@underpostnet/underpost 2.95.8 → 2.96.1

package/packer/images/Rocky9Amd64/rocky9.pkr.hcl

@@ -0,0 +1,164 @@
+packer {
+  required_version = ">= 1.11.0"
+  required_plugins {
+    qemu = {
+      version = ">= 1.1.0, < 1.1.2"
+      source  = "github.com/hashicorp/qemu"
+    }
+  }
+}
+
+variable "filename" {
+  type        = string
+  default     = "rocky9.tar.gz"
+  description = "The filename of the tarball to produce"
+}
+
+variable ks_proxy {
+  type    = string
+  default = "${env("KS_PROXY")}"
+}
+
+variable ks_mirror {
+  type    = string
+  default = "${env("KS_MIRROR")}"
+}
+
+variable "timeout" {
+  type        = string
+  default     = "1h"
+  description = "Timeout for building the image"
+}
+
+variable "architecture" {
+  type        = string
+  default     = "amd64"
+  description = "The architecture to build the image for (amd64 or arm64)"
+}
+
+variable "host_is_arm" {
+  type        = bool
+  default     = false
+  description = "The host architecture is aarch64"
+}
+
+variable "ovmf_suffix" {
+  type        = string
+  default     = ""
+  description = "Suffix for OVMF CODE and VARS files. Newer systems such as Noble use _4M."
+}
+
+variable "headless" {
+  type        = bool
+  default     = true
+  description = "Run packer in headless mode"
+}
+
+locals {
+  iso_arch_map = {
+    "amd64"   = "x86_64"
+    "x86_64"  = "x86_64"
+    "arm64"   = "aarch64"
+    "aarch64" = "aarch64"
+  }
+  iso_arch = lookup(local.iso_arch_map, var.architecture, "x86_64")
+
+  qemu_arch = {
+    "amd64"   = "x86_64"
+    "x86_64"  = "x86_64"
+    "arm64"   = "aarch64"
+    "aarch64" = "aarch64"
+  }
+  uefi_imp = {
+    "amd64"   = "OVMF"
+    "x86_64"  = "OVMF"
+    "arm64"   = "AAVMF"
+    "aarch64" = "AAVMF"
+  }
+  uefi_sfx = {
+    "amd64"   = "${var.ovmf_suffix}"
+    "x86_64"  = "${var.ovmf_suffix}"
+    "arm64"   = ""
+    "aarch64" = ""
+  }
+  qemu_machine = {
+    "amd64"   = "accel=kvm"
+    "x86_64"  = "accel=kvm"
+    "arm64"   = var.host_is_arm ? "virt,accel=kvm" : "virt"
+    "aarch64" = var.host_is_arm ? "virt,accel=kvm" : "virt"
+  }
+  qemu_cpu = {
+    "amd64"   = "host"
+    "x86_64"  = "host"
+    "arm64"   = var.host_is_arm ? "host" : "max"
+    "aarch64" = var.host_is_arm ? "host" : "max"
+  }
+
+  ks_proxy           = var.ks_proxy != "" ? "--proxy=${var.ks_proxy}" : ""
+  ks_os_repos        = var.ks_mirror != "" ? "--url=${var.ks_mirror}/BaseOS/${local.iso_arch}/os" : "--mirrorlist='http://mirrors.rockylinux.org/mirrorlist?arch=${local.iso_arch}&repo=BaseOS-9'"
+  ks_appstream_repos = var.ks_mirror != "" ? "--baseurl=${var.ks_mirror}/AppStream/${local.iso_arch}/os" : "--mirrorlist='https://mirrors.rockylinux.org/mirrorlist?release=9&arch=${local.iso_arch}&repo=AppStream-9'"
+  ks_extras_repos    = var.ks_mirror != "" ? "--baseurl=${var.ks_mirror}/extras/${local.iso_arch}/os" : "--mirrorlist='https://mirrors.rockylinux.org/mirrorlist?arch=${local.iso_arch}&repo=extras-9'"
+}
+
+source "qemu" "rocky9" {
+  boot_command     = ["<up><wait>", "e", "<down><down><down><left>", " console=ttyS0 inst.cmdline inst.text inst.ks=http://{{.HTTPIP}}:{{.HTTPPort}}/rocky9.ks <f10>"]
+  boot_wait        = "5s"
+  communicator     = "none"
+  disk_size        = "45G"
+  format           = "qcow2"
