feat: Add Tailscale SSH bastion/jump host support
Add native SSH bastion support to all OpenStack builder templates,
enabling Packer builds through jump hosts for environments where
direct access to OpenStack networks is not available.
Changes:
- Add ssh_bastion_* variables to templates with OpenStack sources:
* ssh_bastion_host - Bastion IP/hostname
* ssh_bastion_username - Bastion authentication username
* ssh_bastion_port - Bastion SSH port (default: 22)
* ssh_bastion_agent_auth - Use SSH agent auth (default: true)
* ssh_bastion_private_key_file - Path to private key file
* ssh_bastion_password - Password authentication (not recommended)
- Update OpenStack source blocks in all templates to include bastion
configuration with conditional null handling for backwards
compatibility
- Maintain legacy ssh_proxy_host support for existing deployments
Templates updated:
- templates/builder.pkr.hcl
- templates/devstack.pkr.hcl
- templates/devstack-pre-pip-yoga.pkr.hcl
- templates/docker.pkr.hcl
- templates/windows-builder.pkr.hcl
- templates/variables.auto.pkr.hcl
All bastion variables are optional with empty string defaults,
ensuring backward compatibility with existing builds that don't
require bastion access. Variables convert to null when empty, so
Packer ignores them.
This enables CI/CD environments (GitHub Actions, Jenkins) to build
OpenStack images via ephemeral bastion hosts like Tailscale SSH or
traditional jump servers.
Issue: RELENG-5850
Change-Id: If2b18067e491346b26d03da38b0ae1957c78aca1
Signed-off-by: Anil Belur <abelur@linuxfoundation.org>
Code Review / releng / common-packer.git / commit