Most likely your hardening prevents executables in /tmp. It fails on: chmod +x /tmp/script_6094.sh
Try to set: https://packer.io/docs/provisioners/shell.html#remote_folder To somewhere inside the ssh users home directory. On Mon, Apr 22, 2019, 18:37 Zachary Estrella <[email protected]> wrote: > Something worth mentioning is this is being ran on top of a CIS lvl1 > Hardened machine. I think I am doing something wrong or not in the right > steps to get the expected results, but then again I have not modified the > original packer .json file provided by amazon enough to break it. > > On Monday, April 22, 2019 at 12:33:46 PM UTC-4, Zachary Estrella wrote: >> >> Here is the full logs that are relevant. >> >> ==> eks: Waiting for instance (i-02802c4ff2bc6eb91) to become ready... >> 2019/04/22 12:30:13 packer: 2019/04/22 12:30:13 [INFO] Not using winrm >> communicator, skipping get password... >> ==> eks: Using ssh communicator to connect: 18.232.50.43 >> 2019/04/22 12:30:13 packer: 2019/04/22 12:30:13 [INFO] Waiting for SSH, >> up to timeout: 5m0s >> ==> eks: Waiting for SSH to become available... >> 2019/04/22 12:30:15 packer: 2019/04/22 12:30:15 [DEBUG] TCP connection to >> SSH ip/port failed: dial tcp 18.232.50.43:22: connect: connection refused >> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [INFO] Attempting SSH >> connection to 18.232.50.43:22... >> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] Config to >> &ssh.Config{SSHConfig:(*ssh.ClientConfig)(0xc0002be0d0), Connection:(func() >> (net.Conn, error))(0x1a02bc0), Pty:true, DisableAgentForwarding:false, >> HandshakeTimeout:0, UseSftp:false, KeepAliveInterval:5000000000, >> Timeout:0}... >> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] reconnecting to >> TCP connection for SSH >> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] handshaking with >> SSH >> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] handshake >> complete! >> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] Opening new ssh >> session >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] agent forwarding >> enabled >> ==> eks: Connected to SSH! >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 Running the provision hook >> 2019/04/22 12:30:21 [INFO] (telemetry) Starting provisioner shell >> ==> eks: Provisioning with shell script: >> /var/folders/h_/lz750kv55h7gm_fc8svh52nr1_gwwm/T/packer-shell643574894 >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 Opening >> /var/folders/h_/lz750kv55h7gm_fc8svh52nr1_gwwm/T/packer-shell643574894 for >> reading >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] 72 bytes written >> for 'uploadData' >> 2019/04/22 12:30:21 [INFO] 72 bytes written for 'uploadData' >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Opening new ssh >> session >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Starting remote >> scp process: scp -vt /tmp >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Started SCP >> session, beginning transfers... >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Copying input >> data into temporary file so we can read the length >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] scp: Uploading >> script_6094.sh: perms=C0644 size=72 >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] SCP session >> complete, closing stdin pipe. >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Waiting for SSH >> session to complete. >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] scp stderr >> (length 30): Sink: C0644 72 script_6094.sh >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Opening new ssh >> session >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] starting remote >> command: chmod 0755 /tmp/script_6094.sh >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC endpoint: >> Communicator ended with: 0 >> 2019/04/22 12:30:21 [INFO] RPC client: Communicator ended with: 0 >> 2019/04/22 12:30:21 [INFO] RPC endpoint: Communicator ended with: 0 >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC client: >> Communicator ended with: 0 >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Opening new ssh >> session >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] starting remote >> command: chmod +x /tmp/script_6094.sh; PACKER_BUILDER_TYPE='amazon-ebs' >> PACKER_BUILD_NAME='eks' /tmp/script_6094.sh >> 2019/04/22 12:30:21 [INFO] 46 bytes written for 'stdout' >> 2019/04/22 12:30:21 [INFO] 0 bytes written for 'stderr' >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [ERROR] Remote command >> exited with '126': chmod +x /tmp/script_6094.sh; >> PACKER_BUILDER_TYPE='amazon-ebs' PACKER_BUILD_NAME='eks' >> /tmp/script_6094.sh >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC endpoint: >> Communicator ended with: 126 >> 2019/04/22 12:30:21 [INFO] RPC client: Communicator ended with: 126 >> 2019/04/22 12:30:21 [INFO] RPC endpoint: Communicator ended with: 126 >> eks: bash: /tmp/script_6094.sh: Permission denied >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] 46 bytes written >> for 'stdout' >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] 0 bytes written >> for 'stderr' >> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC client: >> Communicator ended with: 126 >> 2019/04/22 12:30:21 [INFO] (telemetry) ending shell >> ==> eks: Terminating the source AWS instance... >> ==> eks: Cleaning up any extra volumes... >> ==> eks: No volumes to clean up, skipping >> ==> eks: Deleting temporary security group... >> ==> eks: Deleting temporary keypair... >> 2019/04/22 12:30:53 [INFO] (telemetry) ending amazon-ebs >> 2019/04/22 12:30:53 ui error: Build 'eks' errored: Script exited with >> non-zero exit status: 126.Allowed exit codes are: [0] >> 2019/04/22 12:30:53 Builds completed. Waiting on interrupt barrier... >> Build 'eks' errored: Script exited with non-zero exit status: 126.Allowed >> exit codes are: [0] >> >> 2019/04/22 12:30:53 machine readable: error-count []string{"1"} >> 2019/04/22 12:30:53 ui error: >> ==> Some builds didn't complete successfully and had errors: >> 2019/04/22 12:30:53 machine readable: eks,error []string{"Script exited >> with non-zero exit status: 126.Allowed exit codes are: [0]"} >> ==> Some builds didn't complete successfully and had errors: >> 2019/04/22 12:30:53 ui error: --> eks: Script exited with non-zero exit >> status: 126.Allowed exit codes are: [0] >> ==> Builds finished but no artifacts were created. >> --> eks: Script exited with non-zero exit status: 126.Allowed exit codes >> are: [0] >> >> ==> Builds finished but no artifacts were created. >> 2019/04/22 12:30:53 [INFO] (telemetry) Finalizing. >> 2019/04/22 12:30:53 waiting for all plugin processes to complete... >> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >> >> And these are my variables. >> >> { >> "variables": { >> "ami_name_prefix": "rhel76", >> "kubernetes_version": "1.12", >> "aws_region": "us-east-1", >> "ami_name": "amazon-eks-node-{{timestamp}}", >> "version_str": "{{ timestamp }}", >> "binary_bucket_name": "amazon-eks", >> "binary_bucket_region": "us-east-1", >> "binary_bucket_path": "1.12.7/2019-03-27/bin/linux/amd64", >> "docker_version": "18.06", >> "aws_subnet_id": "subnet-111111111", >> "creator": "DevOps", >> "instance_type": "m4.large", >> "source_ami_owners": "1111111111", >> "source_ami_regex": "rhel76-hardened*", >> "encrypted": "false", >> "kms_key_id": "", >> "cni_version": "v0.6.0", >> "cni_plugin_version": "v0.7.5", >> "aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}", >> "aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}", >> "aws_session_token": "{{env `AWS_SESSION_TOKEN`}}" >> } >> >> On Monday, April 22, 2019 at 12:25:00 PM UTC-4, Rickard von Essen wrote: >>> >>> Could you rerun with PACKER_LOG=1 and supply the full output and what >>> variables you are using. >>> >>> On Mon, Apr 22, 2019, 17:19 Zachary Estrella <[email protected]> wrote: >>> >>>> Hello All, >>>> >>>> I am trying to use Amazon's provided packer scripts to create a base >>>> EKS ami. I am using this packer script here >>>> https://github.com/awslabs/amazon-eks-ami/blob/master/eks-worker-al2.json >>>> . >>>> One issue that I am running into is a permission denied error for scp. >>>> I am not too sure what I need to do to fix this though. >>>> >>>> ==> eks: Uploading ./files/ => /tmp/worker/ >>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Upload dir >>>> './files/' to '/tmp/worker/' >>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Opening new ssh >>>> session >>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Starting remote >>>> scp process: scp -rvt /tmp/worker/ >>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Started SCP >>>> session, beginning transfers... >>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] scp: Uploading >>>> kubelet-config-with-secret-polling.json: perms=C0644 size=779 >>>> 2019/04/22 10:53:01 [INFO] (telemetry) ending file >>>> ==> eks: Terminating the source AWS instance... >>>> ==> eks: Cleaning up any extra volumes... >>>> ==> eks: No volumes to clean up, skipping >>>> ==> eks: Deleting temporary security group... >>>> ==> eks: Deleting temporary keypair... >>>> 2019/04/22 10:53:33 [INFO] (telemetry) ending amazon-ebs >>>> 2019/04/22 10:53:33 ui error: Build 'eks' errored: scp: >>>> /tmp/worker//kubelet-config-with-secret-polling.json: Permission denied >>>> 2019/04/22 10:53:33 Builds completed. Waiting on interrupt barrier... >>>> 2019/04/22 10:53:33 machine readable: error-count []string{"1"} >>>> Build 'eks' errored: scp: >>>> /tmp/worker//kubelet-config-with-secret-polling.json: Permission denied >>>> >>>> Is there any chance someone can help me solve this? >>>> >>>> -- >>>> This mailing list is governed under the HashiCorp Community Guidelines >>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in >>>> violation of those guidelines may result in your removal from this mailing >>>> list. >>>> >>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>> IRC: #packer-tool on Freenode >>>> --- >>>> You received this message because you are subscribed to the Google >>>> Groups "Packer" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/packer-tool/46e67e2f-7bfd-49c0-82c4-5ec1e4c8750e%40googlegroups.com >>>> <https://groups.google.com/d/msgid/packer-tool/46e67e2f-7bfd-49c0-82c4-5ec1e4c8750e%40googlegroups.com?utm_medium=email&utm_source=footer> >>>> . >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/02e4100a-0099-4825-8c5b-e908b5635627%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/02e4100a-0099-4825-8c5b-e908b5635627%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt8pYgx_0CedUTG4WzyqvgE3r75LZ3z87vHpVBoXm18Z3g%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