+  headless         = var.headless
+  iso_checksum     = "file:https://download.rockylinux.org/pub/rocky/9/isos/${local.iso_arch}/CHECKSUM"
+  iso_urls         = [
+    "https://download.rockylinux.org/pub/rocky/9/isos/${local.iso_arch}/Rocky-9-latest-${local.iso_arch}-boot.iso",
+    "https://dl.rockylinux.org/pub/rocky/9/isos/${local.iso_arch}/Rocky-9-latest-${local.iso_arch}-boot.iso",
+    "https://mirrors.edge.kernel.org/rocky/9/isos/${local.iso_arch}/Rocky-9-latest-${local.iso_arch}-boot.iso"
+  ]
+  iso_target_path  = "packer_cache/Rocky-9-latest-${local.iso_arch}-boot.iso"
+  memory           = 2048
+  cores            = 4
+  qemu_binary      = "qemu-system-${lookup(local.qemu_arch, var.architecture, "")}"
+  qemuargs = [
+    ["-serial", "stdio"],
+    ["-boot", "strict=off"],
+    ["-device", "qemu-xhci"],
+    ["-device", "usb-kbd"],
+    ["-device", "virtio-net-pci,netdev=net0"],
+    ["-netdev", "user,id=net0"],
+    ["-device", "virtio-blk-pci,drive=drive0,bootindex=0"],
+    ["-device", "virtio-blk-pci,drive=cdrom0,bootindex=1"],
+    ["-machine", "${lookup(local.qemu_machine, var.architecture, "")}"],
+    ["-cpu", "${lookup(local.qemu_cpu, var.architecture, "")}"],
+    ["-device", "virtio-gpu-pci"],
+    ["-global", "driver=cfi.pflash01,property=secure,value=off"],
+    ["-drive", "if=pflash,format=raw,unit=0,id=ovmf_code,readonly=on,file=/usr/share/${lookup(local.uefi_imp, var.architecture, "")}/${lookup(local.uefi_imp, var.architecture, "")}_CODE${lookup(local.uefi_sfx, var.architecture, "")}.fd"],
+    ["-drive", "if=pflash,format=raw,unit=1,id=ovmf_vars,file=${local.iso_arch}_VARS.fd"],
+    ["-drive", "file=output-rocky9/packer-rocky9,if=none,id=drive0,cache=writeback,discard=ignore,format=qcow2"],
+    ["-drive", "file=packer_cache/Rocky-9-latest-${local.iso_arch}-boot.iso,if=none,id=cdrom0,media=cdrom"]
+  ]
+  shutdown_timeout = var.timeout
+  http_content = {
+    "/rocky9.ks" = templatefile("${path.root}/http/rocky9.ks.pkrtpl.hcl",
+      {
+        KS_PROXY           = local.ks_proxy,
+        KS_OS_REPOS        = local.ks_os_repos,
+        KS_APPSTREAM_REPOS = local.ks_appstream_repos,
+        KS_EXTRAS_REPOS    = local.ks_extras_repos
+      }
+    )
+  }
+}
+
+build {
+  sources = ["source.qemu.rocky9"]
+
+  post-processor "shell-local" {
+    inline = [
+      "SOURCE=${source.name}",
+      "OUTPUT=${var.filename}",
+      "source ../../scripts/fuse-nbd",
+      "source ../../scripts/fuse-tar-root",
+      "rm -rf output-${source.name}",
+    ]
+    inline_shebang = "/bin/bash -e"
+  }
+}

package/packer/images/Rocky9Arm64/Makefile

@@ -0,0 +1,69 @@
+#!/usr/bin/make -f
+
+include ../../scripts/check.mk
+
+PACKER ?= packer
+PACKER_LOG ?= 0
+TIMEOUT ?= 1h
+ARCH ?= arm64
+
+# Detect if running on ARM host
+ifeq ($(shell uname -m),aarch64)
+    HOST_IS_ARM = true
+else
+    HOST_IS_ARM = false
+endif
+
+ifeq ($(wildcard /usr/share/OVMF/OVMF_CODE.fd),)
+	OVMF_SFX ?= _4M
+else
+	OVMF_SFX ?=
+endif
+
+export PACKER_LOG
+
+# Fallback
+ifeq ($(strip $(ARCH)),amd64)
+	ARCH = x86_64
+endif
+ifeq ($(strip $(ARCH)),arm64)
+	ARCH = aarch64
+endif
+
+.PHONY: all clean
+
+all: rocky9.tar.gz
+
+$(eval $(call check_packages_deps))
+
+lint:
+	packer validate .
