asyd/esxi-firewalling

## esxi-firewalling
ESX Configuration for VNC during Packer configuration

[root@esxi:/etc/vmware/firewall] more vnc.xml
<ConfigRoot>
<service id='0200'>
<id>VNC</id>
<rule id='0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>5900</begin>
<end>6199</end>
</port>
</rule>
</service>
</ConfigRoot>

[root@esxi:/etc/vmware/firewall] esxcli network firewall refresh
[root@esxi:/etc/vmware/firewall] esxcli network firewall ruleset set -e -a=false -r VNC
[root@esxi:/etc/vmware/firewall] esxcli network firewall ruleset allowedip add -r VNC -i 154.137.157.140

## packer-esxi.json
{
  "variables": {
    "assets_root": "{{env `ASSETS_URL`}}",

    "esx_version": "{{env `ESX_VERSION`}}",
    "esx_host": "{{env `ESX_HOST`}}",
    "esx_datastore": "{{env `ESX_DATASTORE`}}",
    "esx_network": "{{env `ESX_NETWORK`}}",
    "esx_username": "{{env `ESX_USERNAME`}}",
    "esx_password": "{{env `ESX_PASSWORD`}}",

    "iso_name": "{{env `ISO_NAME`}}",
    "iso_checksumtype": "{{env `ISO_CHECKSUM_TYPE`}}",
    "iso_checksum": "{{env `ISO_CHECKSUM`}}",

    "username": "{{env `SSH_USERNAME`}}",
    "password": "{{env `SSH_PASSWORD`}}",
    "build_id": "{{ env `BUILD_ID`}}",
    "build_suffix": "{{env `BUILD_SUFFIX`}}",
    "ssh_filepath": "{{env `SSH_FILEPATH`}}",
    "keep_register": "{{env `KEEP_REGISTER`}}"
  },

  "builders": [
  {
    "type": "vmware-iso",
    "remote_type": "{{user `esx_version`}}",
    "remote_host": "{{user `esx_host`}}",
    "remote_datastore": "{{user `esx_datastore`}}",
    "remote_username": "{{user `esx_username`}}",
    "remote_password": "{{user `esx_password`}}",
    "disk_size": 204800,
    "disk_type_id": "thin",
    "skip_compaction": true,

    "http_directory": "data/http",

    "headless": true,
    "format": "ova",
    "boot_wait": "10s",

    "guest_os_type": "ubuntu-64",

    "boot_command": [
      "<enter><wait>",
      "<f6><esc>",
      "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
      "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
      "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
      "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
      "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
      "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
      "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
      "<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
      "<bs><bs><bs>",
      "/install/vmlinuz ",
      "initrd=/install/initrd.gz ",
      "netcfg/choose_interface=eth0 ",
      "net.ifnames=0 ",
      "auto-install/enable=true ",
      "debconf/priority=critical ",
      "debian-installer/allow_unauthenticated_ssl=true ",
      "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/app-vm.cfg ",
      "automatic-ubiquity ",
      "<enter>"
    ],

    "iso_urls": [
      "{{user `assets_root`}}/isos/{{user `iso_name`}}"
    ],
    "iso_checksum": "{{user `iso_checksum`}}",

    "ssh_username": "{{user `username`}}",
    "ssh_password": "{{user `password`}}",
    "ssh_port": 22,
    "ssh_wait_timeout": "10000s",

    "vnc_bind_address": "0.0.0.0",
    "vnc_disable_password": "true",

    "keep_registered": "{{user `keep_register`}}",
    "ovftool_options": ["--allowExtraConfig",
      "--shaAlgorithm=sha256"],
    "vmx_data": {
      "memsize": "8192",
      "numvcpus": "4",
      "ethernet0.networkName": "{{user `esx_network`}}",
      "ethernet0.present": "TRUE"
    },
    "vmx_data_post": {
      "memsize": "65536",
      "numvcpus": "8",
      "ethernet0.networkName": "CHANGE ME",
      "ethernet0.present": "TRUE"
    },
    "shutdown_command": "echo '{{user `password`}}'|sudo -S /sbin/halt -h -p",
    "vm_name": "{{user `build_suffix`}}",
    "output_directory": "output"
  }],

  "provisioners": [
  {
      "type": "shell",
      "execute_command": "{{ .Vars }} sudo -E sh '{{ .Path }}'",
      "inline": [
        "mkdir /srv/tmp",
        "chmod 777 /srv/tmp"
      ],
      "inline_shebang": "/bin/sh -x",
      "skip_clean": true
  },
  {
      "type": "file",
      "source": "data/ansible_install",
      "destination": "/srv/tmp"
  },
  {
      "type": "shell",
      "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E -S sh '{{ .Path }}'",
      "script": "data/bootstrap.sh",
      "skip_clean": true
  }]
}
	ESX Configuration for VNC during Packer configuration

