using gcp resources created with terraform to take advantage of the f5-image-builder
#https://github.com/f5devcentral/f5-bigip-image-generator
https://github.com/f5devcentral/f5-bigip-image-generator/blob/master/setup-build-env
/var/log/startup-script.log
tail -f /var/log/startup-script.log
- User '' was added to the 'kvm' group. You must log out and log back in to pick up the permissions changes for this user.
- uploading source ISO is an issue. convert to bucket? and source from there?
make build
make gcp
download your required ISO from downloads.f5.com ex: https://downloads.f5.com/esd/serveDownload.jsp?path=/big-ip/big-ip_v15.x/15.1.0/english/15.1.0/&sw=BIG-IP&pro=big-ip_v15.x&ver=15.1.0&container=15.1.0&file=BIGIP-15.1.0-0.0.31.iso
eval $(ssh-agent -s)
ssh-add ~/.ssh/key
ip="35.237.100.83"
scp BIGIP-15.1.0-0.0.31.iso xadmin@$ip:/var/tmp/BIGIP-15.1.0-0.0.31.iso
scp BIGIP-15.1.0-0.0.31.iso.384.sig xadmin@$ip:/var/tmp/BIGIP-15.1.0-0.0.31.iso.384.sig
ssh xadmin@[email protected]
# or
scp -i ~/.ssh/key BIGIP-15.1.0-0.0.31.iso xadmin@$ip:/var/tmp/BIGIP-15.1.0-0.0.31.iso
scp -i ~/.ssh/key BIGIP-15.1.0-0.0.31.iso.384.sig xadmin@$ip:/var/tmp/BIGIP-15.1.0-0.0.31.iso.384.sig
ssh -i ~/.ssh/key xadmin@xadmin@$ip
cd /f5-bigip-image-generator/
sudo ./build-image -i /var/tmp/BIGIP-15.1.0-0.0.31.iso -c config.yml -p gce -m all -b 1 --log-level DEBUG
TLDR:
- you need a custom role for a service account to create images: https://cloud.google.com/compute/docs/images/managing-access-custom-images
- In order to use a custom role the name must be fully qualified: hashicorp/terraform-provider-google#993 eg: role = "projects/${data.google_project.builder.project_id}/roles/${google_project_iam_custom_role.customImageRole.role_id}"
- Role Administrator
- Project IAM Admin
- list service accounts curl -v -f --retry 20 'http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/' -H 'Metadata-Flavor: Google'
- get token for service account
token=$(curl -s -f --retry 20 'http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token' -H 'Metadata-Flavor: Google' | jq -r .access_token )
- get bucket info https://compute.googleapis.com/compute/v1/projects/projectname/global/images/f5-bigip-15-1-0-0-0-31-byol-all-1slot-xwusf64zh?alt=json curl -v -f --retry 20 "https://compute.googleapis.com/compute/v1/projects/projectname/global/images/f5-bigip-15-1-0-0-0-31-byol-all-1slot-xwusf64zh" -H "Metadata-Flavor: Google" -H "Authorization: Bearer $token"