Skip to content

Instantly share code, notes, and snippets.

@pfuntner pfuntner/README Secret
Last active Jan 9, 2020

Embed
What would you like to do?
Files for packer issue
These are files related to a packer issue I am pursuing.
{
"description": "Build a Hardened AMI",
"variables": {
"required_vars_description":"variables below must be set for a successful build",
"os_family": "OS family - e.g. RedHat",
"os_distro": "DistroName - e.g. CentOS",
"os_majversion": "DistroMajVersion - e.g. 6",
"ssh_username": "login username - e.g. centos",
"search_vars_description": "variables below identify the source AMI",
"search_ami_info1": "you must to code enough of the seach_ami_ variables to identify",
"search_ami_info2": "your source image. You can use * in these fields as wildcards",
"search_ami_info3": "if mulitple AMIs match, the latest will be used",
"search_ami_id": "*",
"search_ami_name": "*",
"search_ami_virt_type": "hvm",
"search_ami_root_device_type": "ebs",
"search_ami_owner_id": "*",
"optional_vars_description":"variables below are defaulted but can be overridden as needed",
"aws_instance_type": "t2.micro",
"virt_type_desc": "HVM",
"root_type_desc": "EBS",
"copy_to_regions": "",
"share_with_accounts": "",
"ssh_keypair_name": "",
"ssh_private_key_file": "",
"security_group_ids": "",
"encrypt": "false",
"aws_profile": "",
"aws_kms_key": "",
"aws_access_key": "",
"aws_secret_key": "",
"aws_region": "",
"aws_vpc_id": "",
"aws_subnet_id": "",
"aws_ena_support": "true",
"hardening_name": "Hardened",
"ansible_playbook_file": "./harden.yml",
"ansible_command":"ansible-playbook",
"sleep_time": "10",
"date_stamp": "{{isotime \"2006-01-02\"}}",
"time_stamp": "{{isotime \"2006-01-02.15.04.05\"}}",
"ansible_extra_vars_cis_cat": "",
"ansible_extra_vars_serverspec": "",
"ansible_extra_vars_distro": "",
"ansible_extra_vars_level": "",
"ansible_extra_vars_user": "",
"tag_application_name": "",
"tag_application_version": ""
},
"builders": [
{
"type": "amazon-ebs",
"encrypt_boot": "{{user `encrypt`}}",
"kms_key_id": "{{user `aws_kms_key`}}",
"access_key": "{{user `aws_access_key`}}",
"secret_key": "{{user `aws_secret_key`}}",
"region": "{{user `aws_region`}}",
"profile": "{{user `aws_profile`}}",
"ami_regions": "{{user `copy_to_regions`}}",
"ami_users": "{{user `share_with_accounts`}}",
"snapshot_users":"{{user `share_with_accounts`}}",
"vpc_id":"{{user `aws_vpc_id`}}",
"subnet_id":"{{user `aws_subnet_id`}}",
"associate_public_ip_address":"{{user `aws_associate_public_ip_address`}}",
"source_ami_filter": {
"filters": {
"image-id": "{{user `search_ami_id`}}",
"name": "{{user `search_ami_name`}}",
"virtualization-type": "{{user `search_ami_virt_type`}}",
"root-device-type": "{{user `search_ami_root_device_type`}}"
},
"owners": ["{{user `search_ami_owner_id`}}"],
"most_recent": true
},
"instance_type": "{{user `aws_instance_type`}}",
"ssh_username": "{{user `ssh_username`}}",
"ssh_keypair_name": "{{user `ssh_keypair_name`}}",
"security_group_ids": "{{user `security_group_ids`}}",
"ssh_private_key_file": "{{user `ssh_private_key_file`}}",
"ami_description": "{{user `os_distro`}}_{{user `os_majversion`}}_{{user `virt_type_desc`}}_{{user `root_type_desc`}}-{{user `date_stamp`}}-{{user `hardening_name`}}",
"ami_name": "{{user `hardening_name`}}-{{user `os_distro`}}{{user `os_majversion`}}_{{user `virt_type_desc`}}_{{user `root_type_desc`}}-{{user `time_stamp`}}",
"ena_support": "{{user `aws_ena_support`}}",
"tags": {
"Name": "{{user `os_distro`}}{{user `os_majversion`}}-{{user `date_stamp`}}",
"DefaultLoginUser": "{{user `ssh_username`}}",
"OSDistro": "{{user `os_distro`}}",
"OSVersion": "{{user `os_majversion`}}",
"OSShortName": "{{user `os_distro`}}{{user `os_majversion`}}",
"OSFamily": "{{user `os_family`}}",
"Created": "{{ user `time_stamp`}}",