	[root@esxi:/etc/vmware/firewall] more vnc.xml
	<ConfigRoot>
	<service id='0200'>
	<id>VNC</id>
	<rule id='0000'>
	<direction>inbound</direction>
	<protocol>tcp</protocol>
	<porttype>dst</porttype>
	<port>
	<begin>5900</begin>
	<end>6199</end>
	</port>
	</rule>
	</service>
	</ConfigRoot>

	[root@esxi:/etc/vmware/firewall] esxcli network firewall refresh
	[root@esxi:/etc/vmware/firewall] esxcli network firewall ruleset set -e -a=false -r VNC
	[root@esxi:/etc/vmware/firewall] esxcli network firewall ruleset allowedip add -r VNC -i 154.137.157.140
	{
	"variables": {
	"assets_root": "{{env `ASSETS_URL`}}",

	"esx_version": "{{env `ESX_VERSION`}}",
	"esx_host": "{{env `ESX_HOST`}}",
	"esx_datastore": "{{env `ESX_DATASTORE`}}",
	"esx_network": "{{env `ESX_NETWORK`}}",
	"esx_username": "{{env `ESX_USERNAME`}}",
	"esx_password": "{{env `ESX_PASSWORD`}}",

	"iso_name": "{{env `ISO_NAME`}}",
	"iso_checksumtype": "{{env `ISO_CHECKSUM_TYPE`}}",
	"iso_checksum": "{{env `ISO_CHECKSUM`}}",

	"username": "{{env `SSH_USERNAME`}}",
	"password": "{{env `SSH_PASSWORD`}}",
	"build_id": "{{ env `BUILD_ID`}}",
	"build_suffix": "{{env `BUILD_SUFFIX`}}",
	"ssh_filepath": "{{env `SSH_FILEPATH`}}",
	"keep_register": "{{env `KEEP_REGISTER`}}"
	},

	"builders": [
	{
	"type": "vmware-iso",
	"remote_type": "{{user `esx_version`}}",
	"remote_host": "{{user `esx_host`}}",
	"remote_datastore": "{{user `esx_datastore`}}",
	"remote_username": "{{user `esx_username`}}",
	"remote_password": "{{user `esx_password`}}",
	"disk_size": 204800,
	"disk_type_id": "thin",
	"skip_compaction": true,

	"http_directory": "data/http",

	"headless": true,
	"format": "ova",
	"boot_wait": "10s",

	"guest_os_type": "ubuntu-64",

	"boot_command": [
	"<enter><wait>",
	"<f6><esc>",
	"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
	"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
	"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
	"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
	"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
	"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
	"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
	"<bs><bs><bs><bs><bs><bs><bs><bs><bs><bs>",
	"<bs><bs><bs>",
	"/install/vmlinuz ",
	"initrd=/install/initrd.gz ",
	"netcfg/choose_interface=eth0 ",
	"net.ifnames=0 ",
	"auto-install/enable=true ",
	"debconf/priority=critical ",
	"debian-installer/allow_unauthenticated_ssl=true ",
	"preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/app-vm.cfg ",
	"automatic-ubiquity ",
	"<enter>"
	],

	"iso_urls": [
	"{{user `assets_root`}}/isos/{{user `iso_name`}}"
	],
	"iso_checksum": "{{user `iso_checksum`}}",

	"ssh_username": "{{user `username`}}",
	"ssh_password": "{{user `password`}}",
	"ssh_port": 22,
	"ssh_wait_timeout": "10000s",

	"vnc_bind_address": "0.0.0.0",
	"vnc_disable_password": "true",

	"keep_registered": "{{user `keep_register`}}",
	"ovftool_options": ["--allowExtraConfig",
	"--shaAlgorithm=sha256"],
	"vmx_data": {
	"memsize": "8192",
	"numvcpus": "4",
	"ethernet0.networkName": "{{user `esx_network`}}",
	"ethernet0.present": "TRUE"
	},
	"vmx_data_post": {
	"memsize": "65536",
	"numvcpus": "8",
	"ethernet0.networkName": "CHANGE ME",
	"ethernet0.present": "TRUE"
	},
	"shutdown_command": "echo '{{user `password`}}'\|sudo -S /sbin/halt -h -p",
	"vm_name": "{{user `build_suffix`}}",
	"output_directory": "output"
	}],

	"provisioners": [
	{
	"type": "shell",
	"execute_command": "{{ .Vars }} sudo -E sh '{{ .Path }}'",
	"inline": [
	"mkdir /srv/tmp",
	"chmod 777 /srv/tmp"
	],
	"inline_shebang": "/bin/sh -x",
	"skip_clean": true
	},
	{
	"type": "file",
	"source": "data/ansible_install",
	"destination": "/srv/tmp"
	},
	{
	"type": "shell",
	"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E -S sh '{{ .Path }}'",
	"script": "data/bootstrap.sh",
	"skip_clean": true
	}]
	}