search

hashicorp / packer

Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
http://www.packer.io
Other
15.1k stars 3.33k forks source link

unable to specify tag in source ami filter #7138

Closed hoshsadiq closed 5 years ago

hoshsadiq commented 5 years ago

I'm currently trying to filter the source ami through tags. When I remove the tag filter, it works fine. Trying the same using aws cli it finds the AMI correctly.

# packer build packer.json
amazon-ebs output will be in this color.

==> amazon-ebs: Prevalidating AMI Name: hosh-windows-server-2016-Core-290-encrypted
==> amazon-ebs: No AMI was found matching filters: {
==> amazon-ebs:   Filters: [
==> amazon-ebs:     {
==> amazon-ebs:       Name: "tag:mytag",
==> amazon-ebs:       Values: ["false"]
==> amazon-ebs:     },
==> amazon-ebs:     {
==> amazon-ebs:       Name: "name",
==> amazon-ebs:       Values: ["hosh-windows-server-2016-Core-290"]
==> amazon-ebs:     },
==> amazon-ebs:     {
==> amazon-ebs:       Name: "virtualization-type",
==> amazon-ebs:       Values: ["hvm"]
==> amazon-ebs:     },
==> amazon-ebs:     {
==> amazon-ebs:       Name: "root-device-type",
==> amazon-ebs:       Values: ["ebs"]
==> amazon-ebs:     }
==> amazon-ebs:   ],
==> amazon-ebs:   Owners: ["<account>"]
==> amazon-ebs: }
Build 'amazon-ebs' errored: No AMI was found matching filters: {
  Filters: [
    {
      Name: "tag:mytag",
      Values: ["false"]
    },
    {
      Name: "name",
      Values: ["hosh-windows-server-2016-Core-290"]
    },
    {
      Name: "virtualization-type",
      Values: ["hvm"]
    },
    {
      Name: "root-device-type",
      Values: ["ebs"]
    }
  ],
  Owners: ["<account>"]
}

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: No AMI was found matching filters: {
  Filters: [
    {
      Name: "tag:mytag",
      Values: ["false"]
    },
    {
      Name: "name",
      Values: ["hosh-windows-server-2016-Core-290"]
    },
    {
      Name: "virtualization-type",
      Values: ["hvm"]
    },
    {
      Name: "root-device-type",
      Values: ["ebs"]
    }
  ],
  Owners: ["<account>"]
}

==> Builds finished but no artifacts were created.

# aws --region eu-west-1 ec2 describe-images --owners <account> --filters '[{"Name":"root-device-type","Values":["ebs"]},{"Name":"tag:mytag",
"Values":["false"]},{"Name":"name","Values":["hosh-windows-server-2016-Core-290"]},{"Name":"virtualization-type","Values":["hvm"]}]'
{
    "Images": [
...
    ]
}
rickard-von-essen commented 5 years ago

How does your source_ami_filters look?

hoshsadiq commented 5 years ago

Ah sorry! This is it:

      "source_ami_filter": {
        "filters": {
          "name": "hosh-windows-server-2016-Core-*",
          "virtualization-type": "hvm",
          "root-device-type": "ebs",
          "tag:mytag": "false"
        },
        "owners": [
          "<account>"
        ],
        "most_recent": true
      },

Currently I've gone around it by appending a binary value at the end of name, e.g. for true hosh-windows-server-2016-Core-*-mytag, for false hosh-windows-server-2016-Core-*-mytagfalse kind of thing.

rickard-von-essen commented 5 years ago

The API doesn't support globs.

EDIT: It does, but not regexps.

hoshsadiq commented 5 years ago

It does. I'm not using regexps. Anyway, been using the glob for a while and it's been working. This is about the tag not being matched. Happy to try and provide you with a minimal packer.json config to reproduce but the main thing is that you need an AMI with a tag that you want to filter on, and then the filters I posted before and it won't find it.

hoshsadiq commented 5 years ago

Not matching the tag is quite weird, as I'm guessing packer directly sends the tags json to the AWS API. Really strange.

rickard-von-essen commented 5 years ago

Yes we are just passing this to the AWS API so I think there is something we are missing. Are you using the same credentials? Tags are only visible in the account where they exists. Even if the AMI is shared with another account that can't see the tags in the owning account.

hoshsadiq commented 5 years ago

Ah! That's a good point I forgot about. That's exactly what it is!

rickard-von-essen commented 5 years ago

:+1:

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.