+	packer fmt -check -diff .
+
+format:
+	packer fmt .
+
+OVMF_VARS.fd:
+ifeq ($(strip $(ARCH)),aarch64)
+	cp -v /usr/share/AAVMF/AAVMF_VARS.fd ${ARCH}_VARS.fd
+else
+	cp -v /usr/share/OVMF/OVMF_VARS${OVMF_SFX}.fd ${ARCH}_VARS.fd
+endif
+
+SIZE_VARS.fd:
+ifeq ($(strip $(ARCH)),aarch64)
+	truncate -s 64m ${ARCH}_VARS.fd
+else
+	truncate -s 2m ${ARCH}_VARS.fd
+endif
+
+rocky9.tar.gz: check-deps clean OVMF_VARS.fd SIZE_VARS.fd
+	${PACKER} init rocky9.pkr.hcl && ${PACKER} build \
+		-var architecture=${ARCH} \
+		-var host_is_arm=${HOST_IS_ARM} \
+		-var timeout=${TIMEOUT} \
+		-var ovmf_suffix=${OVMF_SFX} \
+		rocky9.pkr.hcl
+
+clean:
+	${RM} -rf *.fd output-rocky9 rocky9.tar.gz

package/packer/images/Rocky9Arm64/README.md

@@ -0,0 +1,122 @@
+# Rocky 9 Packer template for MAAS
+
+## Introduction
+
+The Packer template in this directory creates a Rocky 9 AMD64/ARM64 image for use with MAAS.
+
+## Prerequisites to create the image
+
+* A machine running Ubuntu 22.04+ with the ability to run KVM virtual machines.
+* qemu-utils, libnbd-bin, nbdkit and fuse2fs
+* qemu-system
+* qemu-system-modules-spice (If building on Ubuntu 24.04 LTS "Noble")
+* ovmf
+* cloud-image-utils
+* parted
+* [Packer.](https://www.packer.io/intro/getting-started/install.html), v1.11.0 or newer
+
+## Requirements to deploy the image
+
+* [MAAS](https://maas.io) 3.3 or later, as that version introduces support for Rocky
+* [Curtin](https://launchpad.net/curtin) 22.1. If you have a MAAS with an earlier Curtin version, you can [patch](https://code.launchpad.net/~xnox/curtin/+git/curtin/+merge/415604) distro.py to deploy Rocky.
+
+## Customizing the image
+
+You can customize the deployment image by modifying http/rocky.ks. See the [RHEL kickstart documentation](https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/performing_an_advanced_rhel_installation/kickstart-commands-and-options-reference_installing-rhel-as-an-experienced-user#part-or-partition_kickstart-commands-for-handling-storage) for more information.
+
+## Building the image using a proxy
+
+The Packer template downloads the Rocky ISO image from the Internet. You can tell Packer to use a proxy by setting the HTTP_PROXY environment variable to point to your proxy server. You can also redefine rocky_iso_url to a local file. If you want to skip the base image integrity check, set iso_checksum_type to none and remove iso_checksum.
+
+To use a proxy during the installation define the `KS_PROXY` variable in the environment, as bellow:
+
+```shell
+export KS_PROXY="\"${HTTP_PROXY}\""
+```
+
+# Building the image using a kickstart mirror
+
+To tell Packer to use a specific mirror set the `KS_MIRROR` environment variable
+poiniting to the mirror URL.
