From b05fd9303e664e21d488db57a8900752564e24c7 Mon Sep 17 00:00:00 2001 From: Megan Marsh Date: Fri, 9 Oct 2020 10:39:27 -0700 Subject: [PATCH 1/6] document that users must re-apply packer defualts for drive and device arguments --- builder/qemu/config.go | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/builder/qemu/config.go b/builder/qemu/config.go index 826b2edef..081087ecf 100644 --- a/builder/qemu/config.go +++ b/builder/qemu/config.go @@ -208,19 +208,27 @@ type Config struct { // the builder. By default this is output-BUILDNAME where "BUILDNAME" is the // name of the build. OutputDir string `mapstructure:"output_directory" required:"false"` - // Allows complete control over the qemu command line (though not, at this - // time, qemu-img). Each array of strings makes up a command line switch + // Allows complete control over the qemu command line (though not qemu-img). + // Each array of strings makes up a command line switch // that overrides matching default switch/value pairs. Any value specified // as an empty string is ignored. All values after the switch are // concatenated with no separator. // // ~> **Warning:** The qemu command line allows extreme flexibility, so - // beware of conflicting arguments causing failures of your run. For - // instance, using --no-acpi could break the ability to send power signal - // type commands (e.g., shutdown -P now) to the virtual machine, thus - // preventing proper shutdown. To see the defaults, look in the packer.log - // file and search for the qemu-system-x86 command. The arguments are all - // printed for review. + // beware of conflicting arguments causing failures of your run. + // For instance adding a "--drive" or "--device" override will mean that + // none of the default configuration Packer sets will be used. To see the + // defaults that Packer sets, look in your packer.log + // file (set PACKER_LOG=1 to get verbose logging) and search for the + // qemu-system-x86 command. The arguments are all printed for review, and + // you can use those arguments along with the template engines allowed + // by qemu-args to set up a working configuration that includes both the + // Packer defaults and your extra arguments. + // + // Another pitfall could be setting arguments like --no-acpi, which could + // break the ability to send power signal type commands + // (e.g., shutdown -P now) to the virtual machine, thus preventing proper + // shutdown. // // The following shows a sample usage: // From 8154e5772fa36fb45c9ed8792bbe65700187111a Mon Sep 17 00:00:00 2001 From: Wilken Rivera Date: Fri, 9 Oct 2020 16:49:29 -0400 Subject: [PATCH 2/6] provisioner/Ansible: Add Amazon SSM setup documentation --- website/pages/docs/provisioners/ansible.mdx | 148 +++++++++++++++++++- 1 file changed, 146 insertions(+), 2 deletions(-) diff --git a/website/pages/docs/provisioners/ansible.mdx b/website/pages/docs/provisioners/ansible.mdx index 30db8601d..6e754ab21 100644 --- a/website/pages/docs/provisioners/ansible.mdx +++ b/website/pages/docs/provisioners/ansible.mdx @@ -25,6 +25,10 @@ accept jinja2 `{{ function }}` macro syntax in a way that can be preserved to the Ansible run. If you need to set variables using Ansible macros, you need to do so inside your playbooks or inventory files. + +Please see the [Debugging](#debugging), [Limitations](#limitations), or [Troubleshooting](#troubleshooting) if you are having trouble +getting started. + ## Basic Example This is a fully functional template that will provision an image on @@ -575,8 +579,7 @@ Example Packer template: "groups": [ "webserver" ], "playbook_file": "./webserver.yml", "extra_arguments": [ - "--extra-vars", - "ansible_host={{user `ansible_host`}} ansible_connection={{user `ansible_connection`}}" + "--extra-vars", "ansible_host={{user `ansible_host`}} ansible_connection={{user `ansible_connection`}}" ] } ] @@ -630,6 +633,147 @@ Example playbook: name: httpd ``` +### Amazon Session Manager + +When trying to use Ansible with Amazon's Session Manager, you may run into an error where Ansible +is unable to connect to the remote Amazon instance if the local proxy adapter for Ansible [use_proxy](#use_proxy) is false. + +The error may look something like the following: + +``` +amazon-ebs: fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: connect to host 127.0.0.1 port 8362: Connection timed out", "unreachable": true} +``` + +The error is caused by a limitation on using Amazon's SSM default Port Forwarding session which only allows for one +remote connection on the forwarded port. Since Ansible's SSH communication is not using the local proxy adapter +it will try to make a new SSH connection to the same forwarded localhost port and fail. + +In order to workaround this issue Ansible can be configured via a custom inventory file to use the AWS session-manager-plugin +directly to create a new session, separate from the one created by Packer, at runtime to connect and remotely provision the instance. + +-> **Warning:** Please note that the default region configured for the `aws` cli must match the build region where the instance is being +provisioned otherwise you may run into a TargetNotConnected error. Users can use `AWS_DEFAULT_REGION` to temporarily override +their configured region. + + + + +```json + "provisioners": [ + { + "type": "ansible", + "use_proxy": false, + "ansible_env_vars": ["PACKER_BUILD_NAME={{ build_name }}"], + "playbook_file": "./playbooks/playbook_remote.yml", + "inventory_file_template": "{{ .HostAlias }} ansible_host={{ .ID }} ansible_user={{ .User }} ansible_ssh_common_args='-o StrictHostKeyChecking=no -o ProxyCommand=\"sh -c \\\"aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p\\\"\"'\n" + } + ] +``` + + + + +```hcl + provisioner "ansible" { + use_proxy = false + playbook_file = "./playbooks/playbook_remote.yml" + ansible_env_vars = ["PACKER_BUILD_NAME={{ build_name }}"] + inventory_file_template = "{{ .HostAlias }} ansible_host={{ .ID }} ansible_user={{ .User }} ansible_ssh_common_args='-o StrictHostKeyChecking=no -o ProxyCommand=\"sh -c \\\"aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p\\\"\"'\n" + } +``` + + + +Full Packer template example: + + + + +```json +{ + "variables": { + "instance_role": "SSMInstanceProfile" + }, + + "builders": [ + { + "type": "amazon-ebs", + "region": "us-east-1", + "ami_name": "packer-ami-ansible", + "instance_type": "t2.micro", + "source_ami_filter": { + "filters": { + "virtualization-type": "hvm", + "name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*", + "root-device-type": "ebs" + }, + "owners": [ + "099720109477" + ], + "most_recent": true + }, + "communicator": "ssh", + "ssh_username": "ubuntu", + "ssh_interface": "session_manager", + "iam_instance_profile":"{{user `instance_role`}}" + } + ], + "provisioners": [ + { + "type": "ansible", + "use_proxy": false, + "ansible_env_vars": ["PACKER_BUILD_NAME={{ build_name }}"], + "playbook_file": "./playbooks/playbook_remote.yml", + "inventory_file_template": "{{ .HostAlias }} ansible_host={{ .ID }} ansible_user={{ .User }} ansible_ssh_common_args='-o StrictHostKeyChecking=no -o ProxyCommand=\"sh -c \\\"aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p\\\"\"'\n" + } + ] +} + +``` + + + + +```hcl + +variables { + instance_role = "SSMInstanceProfile" +} + +source "amazon-ebs" "ansible-example" { + region = "us-east-1" + ami_name = "packer-ami-ansible" + instance_type = "t2.micro" + source_ami_filter { + filters = { + name = "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*" + virtualization-type = "hvm" + root-device-type = "ebs" + } + owners = [ "099720109477" ] + most_recent = true + } + communicator = "ssh" + ssh_username = "ubuntu" + ssh_interface = "session_manager" + iam_instance_profile = var.instance_role +} + +build { + sources = ["source.amazon-ebs.ansible-example"] + + provisioner "ansible" { + use_proxy = false + playbook_file = "./playbooks/playbook_remote.yml" + ansible_env_vars = ["PACKER_BUILD_NAME={{ build_name }}"] + inventory_file_template = "{{ .HostAlias }} ansible_host={{ .ID }} ansible_user={{ .User }} ansible_ssh_common_args='-o StrictHostKeyChecking=no -o ProxyCommand=\"sh -c \\\"aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p\\\"\"'\n" + } +} +``` + + + + ### Troubleshooting If you are using an Ansible version >= 2.8 and Packer hangs in the From ad129e7df973ce94e45bb875d7c38f037b3e1ecf Mon Sep 17 00:00:00 2001 From: Megan Marsh Date: Mon, 12 Oct 2020 16:29:41 -0700 Subject: [PATCH 3/6] update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0609ad40e..92598a4d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ * builder/azure-chroot: Fix typo in option `exlude_from_latest` to `exclude_from_latest`. Old name will still be respected. [GH-10034] +* builder/openstack: Fix source image validation regression when using filters. + [GH-10065] * core/hcl2: Packer HCL's "Coalesce" function now behaves same way as Terraform's. [GH-10016] * core/HCL: Hide sensitive variables from output. [GH-10031] From 3abae29752107dc05cb0b68e51faef915a0696f2 Mon Sep 17 00:00:00 2001 From: Wilken Rivera Date: Tue, 13 Oct 2020 10:33:59 -0400 Subject: [PATCH 4/6] Update generated docs --- .../builder/qemu/Config-not-required.mdx | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/website/pages/partials/builder/qemu/Config-not-required.mdx b/website/pages/partials/builder/qemu/Config-not-required.mdx index 9b5b140de..a5fced8ca 100644 --- a/website/pages/partials/builder/qemu/Config-not-required.mdx +++ b/website/pages/partials/builder/qemu/Config-not-required.mdx @@ -136,19 +136,27 @@ the builder. By default this is output-BUILDNAME where "BUILDNAME" is the name of the build. -- `qemuargs` ([][]string) - Allows complete control over the qemu command line (though not, at this - time, qemu-img). Each array of strings makes up a command line switch +- `qemuargs` ([][]string) - Allows complete control over the qemu command line (though not qemu-img). + Each array of strings makes up a command line switch that overrides matching default switch/value pairs. Any value specified as an empty string is ignored. All values after the switch are concatenated with no separator. ~> **Warning:** The qemu command line allows extreme flexibility, so - beware of conflicting arguments causing failures of your run. For - instance, using --no-acpi could break the ability to send power signal - type commands (e.g., shutdown -P now) to the virtual machine, thus - preventing proper shutdown. To see the defaults, look in the packer.log - file and search for the qemu-system-x86 command. The arguments are all - printed for review. + beware of conflicting arguments causing failures of your run. + For instance adding a "--drive" or "--device" override will mean that + none of the default configuration Packer sets will be used. To see the + defaults that Packer sets, look in your packer.log + file (set PACKER_LOG=1 to get verbose logging) and search for the + qemu-system-x86 command. The arguments are all printed for review, and + you can use those arguments along with the template engines allowed + by qemu-args to set up a working configuration that includes both the + Packer defaults and your extra arguments. + + Another pitfall could be setting arguments like --no-acpi, which could + break the ability to send power signal type commands + (e.g., shutdown -P now) to the virtual machine, thus preventing proper + shutdown. The following shows a sample usage: From 33019a0e01c7debdfb80c5ea9daa8c36d5acd57c Mon Sep 17 00:00:00 2001 From: Megan Marsh Date: Tue, 13 Oct 2020 13:08:27 -0700 Subject: [PATCH 5/6] add docs for hcl2_upgrade command --- website/pages/guides/hcl/from-json-v1.mdx | 37 ++++++++++++++++------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/website/pages/guides/hcl/from-json-v1.mdx b/website/pages/guides/hcl/from-json-v1.mdx index 1b447f4e3..b91afd7fd 100644 --- a/website/pages/guides/hcl/from-json-v1.mdx +++ b/website/pages/guides/hcl/from-json-v1.mdx @@ -13,8 +13,22 @@ description: |- @include 'guides/hcl2-beta-note.mdx' -We will soon provide a programatic way to transpose a v1 buildfile to a v1.5 -HCL file. In the meantime we will show how to manually do it. +As of v1.6.4, Packer provides a tool to help you convert legacy JSON files to +HCL2 files. To run it, you can use the `hcl2_upgrade` command. + +for example, + +```sh +packer hcl2_upgrade mytemplate.json +``` + +will convert your packer template to a new HCL2 file in your current working +directory named mytemplate.json.pkr.hcl. It is not a perfect converter yet; +please open an issue if you find a problem with the conversion. Packer will not +destroy your legacy json template, so this is not a risky command to call. + +Following is an explanation of how to manually upgrade a JSON template to an +HCL2 template. The following file : @@ -143,6 +157,7 @@ repeatable blocks with the same identifier. For example: } ], } +] ``` Becomes: @@ -162,19 +177,19 @@ source "amazon-ebs" "example" { delete_on_termination = true encrypted = true } +} ``` There is soon going to be a PR to drop the `s` at the end of these fields. ### Deprecation -The current layout of buildfiles will be supported until we and the community -love the new format. Only then the v1 format will be carefully deprecated. +As we become more confident in the new templates, we may begin to add new +features that are HCL2-only; one of our major motivations to moving to the new +template format is that HCL2 provides us with the flexibility to implement some +features which would be very difficult to add to the legacy JSON templates. --> **Note:** The HCL parsing library can read JSON and if it is your -configuration format of predilection, you will still be able to do it. You will -have to tweak a few things in order to use future versions of Packer that have -deprecated the current format. Sorry about that! Because the HCL reading code -is generated from the JSON parsing settings; every builder, provisioner and -post-processor setting should look and work the same. A config file transposer -is currently in the making. +However, the Packer team will continue to support the main functionality of the +current "legacy JSON" packer templates alongside the new HCL2 templates until +we and the community love the new templates. Only then the v1 format will be +deprecated. We do not anticipate this happening until late 2021 at the earliest. From c7ba5c9a14070a1a644b63d9ce12ad7c51b9ac2c Mon Sep 17 00:00:00 2001 From: Wilken Rivera Date: Wed, 14 Oct 2020 05:03:43 -0400 Subject: [PATCH 6/6] Fix line ending issues for test files (#10096) --- ...tAzureErrorNestedShouldFormat.approved.txt | 8 ++++---- ...tAzureErrorSimpleShouldFormat.approved.txt | 2 +- .../provisioner-ansible/largish-file.txt | Bin 66560 -> 66556 bytes 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/builder/azure/arm/azure_error_response_test.TestAzureErrorNestedShouldFormat.approved.txt b/builder/azure/arm/azure_error_response_test.TestAzureErrorNestedShouldFormat.approved.txt index 9160d5bc3..39d4deeec 100644 --- a/builder/azure/arm/azure_error_response_test.TestAzureErrorNestedShouldFormat.approved.txt +++ b/builder/azure/arm/azure_error_response_test.TestAzureErrorNestedShouldFormat.approved.txt @@ -1,4 +1,4 @@ -ERROR: -> DeploymentFailed : At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details. -ERROR: -> BadRequest -ERROR: -> InvalidRequestFormat : Cannot parse the request. -ERROR: -> InvalidJson : Error converting value "playground" to type 'Microsoft.WindowsAzure.Networking.Nrp.Frontend.Contract.Csm.Public.IpAllocationMethod'. Path 'properties.publicIPAllocationMethod', line 1, position 130. +ERROR: -> DeploymentFailed : At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details. +ERROR: -> BadRequest +ERROR: -> InvalidRequestFormat : Cannot parse the request. +ERROR: -> InvalidJson : Error converting value "playground" to type 'Microsoft.WindowsAzure.Networking.Nrp.Frontend.Contract.Csm.Public.IpAllocationMethod'. Path 'properties.publicIPAllocationMethod', line 1, position 130. diff --git a/builder/azure/arm/azure_error_response_test.TestAzureErrorSimpleShouldFormat.approved.txt b/builder/azure/arm/azure_error_response_test.TestAzureErrorSimpleShouldFormat.approved.txt index d50bdc052..4b4834c62 100644 --- a/builder/azure/arm/azure_error_response_test.TestAzureErrorSimpleShouldFormat.approved.txt +++ b/builder/azure/arm/azure_error_response_test.TestAzureErrorSimpleShouldFormat.approved.txt @@ -1 +1 @@ -ERROR: -> ResourceNotFound : The Resource 'Microsoft.Compute/images/PackerUbuntuImage' under resource group 'packer-test00' was not found. +ERROR: -> ResourceNotFound : The Resource 'Microsoft.Compute/images/PackerUbuntuImage' under resource group 'packer-test00' was not found. diff --git a/test/fixtures/provisioner-ansible/largish-file.txt b/test/fixtures/provisioner-ansible/largish-file.txt index 4df7b06689cf2f0b2cc1f51bfe08a15404ed8078..56036f7500758c5431fe9fadae8c42643ea349cb 100644 GIT binary patch delta 36 ucmV+<0Nek7hy?tH1hAq9v!e%*5wkTJm^8D_P3vj1y0-~Jv&8v43IPf)mk=OkUIX4?i&M*N|r+r^%GAeA|ww==n$lL$Zh6?~`LJ&Rx