"BuiltWithPackerVersion": "{{ packer_version }}",
"VirtualizationType": "{{user `virt_type_desc`}}",
"RootDeviceType": "{{user `root_type_desc`}}",
"SourceAMI": "{{ .SourceAMI }}",
"BuildRegion": "{{ .BuildRegion }}",
"ApplicationName": "{{ user `tag_application_name` }}",
"ApplicationVersion": "{{ user `tag_application_version` }}"
}
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"sleep 20"
]
},
{
"type": "ansible",
"command":"{{user `ansible_command`}}",
"playbook_file": "{{user `ansible_playbook_file`}}",
"user": "{{user `ssh_username`}}",
"extra_arguments": [
"--extra-vars",
"{{user `ansible_extra_vars`}}"
]
},
{
"type": "shell",
"inline": [
"rm /home/{{user `ssh_username`}}/.ssh/authorized_keys"
]
}
]
}
$ packer build -var-file vars-rhel8.json aws-ebs-ansible.json
amazon-ebs output will be in this color.
==> amazon-ebs: Prevalidating AMI Name: Hardened-RHEL8_HVM_EBS-2020-01-09.12.26.47
amazon-ebs: Found Image ID: ami-09b947b170ccd0dbc
==> amazon-ebs: Creating temporary keypair: packer_5e171c08-a177-1f0e-4c5a-69cc116a6412
==> amazon-ebs: Creating temporary security group for this instance: packer_5e171c0a-5036-358e-e991-db8cff128641
==> amazon-ebs: Authorizing access to port 22 from [0.0.0.0/0] in the temporary security groups...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Adding tags to source instance
amazon-ebs: Adding tag: "Name": "Packer Builder"
amazon-ebs: Instance ID: i-040063647103f91a1
==> amazon-ebs: Waiting for instance (i-040063647103f91a1) to become ready...
==> amazon-ebs: Using ssh communicator to connect: 18.208.136.51
==> amazon-ebs: Waiting for SSH to become available...
==> amazon-ebs: Connected to SSH!
==> amazon-ebs: Provisioning with shell script: /tmp/packer-shell255803689
==> amazon-ebs: Provisioning with Ansible...
==> amazon-ebs: Executing Ansible: ansible-playbook --extra-vars packer_build_name=amazon-ebs packer_builder_type=amazon-ebs -o IdentitiesOnly=yes -i /tmp/packer-provisioner-ansible457249614 /home/centos/sto/packer/harden.yml -e ansible_ssh_private_key_file=/tmp/ansible-key318528747 --extra-vars --extra-vars --extra-vars --extra-vars --extra-vars --extra-vars
amazon-ebs:
amazon-ebs: PLAY [Explore issue with Packer] ***********************************************
amazon-ebs:
amazon-ebs: TASK [Set system-wide crypto policy] *******************************************
amazon-ebs: changed: [default]
amazon-ebs:
amazon-ebs: TASK [Reboot] ******************************************************************
amazon-ebs: changed: [default]
amazon-ebs:
amazon-ebs: TASK [Wait for reboot to complete] *********************************************
amazon-ebs: ok: [default -> localhost]
amazon-ebs:
amazon-ebs: TASK [Get uptime] **************************************************************
==> amazon-ebs: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
Cancelling build after receiving interrupt
==> amazon-ebs: Terminating the source AWS instance...
amazon-ebs: [ERROR]: User interrupted execution
==> amazon-ebs: Cleaning up any extra volumes...
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' finished.
Cleanly cancelled builds after being interrupted.
$
$ packer build -var ansible_extra_vars='{"set_policy": false}' -var-file vars-rhel8.json aws-ebs-ansible.json
amazon-ebs output will be in this color.
==> amazon-ebs: Prevalidating AMI Name: Hardened-RHEL8_HVM_EBS-2020-01-09.13.18.30
amazon-ebs: Found Image ID: ami-09b947b170ccd0dbc
==> amazon-ebs: Creating temporary keypair: packer_5e172826-b5f6-8ef6-064f-15e601ddfa92
==> amazon-ebs: Creating temporary security group for this instance: packer_5e172829-8608-1254-ef03-0071888dea10
==> amazon-ebs: Authorizing access to port 22 from [0.0.0.0/0] in the temporary security groups...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Adding tags to source instance