+
+```shell
+export KS_MIRROR="https://dl.rockylinux.org/pub/rocky/9"
+```
+
+## Building an image
+
+You can build the image using the Makefile:
+
+```shell
+make
+```
+
+You can also manually run packer. Set your current working directory to packer-maas/rocky9, where this file resides, and generate an image with:
+
+```shell
+packer init
+PACKER_LOG=1 packer build .
+```
+
+The installation runs in a non-interactive mode.
+
+Note: rocky9.pkr.hcl runs Packer in headless mode, with the serial port output from qemu redirected to stdio to give feedback on image creation process. If you wish to see more, change the value of `headless` to `false` in rocky9.pkr.hcl, remove `[ "-serial", "stdio" ]` from `qemuargs` section and select `View`, then `serial0` in the qemu window that appears during build. This lets you watch progress of the image build script. Press `ctrl-b 2` to switch to shell to explore more, and `ctrl-b 1` to go back to log view.
+
+### Makefile Parameters
+
+#### ARCH
+
+Defaults to x86_64 to build AMD64 compatible images. In order to build ARM64 images, use ARCH=aarch64
+
+#### TIMEOUT
+
+The timeout to apply when building the image. The default value is set to 1h.
+
+## Uploading an image to MAAS
+
+```shell
+maas $PROFILE boot-resources create name='custom/rocky9' \
+    title='Rocky 9 Custom' architecture='amd64/generic' \
+    base_image='rhel/9' filetype='tgz' \
+    content@=rocky9.tar.gz
+```
+
+For ARM64, use:
+
+```shell
+maas $PROFILE boot-resources create name='custom/rocky9' \
+    title='Rocky 9 Custom' architecture='arm64/generic' \
+    base_image='rhel/9' filetype='tgz' \
+    content@=rocky9.tar.gz
+```
+
+Please note that, currently due to lack of support in curtin, deploying ARM64 images needs a preseed file. This is due to [LP# 2090874](https://bugs.launchpad.net/curtin/+bug/2090874) and currently is in the process of getting fixed.
+
+```
+#cloud-config
+debconf_selections:
+ maas: |
+  {{for line in str(curtin_preseed).splitlines()}}
+  {{line}}
+  {{endfor}}
+
+extract_commands:
+  grub_install: curtin in-target -- cp -v /boot/efi/EFI/rocky/shimaa64.efi /boot/efi/EFI/rocky/shimx64.efi
+
+late_commands:
+  maas: [wget, '--no-proxy', '{{node_disable_pxe_url}}', '--post-data', '{{node_disable_pxe_data}}', '-O', '/dev/null']
+  bootloader_01: ["curtin", "in-target", "--", "cp", "-v", "/boot/efi/EFI/rocky/shimaa64.efi", "/boot/efi/EFI/BOOT/bootaa64.efi"]
+  bootloader_02: ["curtin", "in-target", "--", "cp", "-v", "/boot/efi/EFI/rocky/grubaa64.efi", "/boot/efi/EFI/BOOT/"]
+```
+
+This file needs to be saved on Region Controllers under /var/snap/maas/current/preseeds/curtin_userdata_custom_arm64_generic_rocky9 or /etc/maas/preseeds/curtin_userdata_custom_arm64_generic_rocky9. The last portion of this file must match the image name uploaded in MAAS.
+
+## Default username
+
+MAAS uses cloud-init to create ```cloud-user``` account using the ssh keys configured for the MAAS admin user (e.g. imported from Launchpad). Log in to the machine:
+
+```shell
+ssh -i ~/.ssh/<your_identity_file> cloud-user@<machine-ip-address>
+```
+
+Next to that, the kickstart script creates an account with both username and password set to  ```rocky```. Note that the default sshd configuration in Rocky 9 disallows password-based authentication when logging in via ssh, so trying `ssh rocky@<machine-ip-address>` will fail. Password-based authentication can be enabled by having `PasswordAuthentication yes` in /etc/ssh/sshd_config after logging in with ```cloud-user```. Perhaps there is a way to make that change using kickstart script, but it is not obvious as ```anaconda```, the installer, makes its own changes to sshd_config file during installation. If you know how to do this, a PR is welcome.

