Removing install user with Packer

Solution 1:

Schedule a cron job to remove the user with @reboot option or add a few lines to rc scripts to do the same.

Solution 2:

I realize this is a rather old question, but I didn't like the idea of using a cronjob (or cloud-init, or anything that happens after the image would be instantiated) for this, and found what I find to be a better solution using packer itself. This works in Packer 1.4:

{
    "type": "shell",
    "skip_clean": true,
    "execute_command": "chmod +x {{ .Path }}; sudo env {{ .Vars }} {{ .Path }} ; rm -f {{ .Path }}",
    "inline": [
        "rm -f /etc/sudoers.d/90-cloud-init-users",
        "/usr/sbin/userdel -r -f fedora",
    ]
}

This assumes your install user is named fedora — it leverages Packer's skip_clean option to skip the deletion of the shell script after the inline section completes (which, given that the fedora user no longer exists, was guaranteed to fail).

Also note that if you have SSH agent forwarding turned on with packer, this may leave traces of the agent socket behind in the image.

Solution 3:

I found another way that works with packer 1.7 for QEMU, VMware, and VirtualBox. You can remove the user in the shutdown command. This method assumes the user has sudo access.

shutdown_command   = "sudo su root -c \"userdel -rf packer; rm /etc/sudoers.d/90-cloud-init-users; /sbin/shutdown -hP now\""