--- /dev/null
+---
+features:
+ - |
+ Add SSH bastion/jump host support for OpenStack builder template.
+ The following new variables are now available for configuring SSH
+ bastion connections:
+
+ - ``ssh_bastion_host`` - IP address or hostname of the bastion host
+ - ``ssh_bastion_username`` - Username for bastion authentication
+ - ``ssh_bastion_port`` - SSH port on bastion (default: 22)
+ - ``ssh_bastion_agent_auth`` - Use SSH agent for authentication (default: true)
+ - ``ssh_bastion_private_key_file`` - Path to SSH private key file
+ - ``ssh_bastion_password`` - Password for bastion authentication (not recommended)
+
+ All bastion variables are optional with empty string defaults, making them
+ backward compatible with existing builds that don't require bastion access.
+
+ Example usage:
+
+ .. code-block:: bash
+
+ packer build \\
+ -var=ssh_bastion_host=100.64.183.39 \\
+ -var=ssh_bastion_username=root \\
+ -var-file=vars/ubuntu-22.04.pkrvars.hcl \\
+ templates/builder.pkr.hcl
+
+ This enables Packer builds to access OpenStack instances through a
+ bastion/jump host, which is required when direct access to OpenStack
+ networks is not available (e.g., in CI/CD environments using Tailscale
+ or other ephemeral bastion solutions).
+
+ Reference:
+ https://developer.hashicorp.com/packer/integrations/hashicorp/openstack/latest/components/builder/openstack
+upgrade:
+ - |
+ Existing builds using ``ssh_proxy_host`` will continue to work without
+ changes. The legacy proxy support is maintained for backward compatibility.
+ New deployments should use the SSH bastion variables for native jump host
+ support instead of proxy-based SSH tunneling.
default = ""
}
+variable "ssh_bastion_host" {
+ type = string
+ default = ""
+ description = "Bastion/jump host for SSH access to OpenStack instances"
+}
+
+variable "ssh_bastion_username" {
+ type = string
+ default = ""
+ description = "Username for bastion host authentication"
+}
+
+variable "ssh_bastion_port" {
+ type = number
+ default = 22
+ description = "SSH port on bastion host"
+}
+
+variable "ssh_bastion_agent_auth" {
+ type = bool
+ default = true
+ description = "Use SSH agent for bastion authentication"
+}
+
+variable "ssh_bastion_private_key_file" {
+ type = string
+ default = ""
+ description = "Path to SSH private key file for bastion authentication"
+}
+
+variable "ssh_bastion_password" {
+ type = string
+ default = ""
+ sensitive = true
+ description = "Password for bastion host authentication (not recommended)"
+}
+
variable "ssh_user" {
type = string
}
networks = ["${var.cloud_network}"]
region = "${var.cloud_region}"
source_image_name = "${var.base_image}"
+
+ # Legacy proxy support (kept for backwards compatibility)
ssh_proxy_host = "${var.ssh_proxy_host}"
+
+ # Bastion/Jump host support
+ ssh_bastion_host = var.ssh_bastion_host != "" ? var.ssh_bastion_host : null
+ ssh_bastion_username = var.ssh_bastion_username != "" ? var.ssh_bastion_username : null
+ ssh_bastion_port = var.ssh_bastion_port
+ ssh_bastion_agent_auth = var.ssh_bastion_agent_auth
+ ssh_bastion_private_key_file = var.ssh_bastion_private_key_file != "" ? var.ssh_bastion_private_key_file : null
+ ssh_bastion_password = var.ssh_bastion_password != "" ? var.ssh_bastion_password : null
+
ssh_username = "${var.ssh_user}"
use_blockstorage_volume = "${var.vm_use_block_storage}"
user_data_file = "${var.cloud_user_data}"
default = ""
}
+variable "ssh_bastion_host" {
+ type = string
+ default = ""
+ description = "Bastion/jump host for SSH access to OpenStack instances"
+}
+
+variable "ssh_bastion_username" {
+ type = string
+ default = ""
+ description = "Username for bastion host authentication"
+}
+
+variable "ssh_bastion_port" {
+ type = number
+ default = 22
+ description = "SSH port on bastion host"
+}
+
+variable "ssh_bastion_agent_auth" {
+ type = bool
+ default = true
+ description = "Use SSH agent for bastion authentication"
+}
+
+variable "ssh_bastion_private_key_file" {
+ type = string
+ default = ""
+ description = "Path to SSH private key file for bastion authentication"
+}
+
+variable "ssh_bastion_password" {
+ type = string
+ default = ""
+ sensitive = true
+ description = "Password for bastion host authentication (not recommended)"
+}
+
variable "source_ami_filter_name" {
type = string
default = null
networks = ["${var.cloud_network}"]
region = "${var.cloud_region}"
source_image_name = "${var.base_image}"
+
+ # Legacy proxy support (kept for backwards compatibility)
ssh_proxy_host = "${var.ssh_proxy_host}"
+
+ # Bastion/Jump host support
+ ssh_bastion_host = var.ssh_bastion_host != "" ? var.ssh_bastion_host : null
+ ssh_bastion_username = var.ssh_bastion_username != "" ? var.ssh_bastion_username : null
+ ssh_bastion_port = var.ssh_bastion_port
+ ssh_bastion_agent_auth = var.ssh_bastion_agent_auth
+ ssh_bastion_private_key_file = var.ssh_bastion_private_key_file != "" ? var.ssh_bastion_private_key_file : null
+ ssh_bastion_password = var.ssh_bastion_password != "" ? var.ssh_bastion_password : null
+
ssh_username = "${var.ssh_user}"
