Yes, that was the link I used to get the public key into my authorized_keys file
On Tuesday, September 19, 2017 at 2:31:09 PM UTC+1, Rickard von Essen wrote: > > Does curl http://192.168.1.1/latest/meta-data/public-keys give you the > pub key for the keypair? > > On 19 September 2017 at 15:26, David Curran <[email protected] > <javascript:>> wrote: > >> Thanks Rickard, >> >> I've run with -on-error=ask and I'm able to log in with the generated >> password, find the temporary public key has not been put on the server and >> no .ssh directory exists. Once I add the public key ro .ssh/authorized keys >> and retry the rest of the process completes without a hitch. >> >> This is what I get back from the URLs the page you linked show >> >> [root@localhost ~]# curl http://192.168.1.1/latest/user-data >> >> [root@localhost ~]# curl http://192.168.1.1/latest/meta-data >> service-offering >> availability-zone >> local-ipv4 >> local-hostname >> public-ipv4 >> public-hostname >> instance-id >> vm-id >> public-keys >> cloud-identifier >> >> [root@localhost ~]# curl >> http://192.168.1.1/latest/meta-data/cloud-identifier >> CloudStack-{2f818df1-6d64-40e2-aa67-9bfa3a6a6637} >> >> >> [root@localhost ~]# curl http://192.168.1.1/latest/meta-data/public-ipv4 >> x.x.x.x >> >> [root@localhost ~]# curl http://192.168.1.1/latest/meta-data/local-ipv4 >> 192.168.1.71 >> >> This is what I see in logs: >> Sep 19 13:14:59 localhost rc.local: Starting cloud cloud-set-guest- >> password. >> Sep 19 13:15:09 localhost cloud: Found password server IP 192.168.1.1 in >> /var/lib/NetworkManager/dhclient-3f280eb6-a130-4589-9cd4-4947081d6ae8- >> eno16777752.lease >> Sep 19 13:15:09 localhost cloud: Sending request to password server at >> 192.168.1.1 >> Sep 19 13:15:10 localhost cloud: Got response from server at 192.168.1.1 >> Sep 19 13:15:10 localhost cloud: VM got a valid password from server at >> 192.168.1.1 >> Sep 19 13:15:10 localhost cloud: Changing password ... >> Sep 19 13:15:10 localhost cloud: Sending acknowledgment to password >> server at 192.168.1.1 >> >> Don't see anything in our external logging either that sheds any light >> >> >> On Tuesday, September 19, 2017 at 12:47:53 PM UTC+1, Rickard von Essen >> wrote: >>> >>> I would start by creating a template where you have some fixed >>> credentials that you can use for debugging (or use the console). Run packer >>> build --on-error=ask, so when it fails you have time to troubleshoot. >>> >>> Jump into the node to debug if cloud-init is functioning as it should, >>> see >>> http://cloudinit.readthedocs.io/en/latest/topics/datasources/cloudstack.html >>> >>> You should be able to curl down the public key for the key-pair >>> somewhere on http://10.1.1.1/latest/user-data. Then check the >>> cloud-init logs to see if there is any error configuring you image. >>> >>> If you get stuck post some more details here. >>> >>> On 19 September 2017 at 13:26, David Curran <[email protected]> wrote: >>> >>>> I'm trying to build CentOS templates in cloudstack using Packer. >>>> >>>> Below is a config.json that works for ubuntu using temporary keys: >>>> >>>> >>>> "builders": [{ >>>> "type": "cloudstack", >>>> "communicator": "ssh", >>>> "ssh_username": "{{user `ssh_username`}}", >>>> "ssh_handshake_attempts": 2, >>>> "ssh_password": "", >>>> >>>> "api_url": "{{user `api_url`}}", >>>> "api_key": "{{user `api_key`}}", >>>> "network": "{{user `network`}}", >>>> "secret_key": "{{user `secret_key`}}", >>>> "service_offering": "{{user `service_offering`}}", >>>> "source_template": "{{user `source_template`}}", >>>> "template_os": "{{user `template_os`}}", >>>> "zone": "{{user `zone`}}", >>>> "expunge": true, >>>> "public_ip_address": "{{user `public_ip`}}", >>>> >>>> "template_name": "{{user `template_name`}}-{{isotime \"020106-0304\"}}", >>>> "template_password_enabled": true, >>>> "template_scalable": true >>>> >>>> }], >>>> >>>> >>>> The part that is failing is SSH on to the newly built VM. >>>> >>>> >>>> "handshake error: ssh: handshake failed: ssh: unable to authenticate, >>>> attempted methods [none publickey], no supported methods remain" >>>> >>>> I am able to log in to the machine with the password generated by cloud >>>> stack (passwordenabled = true) but not with the generated key. When I log >>>> in with password I can't see any .ssh/ directory and therefore the >>>> temporary public key isn't in the correct authorized_keys file. >>>> >>>> That explains why SSH fails, it is trying public key auth but can't do >>>> it. >>>> >>>> However, when using winrm communicator with windows VMs, if >>>> winrm_password is left blank or is left out entirely then it defaults to >>>> the generated password. Is this not possible with the SSH communicator? >>>> >>>> Or is there a reason that the public key isn't being put on to the VM >>>> in the first place? >>>> >>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/packer-tool/ad3279b3-dd6c-4392-aaa3-883e0c223910%40googlegroups.com >>>> >>>> <https://groups.google.com/d/msgid/packer-tool/ad3279b3-dd6c-4392-aaa3-883e0c223910%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/329d81fa-8b24-4887-ae33-d40cf2a759d0%40googlegroups.com >> >> <https://groups.google.com/d/msgid/packer-tool/329d81fa-8b24-4887-ae33-d40cf2a759d0%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/cae34e4c-f42c-4633-976a-5a6514b929ea%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
