Thanks, do I not need to mention the KMS id ? Best Regards, Arun Janarthanan
On Tue, Sep 4, 2018 at 1:32 PM, Rickard von Essen < [email protected]> wrote: > Just set encrypt_boot to true. > > https://www.packer.io/docs/builders/amazon-ebs.html#encrypt_boot > > On Tue, Sep 4, 2018, 16:43 Arunkumar Janarthanan < > [email protected]> wrote: > >> Thanks Rickard, I wanted to have the root volume encrypted, for now I had >> to run another script after provisioning the image to encrypt the AMI >> through AWS cli. >> >> Best Regards, >> Arun Janarthanan >> >> >> >> On Sat, Sep 1, 2018 at 9:01 AM, Rickard von Essen < >> [email protected]> wrote: >> >>> It looks like you are using the wrong device_name: >>> >>> $ AWS_PROFILE=admin aws --region us-west-2 ec2 describe-images >>> --image-ids ami-37efa14f >>> { >>> "Images": [ >>> { >>> "Architecture": "x86_64", >>> "CreationDate": "2018-06-22T23:29:16.000Z", >>> "ImageId": "ami-37efa14f", >>> "ImageLocation": "amazon/amzn2-ami-minimal-hvm- >>> 2.0.20180622.1-x86_64-ebs", >>> "ImageType": "machine", >>> "Public": true, >>> "OwnerId": "137112412989", >>> "State": "available", >>> "BlockDeviceMappings": [ >>> { >>> "DeviceName": "/dev/xvda", >>> "Ebs": { >>> "Encrypted": false, >>> "DeleteOnTermination": true, >>> "SnapshotId": "snap-04e358335dc927649", >>> "VolumeSize": 2, >>> "VolumeType": "standard" >>> } >>> } >>> ], >>> "Description": "Amazon Linux 2 AMI 2.0.20180622.1 x86_64 >>> Minimal HVM ebs", >>> "EnaSupport": true, >>> "Hypervisor": "xen", >>> "ImageOwnerAlias": "amazon", >>> "Name": "amzn2-ami-minimal-hvm-2.0.20180622.1-x86_64-ebs", >>> "RootDeviceName": "/dev/xvda", >>> "RootDeviceType": "ebs", >>> "SriovNetSupport": "simple", >>> "VirtualizationType": "hvm" >>> } >>> ] >>> } >>> >>> This thread contains more information: >>> https://groups.google.com/d/msgid/packer-tool/ea501630- >>> 7e60-43aa-a543-cb60f90cbaa5%40googlegroups.com >>> >>> On Thu, 30 Aug 2018 at 21:39, Arunkumar Janarthanan < >>> [email protected]> wrote: >>> >>>> Apologize for the short subject line and the missing salutations. >>>> >>>> On Thursday, August 30, 2018 at 3:31:42 PM UTC-4, Arunkumar Janarthanan >>>> wrote: >>>>> >>>>> I run Packer 1.2.5 on OSX, I have been trying to create encrypted >>>>> volume AMI with CIS security hardened script enabled and facing numerous >>>>> problems with it. >>>>> >>>>> Problem #1. >>>>> >>>>> I am getting SSH timeout upon adding the below section, however >>>>> without the below section AMI provisioning looks good except the root >>>>> volume size always 2 gig. >>>>> >>>>> Error: >>>>> >>>>> 2018/08/30 13:11:18 packer: 2018/08/30 13:11:18 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:11:38 packer: 2018/08/30 13:11:38 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:11:58 packer: 2018/08/30 13:11:58 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:12:18 packer: 2018/08/30 13:12:18 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:12:38 packer: 2018/08/30 13:12:38 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:12:58 packer: 2018/08/30 13:12:58 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:13:18 packer: 2018/08/30 13:13:18 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:13:38 packer: 2018/08/30 13:13:38 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:13:58 packer: 2018/08/30 13:13:58 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:14:18 packer: 2018/08/30 13:14:18 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:14:38 packer: 2018/08/30 13:14:38 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:14:58 packer: 2018/08/30 13:14:58 