amazon-ebs: Adding tag: "Name": "Packer Builder"
amazon-ebs: Instance ID: i-0b60427904592b390
==> amazon-ebs: Waiting for instance (i-0b60427904592b390) to become ready...
==> amazon-ebs: Using ssh communicator to connect: 54.197.19.89
==> amazon-ebs: Waiting for SSH to become available...
==> amazon-ebs: Connected to SSH!
==> amazon-ebs: Provisioning with shell script: /tmp/packer-shell111455843
==> amazon-ebs: Provisioning with Ansible...
==> amazon-ebs: Executing Ansible: ansible-playbook --extra-vars packer_build_name=amazon-ebs packer_builder_type=amazon-ebs -o IdentitiesOnly=yes -i /tmp/packer-provisioner-ansible023881690 /home/centos/sto/packer/harden.yml -e ansible_ssh_private_key_file=/tmp/ansible-key897537703 --extra-vars {"set_policy": false}
amazon-ebs:
amazon-ebs: PLAY [Explore issue with Packer] ***********************************************
amazon-ebs:
amazon-ebs: TASK [Set system-wide crypto policy] *******************************************
amazon-ebs: skipping: [default]
amazon-ebs:
amazon-ebs: TASK [Reboot] ******************************************************************
amazon-ebs: changed: [default]
amazon-ebs:
amazon-ebs: TASK [Wait for reboot to complete] *********************************************
amazon-ebs: ok: [default -> localhost]
amazon-ebs:
amazon-ebs: TASK [Get uptime] **************************************************************
amazon-ebs: changed: [default]
amazon-ebs:
amazon-ebs: TASK [Display uptime] **********************************************************
amazon-ebs: ok: [default] => {
amazon-ebs: "uptime.stdout_lines": [
amazon-ebs: " 13:25:56 up 4 min, 0 users, load average: 0.00, 0.05, 0.02"
amazon-ebs: ]
amazon-ebs: }
amazon-ebs:
amazon-ebs: PLAY RECAP *********************************************************************
amazon-ebs: default : ok=4 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
amazon-ebs:
==> amazon-ebs: Provisioning with shell script: /tmp/packer-shell551477804
==> amazon-ebs: Stopping the source instance...
amazon-ebs: Stopping instance
==> amazon-ebs: Waiting for the instance to stop...
==> amazon-ebs: Enabling Enhanced Networking (ENA)...
==> amazon-ebs: Creating AMI Hardened-RHEL8_HVM_EBS-2020-01-09.13.18.30 from instance i-0b60427904592b390
amazon-ebs: AMI: ami-086ddef8ca22cffea
==> amazon-ebs: Waiting for AMI to become ready...
==> amazon-ebs: Modifying attributes on AMI (ami-086ddef8ca22cffea)...
amazon-ebs: Modifying: description
==> amazon-ebs: Modifying attributes on snapshot (snap-00d3f146c8a805c3a)...
==> amazon-ebs: Adding tags to AMI (ami-086ddef8ca22cffea)...
==> amazon-ebs: Tagging snapshot: snap-00d3f146c8a805c3a
==> amazon-ebs: Creating AMI tags
amazon-ebs: Adding tag: "OSVersion": "8"
amazon-ebs: Adding tag: "SourceAMI": "ami-09b947b170ccd0dbc"
amazon-ebs: Adding tag: "OSShortName": "RHEL8"
amazon-ebs: Adding tag: "Created": "2020-01-09.13.18.30"
amazon-ebs: Adding tag: "BuiltWithPackerVersion": "1.4.3"
amazon-ebs: Adding tag: "BuildRegion": "us-east-1"
amazon-ebs: Adding tag: "DefaultLoginUser": "ec2-user"
amazon-ebs: Adding tag: "ApplicationName": ""
amazon-ebs: Adding tag: "RootDeviceType": "EBS"
amazon-ebs: Adding tag: "Name": "RHEL8-2020-01-09"
amazon-ebs: Adding tag: "OSDistro": "RHEL"
amazon-ebs: Adding tag: "ApplicationVersion": ""
amazon-ebs: Adding tag: "OSFamily": "RedHat"
amazon-ebs: Adding tag: "VirtualizationType": "HVM"
==> amazon-ebs: Creating snapshot tags
==> amazon-ebs: Terminating the source AWS instance...
==> amazon-ebs: Cleaning up any extra volumes...
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' finished.
==> Builds finished. The artifacts of successful builds are:
--> amazon-ebs: AMIs were created:
us-east-1: ami-086ddef8ca22cffea
$
