fisma-ready · mzia · Jul 8, 2016
diff --git a/.chef/knife.rb b/.chef/knife.rb
@@ -3,4 +3,4 @@
 log_location             STDOUT
 cache_type               'BasicFile'
 cache_options( :path => "#{ENV['HOME']}/.chef/checksums" )
-cookbook_path            ["#{current_dir}/../cookbooks"]
+cookbook_path            ["#{current_dir}/cookbooks"]
diff --git a/ami.sh b/ami.sh
@@ -1,12 +1,12 @@
 #!/bin/bash
-rm -rf ../vendor/cookbooks
-berks vendor ../vendor/cookbooks
+berks vendor cookbooks
 packer build \
   -var "aws_access_key_id=$AWS_ACCESS_KEY_ID" \
   -var "aws_secret_key=$AWS_SECRET_ACCESS_KEY" \
   -var "grub_passwd=$GRUB_PWD" \
-  packer.json
+  $1
 
+rm -rf cookbooks
 # Note: to restrict builds to only a specific ami type
 # use the following flags in the packer build command
 # -only=amazon-ebs

diff --git a/files/ubuntu/config/partitioning.sh → files/ubuntu/partitioning.sh b/files/ubuntu/config/partitioning.sh → files/ubuntu/partitioning.sh
diff --git a/login-ubuntu-lts.json b/login-ubuntu-lts.json
@@ -0,0 +1,112 @@
+{
+  "variables": {
+    "aws_access_key_id": "",
+    "aws_secret_key": "",
+    "s3_bucket": "",
+    "grub_passwd": ""
+  },
+  "builders": [
+    {
+      "name": "ubuntu-1604",
+      "type": "amazon-ebs",
+      "access_key": "{{user `aws_access_key_id`}}",
+      "secret_key": "{{user `aws_secret_key`}}",
+      "region": "us-west-2",
+      "source_ami": "ami-b9ff39d9",
+      "instance_type": "m3.medium",
+      "ssh_username": "ubuntu",
+      "tags": {
+        "name": "login-base-image"
+      },
+      "ami_name": "FISMA Ready Baseline Ubuntu 16.04 ({{timestamp}} - Packer)",
+      "ami_description": "A FISMA-ready baseline Ubuntu 16.04 image based on Canoncical Ubuntu Xenial 16.04 LTS (ami-b9ff39d9). For more info: https://github.com/fisma-ready/ubuntu-lts",
+      "ami_block_device_mappings": [
+        {
+          "device_name": "/dev/sda1",
+          "volume_type": "gp2",
+          "volume_size": 30,
+          "delete_on_termination": true
+        },
+        {
+          "device_name": "/dev/sdk",
+          "volume_size": 40,
+          "volume_type": "gp2",
+          "delete_on_termination": true
+        }
+        ],
+      "launch_block_device_mappings": [
+        {
+          "device_name": "/dev/sda1",
+          "volume_type": "gp2",
+          "volume_size": 30,
+          "delete_on_termination": true
+        },
+        {
+          "device_name": "/dev/sdk",
+          "volume_size": 40,
+          "volume_type": "gp2",
+          "delete_on_termination": true
+        }
+      ]
+    },
+    {
+      "name": "ubuntu-1404",
+      "type": "amazon-ebs",
+      "access_key": "{{user `aws_access_key_id`}}",
+      "secret_key": "{{user `aws_secret_key`}}",
+      "region": "us-west-2",
+      "source_ami": "ami-d732f0b7",
+      "instance_type": "m3.medium",
+      "ssh_username": "ubuntu",
+      "tags": {
+        "name": "login-base-image"
+      },
+      "ami_name": "FISMA Ready Baseline Ubuntu 14.04 ({{timestamp}} - Packer)",
+      "ami_description": "A FISMA-ready baseline Ubuntu 14.04 image based on Canoncical Ubuntu Trusty 14.04 LTS (ami-d732f0b7). For more info: https://github.com/fisma-ready/ubuntu-lts",
+      "ami_block_device_mappings": [
+        {
+          "device_name": "/dev/sda1",
+          "volume_type": "gp2",
+          "volume_size": 30,
+          "delete_on_termination": true
+        },
+        {
+          "device_name": "/dev/sdk",
+          "volume_size": 40,
+          "volume_type": "gp2",
+          "delete_on_termination": true
+        }
+        ],
+      "launch_block_device_mappings": [
+        {
+          "device_name": "/dev/sda1",
+          "volume_type": "gp2",
+          "volume_size": 30,
+          "delete_on_termination": true
+        },
+        {
+          "device_name": "/dev/sdk",
+          "volume_size": 40,
+          "volume_type": "gp2",
+          "delete_on_termination": true
+        }
+      ]
+    }
+  ],
+  "provisioners": [
+    {
+      "type": "chef-solo",
+      "cookbook_paths": ["cookbooks"],
+      "json": { "grub_passwd": "hello" },
+      "run_list": ["recipe[packer]"],
+      "staging_directory": "/chef"
+    },
+    {
+      "inline": [
+        "sudo rm -rf /chef /etc/chef",
+        "truncate -s0 /home/ubuntu/.ssh/authorized_keys"
+      ],
+      "type": "shell"
+    }
+  ]
+}
diff --git a/packer.json b/packer.json
diff --git a/recipes/default.rb b/recipes/default.rb
@@ -16,7 +16,6 @@
   group "root"
 end
 
-
 ###
 # Redirect protections
 # See https://github.com/18F/ubuntu/blob/master/hardening.md#redirect-protections
@@ -183,13 +182,21 @@
 # Partition 
 ###
 
-cookbook_file "tmp/partitioning.sh" do
-  source "config/partitioning.sh"
+apt_package 'openssh-server'
+
+# disable lxcfs to prevent rsync error when copying /var/lib/lxcfs/cgroup*
+service "lxcfs" do
+  action :stop
+  notifies :run, 'execute[partition the second disk]', :before
+  not_if { platform?('ubuntu') && node['platform_version'].to_f < 16.04 }
+end
+
+cookbook_file "/partitioning.sh" do
   mode 0700
-  owner "root"
-  group "root"
+  notifies :run, 'execute[partition the second disk]', :delayed
 end
 
 execute "partition the second disk" do
-  command "bash /tmp/partitioning.sh"
-end
+  command "bash partitioning.sh"
+  action :nothing
+end