Hi all,
I am trying to use packer to create Vagrant boxes for the F5 Networks BigIQ
Virtual instances (ISO based). My configuration looks like this:
{
"variables": {
"F5_NAME": "BIGIP-14.0.0-0.0.2187"
},
"builders": [
{
"name": "{{ user `F5_NAME` }}",
"type": "virtualbox-iso",
"iso_url": "software/{{ user `F5_NAME` }}.iso",
"iso_checksum": "4b503178ab6fb80a07a41940f507c681",
"iso_checksum_type": "md5",
"ssh_username": "root",
"ssh_password": "default",
"ssh_wait_timeout": "30000s",
"headless": "false",
"shutdown_command": "shutdown -h now",
"guest_additions_mode": "disable",
"guest_os_type": "Linux_64",
"vm_name": "{{ user `F5_NAME` }}",
"boot_wait": "60s",
"boot_command": [
"<enter><wait5>",
"<enter><wait5>",
"<enter>"
],
"cpus": "2",
"disk_size": "160000",
"format": "ovf",
"memory": "4096",
"vboxmanage": [
["modifyvm","{{.Name}}","--memory","4096"],
["modifyvm","{{.Name}}","--cpus","2"],
["modifyvm","{{.Name}}","--nic1","NAT"],
["modifyvm","{{.Name}}","--boot1","disk"]
]
}
],
"post-processors": [
{
"type": "vagrant",
"compression_level": 9,
"output": "{{ build_name }}.box"
}
],
"provisioners": [
{
"type": "shell",
"inline": [
"mkdir /shared/vagrant",
"exit 0"
],
"pause_before": "60s"
},
{
"type": "file",
"source": "files",
"destination": "/shared/vagrant"
}, ...
]
}
The default administrator password combination is root/default, but F5 has
several measures to avoid insecure installations:
1. The password is marked expired after initial installation, so you are
forced to change the password.
2. The new password has to comply the password policy (should not be
based on a dictionary word, like "default")
REF: https://support.f5.com/csp/article/K10612010
As a result, I am not able to login with SSH and the virtualbox-iso based
packer build fails, before the provisioners can kick-off.
packer: -- Question 1: You are required to change your password immediately
(root enforced)
packer: Changing password for root.
packer: (current) UNIX password:
packer: Keyboard interactive challenge:
packer: -- User:
packer: -- Instructions:
packer: -- Question 1: New BIG-IP password:
packer: Keyboard interactive challenge:
packer: -- User:
packer: -- Instructions:
packer: -- Question 1: BAD PASSWORD: it is based on a dictionary word
packer: New BIG-IP password:
packer: Keyboard interactive challenge:
packer: -- User:
packer: -- Instructions:
packer: -- Question 1: BAD PASSWORD: it is based on a dictionary word
packer: New BIG-IP password:
packer: Keyboard interactive challenge:
packer: -- User:
packer: -- Instructions: BAD PASSWORD: it is based on a dictionary word
packer: [DEBUG] SSH handshake err: ssh: handshake failed: ssh: unable to
authenticate, attempted methods [keyboard-interactive none], no supported
methods remain
packer: [DEBUG] Detected authentication error. Increasing handshake
attempts.
In a normal interactive shell it would look like this:
login: root
Password: (default)
You are required to change your password immediately (root enforced)
Changing password for root.
(current) UNIX password: (default)
New BIG-IP password:
BAD PASSWORD: it is based on a dictionary word
New BIG-IP password:
BAD PASSWORD: it is based on a dictionary word
Is there support for this kind of scenario in packer or a way to hack this
into it?
"ssh_username": "root",
"ssh_password": "default",
*"ssh_new_password": "somethingmoresafe",*
"ssh_wait_timeout": "30000s",
Best regards,
Bart
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/624988a5-eaad-4a7c-a82f-a5e11caf66d3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