$ packer build -var-file vars-rhel8-policy.json aws-ebs-ansible.json
amazon-ebs output will be in this color.
==> amazon-ebs: Prevalidating AMI Name: Hardened-RHEL8_HVM_EBS-2020-01-09.13.49.47
amazon-ebs: Found Image ID: ami-0cb229954d8bb7f27
==> amazon-ebs: Creating temporary keypair: packer_5e172f7b-0171-546a-c8ed-428d8da514f3
==> amazon-ebs: Creating temporary security group for this instance: packer_5e172f7d-b703-da11-aabb-66a09eea58da
==> amazon-ebs: Authorizing access to port 22 from [0.0.0.0/0] in the temporary security groups...
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Adding tags to source instance
amazon-ebs: Adding tag: "Name": "Packer Builder"
amazon-ebs: Instance ID: i-06a0ee795309c1fad
==> amazon-ebs: Waiting for instance (i-06a0ee795309c1fad) to become ready...
==> amazon-ebs: Using ssh communicator to connect: 52.90.105.69
==> amazon-ebs: Waiting for SSH to become available...
==> amazon-ebs: Error waiting for SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
==> amazon-ebs: Terminating the source AWS instance...
==> amazon-ebs: Cleaning up any extra volumes...
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
==> Builds finished but no artifacts were created.
$
---
- name: Explore issue with Packer
hosts: all
gather_facts: false
tasks:
- name: Set system-wide crypto policy
command: update-crypto-policies --set FIPS
become: yes
when: set_policy | default(true)
- name: Reboot
shell: ( sleep 3 && /sbin/reboot & )
become: yes
- name: Wait for reboot to complete
local_action: wait_for host="{{ inventory_hostname }}" delay=15 state=started
- name: Get uptime
command: uptime
register: uptime
- name: Display uptime
debug:
var: uptime.stdout_lines
{
"description": "Variables for RHEL8",
"common_vars_description": "Common Variables",
"os_family": "RedHat",
"os_distro": "RHEL",
"os_majversion": "8",
"aws_ami_vars_description": "Variables pertaining to building a AWS AMI using EBS",
"search_ami_id": "*",
"search_ami_name": "pfuntner-rhel8-policy",
"search_ami_virt_type": "hvm",
"search_ami_root_device_type": "ebs",
"search_ami_owner_id": "338885122066",
"virt_type_desc": "HVM",
"root_type_desc": "EBS",
"ssh_username": "ec2-user",
"gcp_vars_description": "Variables pertaining to building GCP images",
"gcp_source_image_family": "rhel-8",
"gcp_source_image_project_id": "rhel-cloud",
"container_vars_description": "Variables pertaining to building container images",
"docker_name": "rhel8-hardening",
"container_starting_image": "registry.access.redhat.com/rhel8",
"ansible_vars_description": "Variables pertaining to Ansible",
"ansible_extra_vars_distro": ""
}
{
"description": "Variables for RHEL8",
"common_vars_description": "Common Variables",
"os_family": "RedHat",
"os_distro": "RHEL",
"os_majversion": "8",
"aws_ami_vars_description": "Variables pertaining to building a AWS AMI using EBS",
"search_ami_id": "*",
"search_ami_name": "RHEL-8.*_HVM-????????-x86_64-?-Hourly2-GP2",
"search_ami_virt_type": "hvm",
"search_ami_root_device_type": "ebs",
"search_ami_owner_id": "309956199498",
"virt_type_desc": "HVM",
"root_type_desc": "EBS",
"ssh_username": "ec2-user",
"gcp_vars_description": "Variables pertaining to building GCP images",
"gcp_source_image_family": "rhel-8",
"gcp_source_image_project_id": "rhel-cloud",
"container_vars_description": "Variables pertaining to building container images",
"docker_name": "rhel8-hardening",
"container_starting_image": "registry.access.redhat.com/rhel8",
"ansible_vars_description": "Variables pertaining to Ansible",
"ansible_extra_vars_distro": ""
}
@pfuntner

This comment has been minimized.

Copy link
Owner Author

pfuntner commented Jan 9, 2020

I link to these files from a post to the packer community about the problem I'm having.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.