-
-
Save pfuntner/cb1c6a3f0e1695928cbe51968a071db4 to your computer and use it in GitHub Desktop.
Files for packer issue
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
These are files related to a packer issue I am pursuing. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"description": "Build a Hardened AMI", | |
"variables": { | |
"required_vars_description":"variables below must be set for a successful build", | |
"os_family": "OS family - e.g. RedHat", | |
"os_distro": "DistroName - e.g. CentOS", | |
"os_majversion": "DistroMajVersion - e.g. 6", | |
"ssh_username": "login username - e.g. centos", | |
"search_vars_description": "variables below identify the source AMI", | |
"search_ami_info1": "you must to code enough of the seach_ami_ variables to identify", | |
"search_ami_info2": "your source image. You can use * in these fields as wildcards", | |
"search_ami_info3": "if mulitple AMIs match, the latest will be used", | |
"search_ami_id": "*", | |
"search_ami_name": "*", | |
"search_ami_virt_type": "hvm", | |
"search_ami_root_device_type": "ebs", | |
"search_ami_owner_id": "*", | |
"optional_vars_description":"variables below are defaulted but can be overridden as needed", | |
"aws_instance_type": "t2.micro", | |
"virt_type_desc": "HVM", | |
"root_type_desc": "EBS", | |
"copy_to_regions": "", | |
"share_with_accounts": "", | |
"ssh_keypair_name": "", | |
"ssh_private_key_file": "", | |
"security_group_ids": "", | |
"encrypt": "false", | |
"aws_profile": "", | |
"aws_kms_key": "", | |
"aws_access_key": "", | |
"aws_secret_key": "", | |
"aws_region": "", | |
"aws_vpc_id": "", | |
"aws_subnet_id": "", | |
"aws_ena_support": "true", | |
"hardening_name": "Hardened", | |
"ansible_playbook_file": "./harden.yml", | |
"ansible_command":"ansible-playbook", | |
"sleep_time": "10", | |
"date_stamp": "{{isotime \"2006-01-02\"}}", | |
"time_stamp": "{{isotime \"2006-01-02.15.04.05\"}}", | |
"ansible_extra_vars_cis_cat": "", | |
"ansible_extra_vars_serverspec": "", | |
"ansible_extra_vars_distro": "", | |
"ansible_extra_vars_level": "", | |
"ansible_extra_vars_user": "", | |
"tag_application_name": "", | |
"tag_application_version": "" | |
}, | |
"builders": [ | |
{ | |
"type": "amazon-ebs", | |
"encrypt_boot": "{{user `encrypt`}}", | |
"kms_key_id": "{{user `aws_kms_key`}}", | |
"access_key": "{{user `aws_access_key`}}", | |
"secret_key": "{{user `aws_secret_key`}}", | |
"region": "{{user `aws_region`}}", | |
"profile": "{{user `aws_profile`}}", | |
"ami_regions": "{{user `copy_to_regions`}}", | |
"ami_users": "{{user `share_with_accounts`}}", | |
"snapshot_users":"{{user `share_with_accounts`}}", | |
"vpc_id":"{{user `aws_vpc_id`}}", | |
"subnet_id":"{{user `aws_subnet_id`}}", | |
"associate_public_ip_address":"{{user `aws_associate_public_ip_address`}}", | |
"source_ami_filter": { | |
"filters": { | |
"image-id": "{{user `search_ami_id`}}", | |
"name": "{{user `search_ami_name`}}", | |
"virtualization-type": "{{user `search_ami_virt_type`}}", | |
"root-device-type": "{{user `search_ami_root_device_type`}}" | |
}, | |
"owners": ["{{user `search_ami_owner_id`}}"], | |
"most_recent": true | |
}, | |
"instance_type": "{{user `aws_instance_type`}}", | |
"ssh_username": "{{user `ssh_username`}}", | |
"ssh_keypair_name": "{{user `ssh_keypair_name`}}", | |
"security_group_ids": "{{user `security_group_ids`}}", | |
"ssh_private_key_file": "{{user `ssh_private_key_file`}}", | |
