So in the packer config file, I would set it like this? How would I
properly create the folder and then point to that folder for use in the
file provisioner and last shell provisioner?
"provisioners": [
{
"type": "shell",
"inline": ["mkdir -p ~/home/ec2-user/tmp/worker/"]
},
{
"type": "file",
"source": "./files/",
"destination": "/home/ec2-user/tmp/worker"
},
{
"type": "shell",
"script": "shell/install-worker.sh",
"remote_folder": "~/home/ec2-user/tmp",
"environment_vars": [
"KUBERNETES_VERSION={{user `kubernetes_version`}}",
"BINARY_BUCKET_NAME={{user `binary_bucket_name`}}",
"BINARY_BUCKET_PATH={{user `binary_bucket_path`}}",
"BINARY_BUCKET_REGION={{user `binary_bucket_region`}}",
"DOCKER_VERSION={{user `docker_version`}}",
"CNI_VERSION={{user `cni_version`}}",
"CNI_PLUGIN_VERSION={{user `cni_plugin_version`}}",
"AWS_ACCESS_KEY_ID={{user `aws_access_key_id`}}",
"AWS_SECRET_ACCESS_KEY={{user `aws_secret_access_key`}}",
"AWS_SESSION_TOKEN={{user `aws_session_token`}}"
]
}
],
On Monday, April 22, 2019 at 1:19:09 PM UTC-4, Rickard von Essen wrote:
>
> Most likely your hardening prevents executables in /tmp.
>
> It fails on:
> chmod +x /tmp/script_6094.sh
>
> Try to set:
> https://packer.io/docs/provisioners/shell.html#remote_folder
>
> To somewhere inside the ssh users home directory.
>
> On Mon, Apr 22, 2019, 18:37 Zachary Estrella <[email protected]
> <javascript:>> wrote:
>
>> Something worth mentioning is this is being ran on top of a CIS lvl1
>> Hardened machine. I think I am doing something wrong or not in the right
>> steps to get the expected results, but then again I have not modified the
>> original packer .json file provided by amazon enough to break it.
>>
>> On Monday, April 22, 2019 at 12:33:46 PM UTC-4, Zachary Estrella wrote:
>>>
>>> Here is the full logs that are relevant.
>>>
>>> ==> eks: Waiting for instance (i-02802c4ff2bc6eb91) to become ready...
>>> 2019/04/22 12:30:13 packer: 2019/04/22 12:30:13 [INFO] Not using winrm
>>> communicator, skipping get password...
>>> ==> eks: Using ssh communicator to connect: 18.232.50.43
>>> 2019/04/22 12:30:13 packer: 2019/04/22 12:30:13 [INFO] Waiting for SSH,
>>> up to timeout: 5m0s
>>> ==> eks: Waiting for SSH to become available...
>>> 2019/04/22 12:30:15 packer: 2019/04/22 12:30:15 [DEBUG] TCP connection
>>> to SSH ip/port failed: dial tcp 18.232.50.43:22: connect: connection
>>> refused
>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [INFO] Attempting SSH
>>> connection to 18.232.50.43:22...
>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] Config to
>>> &ssh.Config{SSHConfig:(*ssh.ClientConfig)(0xc0002be0d0), Connection:(func()
>>> (net.Conn, error))(0x1a02bc0), Pty:true, DisableAgentForwarding:false,
>>> HandshakeTimeout:0, UseSftp:false, KeepAliveInterval:5000000000,
>>> Timeout:0}...
>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] reconnecting to
>>> TCP connection for SSH
>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] handshaking with
>>> SSH
>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] handshake
>>> complete!
>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] Opening new ssh
>>> session
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] agent forwarding
>>> enabled
>>> ==> eks: Connected to SSH!
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 Running the provision
>>> hook
>>> 2019/04/22 12:30:21 [INFO] (telemetry) Starting provisioner shell
>>> ==> eks: Provisioning with shell script:
>>> /var/folders/h_/lz750kv55h7gm_fc8svh52nr1_gwwm/T/packer-shell643574894
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 Opening
>>> /var/folders/h_/lz750kv55h7gm_fc8svh52nr1_gwwm/T/packer-shell643574894 for
>>> reading
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] 72 bytes written
>>> for 'uploadData'
>>> 2019/04/22 12:30:21 [INFO] 72 bytes written for 'uploadData'
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Opening new ssh
>>> session
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Starting remote
>>> scp process: scp -vt /tmp
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Started SCP
>>> session, beginning transfers...
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Copying input
>>> data into temporary file so we can read the length
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] scp: Uploading
>>> script_6094.sh: perms=C0644 size=72
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] SCP session
>>> complete, closing stdin pipe.
