You add additional EBS volumes with ami_block_device_mappings or launch_block_device_mappings. See https://packer.io/docs/builders/amazon-ebs.html#ami_block_device_mappings
On Mon, Dec 17, 2018, 15:01 Frank Dias <[email protected] wrote: > Thanks, that helped. > > how does one create an image with boot and a second volume encrypted when > the source image only has one volume (boot)? > > > On Monday, December 17, 2018 at 12:08:32 AM UTC-6, Rickard von Essen wrote: >> >> This issue looks similar >> https://github.com/hashicorp/packer/issues/6889 >> >> On Mon, Dec 17, 2018, 06:54 Frank Dias <[email protected] wrote: >> >>> I am erroring out at the end of the build. >>> >>> template: >>> >>> { >>> "description": "Copy the centos.org CentOS 6 AMI into our account so >>> that we can add boot volume encryption.", >>> "min_packer_version": "0.11.0", >>> "variables": { >>> "aws_region": "us-east-1", >>> "aws_vpc": null, >>> "aws_subnet": null, >>> "ssh_username": "centos" >>> }, >>> "builders": [ >>> { >>> "type": "amazon-ebs", >>> "ami_name": "CentOS Linux 6 x86_64 HVM EBS (encrypted) {{isotime \" >>> 20060102\"}}", >>> "ami_description": "CentOS Linux 6 x86_64 HVM EBS (encrypted) {{isotime >>> \"20060102\"}}", >>> "instance_type": "t2.micro", >>> "region": "{{user `aws_region`}}", >>> "vpc_id": "{{user `aws_vpc`}}", >>> "subnet_id": "{{user `aws_subnet`}}", >>> "source_ami_filter": { >>> "filters": { >>> "owner-alias": "aws-marketplace", >>> "product-code": "6x5jmcajty9edm3f211pqjfn2", >>> "virtualization-type": "hvm" >>> }, "owners": [ "679593333241" ], >>> "most_recent": true >>> }, >>> "ami_virtualization_type": "hvm", >>> "ssh_username": "{{user `ssh_username`}}", >>> "associate_public_ip_address": true, >>> "tags": { >>> "Name": "CentOS 6", >>> "OS": "CentOS", >>> "OSVER": "6" >>> }, >>> "encrypt_boot": true, >>> "ami_block_device_mappings": [ >>> { >>> "device_name": "/dev/sda1", >>> "volume_type": "gp2", >>> "volume_size": 8, >>> "encrypted": true, >>> "delete_on_termination": true >>> } >>> ], >>> "communicator": "ssh", >>> "ssh_pty": true >>> } >>> ], >>> "provisioners": [ >>> { >>> "type": "shell", >>> "execute_command": "sudo -S sh '{{.Path}}'", >>> "inline_shebang": "/bin/sh -e -x", >>> "inline": [ >>> "echo '** Shreding sensitive data ...'", >>> "shred -u /etc/ssh/*_key /etc/ssh/*_key.pub", >>> "shred -u /root/.*history /home/{{user `ssh_username`}}/.*history", >>> "shred -u /root/.ssh/authorized_keys /home/{{user >>> `ssh_username`}}/.ssh/authorized_keys", >>> "sync; sleep 1; sync" >>> ] >>> } >>> ] >>> } Error: packer build encrypt-centos.org-6-ami.json amazon-ebs output >>> will be in this color. ==> amazon-ebs: Prevalidating AMI Name: CentOS Linux >>> 6 x86_64 HVM EBS (encrypted) 20181217 amazon-ebs: Found Image ID: >>> ami-1585c46a ==> amazon-ebs: Creating temporary keypair: >>> packer_5c1738eb-820f-a61a-b9a1-2b92719d9d70 ==> amazon-ebs: Creating >>> temporary security group for this instance: >>> packer_5c1738ed-c4e0-a8ec-3f59-26250a9d6731 ==> amazon-ebs: Authorizing >>> access to port 22 from 0.0.0.0/0 in the temporary security group... ==> >>> amazon-ebs: Launching a source AWS instance... ==> amazon-ebs: Adding tags >>> to source instance amazon-ebs: Adding tag: "Name": "Packer Builder" >>> amazon-ebs: Instance ID: i-054aa39be987b978d ==> amazon-ebs: Waiting for >>> instance (i-054aa39be987b978d) to become ready... ==> amazon-ebs: Using ssh >>> communicator to connect: 54.174.45.106 ==> amazon-ebs: Waiting for SSH to >>> become available... ==> amazon-ebs: Connected to SSH! ==> amazon-ebs: >>> Provisioning with shell script: /tmp/packer-shell065867417 amazon-ebs: ** >>> Shreding sensitive data ... amazon-ebs: shred: /root/.*history: failed to >>> open for writing: No such file or directory amazon-ebs: shred: >>> /home/centos/.*history: failed to open for writing: No such file or >>> directory ==> amazon-ebs: Stopping the source instance... amazon-ebs: >>> Stopping instance, attempt 1 ==> amazon-ebs: Waiting for the instance to >>> stop... ==> amazon-ebs: Creating unencrypted AMI by83mJV from instance >>> i-054aa39be987b978d ==> amazon-ebs: Error creating AMI: >>> InvalidBlockDeviceMapping: the encrypted flag cannot be specified since >>> device /dev/sda1 has a conflicting encryption setting. ==> amazon-ebs: >>> status code: 400, request id: 1629781b-5404-43a5-9e8b-be562eaef8e4 ==> >>> amazon-ebs: Terminating the source AWS instance... ==> amazon-ebs: Cleaning >>> up any extra volumes... ==> amazon-ebs: Destroying volume >>> (vol-04942687a8fb4c7fa)... ==> amazon-ebs: Deleting temporary security >>> group... ==> amazon-ebs: Deleting temporary keypair... Build 'amazon-ebs' >>> errored: Error creating AMI: InvalidBlockDeviceMapping: the encrypted flag >>> cannot be specified since device /dev/sda1 has a conflicting encryption >>> setting. status code: 400, request id: 1629781b-5404-43a5-9e8b-be562eaef8e4 >>> ==> Some builds didn't complete successfully and had errors: --> >>> amazon-ebs: Error creating AMI: InvalidBlockDeviceMapping: the encrypted >>> flag cannot be specified since device /dev/sda1 has a conflicting >>> encryption setting. status code: 400, request id: >>> 1629781b-5404-43a5-9e8b-be562eaef8e4 >>> >>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/packer-tool/e417cc09-4bb3-4fb9-957f-a08181666949%40googlegroups.com >>> <https://groups.google.com/d/msgid/packer-tool/e417cc09-4bb3-4fb9-957f-a08181666949%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/eae788a1-2bc8-49a4-8678-eaca531c4065%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/eae788a1-2bc8-49a4-8678-eaca531c4065%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt_JJh0kQS4Mq0eRXQu%2BeETmoOmQjmu8zfRuFdU%3D_BKmHA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
