So then the problem is that the cloud-init in the template doesn't add that to the user you expect. Do you have a logline similar to "ci-info: no authorized ssh keys fingerprints found for user XXX" in /var/log/cloud-init-output.log
On 19 September 2017 at 15:32, David Curran <[email protected]> wrote: > Yes, that was the link I used to get the public key into my > authorized_keys file > > On Tuesday, September 19, 2017 at 2:31:09 PM UTC+1, Rickard von Essen > wrote: >> >> Does curl http://192.168.1.1/latest/meta-data/public-keys give you the >> pub key for the keypair? >> >> On 19 September 2017 at 15:26, David Curran <[email protected]> wrote: >> >>> Thanks Rickard, >>> >>> I've run with -on-error=ask and I'm able to log in with the generated >>> password, find the temporary public key has not been put on the server and >>> no .ssh directory exists. Once I add the public key ro .ssh/authorized keys >>> and retry the rest of the process completes without a hitch. >>> >>> This is what I get back from the URLs the page you linked show >>> >>> [root@localhost ~]# curl http://192.168.1.1/latest/user-data >>> >>> [root@localhost ~]# curl http://192.168.1.1/latest/meta-data >>> service-offering >>> availability-zone >>> local-ipv4 >>> local-hostname >>> public-ipv4 >>> public-hostname >>> instance-id >>> vm-id >>> public-keys >>> cloud-identifier >>> >>> [root@localhost ~]# curl http://192.168.1.1/latest/meta >>> -data/cloud-identifier >>> CloudStack-{2f818df1-6d64-40e2-aa67-9bfa3a6a6637} >>> >>> >>> [root@localhost ~]# curl http://192.168.1.1/latest/meta-data/public-ipv4 >>> x.x.x.x >>> >>> [root@localhost ~]# curl http://192.168.1.1/latest/meta-data/local-ipv4 >>> 192.168.1.71 >>> >>> This is what I see in logs: >>> Sep 19 13:14:59 localhost rc.local: Starting cloud cloud-set-guest- >>> password. >>> Sep 19 13:15:09 localhost cloud: Found password server IP 192.168.1.1 in >>> /var/lib/NetworkManager/dhclient-3f280eb6-a130-4589-9cd4-4947081d6ae8- >>> eno16777752.lease >>> Sep 19 13:15:09 localhost cloud: Sending request to password server at >>> 192.168.1.1 >>> Sep 19 13:15:10 localhost cloud: Got response from server at 192.168.1.1 >>> Sep 19 13:15:10 localhost cloud: VM got a valid password from server at >>> 192.168.1.1 >>> Sep 19 13:15:10 localhost cloud: Changing password ... >>> Sep 19 13:15:10 localhost cloud: Sending acknowledgment to password >>> server at 192.168.1.1 >>> >>> Don't see anything in our external logging either that sheds any light >>> >>> >>> On Tuesday, September 19, 2017 at 12:47:53 PM UTC+1, Rickard von Essen >>> wrote: >>>> >>>> I would start by creating a template where you have some fixed >>>> credentials that you can use for debugging (or use the console). Run packer >>>> build --on-error=ask, so when it fails you have time to troubleshoot. >>>> >>>> Jump into the node to debug if cloud-init is functioning as it should, >>>> see http://cloudinit.readthedocs.io/en/latest/topics/ >>>> datasources/cloudstack.html >>>> >>>> You should be able to curl down the public key for the key-pair >>>> somewhere on http://10.1.1.1/latest/user-data. Then check the >>>> cloud-init logs to see if there is any error configuring you image. >>>> >>>> If you get stuck post some more details here. >>>> >>>> On 19 September 2017 at 13:26, David Curran <[email protected]> >>>> wrote: >>>> >>>>> I'm trying to build CentOS templates in cloudstack using Packer. >>>>> >>>>> Below is a config.json that works for ubuntu using temporary keys: >>>>> >>>>> >>>>> "builders": [{ >>>>> "type": "cloudstack", >>>>> "communicator": "ssh", >>>>> "ssh_username": "{{user `ssh_username`}}", >>>>> "ssh_handshake_attempts": 2, >>>>> "ssh_password": "", >>>>> >>>>> "api_url": "{{user `api_url`}}", >>>>> "api_key": "{{user `api_key`}}", >>>>> "network": "{{user `network`}}", >>>>> "secret_key": "{{user `secret_key`}}", >>>>> "service_offering": "{{user `service_offering`}}", >>>>> "source_template": "{{user `source_template`}}", >>>>> "template_os": "{{user `template_os`}}", >>>>> "zone": "{{user `zone`}}", >>>>> "expunge": true, >>>>> "public_ip_address": "{{user `public_ip`}}", >>>>> >>>>> "template_name": "{{user `template_name`}}-{{isotime \"020106-0304\"}}", >>>>> "template_password_enabled": true, >>>>> "template_scalable": true >>>>> >>>>> }], >>>>> >>>>> >>>>> The part that is failing is SSH on to the newly built VM. >>>>> >>>>> >>>>> "handshake error: ssh: handshake failed: ssh: unable to authenticate, >>>>> attempted methods [none publickey], no supported methods remain" >>>>> >>>>> I am able to log in to the machine with the password generated by >>>>> cloud stack (passwordenabled = true) but not with the generated key. When >>>>> I >>>>> log in with password I can't see any .ssh/ directory and therefore the >>>>> temporary public key isn't in the correct authorized_keys file. >>>>> >>>>> That explains why SSH fails, it is trying public key auth but can't do >>>>> it. >>>>> >>>>> However, when using winrm communicator with windows VMs, if >>>>> winrm_password is left blank or is left out entirely then it defaults to >>>>> the generated password. Is this not possible with the SSH communicator? >>>>> >>>>> Or is there a reason that the public key isn't being put on to the VM >>>>> in the first place? >>>>> >>>>> -- >>>>> This mailing list is governed under the HashiCorp Community Guidelines >>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>>> violation of those guidelines may result in your removal from this mailing >>>>> list. >>>>> >>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>> IRC: #packer-tool on Freenode >>>>> --- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Packer" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/packer-tool/ad3279b3-dd6c- >>>>> 4392-aaa3-883e0c223910%40googlegroups.com >>>>> <https://groups.google.com/d/msgid/packer-tool/ad3279b3-dd6c-4392-aaa3-883e0c223910%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> For more options, visit https://groups.google.com/d/optout. >>>>> >>>> >>>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ms >>> gid/packer-tool/329d81fa-8b24-4887-ae33-d40cf2a759d0%40googlegroups.com >>> <https://groups.google.com/d/msgid/packer-tool/329d81fa-8b24-4887-ae33-d40cf2a759d0%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/packer-tool/cae34e4c-f42c-4633-976a-5a6514b929ea%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/cae34e4c-f42c-4633-976a-5a6514b929ea%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt_iLEfDrngJ%3DbLcrbvybxbMnFGSssZJMvoaqsHE8N11eQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