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Waiting for SSH
>>> session to complete.
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] scp stderr
>>> (length 30): Sink: C0644 72 script_6094.sh
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Opening new ssh
>>> session
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] starting remote
>>> command: chmod 0755 /tmp/script_6094.sh
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC endpoint:
>>> Communicator ended with: 0
>>> 2019/04/22 12:30:21 [INFO] RPC client: Communicator ended with: 0
>>> 2019/04/22 12:30:21 [INFO] RPC endpoint: Communicator ended with: 0
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC client:
>>> Communicator ended with: 0
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Opening new ssh
>>> session
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] starting remote
>>> command: chmod +x /tmp/script_6094.sh; PACKER_BUILDER_TYPE='amazon-ebs'
>>> PACKER_BUILD_NAME='eks' /tmp/script_6094.sh
>>> 2019/04/22 12:30:21 [INFO] 46 bytes written for 'stdout'
>>> 2019/04/22 12:30:21 [INFO] 0 bytes written for 'stderr'
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [ERROR] Remote command
>>> exited with '126': chmod +x /tmp/script_6094.sh;
>>> PACKER_BUILDER_TYPE='amazon-ebs' PACKER_BUILD_NAME='eks'
>>> /tmp/script_6094.sh
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC endpoint:
>>> Communicator ended with: 126
>>> 2019/04/22 12:30:21 [INFO] RPC client: Communicator ended with: 126
>>> 2019/04/22 12:30:21 [INFO] RPC endpoint: Communicator ended with: 126
>>> eks: bash: /tmp/script_6094.sh: Permission denied
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] 46 bytes written
>>> for 'stdout'
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] 0 bytes written
>>> for 'stderr'
>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC client:
>>> Communicator ended with: 126
>>> 2019/04/22 12:30:21 [INFO] (telemetry) ending shell
>>> ==> eks: Terminating the source AWS instance...
>>> ==> eks: Cleaning up any extra volumes...
>>> ==> eks: No volumes to clean up, skipping
>>> ==> eks: Deleting temporary security group...
>>> ==> eks: Deleting temporary keypair...
>>> 2019/04/22 12:30:53 [INFO] (telemetry) ending amazon-ebs
>>> 2019/04/22 12:30:53 ui error: Build 'eks' errored: Script exited with
>>> non-zero exit status: 126.Allowed exit codes are: [0]
>>> 2019/04/22 12:30:53 Builds completed. Waiting on interrupt barrier...
>>> Build 'eks' errored: Script exited with non-zero exit status:
>>> 126.Allowed exit codes are: [0]
>>>
>>> 2019/04/22 12:30:53 machine readable: error-count []string{"1"}
>>> 2019/04/22 12:30:53 ui error:
>>> ==> Some builds didn't complete successfully and had errors:
>>> 2019/04/22 12:30:53 machine readable: eks,error []string{"Script exited
>>> with non-zero exit status: 126.Allowed exit codes are: [0]"}
>>> ==> Some builds didn't complete successfully and had errors:
>>> 2019/04/22 12:30:53 ui error: --> eks: Script exited with non-zero exit
>>> status: 126.Allowed exit codes are: [0]
>>> ==> Builds finished but no artifacts were created.
>>> --> eks: Script exited with non-zero exit status: 126.Allowed exit codes
>>> are: [0]
>>>
>>> ==> Builds finished but no artifacts were created.
>>> 2019/04/22 12:30:53 [INFO] (telemetry) Finalizing.
>>> 2019/04/22 12:30:53 waiting for all plugin processes to complete...
>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited
>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited
>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited
>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited
>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited
>>>
>>> And these are my variables.
>>>
>>> {
>>> "variables": {
>>> "ami_name_prefix": "rhel76",
>>> "kubernetes_version": "1.12",
>>> "aws_region": "us-east-1",
>>> "ami_name": "amazon-eks-node-{{timestamp}}",
>>> "version_str": "{{ timestamp }}",
>>> "binary_bucket_name": "amazon-eks",
>>> "binary_bucket_region": "us-east-1",
>>> "binary_bucket_path": "1.12.7/2019-03-27/bin/linux/amd64",
>>> "docker_version": "18.06",
>>> "aws_subnet_id": "subnet-111111111",
>>> "creator": "DevOps",
>>> "instance_type": "m4.large",
>>> "source_ami_owners": "1111111111",
>>> "source_ami_regex": "rhel76-hardened*",
>>> "encrypted": "false",
>>> "kms_key_id": "",
>>> "cni_version": "v0.6.0",
>>> "cni_plugin_version": "v0.7.5",
>>> "aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}",
>>> "aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
>>> "aws_session_token": "{{env `AWS_SESSION_TOKEN`}}"
>>> }
>>>
>>> On Monday, April 22, 2019 at 12:25:00 PM UTC-4, Rickard von Essen wrote:
>>>>
>>>> Could you rerun with PACKER_LOG=1 and supply the full output and what
>>>> variables you are using.
