Set up CA

packer/.gitignore

@@ -1,2 +1,20 @@
 gcp.key.json
 
+# Recommended .gitignore
+# from  https://github.com/github/gitignore/blob/main/Packer.gitignore
+# Cache objects
+packer_cache/
+
+# Crash log
+crash.log
+
+# https://www.packer.io/guides/hcl/variables
+# Exclude all .pkrvars.hcl files, which are likely to contain sensitive data, 
+# such as password, private keys, and other secrets. These should not be part of 
+# version control as they are data points which are potentially sensitive and 
+# subject to change depending on the environment.
+#
+*.pkrvars.hcl
+
+# For built boxes
+*.box

packer/README.md

@@ -30,7 +30,11 @@ What you need:
 
    > Note: if you want to use a different file name or location, change `account_file` in [`./main.pkr.hcl`](./main.pkr.hcl) accordingly
 
-3. Update `project-id` in `main.pkr.hcl` to match yours
+3. Create a `variables.auto.pkrvars.hcl` file:
+
+```bash
+project = "<your_GCP_project_ID>"
+```
 
 ### Build the image
 
@@ -45,6 +49,6 @@ An image should be built to your GCP project
 Note: `-force` to overwrite previously built image.
 
 ### Troubleshooting
-1. Flaky `packer build -force` 
-Solution: rerun the command. There are strange errors sometimes and we don't yet know how to solve it :P
 
+1. Flaky `packer build -force`
+   Solution: rerun the command. There are strange errors sometimes and we don't yet know how to solve it :P