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> 2018/08/30 13:15:06 packer: 2018/08/30 13:15:06 No AWS timeout and >>>>> polling overrides have been set. Packer will defalt to waiter-specific >>>>> delays and timeouts. If you would like to customize the length of time >>>>> between retries and max number of retries you may do so by setting the >>>>> environment variables AWS_POLL_DELAY_SECONDS and AWS_MAX_ATTEMPTS to your >>>>> desired values. >>>>> >>>>> 2018/08/30 13:15:18 packer: 2018/08/30 13:15:18 [DEBUG] TCP connection >>>>> to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout >>>>> >>>>> >>>>> >>>>> // ----------- >>>>> >>>>> "ami_block_device_mappings": [ { >>>>> >>>>> "device_name": "/dev/sda1", >>>>> >>>>> "volume_size": 64, >>>>> >>>>> "delete_on_termination": true >>>>> >>>>> } ], >>>>> >>>>> "launch_block_device_mappings": [ { >>>>> >>>>> "device_name": "/dev/sda1", >>>>> >>>>> "volume_size": 64, >>>>> >>>>> "delete_on_termination": true >>>>> >>>>> } ], >>>>> >>>>> >>>>> // ----- >>>>> >>>>> >>>>> Full json file: this works except it only creates 3 gig root volume. >>>>> >>>>> >>>>> ======= >>>>> >>>>> >>>>> { >>>>> >>>>> "variables" : { >>>>> >>>>> "region" : "us-west-2" >>>>> >>>>> }, >>>>> >>>>> "builders" : [ >>>>> >>>>> { >>>>> >>>>> "type" : "amazon-ebs", >>>>> >>>>> "profile" : "default", >>>>> >>>>> "region" : "{{user `region`}}", >>>>> >>>>> "instance_type" : "t2.micro", >>>>> >>>>> "source_ami" : "ami-37efa14f", >>>>> >>>>> "ssh_username" : "ec2-user", >>>>> >>>>> "ami_name" : "docker-17.12.1-ce", >>>>> >>>>> "ami_description" : "Amazon Linux Image with Docker-CE", >>>>> >>>>> "ami_block_device_mappings": [{ >>>>> >>>>> "delete_on_termination": "true", >>>>> >>>>> "device_name": "/dev/sda1" >>>>> >>>>> }], >>>>> >>>>> "run_tags" : { >>>>> >>>>> "Name" : "AE-Plain", >>>>> >>>>> "Tool" : "Packer", >>>>> >>>>> "Author" : "AJ" >>>>> >>>>> } >>>>> >>>>> } >>>>> >>>>> ], >>>>> >>>>> "provisioners" : [ >>>>> >>>>> { >>>>> >>>>> "type" : "shell", >>>>> >>>>> "script" : "./setup.sh" >>>>> >>>>> }, >>>>> >>>>> { >>>>> >>>>> "type": "shell", >>>>> >>>>> "execute_command": "sudo -S bash '{{ .Path }}'", >>>>> >>>>> "scripts": [ >>>>> >>>>> "amazonlinux-hardening.sh", >>>>> >>>>> "docker-secure.sh" >>>>> >>>>> ] >>>>> >>>>> } >>>>> >>>>> ] >>>>> >>>>> } >>>>> >>>>> >>>>> Kindly advise. >>>>> >>>>> Thanks, >>>>> AJ >>>>> >>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit https://groups.google.com/d/ >>>> msgid/packer-tool/4883a996-6688-4afd-aa29-34d87e8f7a3b% >>>> 40googlegroups.com >>>> <https://groups.google.com/d/msgid/packer-tool/4883a996-6688-4afd-aa29-34d87e8f7a3b%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit https://groups.google.com/d/ >>> msgid/packer-tool/CALz9Rt920KL0a8FpeD3WEJTR-mzH6y2VzAsrOoBDJEauATP7Qw% >>> 40mail.gmail.com >>> <https://groups.google.com/d/msgid/packer-tool/CALz9Rt920KL0a8FpeD3WEJTR-mzH6y2VzAsrOoBDJEauATP7Qw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion on the web visit https://groups.google.com/d/ >> msgid/packer-tool/CALJ%2BeNLYoUAQwG2jWKULEnMbW8XZn7f0 >> Oh54VJ3iN1%3DQtkkGTw%40mail.gmail.com >> <https://groups.google.com/d/msgid/packer-tool/CALJ%2BeNLYoUAQwG2jWKULEnMbW8XZn7f0Oh54VJ3iN1%3DQtkkGTw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/packer-tool/CALz9Rt-k%2B1esM8Qc0FwJVqPm%3DSLuTRFeF% > 3DUO7p%3DWeW461t6QBg%40mail.gmail.com > <https://groups.google.com/d/msgid/packer-tool/CALz9Rt-k%2B1esM8Qc0FwJVqPm%3DSLuTRFeF%3DUO7p%3DWeW461t6QBg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALJ%2BeN%2BLKdPaw7BKbkCx1xt6hCPztUPd5RGivLsmZVmCh%3D5s0g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