package/packer/images/Rocky9Arm64/http/rocky9.ks.pkrtpl.hcl

@@ -0,0 +1,114 @@
+url ${KS_OS_REPOS} ${KS_PROXY}
+repo --name="AppStream" ${KS_APPSTREAM_REPOS} ${KS_PROXY}
+repo --name="Extras" ${KS_EXTRAS_REPOS} ${KS_PROXY}
+
+eula --agreed
+
+# Turn off after installation
+poweroff
+
+# Do not start the Inital Setup app
+firstboot --disable
+
+# System language, keyboard and timezone
+lang en_US.UTF-8
+keyboard us
+timezone UTC --utc
+
+# Set the first NIC to acquire IPv4 address via DHCP
+network --device eth0 --bootproto=dhcp
+# Enable firewal, let SSH through
+firewall --enabled --service=ssh
+# Enable SELinux with default enforcing policy
+selinux --enforcing
+
+# Do not set up XX Window System
+skipx
+
+# Initial disk setup
+# Use the first paravirtualized disk
+ignoredisk --only-use=vda
+# No need for bootloader
+bootloader --disabled
+# Wipe invalid partition tables
+zerombr
+# Erase all partitions and assign default labels
+clearpart --all --initlabel
+# Initialize the primary root partition with ext4 filesystem
+part / --size=1 --grow --asprimary --fstype=ext4
+
+# Set root password
+rootpw --plaintext password
+
+# Add a user named packer
+user --groups=wheel --name=rocky --password=rocky --plaintext --gecos="rocky"
+
+%post --erroronfail
+# workaround anaconda requirements and clear root password
+passwd -d root
+passwd -l root
+
+# Clean up install config not applicable to deployed environments.
+for f in resolv.conf fstab; do
+    rm -f /etc/$f
+    touch /etc/$f
+    chown root:root /etc/$f
+    chmod 644 /etc/$f
+done
+
+rm -f /etc/sysconfig/network-scripts/ifcfg-[^lo]*
+
+# Kickstart copies install boot options. Serial is turned on for logging with
+# Packer which disables console output. Disable it so console output is shown
+# during deployments
+sed -i 's/^GRUB_TERMINAL=.*/GRUB_TERMINAL_OUTPUT="console"/g' /etc/default/grub
+sed -i '/GRUB_SERIAL_COMMAND="serial"/d' /etc/default/grub
+sed -ri 's/(GRUB_CMDLINE_LINUX=".*)\s+console=ttyAMA0(.*")/\1\2/' /etc/default/grub
+sed -i 's/GRUB_ENABLE_BLSCFG=.*/GRUB_ENABLE_BLSCFG=false/g' /etc/default/grub
+
+dnf clean all
+
+# Passwordless sudo for the user 'rocky'
+echo "rocky ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/rocky
+chmod 440 /etc/sudoers.d/rocky
+
+#---- Optional - Install your SSH key ----
+# mkdir -m0700 /home/rocky/.ssh/
+#
+# cat <<EOF >/home/rocky/.ssh/authorized_keys
+# ssh-rsa <your_public_key_here> you@your.domain
+# EOF
+#
+### set permissions
+# chmod 0600 /home/rocky/.ssh/authorized_keys
+#
+#### fix up selinux context
+# restorecon -R /home/rocky/.ssh/
+
+%end
+
+%packages  --ignoremissing
+@core
+bash-completion
+cloud-init
+cloud-utils-growpart
+rsync
+tar
+patch
+yum-utils
+grub2-pc
+grub2-efi-*
+shim-*
+grub2-efi-*-modules
+efibootmgr
+dosfstools
+lvm2
+mdadm
+device-mapper-multipath
+iscsi-initiator-utils
+-plymouth
+# Remove ALSA firmware
+-a*-firmware
+# Remove Intel wireless firmware
+-i*-firmware
+%end

package/packer/images/Rocky9Arm64/rocky9.pkr.hcl

@@ -0,0 +1,171 @@
+packer {
+  required_version = ">= 1.11.0"
+  required_plugins {
+    qemu = {
+      version = ">= 1.1.0, < 1.1.2"
+      source  = "github.com/hashicorp/qemu"
+    }
+  }
+}
+
+variable "filename" {
+  type        = string
+  default     = "rocky9.tar.gz"
+  description = "The filename of the tarball to produce"
+}
+
+variable ks_proxy {
+  type    = string
+  default = "${env("KS_PROXY")}"
+}
+
+variable ks_mirror {
+  type    = string
+  default = "${env("KS_MIRROR")}"
+}
+
+variable "timeout" {
+  type        = string
+  default     = "1h"
+  description = "Timeout for building the image"
+}
+
+variable "architecture" {
+  type        = string
+  default     = "arm64"
+  description = "The architecture to build the image for (amd64 or arm64)"
+}
+
+variable "host_is_arm" {
+  type        = bool
+  default     = false
+  description = "The host architecture is aarch64"
+}
+
+variable "ovmf_suffix" {
+  type        = string
+  default     = ""
+  description = "Suffix for OVMF CODE and VARS files. Newer systems such as Noble use _4M."