packer/files/config.yaml

@@ -0,0 +1,209 @@
+log:
+  level: warning
+ssh:
+  banner: |
+
+    ********************************************************************
+                               Warning!
+    ********************************************************************
+
+    This is a honeypot. All information, including IP address, username,
+    password, any commands you type, or files you upload will be visible
+    to the honeypot.
+
+    If you do not agree disconnect now.
+
+    ********************************************************************
+
+  hostkeys:
+    - /etc/containerssh/ssh_host_rsa_key
+backend: docker
+docker:
+  connection:
+    host: tcp://10.0.1.10:2376
+    cert: |
+      -----BEGIN CERTIFICATE-----
+MIIFoDCCA4igAwIBAgIUU62+sbHHcvVoYA65ZIqwhVrDe3YwDQYJKoZIhvcNAQEL
+BQAwgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl
+cmxpbjENMAsGA1UECgwESU5BUDFFMEMGA1UEAww8c2FjcmlmaWNpYWwtdm0uZXVy
+b3BlLXdlc3QzLWMuYy5jb250YWluZXJzc2gtMzUyMDA3LmludGVybmFsMSIwIAYJ
+KoZIhvcNAQkBFhNiYWZyZWFkOTZAZ21haWwuY29tMB4XDTIyMDYwNTE1MzMwOVoX
+DTIzMDYwNTE1MzMwOVowETEPMA0GA1UEAwwGY2xpZW50MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAwgF9II4A9VVt2BN8kW7Q5b8CXmPKStjbSfU4YT0T
+3tG0B0y+I+Pezma5g3DG3Yx1zimohkTWn9SuqDHQMDWoH3hoj0gR5Pw12PEuZAj/
+FU5MB5JG33F9OvGvtIEMkVJVVibyhqfW+kk7o+jb49UMVOH4PHz16YHr0KB+RU0+
+C11m+UDMAskfR6l5m47iFDgJ7dDIQvYUhHxl6wddP8rqbvWsjxoDvWpU3qyMyA6m
+AvDgzGPe6zE9WCCRW+dRyehTuPtr5yvsqAPzDl0z8b+tlego2OmBa4o2sjNevbWJ
+o0kqS+ehk70RX7/2gnksqDisZjdkTJBQjOdtyvcQU+ips7Mk+ZB/ZpiMuuIT5eCM
+KLNu1yItujFMAhsxgfe9piMonbIHJCNk0ituYG77TEptGUsW+unPO9skh/rP81qr
+k+pjM3l1LVxYs0dGFKdEbFuwRpMyS9AJH6O8xQG9O4/PG4iy1NUk1i3Wy3JBya+Z
+qmDQgFwvLvYbpAKez12/3NlnePxsE1wQFx53Ba+yjhYUeApFfvAJClQiZ3scxE2X
+1+InDKypJnbsqdQpSqEzk4UJ87+15p1Lyj8vHxbk/Ul8DJDm6o6Eos5hR3PWAMBJ
+TzFFO/67PeBTQJxnYR084ahWZSkOwUV5j7xJeCthHCYZr3XjywvKTOjQ0vPClpDx
+cBkCAwEAAaNXMFUwEwYDVR0lBAwwCgYIKwYBBQUHAwIwHQYDVR0OBBYEFFvFLeX7
+dLQfwd+EyHb97K4ubVyFMB8GA1UdIwQYMBaAFOVZ4jK5qNy9s2uv6XCV6tZxWrMk
+MA0GCSqGSIb3DQEBCwUAA4ICAQDNdM+gMXpg8eVsT66/tMOTANqL1EoFQwv2v2AS
+1+9kcNU3T2hlCR7TvmfKP8usuhta3quk21463e4BGr9LluXqIjMjx9/zf6c+d1va
+NcbMIBscV312rujzocnbRot70ISFKXJMZb+PCJOeuDpxW0XtYpLw5TgZ1a0HmwlX
+QsgvKOXwmp1TnbPI4XGpCk5OfS2ADUSo0eVleOlGeBgvDKa5dbkYf/Y8zut9SYku
+9AWxqckSAugU6G43in38kK6e/UdTYxIvcWJMP2LCSDH7LDuF68d9krUFW6B5EXEP
+ZvyRQcX7hYa9G8l1JgmI0+m4NnFKodCx7Wn+md+oOYxJDQ9ebReZVHOC2PvxRIPC
+2wEJEKR65W4mA936pyhhY7c8Y630VYrqNrnV/d5iDJtrjbdKxanc4Qvf9dl/a622
+AAOtRKwDsqjuvmab9sD+X4Pjkf7Pv9RrBwjVK/3q6+Gx9JfzHoqyR55wcp02TdLs