"ami_description": "{{user `os_distro`}}_{{user `os_majversion`}}_{{user `virt_type_desc`}}_{{user `root_type_desc`}}-{{user `date_stamp`}}-{{user `hardening_name`}}", | |
"ami_name": "{{user `hardening_name`}}-{{user `os_distro`}}{{user `os_majversion`}}_{{user `virt_type_desc`}}_{{user `root_type_desc`}}-{{user `time_stamp`}}", | |
"ena_support": "{{user `aws_ena_support`}}", | |
"tags": { | |
"Name": "{{user `os_distro`}}{{user `os_majversion`}}-{{user `date_stamp`}}", | |
"DefaultLoginUser": "{{user `ssh_username`}}", | |
"OSDistro": "{{user `os_distro`}}", | |
"OSVersion": "{{user `os_majversion`}}", | |
"OSShortName": "{{user `os_distro`}}{{user `os_majversion`}}", | |
"OSFamily": "{{user `os_family`}}", | |
"Created": "{{ user `time_stamp`}}", | |
"BuiltWithPackerVersion": "{{ packer_version }}", | |
"VirtualizationType": "{{user `virt_type_desc`}}", | |
"RootDeviceType": "{{user `root_type_desc`}}", | |
"SourceAMI": "{{ .SourceAMI }}", | |
"BuildRegion": "{{ .BuildRegion }}", | |
"ApplicationName": "{{ user `tag_application_name` }}", | |
"ApplicationVersion": "{{ user `tag_application_version` }}" | |
} | |
} | |
], | |
"provisioners": [ | |
{ | |
"type": "shell", | |
"inline": [ | |
"sleep 20" | |
] | |
}, | |
{ | |
"type": "ansible", | |
"command":"{{user `ansible_command`}}", | |
"playbook_file": "{{user `ansible_playbook_file`}}", | |
"user": "{{user `ssh_username`}}", | |
"extra_arguments": [ | |
"--extra-vars", | |
"{{user `ansible_extra_vars`}}" | |
] | |
}, | |
{ | |
"type": "shell", | |
"inline": [ | |
"rm /home/{{user `ssh_username`}}/.ssh/authorized_keys" | |
] | |
} | |
] | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ packer build -var-file vars-rhel8.json aws-ebs-ansible.json | |
amazon-ebs output will be in this color. | |
==> amazon-ebs: Prevalidating AMI Name: Hardened-RHEL8_HVM_EBS-2020-01-09.12.26.47 | |
amazon-ebs: Found Image ID: ami-09b947b170ccd0dbc | |
==> amazon-ebs: Creating temporary keypair: packer_5e171c08-a177-1f0e-4c5a-69cc116a6412 | |
==> amazon-ebs: Creating temporary security group for this instance: packer_5e171c0a-5036-358e-e991-db8cff128641 | |
==> amazon-ebs: Authorizing access to port 22 from [0.0.0.0/0] in the temporary security groups... | |
==> amazon-ebs: Launching a source AWS instance... | |
==> amazon-ebs: Adding tags to source instance | |
amazon-ebs: Adding tag: "Name": "Packer Builder" | |
amazon-ebs: Instance ID: i-040063647103f91a1 | |
==> amazon-ebs: Waiting for instance (i-040063647103f91a1) to become ready... | |
==> amazon-ebs: Using ssh communicator to connect: 18.208.136.51 | |
==> amazon-ebs: Waiting for SSH to become available... | |
==> amazon-ebs: Connected to SSH! | |
==> amazon-ebs: Provisioning with shell script: /tmp/packer-shell255803689 | |
==> amazon-ebs: Provisioning with Ansible... | |
==> amazon-ebs: Executing Ansible: ansible-playbook --extra-vars packer_build_name=amazon-ebs packer_builder_type=amazon-ebs -o IdentitiesOnly=yes -i /tmp/packer-provisioner-ansible457249614 /home/centos/sto/packer/harden.yml -e ansible_ssh_private_key_file=/tmp/ansible-key318528747 --extra-vars --extra-vars --extra-vars --extra-vars --extra-vars --extra-vars | |
amazon-ebs: | |
amazon-ebs: PLAY [Explore issue with Packer] *********************************************** | |
amazon-ebs: | |
amazon-ebs: TASK [Set system-wide crypto policy] ******************************************* | |
amazon-ebs: changed: [default] | |
amazon-ebs: | |