+}
+
+variable "headless" {
+  type        = bool
+  default     = true
+  description = "Run packer in headless mode"
+}
+
+locals {
+  iso_arch_map = {
+    "amd64"   = "x86_64"
+    "x86_64"  = "x86_64"
+    "arm64"   = "aarch64"
+    "aarch64" = "aarch64"
+  }
+  iso_arch = lookup(local.iso_arch_map, var.architecture, "aarch64")
+
+  iso_checksum_map = {
+    "amd64"   = "sha256:3b5c87b2f9e62fdf0235d424d64c677906096965aad8a580e0e98fcb9f97f267"
+    "x86_64"  = "sha256:3b5c87b2f9e62fdf0235d424d64c677906096965aad8a580e0e98fcb9f97f267"
+    "arm64"   = "sha256:a9ba9ff1187300cecccfaea021eeac04b6408b1180071fb22ee73249f075485e"
+    "aarch64" = "sha256:a9ba9ff1187300cecccfaea021eeac04b6408b1180071fb22ee73249f075485e"
+  }
+
+  qemu_arch = {
+    "amd64"   = "x86_64"
+    "x86_64"  = "x86_64"
+    "arm64"   = "aarch64"
+    "aarch64" = "aarch64"
+  }
+  uefi_imp = {
+    "amd64"   = "OVMF"
+    "x86_64"  = "OVMF"
+    "arm64"   = "AAVMF"
+    "aarch64" = "AAVMF"
+  }
+  uefi_sfx = {
+    "amd64"   = "${var.ovmf_suffix}"
+    "x86_64"  = "${var.ovmf_suffix}"
+    "arm64"   = ""
+    "aarch64" = ""
+  }
+  qemu_machine = {
+    "amd64"   = "accel=kvm"
+    "x86_64"  = "accel=kvm"
+    "arm64"   = var.host_is_arm ? "virt,accel=kvm" : "virt"
+    "aarch64" = var.host_is_arm ? "virt,accel=kvm" : "virt"
+  }
+  qemu_cpu = {
+    "amd64"   = "host"
+    "x86_64"  = "host"
+    "arm64"   = var.host_is_arm ? "host" : "max"
+    "aarch64" = var.host_is_arm ? "host" : "max"
+  }
+
+  ks_proxy           = var.ks_proxy != "" ? "--proxy=${var.ks_proxy}" : ""
+  ks_os_repos        = var.ks_mirror != "" ? "--url=${var.ks_mirror}/BaseOS/${local.iso_arch}/os" : "--mirrorlist='http://mirrors.rockylinux.org/mirrorlist?arch=${local.iso_arch}&repo=BaseOS-9'"
+  ks_appstream_repos = var.ks_mirror != "" ? "--baseurl=${var.ks_mirror}/AppStream/${local.iso_arch}/os" : "--mirrorlist='https://mirrors.rockylinux.org/mirrorlist?release=9&arch=${local.iso_arch}&repo=AppStream-9'"
+  ks_extras_repos    = var.ks_mirror != "" ? "--baseurl=${var.ks_mirror}/extras/${local.iso_arch}/os" : "--mirrorlist='https://mirrors.rockylinux.org/mirrorlist?arch=${local.iso_arch}&repo=extras-9'"
+}
+
+source "qemu" "rocky9" {
+  boot_command     = ["<up><wait>", "e", "<down><down><down><left>", " console=ttyAMA0 inst.cmdline inst.text inst.ks=http://{{.HTTPIP}}:{{.HTTPPort}}/rocky9.ks <f10>"]
+  boot_wait        = "5s"
+  communicator     = "none"
+  disk_size        = "45G"
+  format           = "qcow2"
+  headless         = var.headless
