Thanks, that helped. how does one create an image with boot and a second volume encrypted when the source image only has one volume (boot)?
On Monday, December 17, 2018 at 12:08:32 AM UTC-6, Rickard von Essen wrote: > > This issue looks similar > https://github.com/hashicorp/packer/issues/6889 > > On Mon, Dec 17, 2018, 06:54 Frank Dias <[email protected] <javascript:> > wrote: > >> I am erroring out at the end of the build. >> >> template: >> >> { >> "description": "Copy the centos.org CentOS 6 AMI into our account so >> that we can add boot volume encryption.", >> "min_packer_version": "0.11.0", >> "variables": { >> "aws_region": "us-east-1", >> "aws_vpc": null, >> "aws_subnet": null, >> "ssh_username": "centos" >> }, >> "builders": [ >> { >> "type": "amazon-ebs", >> "ami_name": "CentOS Linux 6 x86_64 HVM EBS (encrypted) {{isotime \" >> 20060102\"}}", >> "ami_description": "CentOS Linux 6 x86_64 HVM EBS (encrypted) {{isotime >> \"20060102\"}}", >> "instance_type": "t2.micro", >> "region": "{{user `aws_region`}}", >> "vpc_id": "{{user `aws_vpc`}}", >> "subnet_id": "{{user `aws_subnet`}}", >> "source_ami_filter": { >> "filters": { >> "owner-alias": "aws-marketplace", >> "product-code": "6x5jmcajty9edm3f211pqjfn2", >> "virtualization-type": "hvm" >> }, "owners": [ "679593333241" ], >> "most_recent": true >> }, >> "ami_virtualization_type": "hvm", >> "ssh_username": "{{user `ssh_username`}}", >> "associate_public_ip_address": true, >> "tags": { >> "Name": "CentOS 6", >> "OS": "CentOS", >> "OSVER": "6" >> }, >> "encrypt_boot": true, >> "ami_block_device_mappings": [ >> { >> "device_name": "/dev/sda1", >> "volume_type": "gp2", >> "volume_size": 8, >> "encrypted": true, >> "delete_on_termination": true >> } >> ], >> "communicator": "ssh", >> "ssh_pty": true >> } >> ], >> "provisioners": [ >> { >> "type": "shell", >> "execute_command": "sudo -S sh '{{.Path}}'", >> "inline_shebang": "/bin/sh -e -x", >> "inline": [ >> "echo '** Shreding sensitive data ...'", >> "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", >> "shred -u /root/.*history /home/{{user `ssh_username`}}/.*history", >> "shred -u /root/.ssh/authorized_keys /home/{{user >> `ssh_username`}}/.ssh/authorized_keys", >> "sync; sleep 1; sync" >> ] >> } >> ] >> } Error: packer build encrypt-centos.org-6-ami.json amazon-ebs output >> will be in this color. ==> amazon-ebs: Prevalidating AMI Name: CentOS Linux >> 6 x86_64 HVM EBS (encrypted) 20181217 amazon-ebs: Found Image ID: >> ami-1585c46a ==> amazon-ebs: Creating temporary keypair: >> packer_5c1738eb-820f-a61a-b9a1-2b92719d9d70 ==> amazon-ebs: Creating >> temporary security group for this instance: >> packer_5c1738ed-c4e0-a8ec-3f59-26250a9d6731 ==> amazon-ebs: Authorizing >> access to port 22 from 0.0.0.0/0 in the temporary security group... ==> >> amazon-ebs: Launching a source AWS instance... ==> amazon-ebs: Adding tags >> to source instance amazon-ebs: Adding tag: "Name": "Packer Builder" >> amazon-ebs: Instance ID: i-054aa39be987b978d ==> amazon-ebs: Waiting for >> instance (i-054aa39be987b978d) to become ready... ==> amazon-ebs: Using ssh >> communicator to connect: 54.174.45.106 ==> amazon-ebs: Waiting for SSH to >> become available... ==> amazon-ebs: Connected to SSH! ==> amazon-ebs: >> Provisioning with shell script: /tmp/packer-shell065867417 amazon-ebs: ** >> Shreding sensitive data ... amazon-ebs: shred: /root/.*history: failed to >> open for writing: No such file or directory amazon-ebs: shred: >> /home/centos/.*history: failed to open for writing: No such file or >> directory ==> amazon-ebs: Stopping the source instance... amazon-ebs: >> Stopping instance, attempt 1 ==> amazon-ebs: Waiting for the instance to >> stop... ==> amazon-ebs: Creating unencrypted AMI by83mJV from instance >> i-054aa39be987b978d ==> amazon-ebs: Error creating AMI: >> InvalidBlockDeviceMapping: the encrypted flag cannot be specified since >> device /dev/sda1 has a conflicting encryption setting. ==> amazon-ebs: >> status code: 400, request id: 1629781b-5404-43a5-9e8b-be562eaef8e4 ==> >> amazon-ebs: Terminating the source AWS instance... ==> amazon-ebs: Cleaning >> up any extra volumes... ==> amazon-ebs: Destroying volume >> (vol-04942687a8fb4c7fa)... ==> amazon-ebs: Deleting temporary security >> group... ==> amazon-ebs: Deleting temporary keypair... Build 'amazon-ebs' >> errored: Error creating AMI: InvalidBlockDeviceMapping: the encrypted flag >> cannot be specified since device /dev/sda1 has a conflicting encryption >> setting. status code: 400, request id: 1629781b-5404-43a5-9e8b-be562eaef8e4 >> ==> Some builds didn't complete successfully and had errors: --> >> amazon-ebs: Error creating AMI: InvalidBlockDeviceMapping: the encrypted >> flag cannot be specified since device /dev/sda1 has a conflicting >> encryption setting. status code: 400, request id: >> 1629781b-5404-43a5-9e8b-be562eaef8e4 >> >> -- >> This mailing list is governed under the HashiCorp Community Guidelines - >> https://www.hashicorp.com/community-guidelines.html. Behavior in >> violation of those guidelines may result in your removal from this mailing >> list. >> >> GitHub Issues: https://github.com/mitchellh/packer/issues >> IRC: #packer-tool on Freenode >> --- >> You received this message because you are subscribed to the Google Groups >> "Packer" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/packer-tool/e417cc09-4bb3-4fb9-957f-a08181666949%40googlegroups.com >> >> <https://groups.google.com/d/msgid/packer-tool/e417cc09-4bb3-4fb9-957f-a08181666949%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/eae788a1-2bc8-49a4-8678-eaca531c4065%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