amazon-ebs: TASK [Reboot] ****************************************************************** | |
amazon-ebs: changed: [default] | |
amazon-ebs: | |
amazon-ebs: TASK [Wait for reboot to complete] ********************************************* | |
amazon-ebs: ok: [default -> localhost] | |
amazon-ebs: | |
amazon-ebs: TASK [Get uptime] ************************************************************** | |
==> amazon-ebs: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain | |
Cancelling build after receiving interrupt | |
==> amazon-ebs: Terminating the source AWS instance... | |
amazon-ebs: [ERROR]: User interrupted execution | |
==> amazon-ebs: Cleaning up any extra volumes... | |
==> amazon-ebs: No volumes to clean up, skipping | |
==> amazon-ebs: Deleting temporary security group... | |
==> amazon-ebs: Deleting temporary keypair... | |
Build 'amazon-ebs' finished. | |
Cleanly cancelled builds after being interrupted. | |
$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ packer build -var ansible_extra_vars='{"set_policy": false}' -var-file vars-rhel8.json aws-ebs-ansible.json | |
amazon-ebs output will be in this color. | |
==> amazon-ebs: Prevalidating AMI Name: Hardened-RHEL8_HVM_EBS-2020-01-09.13.18.30 | |
amazon-ebs: Found Image ID: ami-09b947b170ccd0dbc | |
==> amazon-ebs: Creating temporary keypair: packer_5e172826-b5f6-8ef6-064f-15e601ddfa92 | |
==> amazon-ebs: Creating temporary security group for this instance: packer_5e172829-8608-1254-ef03-0071888dea10 | |
==> amazon-ebs: Authorizing access to port 22 from [0.0.0.0/0] in the temporary security groups... | |
==> amazon-ebs: Launching a source AWS instance... | |
==> amazon-ebs: Adding tags to source instance | |
amazon-ebs: Adding tag: "Name": "Packer Builder" | |
amazon-ebs: Instance ID: i-0b60427904592b390 | |
==> amazon-ebs: Waiting for instance (i-0b60427904592b390) to become ready... | |
==> amazon-ebs: Using ssh communicator to connect: 54.197.19.89 | |
==> amazon-ebs: Waiting for SSH to become available... | |
==> amazon-ebs: Connected to SSH! | |
==> amazon-ebs: Provisioning with shell script: /tmp/packer-shell111455843 | |
==> amazon-ebs: Provisioning with Ansible... | |
==> amazon-ebs: Executing Ansible: ansible-playbook --extra-vars packer_build_name=amazon-ebs packer_builder_type=amazon-ebs -o IdentitiesOnly=yes -i /tmp/packer-provisioner-ansible023881690 /home/centos/sto/packer/harden.yml -e ansible_ssh_private_key_file=/tmp/ansible-key897537703 --extra-vars {"set_policy": false} | |
amazon-ebs: | |
amazon-ebs: PLAY [Explore issue with Packer] *********************************************** | |
amazon-ebs: | |
amazon-ebs: TASK [Set system-wide crypto policy] ******************************************* | |
amazon-ebs: skipping: [default] | |
amazon-ebs: | |
amazon-ebs: TASK [Reboot] ****************************************************************** | |
amazon-ebs: changed: [default] | |
amazon-ebs: | |
amazon-ebs: TASK [Wait for reboot to complete] ********************************************* | |
amazon-ebs: ok: [default -> localhost] | |
amazon-ebs: | |
amazon-ebs: TASK [Get uptime] ************************************************************** | |
amazon-ebs: changed: [default] | |
amazon-ebs: | |
amazon-ebs: TASK [Display uptime] ********************************************************** | |
amazon-ebs: ok: [default] => { | |
amazon-ebs: "uptime.stdout_lines": [ | |
amazon-ebs: " 13:25:56 up 4 min, 0 users, load average: 0.00, 0.05, 0.02" | |