>>>>
>>>> On Mon, Apr 22, 2019, 17:19 Zachary Estrella <[email protected]>
>>>> wrote:
>>>>
>>>>> Hello All,
>>>>>
>>>>> I am trying to use Amazon's provided packer scripts to create a base
>>>>> EKS ami. I am using this packer script here
>>>>> https://github.com/awslabs/amazon-eks-ami/blob/master/eks-worker-al2.json
>>>>> .
>>>>> One issue that I am running into is a permission denied error for
>>>>> scp. I am not too sure what I need to do to fix this though.
>>>>>
>>>>> ==> eks: Uploading ./files/ => /tmp/worker/
>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Upload dir
>>>>> './files/' to '/tmp/worker/'
>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Opening new
>>>>> ssh session
>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Starting
>>>>> remote scp process: scp -rvt /tmp/worker/
>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Started SCP
>>>>> session, beginning transfers...
>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] scp: Uploading
>>>>> kubelet-config-with-secret-polling.json: perms=C0644 size=779
>>>>> 2019/04/22 10:53:01 [INFO] (telemetry) ending file
>>>>> ==> eks: Terminating the source AWS instance...
>>>>> ==> eks: Cleaning up any extra volumes...
>>>>> ==> eks: No volumes to clean up, skipping
>>>>> ==> eks: Deleting temporary security group...
>>>>> ==> eks: Deleting temporary keypair...
>>>>> 2019/04/22 10:53:33 [INFO] (telemetry) ending amazon-ebs
>>>>> 2019/04/22 10:53:33 ui error: Build 'eks' errored: scp:
>>>>> /tmp/worker//kubelet-config-with-secret-polling.json: Permission denied
>>>>> 2019/04/22 10:53:33 Builds completed. Waiting on interrupt barrier...
>>>>> 2019/04/22 10:53:33 machine readable: error-count []string{"1"}
>>>>> Build 'eks' errored: scp:
>>>>> /tmp/worker//kubelet-config-with-secret-polling.json: Permission denied
>>>>>
>>>>> Is there any chance someone can help me solve this?
>>>>>
>>>>> --
>>>>> This mailing list is governed under the HashiCorp Community Guidelines
>>>>> - https://www.hashicorp.com/community-guidelines.html. Behavior in
>>>>> violation of those guidelines may result in your removal from this
>>>>> mailing
>>>>> list.
>>>>>
>>>>> GitHub Issues: https://github.com/mitchellh/packer/issues
>>>>> IRC: #packer-tool on Freenode
>>>>> ---
>>>>> You received this message because you are subscribed to the Google
>>>>> Groups "Packer" group.
>>>>> To unsubscribe from this group and stop receiving emails from it, send
>>>>> an email to [email protected].
>>>>> To view this discussion on the web visit
>>>>> https://groups.google.com/d/msgid/packer-tool/46e67e2f-7bfd-49c0-82c4-5ec1e4c8750e%40googlegroups.com
>>>>>
>>>>> <https://groups.google.com/d/msgid/packer-tool/46e67e2f-7bfd-49c0-82c4-5ec1e4c8750e%40googlegroups.com?utm_medium=email&utm_source=footer>
>>>>> .
>>>>> For more options, visit https://groups.google.com/d/optout.
>>>>>
>>>> --
>> This mailing list is governed under the HashiCorp Community Guidelines -
>> https://www.hashicorp.com/community-guidelines.html. Behavior in
>> violation of those guidelines may result in your removal from this mailing
>> list.
>>
>> GitHub Issues: https://github.com/mitchellh/packer/issues
>> IRC: #packer-tool on Freenode
>> ---
>> You received this message because you are subscribed to the Google Groups
>> "Packer" group.
>> To unsubscribe from this group and stop receiving emails from it, send an
>> email to [email protected] <javascript:>.
>> To view this discussion on the web visit
>> https://groups.google.com/d/msgid/packer-tool/02e4100a-0099-4825-8c5b-e908b5635627%40googlegroups.com
>>
>> <https://groups.google.com/d/msgid/packer-tool/02e4100a-0099-4825-8c5b-e908b5635627%40googlegroups.com?utm_medium=email&utm_source=footer>
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/dfd88b39-a3f1-41cd-9f76-57bfa77c05a6%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
