comm, remoteManifestDir, p.config.ManifestFile) if err != nil { return "", fmt.Errorf("Error uploading manifest dir: %s", err) } return remoteManifestDir, nil } // Otherwise manifest_file is a file and we'll upload it ui.Message(fmt.Sprintf( "Uploading manifest file from: %s", p.config.ManifestFile)) f, err := os.Open(p.config.ManifestFile) if err != nil { return "", err } defer f.Close() manifestFilename := filepath.Base(p.config.ManifestFile) remoteManifestFile := fmt.Sprintf("%s/%s", remoteManifestsPath, manifestFilename) if err := comm.Upload(remoteManifestFile, f, nil); err != nil { return "", err } return remoteManifestFile, nil } func (p *Provisioner) createDir(ui packersdk.Ui, comm packersdk.Communicator, dir string) error { ui.Message(fmt.Sprintf("Creating directory: %s", dir)) cmd := &packersdk.RemoteCmd{Command: p.guestCommands.CreateDir(dir)} ctx := context.TODO() if err := cmd.RunWithUi(ctx, comm, ui); err != nil { return err } if cmd.ExitStatus() != 0 { return fmt.Errorf("Non-zero exit status.") } // Chmod the directory to 0777 just so that we can access it as our user cmd = &packersdk.RemoteCmd{Command: p.guestCommands.Chmod(dir, "0777")} if err := cmd.RunWithUi(ctx, comm, ui); err != nil { return err } if cmd.ExitStatus() != 0 { return fmt.Errorf("Non-zero exit status. See output above for more info.") } return nil } func (p *Provisioner) removeDir(ui packersdk.Ui, comm packersdk.Communicator, dir string) error { ctx := context.TODO() cmd := &packersdk.RemoteCmd{Command: p.guestCommands.RemoveDir(dir)} if err := cmd.RunWithUi(ctx, comm, ui); err != nil { return err } if cmd.ExitStatus() != 0 { return fmt.Errorf("Non-zero exit status.") } return nil } func (p *Provisioner) uploadDirectory(ui packersdk.Ui, comm packersdk.Communicator, dst string, src string) error { if err := p.createDir(ui, comm, dst); err != nil { return err } // Make sure there is a trailing "/" so that the directory isn't // created on the other side. if src[len(src)-1] != '/' { src = src + "/" } return comm.UploadDir(dst, src, nil) } func (p *Provisioner) Communicator() packersdk.Communicator { return p.communicator } func (p *Provisioner) ElevatedUser() string { return p.config.ElevatedUser } func (p *Provisioner) ElevatedPassword() string { // Replace ElevatedPassword for winrm users who used this feature p.config.ctx.Data = p.generatedData elevatedPassword, _ := interpolate.Render(p.config.ElevatedPassword, &p.config.ctx) return elevatedPassword }