hashicorp / packer

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
http://www.packer.io
Other
15.11k stars 3.33k forks source link

Packer does not execute provisioner "ansible" via SSH over SSM on Windows #12887

Open alesiobitaGit opened 8 months ago

alesiobitaGit commented 8 months ago

I'm trying to user session_manager for windows (for linux it works okay meanwhile), the docs have an example with linux but not windows

I attempted to use this config but its not working:

Windows Server v2019

data "amazon-ami" "amazon-source-images-windows_server_v2019" { filters = { virtualization-type = "hvm" name = "Windows_Server-2019English-Full-Base-" root-device-type = "ebs" } owners = ["801119661308"] most_recent = true }

source "amazon-ebs" "ansible-playbook" {

Set source_ami based on OS

source_ami = data.amazon-ami.amazon-source-images-windows_server_v2019.id ami_name = "WindowsServerv2019-test-ami" region = "eu-central-1" instance_type = "t2.micro" ssh_timeout = "20m" ssh_username = "Administrator" communicator = "ssh" ssh_interface = "session_manager" user_data_file = "../helper_scripts/01-configure-source-ssh.ps1" iam_instance_profile = var.instance_role

metadata_options { http_endpoint = "enabled"

http_tokens = "optional"

#   http_put_response_hop_limit = 1

}

build { sources = ["source.amazon-ebs.ansible-playbook"]

provisioner "ansible" { use_proxy = false playbook_file = "../ansible/os/base_windows_server_v2019_playbook.yml" ansible_env_vars = ["PACKER_BUILD_NAME={{ build_name }}"] extra_arguments = [ "-vvvv" ] inventory_file_template = "{{ .HostAlias }} ansible_host={{ .ID }} ansible_user={{ .User }} ansible_ssh_common_args='-o StrictHostKeyChecking=no -o ProxyCommand=\"sh -c \\"aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p\\"\"'\n" }

}

01-configure-source-ssh.ps1 :

# Install sshd Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 # Save the private key from intance metadata New-Item -Path C:\ProgramData\ssh\administrators_authorized_keys -ItemType File Set-Content -Path C:\ProgramData\ssh\administrators_authorized_keys -Value ((New-Object System.Net.WebClient).DownloadString('http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key')) # Set sshd to automatic and start Set-Service -Name sshd -StartupType "Automatic" Start-Service sshd # Set appropriate permissions on administrators_authorized_keys by copying them from an existing key Get-ACL C:\ProgramData\ssh\ssh_host_rsa_key | Set-ACL C:\ProgramData\ssh\administrators_authorized_keys # Set ssh-agent to automatic and start # Must set to automatic first as the default state is disabled Set-Service -Name ssh-agent -StartupType "Automatic" Start-Service ssh-agent # Set the default login shell for SSH connections to Powershell New-Item -Path HKLM:\SOFTWARE\OpenSSH -Force New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH ` -Name DefaultShell ` -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ` -ErrorAction Stop true

Error output as below:

