You don't need booth ami_block_device_mappings and
launch_block_device_mappings. This works for me and adds two EBS volumes in
addition to the boot volume, one of these is encrypted with the default KMS
EBS key.
{
"provisioners" : [
{
"type" : "shell",
"inline" : [
"sudo apt-get update",
"sudo apt-get install -y apt-transport-https ca-certificates
curl software-properties-common",
"sudo apt-get update"
]
}
],
"builders" : [
{
"type" : "amazon-ebs",
"ami_name" : "Docker EE AMI {{isotime \"2006-01-02T030406\"}}",
"ssh_username" : "ubuntu",
"source_ami_filter" : {
"filters" : {
"name" : "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*",
"root-device-type" : "ebs",
"virtualization-type" : "hvm"
},
"most_recent" : true,
"owners" : [
"099720109477"
]
},
"associate_public_ip_address" : true,
"subnet_id" : "{{user `aws_subnet_id`}}",
"instance_type" : "t2.micro",
"launch_block_device_mappings" : [
{
"delete_on_termination" : true,
"volume_size" : 8,
"volume_type" : "gp2",
"device_name" : "/dev/xvda"
},
{
"volume_size" : 8,
"delete_on_termination" : false,
"volume_type" : "gp2",
"encrypted" : true,
"device_name" : "/dev/xvdb"
}
]
}
],
"variables" : {
"aws_subnet_id" : "{{env `AWS_SUBNET_ID`}}"
}
}
Inspection of the resulting AMI:
$ AWS_PROFILE=packer-demo AWS_DEFAULT_REGION=eu-west-1 aws ec2
describe-images --image-ids ami-04cfc168ea949abe8 --query
"Images[].BlockDeviceMappings"
[
[
{
"DeviceName": "/dev/sda1",
"Ebs": {
"Encrypted": false,
"DeleteOnTermination": true,
"SnapshotId": "snap-03e9353df32e489e5",
"VolumeSize": 8,
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvda",
"Ebs": {
"Encrypted": false,
"DeleteOnTermination": true,
"SnapshotId": "snap-04cd6188c33186e0d",
"VolumeSize": 8,
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdb",
"Ebs": {
"Encrypted": true,
"DeleteOnTermination": false,
"SnapshotId": "snap-08c1bf4f0537bed46",
"VolumeSize": 8,
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/sdb",
"VirtualName": "ephemeral0"
},
{
"DeviceName": "/dev/sdc",
"VirtualName": "ephemeral1"
}
]
]
On 25 May 2018 at 20:35, Derek the DevOps guy <[email protected]>
wrote:
> Hi all,
>
> I'm new to using packer. So far it looks like a wonderful tool with lots
> of feature. Thanks for the help with putting it altogether.
>
> I need to create an AMI based on ubuntu 16.04 with a small non-encrypted
> volume and an encrypted volume data. Things work fine except the data
> volume is not encrypted even though I specified "encrypted: true". Do I
> need to encrypt the drive myself in my provision script or am I missing
> something? Would appreciate any and all help/pointers.
>
>
> Thanks,
>
> Derek
>
> packer version - 1.2.2
>
> Here's my build json.
> ============================================================
> {
> "variables": {
> "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
> "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
> "aws_default_region": "{{env `AWS_DEFAULT_REGION`}}",
> "aws_subnet_id": "{{env `AWS_SUBNET_ID`}}"
> },
> "builders": [{
> "type": "amazon-ebs",
> "access_key": "{{user `aws_access_key`}}",
> "secret_key": "{{user `aws_secret_key`}}",
> "region": "{{user `aws_default_region`}}",
> "subnet_id": "{{user `aws_subnet_id`}}",
> "associate_public_ip_address": true,
> "source_ami_filter": {
> "filters": {
> "virtualization-type": "hvm",
> "name": "ubuntu/images/*ubuntu-xenial-16.04-amd64-server-*",
> "root-device-type": "ebs"
> },
> "owners": ["099720109477"],
> "most_recent": true
> },
> "instance_type": "t2.micro",
> "ssh_username": "ubuntu",
> "ami_name": "Docker EE AMI {{isotime \"2006-01-02T030406\"}}",
> "ami_block_device_mappings" : [
> {
> "volume_type" : "gp2",
> "device_name" : "/dev/xvda",
> "delete_on_termination" : true,
> "volume_size" : 8
> },
> {
> "volume_type" : "gp2",
> "device_name" : "/dev/xvdb",
> "delete_on_termination" : false,
> "encrypted" : true,
> "volume_size" : 80
> }
> ],
> "launch_block_device_mappings" : [
> {
> "volume_type" : "gp2",
> "device_name" : "/dev/xvda",
> "delete_on_termination" : true,
> "volume_size" : 8
> },
> {
> "volume_type" : "gp2",
> "device_name" : "/dev/xvdb",
> "delete_on_termination" : false,
> "encrypted" : true,
> "volume_size" : 80
> }
> ]
> }],
> "provisioners": [{
> "type": "shell",
> "inline": [
> "sleep 30",
> "sudo apt-get update",
> "sudo apt-get install -y apt-transport-https ca-certificates curl
> software-properties-common",
> "sudo apt-get update"
> ]
> }]
> }
>
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in
> violation of those guidelines may result in your removal from this mailing
> list.
>
> GitHub Issues: https://github.com/mitchellh/packer/issues
> IRC: #packer-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Packer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/packer-tool/e432820d-443a-4f36-9c6f-b6172b88a8ca%40googlegroups.com
> <https://groups.google.com/d/msgid/packer-tool/e432820d-443a-4f36-9c6f-b6172b88a8ca%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/CALz9Rt8jTXXmz172txbe5ugEOU%2BX4t1%3DsqNL5F9FCqETmWSZnA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