++bjXCSPCxyNq4kq77+mOSFr0pDCv7QMvCUCC3x0M1IV16R6PzujdGQKObbs/7uXm
+3bhwlPid0jZzcvwMnytVtYW5TTv4ZEjVoOyTLn+2uQCYX41ckKPMuiszfxTdRomm
+65C2BEOVLRIh6TSuI3/1Vt55Wnl+kr4My+ZCB8IV7Jd9fs1TNjhBg0HtGpxDycYG
+NNI3DQ==
+      -----END CERTIFICATE-----
+    key: |
+      -----BEGIN RSA PRIVATE KEY-----
+MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDCAX0gjgD1VW3Y
+E3yRbtDlvwJeY8pK2NtJ9ThhPRPe0bQHTL4j497OZrmDcMbdjHXOKaiGRNaf1K6o
+MdAwNagfeGiPSBHk/DXY8S5kCP8VTkwHkkbfcX068a+0gQyRUlVWJvKGp9b6STuj
+6Nvj1QxU4fg8fPXpgevQoH5FTT4LXWb5QMwCyR9HqXmbjuIUOAnt0MhC9hSEfGXr
+B10/yupu9ayPGgO9alTerIzIDqYC8ODMY97rMT1YIJFb51HJ6FO4+2vnK+yoA/MO
+XTPxv62V6CjY6YFrijayM169tYmjSSpL56GTvRFfv/aCeSyoOKxmN2RMkFCM523K
+9xBT6KmzsyT5kH9mmIy64hPl4Iwos27XIi26MUwCGzGB972mIyidsgckI2TSK25g
+bvtMSm0ZSxb66c872ySH+s/zWquT6mMzeXUtXFizR0YUp0RsW7BGkzJL0Akfo7zF
+Ab07j88biLLU1STWLdbLckHJr5mqYNCAXC8u9hukAp7PXb/c2Wd4/GwTXBAXHncF
+r7KOFhR4CkV+8AkKVCJnexzETZfX4icMrKkmduyp1ClKoTOThQnzv7XmnUvKPy8f
+FuT9SXwMkObqjoSizmFHc9YAwElPMUU7/rs94FNAnGdhHTzhqFZlKQ7BRXmPvEl4
+K2EcJhmvdePLC8pM6NDS88KWkPFwGQIDAQABAoICABYDLTtgYWN0yf3WWC/4LuOi
+hJZJJE7RxC/kDv2ZfIOvr4mUf4568HDi3vG2/hltMoCt4V06uk9wRlD3NfQCYo0P
+kG2Rc9ZTd5ih5O2cx7SXKbFCO6BmtBrYCWOlsNNcUCpySNpWeOH1JTs31JtJNRj8
+eroCQ7S29Ra63xjl5sBLXL+zRnKad14eMJoh4C0DHr1JDy/p0/IkWzwLndz7HRZx
+8Z5bCUmYowCQ+3hHkTaMNjV6r3RoJdm1+EhBOtp57eXzQQ79wOBfcliS4q3vXbbA
+nMHf3Lti90nI4lsMGg3Y41+xbHfi3/HJSiMLtLFxnL4MUukNBta1+5Mn7UZYA8kZ
+W7tPmGlf1UhDE+mm/a1GEuGR6bwQHA0wuGqV2kzPWHUHax0ZuZiIJfI2TRpUNvhX
+TkpQIGE5DvdIBBhuXLEhWG2JlaLwK4FzwGJDgkbZ3Tg6DJIEheOJh4nVlLuXYVOJ
+anUKkZPdrZodzKBjJERhf9ZKkSTF5RjDUbT4WM7v1TVeL/mQWfMD0EzMJpJmAdGi
+gMEKadMFzwIhXpa9/aFVl4HUPwhRwaq6wFttIWZnd5+oAT+cmCz/I3jAfGlavGjE
+awUctFO05Mdp7b1KEFD7xp+/kWV/7RoGcCWozc5z/9o5xXTkpEhLobwvhW7XrCs+
+ANOkeiKewq+e7mtEympxAoIBAQDf1gu7aNIY4i5vcfbvIhelSJQrFnZrdROZSKem
+PZjZNopYFWsPOb74GB5vYj2+LrpxU1K0c+3zqSpk/v7ifsoDarLg+7MNKygvZ814
+nZ1J/PBsVaUX+Fi7j2Dh6bDyetvJz6mwn1ZL9fWd5GuvI/FPn57pycIsDDUZLgNt
+/hwRx8mIW9Xl7L2r2ONmdoUaFlDCvE6Y4cNWtBD3WOhON8kucpxcIqDWX6abP4Ah
+/ViLcKWp9oi5JOnTCQwSaQ2OtD/VhlK4nBFB5E/WZfG9mdAe41A4JC5u6/EJGgVH
+unbCxU6MOPguBTu61k2L768wMYG48ztBgl9pq5+QMwRch8NHAoIBAQDd4h3HMG+V
+m6w+/GH3omFZDrnHvjyvqiG1W3M7/LleJScMRZHNkZcQr9MidjHkvtVW2cW7h5mY
+J8PMyIoS66uJRnvYH8/DmFln842xUXxwcQbbXsiOwZexZrMhY/UPLrEffXSBhbDu
+onXeDC6AF9J7fo4wLYm9vWe8ma+it3MXE5gzkdURNu0CrzBRGwj2490LIymfE4ka
+R6TbmSp4rvzTn81p+Mzu1qt81b+RFeKJS/FrgjzHGkpYBvS5Hhf4RoI0BGnZtvq3
+THu4zVBtxHX62Q4gnKtrzj/kebKOvuWrpltF87bXhGhjtCvRpqMt/QKPflg/r2C6
+UKJ2xRBfdSGfAoIBABUSt8QLGEyTbr+7QP4+fW9oJ9ruoHN5cEDsICx8fBlnExs7
+2Ppz+1CsJKFj5GA1UgQ9TfoDOBHKiV08zI5SVX6A2xpnV/ITcBMWeLe0TwyaLaBl