amazon-ebs.ansible-playbook: ESTABLISH SSH CONNECTION FOR USER: Administrator amazon-ebs.ansible-playbook: SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/tmp/ansible-key1091301697"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="Administrator"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -o 'ProxyCommand=sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p"' '-o IdentitiesOnly=yes' -o 'ControlPath="/home/runner/.ansible/cp/fd5007ef42"' i-0c9baaec4dcaf29b6 '/bin/sh -c '"'"'echo "pwd" && sleep 0'"'"'' amazon-ebs.ansible-playbook: (1, b'', b'OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files\r\ndebug1: /etc/ssh/ssh_config line 21: Applying options for \r\ndebug3: expanded UserKnownHostsFile \'~/.ssh/known_hosts\' -> \'/home/runner/.ssh/known_hosts\'\r\ndebug3: expanded UserKnownHostsFile \'~/.ssh/known_hosts2\' -> \'/home/runner/.ssh/known_hosts2\'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2045\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\n/b amazon-ebs.ansible-playbook: Failed to connect to the host via ssh: OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 amazon-ebs.ansible-playbook: debug1: Reading configuration data /etc/ssh/ssh_config amazon-ebs.ansible-playbook: debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files amazon-ebs.ansible-playbook: debug1: /etc/ssh/ssh_config line 21: Applying options for amazon-ebs.ansible-playbook: debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/runner/.ssh/known_hosts' amazon-ebs.ansible-playbook: debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/runner/.ssh/known_hosts2' amazon-ebs.ansible-playbook: debug1: auto-mux: Trying existing master amazon-ebs.ansible-playbook: debug2: fd 3 setting O_NONBLOCK amazon-ebs.ansible-playbook: debug2: mux_client_hello_exchange: master version 4 amazon-ebs.ansible-playbook: debug3: mux_client_forwards: request forwardings: 0 local, 0 remote amazon-ebs.ansible-playbook: debug3: mux_client_request_session: entering amazon-ebs.ansible-playbook: debug3: mux_client_request_alive: entering amazon-ebs.ansible-playbook: debug3: mux_client_request_alive: done pid = 2045 amazon-ebs.ansible-playbook: debug3: mux_client_request_session: session request sent amazon-ebs.ansible-playbook: debug1: mux_client_request_session: master session id: 2 amazon-ebs.ansible-playbook: /bin/sh : The term '/bin/sh' is not recognized as the name of a cmdlet, function, script file, or amazon-ebs.ansible-playbook: operable program. Check the spelling of the name, or if a path was included, verify that the path amazon-ebs.ansible-playbook: is correct and try again. amazon-ebs.ansible-playbook: At line:1 char:1 amazon-ebs.ansible-playbook: + /bin/sh -c 'echo "pwd" && sleep 0' amazon-ebs.ansible-playbook: + ~~~ amazon-ebs.ansible-playbook: + CategoryInfo : ObjectNotFound: (/bin/sh:String) [], CommandNotFoundException amazon-ebs.ansible-playbook: + FullyQualifiedErrorId : CommandNotFoundException amazon-ebs.ansible-playbook: amazon-ebs.ansible-playbook: debug3: mux_client_read_packet: read header failed: Broken pipe amazon-ebs.ansible-playbook: debug2: Received exit status from master 1 amazon-ebs.ansible-playbook: ESTABLISH SSH CONNECTION FOR USER: Administrator amazon-ebs.ansible-playbook: SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/tmp/ansible-key1091301697"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="Administrator"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -o 'ProxyCommand=sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p"' '-o IdentitiesOnly=yes' -o 'ControlPath="/home/runner/.ansible/cp/fd5007ef42"' i-0c9baaec4dcaf29b6 '/bin/sh -c '"'"'( umask 77 && mkdir -p "echo ~/.ansible/tmp"&& mkdir "echo ~/.ansible/tmp/ansible-tmp-1710431567.9814148-2022-2756788989247" && echo ansible-tmp-1710431567.9814148-2022-2756788989247="echo ~/.ansible/tmp/ansible-tmp-1710431567.9814148-2022-2756788989247" ) && sleep 0'"'"'' amazon-ebs.ansible-playbook: (1, b'', b'OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files\r\ndebug1: /etc/ssh/ssh_config line 21: Applying options for \r\ndebug3: expanded UserKnownHostsFile \'~/.ssh/known_hosts\' -> \'/home/runner/.ssh/known_hosts\'\r\ndebug3: expanded UserKnownHostsFile \'~/.ssh/known_hosts2\' -> \'/home/runner/.ssh/known_hosts2\'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2045\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\n/b amazon-ebs.ansible-playbook: Failed to connect to the host via ssh: OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022 amazon-ebs.ansible-playbook: debug1: Reading configuration data /etc/ssh/ssh_config amazon-ebs.ansible-playbook: debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files amazon-ebs.ansible-playbook: debug1: /etc/ssh/ssh_config line 21: Applying options for amazon-ebs.ansible-playbook: debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/runner/.ssh/known_hosts' amazon-ebs.ansible-playbook: debug3: expanded UserKnownHostsFile '~/.ssh/known_hosts2' -> '/home/runner/.ssh/known_hosts2' amazon-ebs.ansible-playbook: debug1: auto-mux: Trying existing master amazon-ebs.ansible-playbook: debug2: fd 3 setting O_NONBLOCK amazon-ebs.ansible-playbook: debug2: mux_client_hello_exchange: master version 4 amazon-ebs.ansible-playbook: debug3: mux_client_forwards: request forwardings: 0 local, 0 remote amazon-ebs.ansible-playbook: debug3: mux_client_request_session: entering amazon-ebs.ansible-playbook: debug3: mux_client_request_alive: entering amazon-ebs.ansible-playbook: debug3: mux_client_request_alive: done pid = 2045 amazon-ebs.ansible-playbook: debug3: mux_client_request_session: session request sent amazon-ebs.ansible-playbook: debug1: mux_client_request_session: master session id: 2 amazon-ebs.ansible-playbook: /bin/sh : The term '/bin/sh' is not recognized as the name of a cmdlet, function, script file, or amazon-ebs.ansible-playbook: operable program. Check the spelling of the name, or if a path was included, verify that the path amazon-ebs.ansible-playbook: is correct and try again. amazon-ebs.ansible-playbook: At line:1 char:1 amazon-ebs.ansible-playbook: + /bin/sh -c '( umask 77 && mkdir -p "echo ~/.ansible/tmp"&& mkdir ... amazon-ebs.ansible-playbook: + ~~~ amazon-ebs.ansible-playbook: + CategoryInfo : ObjectNotFound: (/bin/sh:String) [], CommandNotFoundException amazon-ebs.ansible-playbook: + FullyQualifiedErrorId : CommandNotFoundException amazon-ebs.ansible-playbook: amazon-ebs.ansible-playbook: debug3: mux_client_read_packet: read header failed: Broken pipe amazon-ebs.ansible-playbook: debug2: Received exit status from master 1 amazon-ebs.ansible-playbook: fatal: [default]: UNREACHABLE! => { amazon-ebs.ansible-playbook: "changed": false, amazon-ebs.ansible-playbook: "msg": "Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in \"/tmp\", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p \"echo ~/.ansible/tmp\"&& mkdir \"echo ~/.ansible/tmp/ansible-tmp-1710431567.9814148-2022-2756788989247\" && echo ansible-tmp-1710431567.9814148-2022-2756788989247=\"echo ~/.ansible/tmp/ansible-tmp-1710431567.9814148-2022-2756788989247\" ), exited with result 1, stderr output: OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files\r\ndebug1: /etc/ssh/ssh_config line 21: Applying options for \r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/runner/.ssh/known_hosts'\r\nd amazon-ebs.ansible-playbook: "unreachable": true amazon-ebs.ansible-playbook: } amazon-ebs.ansible-playbook: amazon-ebs.ansible-playbook: PLAY RECAP ***** amazon-ebs.ansible-playbook: default : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0

When I run with provisioner "powershell" it creates the images with success.

provisioner "powershell" {
environment_vars = [
    "VAR1=A$Dollar",
    "VAR2=A`Backtick",
    "VAR3=A'SingleQuote",
    "VAR4=A\"DoubleQuote",
    "VAR5=${var.psvar}",
]
inline = [
  "Write-Output \"In the following examples the special character is interpreted correctly:\"",
  "Write-Output \"The dollar in VAR1:                            $Env:VAR1\"",
  "Write-Output \"The backtick in VAR2:                          $Env:VAR2\"",
  "Write-Output \"The single quote in VAR3:                      $Env:VAR3\"",
  "Write-Output \"The double quote in VAR4:                      $Env:VAR4\"",
  "Write-Output \"The dollar in VAR5 (expanded from a user var): $Env:VAR5\"",
]

} image

alesiobitaGit commented 8 months ago

@nywilken your support will be highly appreciated :)