amazon-ebs: ] | |
amazon-ebs: } | |
amazon-ebs: | |
amazon-ebs: PLAY RECAP ********************************************************************* | |
amazon-ebs: default : ok=4 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0 | |
amazon-ebs: | |
==> amazon-ebs: Provisioning with shell script: /tmp/packer-shell551477804 | |
==> amazon-ebs: Stopping the source instance... | |
amazon-ebs: Stopping instance | |
==> amazon-ebs: Waiting for the instance to stop... | |
==> amazon-ebs: Enabling Enhanced Networking (ENA)... | |
==> amazon-ebs: Creating AMI Hardened-RHEL8_HVM_EBS-2020-01-09.13.18.30 from instance i-0b60427904592b390 | |
amazon-ebs: AMI: ami-086ddef8ca22cffea | |
==> amazon-ebs: Waiting for AMI to become ready... | |
==> amazon-ebs: Modifying attributes on AMI (ami-086ddef8ca22cffea)... | |
amazon-ebs: Modifying: description | |
==> amazon-ebs: Modifying attributes on snapshot (snap-00d3f146c8a805c3a)... | |
==> amazon-ebs: Adding tags to AMI (ami-086ddef8ca22cffea)... | |
==> amazon-ebs: Tagging snapshot: snap-00d3f146c8a805c3a | |
==> amazon-ebs: Creating AMI tags | |
amazon-ebs: Adding tag: "OSVersion": "8" | |
amazon-ebs: Adding tag: "SourceAMI": "ami-09b947b170ccd0dbc" | |
amazon-ebs: Adding tag: "OSShortName": "RHEL8" | |
amazon-ebs: Adding tag: "Created": "2020-01-09.13.18.30" | |
amazon-ebs: Adding tag: "BuiltWithPackerVersion": "1.4.3" | |
amazon-ebs: Adding tag: "BuildRegion": "us-east-1" | |
amazon-ebs: Adding tag: "DefaultLoginUser": "ec2-user" | |
amazon-ebs: Adding tag: "ApplicationName": "" | |
amazon-ebs: Adding tag: "RootDeviceType": "EBS" | |
amazon-ebs: Adding tag: "Name": "RHEL8-2020-01-09" | |
amazon-ebs: Adding tag: "OSDistro": "RHEL" | |
amazon-ebs: Adding tag: "ApplicationVersion": "" | |
amazon-ebs: Adding tag: "OSFamily": "RedHat" | |
amazon-ebs: Adding tag: "VirtualizationType": "HVM" | |
==> amazon-ebs: Creating snapshot tags | |
==> amazon-ebs: Terminating the source AWS instance... | |
==> amazon-ebs: Cleaning up any extra volumes... | |
==> amazon-ebs: No volumes to clean up, skipping | |
==> amazon-ebs: Deleting temporary security group... | |
==> amazon-ebs: Deleting temporary keypair... | |
Build 'amazon-ebs' finished. | |
==> Builds finished. The artifacts of successful builds are: | |
--> amazon-ebs: AMIs were created: | |
us-east-1: ami-086ddef8ca22cffea | |
$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
$ packer build -var-file vars-rhel8-policy.json aws-ebs-ansible.json | |
amazon-ebs output will be in this color. | |
==> amazon-ebs: Prevalidating AMI Name: Hardened-RHEL8_HVM_EBS-2020-01-09.13.49.47 | |
amazon-ebs: Found Image ID: ami-0cb229954d8bb7f27 | |
==> amazon-ebs: Creating temporary keypair: packer_5e172f7b-0171-546a-c8ed-428d8da514f3 | |
==> amazon-ebs: Creating temporary security group for this instance: packer_5e172f7d-b703-da11-aabb-66a09eea58da | |
==> amazon-ebs: Authorizing access to port 22 from [0.0.0.0/0] in the temporary security groups... | |
==> amazon-ebs: Launching a source AWS instance... | |
==> amazon-ebs: Adding tags to source instance | |
amazon-ebs: Adding tag: "Name": "Packer Builder" | |
amazon-ebs: Instance ID: i-06a0ee795309c1fad | |
==> amazon-ebs: Waiting for instance (i-06a0ee795309c1fad) to become ready... | |
==> amazon-ebs: Using ssh communicator to connect: 52.90.105.69 | |
==> amazon-ebs: Waiting for SSH to become available... | |
==> amazon-ebs: Error waiting for SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain | |
==> amazon-ebs: Terminating the source AWS instance... | |
==> amazon-ebs: Cleaning up any extra volumes... | |
==> amazon-ebs: No volumes to clean up, skipping | |
==> amazon-ebs: Deleting temporary security group... | |
==> amazon-ebs: Deleting temporary keypair... | |
Build 'amazon-ebs' errored: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain | |
==> Some builds didn't complete successfully and had errors: | |
--> amazon-ebs: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain | |
==> Builds finished but no artifacts were created. | |
$ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- name: Explore issue with Packer | |
hosts: all | |
gather_facts: false | |
tasks: | |
- name: Set system-wide crypto policy | |
command: update-crypto-policies --set FIPS | |
become: yes | |
when: set_policy | default(true) | |
- name: Reboot | |
shell: ( sleep 3 && /sbin/reboot & ) | |
become: yes | |
- name: Wait for reboot to complete | |
local_action: wait_for host="{{ inventory_hostname }}" delay=15 state=started | |
- name: Get uptime | |
command: uptime | |
register: uptime | |
- name: Display uptime | |
debug: | |
var: uptime.stdout_lines |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"description": "Variables for RHEL8", | |
"common_vars_description": "Common Variables", | |
"os_family": "RedHat", | |
"os_distro": "RHEL", | |
"os_majversion": "8", | |
"aws_ami_vars_description": "Variables pertaining to building a AWS AMI using EBS", | |
"search_ami_id": "*", | |
"search_ami_name": "pfuntner-rhel8-policy", | |
"search_ami_virt_type": "hvm", | |
"search_ami_root_device_type": "ebs", | |
"search_ami_owner_id": "338885122066", | |
"virt_type_desc": "HVM", | |
"root_type_desc": "EBS", | |
"ssh_username": "ec2-user", | |
"gcp_vars_description": "Variables pertaining to building GCP images", | |
"gcp_source_image_family": "rhel-8", | |
"gcp_source_image_project_id": "rhel-cloud", | |
"container_vars_description": "Variables pertaining to building container images", | |
"docker_name": "rhel8-hardening", | |
"container_starting_image": "registry.access.redhat.com/rhel8", | |
"ansible_vars_description": "Variables pertaining to Ansible", | |
"ansible_extra_vars_distro": "" | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"description": "Variables for RHEL8", | |
"common_vars_description": "Common Variables", | |
"os_family": "RedHat", | |
"os_distro": "RHEL", | |
"os_majversion": "8", | |
"aws_ami_vars_description": "Variables pertaining to building a AWS AMI using EBS", | |
"search_ami_id": "*", | |
"search_ami_name": "RHEL-8.*_HVM-????????-x86_64-?-Hourly2-GP2", | |
"search_ami_virt_type": "hvm", | |
"search_ami_root_device_type": "ebs", | |
"search_ami_owner_id": "309956199498", | |
"virt_type_desc": "HVM", | |
"root_type_desc": "EBS", | |
"ssh_username": "ec2-user", | |
"gcp_vars_description": "Variables pertaining to building GCP images", | |
"gcp_source_image_family": "rhel-8", | |
"gcp_source_image_project_id": "rhel-cloud", | |
"container_vars_description": "Variables pertaining to building container images", | |
"docker_name": "rhel8-hardening", | |
"container_starting_image": "registry.access.redhat.com/rhel8", | |
"ansible_vars_description": "Variables pertaining to Ansible", | |
"ansible_extra_vars_distro": "" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I link to these files from a post to the packer community about the problem I'm having.