+Z8eb7+6ojvx13dzWSD71uAoS1jMMkvUsfh7dCWjvpCxqfEddVtpqBJSkacwavRSD
+YN3mreyx3KbW3a0ZEL1ksRmfl55gEYDX8/b5NY2T6Lib4fyMwMi4771DdsSZ9F7O
+AQ09Nm5R2bsZ/NbEjYXywXLz7oP/lKygqGOrSXa++9xtO5nhyK2Mr5aTLX8kyEJX
+UrYyc+8hIefcxueIoafh7mA6f/UY3UrcIrr7ZR0CggEAUTKBMTaRbw9j7jzP4R5k
+P4H7DJSagrJg2YxY1Df84e34py4CWFcSEEI3oqHcSlhnm/vft2u9Eohix9sPZDMo
+N/k6MvIZRvvGpBrl3GD0h/Vky/yYql1AFOR/YxXARUkR+nMfopJ5GCsNtS+CCNAu
+75B1mj3f7TaV8tfPBV3a2TQLe7u/XChcfaH8rYGWOztR1dSNU7CDeMGFG/OmLjnj
+PdJ6CnDJFhIq+WkDTKXUm+fVtkEX2sjNMf+BqQjRPsMWvNBsqAalI1Ty5cMEztaZ
+Ui4CVH7g4He+u+6pIEHNrI4ZUrUIUUAcL3hsnLE9gAPZ3wceZlfYrvX5LjuZbUVh
+AwKCAQBACQPrWlS5YCshMCUQl3j/ld5do+3KQiQaezwHLiHlPLEEEzNp160ifBUz
+1cT+nIix0Uh6wv0cPQYI0IIOCG+mNuw9usLNOQUax4u/xOFmJsrAO8IDJ8XmAvQa
+EFNrLhyfs6rV6juVrv+/zqZcTtPuthEtpHurNqPkYQzcraHyIRFFoM1qrgCJT9wR
+bsdp72CCaffKjDCzabRu1ErZJur0Fgre1FgBOZUO296tSWGSEegfZT0B8PVZi9Lv
+hx4jG5d0anbljVdqzQy2Je1YMqlnRi/BldZ5Pf5tnGHuDg3UsR3TttFCkdl7tQnw
+pdCGpBDZ25jaSJzyaEQhc6r0NMuc
+      -----END RSA PRIVATE KEY-----
+    cacert: |
+      -----BEGIN CERTIFICATE-----
+MIIGNTCCBB2gAwIBAgIUJIcD3/8T4YRvKO3irXiJ7MB7GaYwDQYJKoZIhvcNAQEL
+BQAwgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJl
+cmxpbjENMAsGA1UECgwESU5BUDFFMEMGA1UEAww8c2FjcmlmaWNpYWwtdm0uZXVy
+b3BlLXdlc3QzLWMuYy5jb250YWluZXJzc2gtMzUyMDA3LmludGVybmFsMSIwIAYJ
+KoZIhvcNAQkBFhNiYWZyZWFkOTZAZ21haWwuY29tMB4XDTIyMDYwNTE1MzExMloX
+DTIzMDYwNTE1MzExMlowgakxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4x
+DzANBgNVBAcMBkJlcmxpbjENMAsGA1UECgwESU5BUDFFMEMGA1UEAww8c2Fjcmlm
+aWNpYWwtdm0uZXVyb3BlLXdlc3QzLWMuYy5jb250YWluZXJzc2gtMzUyMDA3Lmlu
+dGVybmFsMSIwIAYJKoZIhvcNAQkBFhNiYWZyZWFkOTZAZ21haWwuY29tMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA640RW0Hn+Jr5/lZWWu9RCB/zMsiP
+30Z8xifBWZ54NA8rgJsaWDs5XJuMl4qfNYs2KjS9k+EUmLopGhXhqQqWxkINI4YA
+LBM+8XUeqLIpX5fqKJ+F2PkLLIm/mHuczKHGUi7d5hdGry9BdRgFKxQ5WPd+1Q+U
+HOcMKmKSVghtU6Y9v6HnNTOkABpb6e3IkQ5a/3vU/DvT4zQ+928We7K1Gs6tZbI3
+/LdBkWWRPywC+hUjWze6zhQ5CsV0FmdNHteCGaKJdVw12uFUCIwPZ7LfGZ8IBpQ8
+0FZWcx+CUu0pnvuJwvHf26iQ8msPoHbBHf2ut+OTi/FMOwPW63PeUDDF/qAMpBwC
+594vcUjGeE2X43mql6c8bFiD6RfQwkAz595LNskH0A5tV0pR5Ywf418BX8JA2UWV
+8/JfLui+OOldBMFoArPrDPM0NK3GorbOmy2D0sHy/E/lwEq8LTvN8dTt6meo6B/f
+Zf5T5Z7sNGn7rLPXIv//BRGz90FmduLbiEt6UStHA4Xlso2St7bm+I9NgBgcuwOI
+mtF7pQdY+BrDu0sEKgx/Wjqy0IqjARHB3QRFquayIYjBK0AZEornJFPeAwHr46sf
+rDgxtReibkFwmzkPTvlyZKlrPSwptDWCjtindpGWzq26ON4POpPozoSAy9oc2SeX
+7It1UX40zz+gOWcCAwEAAaNTMFEwHQYDVR0OBBYEFOVZ4jK5qNy9s2uv6XCV6tZx
+WrMkMB8GA1UdIwQYMBaAFOVZ4jK5qNy9s2uv6XCV6tZxWrMkMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQELBQADggIBAC9JQH+bQGprD78TNHH+X2C4tDjI6KEo