use_blockstorage_volume = "${var.vm_use_block_storage}"
user_data_file = "${var.cloud_user_data}"
default = ""
}
+variable "ssh_bastion_host" {
+ type = string
+ default = ""
+ description = "Bastion/jump host for SSH access to OpenStack instances"
+}
+
+variable "ssh_bastion_username" {
+ type = string
+ default = ""
+ description = "Username for bastion host authentication"
+}
+
+variable "ssh_bastion_port" {
+ type = number
+ default = 22
+ description = "SSH port on bastion host"
+}
+
+variable "ssh_bastion_agent_auth" {
+ type = bool
+ default = true
+ description = "Use SSH agent for bastion authentication"
+}
+
+variable "ssh_bastion_private_key_file" {
+ type = string
+ default = ""
+ description = "Path to SSH private key file for bastion authentication"
+}
+
+variable "ssh_bastion_password" {
+ type = string
+ default = ""
+ sensitive = true
+ description = "Password for bastion host authentication (not recommended)"
+}
+
variable "source_ami_filter_name" {
type = string
default = null
networks = ["${var.cloud_network}"]
region = "${var.cloud_region}"
source_image_name = "${var.base_image}"
+
+ # Legacy proxy support (kept for backwards compatibility)
ssh_proxy_host = "${var.ssh_proxy_host}"
+
+ # Bastion/Jump host support
+ ssh_bastion_host = var.ssh_bastion_host != "" ? var.ssh_bastion_host : null
+ ssh_bastion_username = var.ssh_bastion_username != "" ? var.ssh_bastion_username : null
+ ssh_bastion_port = var.ssh_bastion_port
+ ssh_bastion_agent_auth = var.ssh_bastion_agent_auth
+ ssh_bastion_private_key_file = var.ssh_bastion_private_key_file != "" ? var.ssh_bastion_private_key_file : null
+ ssh_bastion_password = var.ssh_bastion_password != "" ? var.ssh_bastion_password : null
+
ssh_username = "${var.ssh_user}"
use_blockstorage_volume = "${var.vm_use_block_storage}"
user_data_file = "${var.cloud_user_data}"
default = ""
}
+variable "ssh_bastion_host" {
+ type = string
+ default = ""
+ description = "Bastion/jump host for SSH access to OpenStack instances"
+}
+
+variable "ssh_bastion_username" {
+ type = string
+ default = ""
+ description = "Username for bastion host authentication"
+}
+
+variable "ssh_bastion_port" {
+ type = number
+ default = 22
+ description = "SSH port on bastion host"
+}
+
+variable "ssh_bastion_agent_auth" {
+ type = bool
+ default = true
+ description = "Use SSH agent for bastion authentication"
+}
+
+variable "ssh_bastion_private_key_file" {
+ type = string
+ default = ""
+ description = "Path to SSH private key file for bastion authentication"
+}
+
+variable "ssh_bastion_password" {
+ type = string
+ default = ""
+ sensitive = true
+ description = "Password for bastion host authentication (not recommended)"
+}
+
variable "ssh_user" {
type = string
default = null
networks = ["${var.cloud_network}"]
region = "${var.cloud_region}"
source_image_name = "${var.base_image}"
+
+ # Legacy proxy support (kept for backwards compatibility)
ssh_proxy_host = "${var.ssh_proxy_host}"
+
+ # Bastion/Jump host support
+ ssh_bastion_host = var.ssh_bastion_host != "" ? var.ssh_bastion_host : null
+ ssh_bastion_username = var.ssh_bastion_username != "" ? var.ssh_bastion_username : null
+ ssh_bastion_port = var.ssh_bastion_port
+ ssh_bastion_agent_auth = var.ssh_bastion_agent_auth
+ ssh_bastion_private_key_file = var.ssh_bastion_private_key_file != "" ? var.ssh_bastion_private_key_file : null
+ ssh_bastion_password = var.ssh_bastion_password != "" ? var.ssh_bastion_password : null
+
ssh_username = "${var.ssh_user}"
use_blockstorage_volume = "${var.vm_use_block_storage}"
user_data_file = "${var.cloud_user_data}"
default = ""
}
+variable "ssh_bastion_host" {
+ type = string
+ default = ""
+}
+
+variable "ssh_bastion_username" {
+ type = string
+ default = ""
+}
+
+variable "ssh_bastion_port" {
+ type = number
+ default = 22
+}
+
+variable "ssh_bastion_agent_auth" {
+ type = bool
+ default = true
+}
+
+variable "ssh_bastion_private_key_file" {
+ type = string
+ default = ""
+}
+
+variable "ssh_bastion_password" {
+ type = string
+ default = ""
+ sensitive = true
+}
+
variable "ssh_user" {
type = string
default = null
default = null
}
+variable "ssh_bastion_host" {
+ type = string
+ default = ""
+ description = "Bastion/jump host for SSH access to OpenStack instances"
+}
+
+variable "ssh_bastion_username" {
+ type = string
+ default = ""
+ description = "Username for bastion host authentication"
+}
+
+variable "ssh_bastion_port" {
+ type = number
+ default = 22
+ description = "SSH port on bastion host"
+}
+
+variable "ssh_bastion_agent_auth" {
+ type = bool
+ default = true
+ description = "Use SSH agent for bastion authentication"
+}
+
+variable "ssh_bastion_private_key_file" {
+ type = string
+ default = ""
+ description = "Path to SSH private key file for bastion authentication"
+}
+
+variable "ssh_bastion_password" {
+ type = string
+ default = ""
+ sensitive = true
+ description = "Password for bastion host authentication (not recommended)"
+}
+
variable "ssh_user" {
type = string
default = null
Code Review / releng / common-packer.git / commitdiff