+  iso_checksum     = lookup(local.iso_checksum_map, var.architecture, "file:https://download.rockylinux.org/pub/rocky/9/isos/${local.iso_arch}/CHECKSUM")
+  iso_urls         = [
+    "https://download.rockylinux.org/pub/rocky/9/isos/${local.iso_arch}/Rocky-9-latest-${local.iso_arch}-boot.iso",
+    "https://dl.rockylinux.org/pub/rocky/9/isos/${local.iso_arch}/Rocky-9-latest-${local.iso_arch}-boot.iso",
+    "https://mirrors.edge.kernel.org/rocky/9/isos/${local.iso_arch}/Rocky-9-latest-${local.iso_arch}-boot.iso"
+  ]
+  iso_target_path  = "packer_cache/Rocky-9-latest-${local.iso_arch}-boot.iso"
+  memory           = 2048
+  cores            = 4
+  qemu_binary      = "qemu-system-${lookup(local.qemu_arch, var.architecture, "")}"
+  qemuargs = [
+    ["-serial", "stdio"],
+    ["-boot", "strict=off"],
+    ["-device", "qemu-xhci"],
+    ["-device", "usb-kbd"],
+    ["-device", "virtio-net-pci,netdev=net0"],
+    ["-netdev", "user,id=net0"],
+    ["-device", "virtio-blk-pci,drive=drive0,bootindex=0"],
+    ["-device", "virtio-blk-pci,drive=cdrom0,bootindex=1"],
+    ["-machine", "${lookup(local.qemu_machine, var.architecture, "")}"],
+    ["-cpu", "${lookup(local.qemu_cpu, var.architecture, "")}"],
+    ["-device", "virtio-gpu-pci"],
+    ["-global", "driver=cfi.pflash01,property=secure,value=off"],
+    ["-drive", "if=pflash,format=raw,unit=0,id=ovmf_code,readonly=on,file=/usr/share/${lookup(local.uefi_imp, var.architecture, "")}/${lookup(local.uefi_imp, var.architecture, "")}_CODE${lookup(local.uefi_sfx, var.architecture, "")}.fd"],
+    ["-drive", "if=pflash,format=raw,unit=1,id=ovmf_vars,file=${local.iso_arch}_VARS.fd"],
+    ["-drive", "file=output-rocky9/packer-rocky9,if=none,id=drive0,cache=writeback,discard=ignore,format=qcow2"],
+    ["-drive", "file=packer_cache/Rocky-9-latest-${local.iso_arch}-boot.iso,if=none,id=cdrom0,media=cdrom"]
+  ]
+  shutdown_timeout = var.timeout
+  http_content = {
+    "/rocky9.ks" = templatefile("${path.root}/http/rocky9.ks.pkrtpl.hcl",
+      {
+        KS_PROXY           = local.ks_proxy,
+        KS_OS_REPOS        = local.ks_os_repos,
+        KS_APPSTREAM_REPOS = local.ks_appstream_repos,
+        KS_EXTRAS_REPOS    = local.ks_extras_repos
+      }
+    )
+  }
+}
+
+build {
+  sources = ["source.qemu.rocky9"]
+
+  post-processor "shell-local" {
+    inline = [
+      "SOURCE=${source.name}",
+      "OUTPUT=${var.filename}",
+      "source ../../scripts/fuse-nbd",
+      "source ../../scripts/fuse-tar-root",
+      "rm -rf output-${source.name}",
+    ]
+    inline_shebang = "/bin/bash -e"
+  }
+}