+2+nRwb8PoMDHF2EXqIT+g90nIIpSRzZaBG0FmQIAIZ+5hx//RPuBfIQdIQuvxIvt
+H3QNCw4ABmmepO2ymYdsSjJIaDmQUVMKTruh2k+XVqN/9lRCqhe39J7RXSxmRQgg
+B/jFUZomfcVklB8e6Z4mrFH928ylBgsFt8QO4Rnc/69md2G2ZZMsVM3fZUTyTxd7
+CCvSUawqGr+3R5EZ71iRmFLRPg7b1OSuFMw9JeT6PyAbLp4vxiCVY6XHsQzRoWGL
+v7BO6njyZHxvwsYrllwEL993UdhQSqIzQ05PuN8AUjh8TW52oY110VyZ3AJQsuVO
+FUTeIVwnYrDkvTUDfs9mNEQ3fTkiQp1WBjvxntfAZRoiptXw88Q/r61TBuhzKblN
+XWIa3HN8INLESqo1Mj/hAMn74l/oyJA+SIICcdKCaTSu9hWbBYM91lgYcLw31lh5
+2etaoD6m0vN2IwLwWZZw8lPmSBG0L3cfRVDDSmNS85PWhwuSUMBT+CRi5JEHQbp4
+gFByxSj8Ez6EDLUTTSXa1gylwp6NnY+9sHpYH9TFAzS6o5uimMXjfBIutU5T+ftD
+zPMfrpjwrw+ungUcIhcBvPhvmXKxdPSsiX5CyPby/KV5n4UkUGJyL7+LY4MMgenP
+6RFnPgn7Egf3
+      -----END CERTIFICATE-----
+  execution:
+    imagePullPolicy: Never
+    container:
+      image: containerssh/containerssh-guest-image
+      hostname: bitcoin
+      # Disable network in the container
+      networkdisabled: true
+      # Force running as user 1000
+      user: 1000
+      # Optionally set working directory
+      workingdir: /home/ubuntu
+    host:
+      # Don't let the attacker write to the root FS.
+      readonlyrootfs: true
+      resources:
+        # 10% of CPU
+        cpuperiod: 10000
+        cpuquota: 1000
+        # 50 MB of memory with swap
+        memoryswap: 52428800
+        memoryswappiness: 50
+        # 25 MB of memory
+        memory: 26214400
+        # Reserve 20 MB of memory
+        memoryreservation: 20000000
+        # Max 1000 processes to prevent fork bombs
+        pidslimit: 1000
+      tmpfs:
+        # Create writable directories in memory
+        /tmp: rw,noexec,nosuid,size=65536k,uid=1000,gid=1000
+        /run: rw,noexec,nosuid,size=65536k,uid=1000,gid=1000
+        /home/ubuntu: rw,noexec,nosuid,size=65536k,uid=1000,gid=1000
+metrics:
+  enable: true
+  listen: "0.0.0.0:9101"
+  path: "/metrics"
+audit:
+  enable: true
+  format: binary
+  storage: s3
+  intercept:
+    stdin: true
+    stdout: true
+    stderr: true
+    passwords: true
+  s3:
+    # Local directory to store the audit log temporarily.
+    local: /var/log/containerssh/audit/
+    accessKey: ROOTNAME
+    secretKey: CHANGEME123
+    region: europe-west3
+    bucket: sshcontainer
+    # Optional: set your S3 endpoint
+    endpoint: http://10.0.0.11:9090/
+    metadata:
+      # Which metadata fields to set in the object storage.
+      username: true
+      ip: false
+auth:
+  url: "http://127.0.0.1:8080"
+configserver:
+  url: "http://127.0.0.1:8080/config"

