Full log would be great, it looks like your instance shuts down directly.
On Nov 23, 2017 09:52, "'Thenuka Keerthibandara' via Packer" <
[email protected]> wrote:
> Hi all
>
> As guided I created a new snapshot of an encrypted volume from my custom
> CMK and attached the snapshot id to packer.
>
> I have created my block device mapings like this.
>
> "ami_block_device_mappings": [
> {
> "device_name": "/dev/xvdk",
> "snapshot_id": "snap-0cb78ce26c58ecf02",
> "volume_size": 25,
> "Encrypted": true,
> "volume_type": "gp2",
> "delete_on_termination": true
> }
> ],
> "launch_block_device_mappings": [
> {
> "device_name": "/dev/xvdk",
> "snapshot_id": "snap-0cb78ce26c58ecf02",
> "volume_size": 25,
> "Encrypted": true,
> "volume_type": "gp2",
> "delete_on_termination": true
> }
> ]
>
> But When I create the AMI I get the following error and AMI bake process
> terminates.
>
> [1;31mBuild 'amazon-ebs' errored: Error waiting for instance
> (i-xxxxxxxxxxxxxxx) to become ready: unexpected state 'shutting-down',
> wanted target 'running' [0m
>
> ==> Some builds didn't complete successfully and had errors:
> --> amazon-ebs: Error waiting for instance (i-xxxxxxxxxxxxxxx) to become
> ready: unexpected state 'shutting-down', wanted target 'running'
>
> ==> Builds finished but no artifacts were created.
> Finished: FAILURE
>
> What is the correct way to put the snapshot_id?
>
> Thank you,
> Thenuka.
>
> On Wednesday, November 22, 2017 at 7:21:55 PM UTC+5:30, Thenuka
> Keerthibandara wrote:
>>
>> Will try that and re post if anything goes south @Rickard von Essen
>>
>> Thanks in advance. :)
>>
>> Thenuka.
>>
>> On Wednesday, November 22, 2017 at 5:55:05 PM UTC+5:30, Rickard von Essen
>> wrote:
>>>
>>> Unfortunately that doesn't seem to be supported. See
>>> http://docs.aws.amazon.com/AWSEC2/latest/APIReference/
>>> API_EbsBlockDevice.html and http://docs.aws.amazon.com
>>> /AWSEC2/latest/APIReference/API_RunInstances.html
>>>
>>> As a workaround you can prepare a CMK encrypted (empty) snapshot and
>>> attach that in your device mapping block. That should give you a snapshot
>>> encrypted with the KMS key you want.
>>>
>>> // Rickard
>>>
>>> On 22 November 2017 at 12:50, 'Thenuka Keerthibandara' via Packer <
>>> [email protected]> wrote:
>>>
>>>> I'm using a packer script to encrypt my EBS volumes on AWS by creating
>>>> a new AMI with encrypted EBS.
>>>>
>>>> I have a created a CMK using KMS and have added the kms_key_id in
>>>> packer script builder section as follows.
>>>>
>>>> "variables": {
>>>> ....................
>>>> "kms_key_prod": "{{env `kms_key_prod`}}",
>>>> ....................
>>>> },
>>>>
>>>> "builders": [
>>>> {
>>>> "type": "amazon-ebs",
>>>> "access_key": "{{user `aws_access_key`}}",
>>>> "secret_key": "{{user `aws_secret_key`}}",
>>>> "vpc_id": "{{user `aws_vpc_id`}}",
>>>> "subnet_id": "{{user `subnet_id`}}",
>>>> "region": "{{user `region`}}",
>>>> "kms_key_id": "{{user `kms_key_prod`}}",
>>>> "source_ami": "{{user `base_ami`}}",
>>>> "instance_type": "t2.micro",
>>>> "ssh_username": "ubuntu",
>>>> "ami_name": "{{user `name`}}-Default-{{isotime
>>>> \"2006-01-02-1504\"}}",
>>>> "ami_description": "Base AMI for Ubuntu 16.04",
>>>> "tags": {
>>>> "Name": "Default-Base",
>>>> "Project": "Public Cloud",
>>>> "Build": "{{ user `buildtime` }}"
>>>> },
>>>> "ami_block_device_mappings": [
>>>> {
>>>> "device_name": "/dev/xvdk",
>>>> "volume_size": 25,
>>>> "Encrypted": true,
>>>> "volume_type": "gp2",
>>>> "delete_on_termination": true
>>>> }
>>>> ],
>>>> "launch_block_device_mappings": [
>>>> {
>>>> "device_name": "/dev/xvdk",
>>>> "volume_size": 25,
>>>> "Encrypted": true,
>>>> "volume_type": "gp2",
>>>> "delete_on_termination": true
>>>> }
>>>> ]
>>>> }
>>>> ],
>>>>
>>>>
>>>> But when packer runs, the generated AMI has an attached snapshots of
>>>> the devices I have attached encrpted with the "default" CMK which is
>>>> "aws/ebs" that is unique for the specific region.
>>>>
>>>> I don't need my boot volume to get encrypted but the attahced EBS
>>>> volumes to be encrypted with the KMS key that I have created.
>>>>
>>>> Does anyone know if this a limitation in packer or if there is any
>>>> other way to achieve this through packer?
>>>>
>>>> Regards,
>>>> Thenuka
>>>>
>>>>
>>>> --
>>>> This mailing list is governed under the HashiCorp Community Guidelines
>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in
>>>> violation of those guidelines may result in your removal from this mailing
>>>> list.
>>>>
>>>> GitHub Issues: https://github.com/mitchellh/packer/issues
>>>> IRC: #packer-tool on Freenode
>>>> ---
>>>> You received this message because you are subscribed to the Google
>>>> Groups "Packer" group.
>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>> an email to [email protected].
>>>> To view this discussion on the web visit https://groups.google.com/d/ms
>>>> gid/packer-tool/ea5c895d-584b-45aa-9613-ec913de08231%40googlegroups.com
>>>> <https://groups.google.com/d/msgid/packer-tool/ea5c895d-584b-45aa-9613-ec913de08231%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>> .
>>>> For more options, visit https://groups.google.com/d/optout.
>>>>
>>>
>>> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in
> violation of those guidelines may result in your removal from this mailing
> list.
>
> GitHub Issues: https://github.com/mitchellh/packer/issues
> IRC: #packer-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Packer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/packer-tool/77d725be-987d-4a73-844d-f30f01601dc6%40googlegroups.com
> <https://groups.google.com/d/msgid/packer-tool/77d725be-987d-4a73-844d-f30f01601dc6%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/CALz9Rt9fyQfx3mt7iGLRZoZ4q9pyM8wkPhXxjmbiLEPHvsZLnQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
