search

hashicorp / packer-plugin-ansible

Packer plugin for Ansible Provisioner
https://www.packer.io/docs/provisioners/ansible
Mozilla Public License 2.0
50 stars 36 forks source link

Amazon Ubuntu AMI: fail to handshake #155

Closed msuzoagu closed 1 year ago

msuzoagu commented 1 year ago

Overview of the Issue

When attempting to build ami, provisioning step fails with error message failed to handshake even though ssh connection has been made.

Running the same playbook but adding ansible_env_vars = [ "ANSIBLE_STDOUT_CALLBACK=debug"] arg surfaces a failed to transfer file error during the play.

Reproduction Steps

PACKER_LOG=1 packer build simple packer template

Plugin and Packer version

Simplified Packer Buildfile

Simplified Buildfile

Operating system and Environment details

Local Machine: macOS Ventura

Remote: 

aws_name = "ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-20230325"
ami_id = "ami-0a695f0d95cefc163"
ami_owners = ["099720109477"]
ssh_username = "ubuntu"

Log Fragments and crash.log files

  1. handshake error surfaced without ANSIBLE_STDOUT_CALLBACK=debug
  2. file transfer error surfaced with ANSIBLE_STDOUT_CALLBACK=debug
msuzoagu commented 1 year ago

@nywilken Hello Wilken! Can you please take a look at this; would appreciate any feedback.

Following the suggestions this issue and in this issue, currently getting around the failed handshake error by passing in:

    ansible_env_vars = [
      "ANSIBLE_STDOUT_CALLBACK=debug",
      "ANSIBLE_HOST_KEY_CHECKING=False",
      "ANSIBLE_SSH_ARGS='-o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s'",
      "ANSIBLE_NOCOLOR=True"
    ]
    ansible_ssh_extra_args = [
      "-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedKeyTypes=+ssh-rsa"
    ]
    extra_arguments = [
      "--scp-extra-args", "'-O'"
    ]

to the build but now running into another issue where none of the packages needed are being found (for example, one is able to apt install make but provisioning via packer-plugin-ansible will return "package make not found").

msuzoagu commented 1 year ago

Got around issues reported by:

lbajolet-hashicorp commented 1 year ago

Hi @msuzoagu,

Coming back to this, it looks like a similar issue as what's described in #69, where connection to the adapter/proxy for Ansible fails because of a SSH key mismatch. I presume the Ansible/OpenSSH stack you're running banned RSA-SHA as authorised key type, hence the extra arguments you're passing to Ansible, but from what I can understand, this is not enough and the generated key cannot be used to authenticate anyway, hence the communication error.

Regarding my message on your other issue (on the Amazon plugin), since the target machine has a public IP, you can probably still fix it by adding use_proxy = false on the Ansible configuration block, that way you won't have the adapter setup with the unsupported keys.

I'll continue looking into this problem from the angle described in #69.

lbajolet-hashicorp commented 1 year ago

Closing as duplicate of https://github.com/hashicorp/packer/issues/12416