packer/main.pkr.hcl

@@ -8,61 +8,106 @@ packer {
 }
 
 source "googlecompute" "ubuntu-2204" {
-  project_id          = "containerssh"
+  project_id          = var.project_id
   source_image_family = "ubuntu-pro-2204-lts"
   ssh_username        = "root"
   zone                = "europe-west3-c"
   account_file        = "./gcp.key.json"
+  machine_type        = "e2-small"
 }
 
 build {
   name = "sacrificial-vm-image"
-
   source "googlecompute.ubuntu-2204" {
     image_name = "sacrificial-vm-image"
   }
 
+  provisioner "shell" {
+    inline = [
+      "mkdir -p /home/deployer/tmp",
+      "mkdir /etc/docker/",
+      "mkdir /var/docker/"
+    ]
+  }
+
   provisioner "file" {
-    source      = "./scripts/util_fn"
-    destination = "/tmp/util_fn"
+    source      = "./files/ca_server.tar"
+    destination = "/home/deployer/tmp/ca_server.tar"
   }
 
+  provisioner "file" {
+    source      = "./scripts/apt_get_wait_lock.sh"
+    destination = "/home/deployer/tmp/apt_get_wait_lock.sh"
+  }
   provisioner "shell" {
-    script = "./scripts/update.sh"
+    script            = "./scripts/update_apt_packages.sh"
+    expect_disconnect = true
   }
-
   provisioner "file" {
-    source      = "./scripts/util_fn"
-    destination = "/tmp/util_fn"
+    source      = "./scripts/apt_get_wait_lock.sh"
+    destination = "/home/deployer/tmp/apt_get_wait_lock.sh"
   }
+
   provisioner "shell" {
     script = "./scripts/install_docker.sh"
   }
+
+  provisioner "shell" {
+    inline = [
+      "docker pull containerssh/containerssh-guest-image:latest"
+    ]
+  }
 }
 
 build {
-  name = "logger-vm-image"
-
+  name = "ubuntu-with-docker-image"
   source "googlecompute.ubuntu-2204" {
-    image_name = "logger-vm-image"
+    image_name = "ubuntu-with-docker-image"
+  }
+
+  provisioner "shell" {
+    inline = [
+      "mkdir -p /home/deployer/tmp",
+    ]
+  }
+
+  # test
+  provisioner "file" {
+    source      = "./files/ca_client.tar"
+    destination = "/home/deployer/tmp/ca_client.tar"
+  }
+
+  provisioner "file" {
+    source      = "./scripts/apt_get_wait_lock.sh"
+    destination = "/home/deployer/tmp/apt_get_wait_lock.sh"
   }
 
+  provisioner "shell" {
+    script            = "./scripts/update_apt_packages.sh"
+    expect_disconnect = true
+  }
 
   provisioner "file" {
-    source      = "./scripts/util_fn"
-    destination = "/tmp/util_fn"
+    source      = "./scripts/apt_get_wait_lock.sh"
+    destination = "/home/deployer/tmp/apt_get_wait_lock.sh"
   }
 
   provisioner "shell" {
-    script = "./scripts/update.sh"
+    inline = [
+      "mkdir /srv/containerssh/"
+    ]
   }
 
   provisioner "file" {
-    source      = "./scripts/util_fn"
-    destination = "/tmp/util_fn"
+    source      = "./files/config.yaml"
+    destination = "/srv/containerssh/config.yaml"
   }
+
+  provisioner "shell" {
+    script = "./scripts/containerssh_config.sh"
+  }
+
   provisioner "shell" {
     script = "./scripts/install_docker.sh"
   }
 }
-

packer/scripts/containerssh_config.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+mkdir -p /srv/containerssh/config/
+mkdir -p /srv/containerssh/audit/
+cd /srv/containerssh
+openssl genrsa > ssh_host_rsa_key