Yes, except that ~ won't work. See https://packer.io/docs/templates/user-variables.html
On Mon, Apr 22, 2019, 19:50 Zachary Estrella <[email protected]> wrote: > So in the packer config file, I would set it like this? How would I > properly create the folder and then point to that folder for use in the > file provisioner and last shell provisioner? > > "provisioners": [ > { > "type": "shell", > "inline": ["mkdir -p ~/home/ec2-user/tmp/worker/"] > }, > { > "type": "file", > "source": "./files/", > "destination": "/home/ec2-user/tmp/worker" > }, > { > "type": "shell", > "script": "shell/install-worker.sh", > "remote_folder": "~/home/ec2-user/tmp", > "environment_vars": [ > "KUBERNETES_VERSION={{user `kubernetes_version`}}", > "BINARY_BUCKET_NAME={{user `binary_bucket_name`}}", > "BINARY_BUCKET_PATH={{user `binary_bucket_path`}}", > "BINARY_BUCKET_REGION={{user `binary_bucket_region`}}", > "DOCKER_VERSION={{user `docker_version`}}", > "CNI_VERSION={{user `cni_version`}}", > "CNI_PLUGIN_VERSION={{user `cni_plugin_version`}}", > "AWS_ACCESS_KEY_ID={{user `aws_access_key_id`}}", > "AWS_SECRET_ACCESS_KEY={{user `aws_secret_access_key`}}", > "AWS_SESSION_TOKEN={{user `aws_session_token`}}" > ] > } > ], > > On Monday, April 22, 2019 at 1:19:09 PM UTC-4, Rickard von Essen wrote: >> >> Most likely your hardening prevents executables in /tmp. >> >> It fails on: >> chmod +x /tmp/script_6094.sh >> >> Try to set: >> https://packer.io/docs/provisioners/shell.html#remote_folder >> >> To somewhere inside the ssh users home directory. >> >> On Mon, Apr 22, 2019, 18:37 Zachary Estrella <[email protected]> wrote: >> >>> Something worth mentioning is this is being ran on top of a CIS lvl1 >>> Hardened machine. I think I am doing something wrong or not in the right >>> steps to get the expected results, but then again I have not modified the >>> original packer .json file provided by amazon enough to break it. >>> >>> On Monday, April 22, 2019 at 12:33:46 PM UTC-4, Zachary Estrella wrote: >>>> >>>> Here is the full logs that are relevant. >>>> >>>> ==> eks: Waiting for instance (i-02802c4ff2bc6eb91) to become ready... >>>> 2019/04/22 12:30:13 packer: 2019/04/22 12:30:13 [INFO] Not using winrm >>>> communicator, skipping get password... >>>> ==> eks: Using ssh communicator to connect: 18.232.50.43 >>>> 2019/04/22 12:30:13 packer: 2019/04/22 12:30:13 [INFO] Waiting for SSH, >>>> up to timeout: 5m0s >>>> ==> eks: Waiting for SSH to become available... >>>> 2019/04/22 12:30:15 packer: 2019/04/22 12:30:15 [DEBUG] TCP connection >>>> to SSH ip/port failed: dial tcp 18.232.50.43:22: connect: connection >>>> refused >>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [INFO] Attempting SSH >>>> connection to 18.232.50.43:22... >>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] Config to >>>> &ssh.Config{SSHConfig:(*ssh.ClientConfig)(0xc0002be0d0), Connection:(func() >>>> (net.Conn, error))(0x1a02bc0), Pty:true, DisableAgentForwarding:false, >>>> HandshakeTimeout:0, UseSftp:false, KeepAliveInterval:5000000000, >>>> Timeout:0}... >>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] reconnecting to >>>> TCP connection for SSH >>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] handshaking >>>> with SSH >>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] handshake >>>> complete! >>>> 2019/04/22 12:30:20 packer: 2019/04/22 12:30:20 [DEBUG] Opening new ssh >>>> session >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] agent forwarding >>>> enabled >>>> ==> eks: Connected to SSH! >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 Running the provision >>>> hook >>>> 2019/04/22 12:30:21 [INFO] (telemetry) Starting provisioner shell >>>> ==> eks: Provisioning with shell script: >>>> /var/folders/h_/lz750kv55h7gm_fc8svh52nr1_gwwm/T/packer-shell643574894 >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 Opening >>>> /var/folders/h_/lz750kv55h7gm_fc8svh52nr1_gwwm/T/packer-shell643574894 for >>>> reading >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] 72 bytes written >>>> for 'uploadData' >>>> 2019/04/22 12:30:21 [INFO] 72 bytes written for 'uploadData' >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Opening new ssh >>>> session >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Starting remote >>>> scp process: scp -vt /tmp >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Started SCP >>>> session, beginning transfers... >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Copying input >>>> data into temporary file so we can read the length >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] scp: Uploading >>>> script_6094.sh: perms=C0644 size=72 >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] SCP session >>>> complete, closing stdin pipe. >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Waiting for SSH >>>> session to complete. >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] scp stderr >>>> (length 30): Sink: C0644 72 script_6094.sh >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Opening new ssh >>>> session >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] starting remote >>>> command: chmod 0755 /tmp/script_6094.sh >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC endpoint: >>>> Communicator ended with: 0 >>>> 2019/04/22 12:30:21 [INFO] RPC client: Communicator ended with: 0 >>>> 2019/04/22 12:30:21 [INFO] RPC endpoint: Communicator ended with: 0 >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC client: >>>> Communicator ended with: 0 >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] Opening new ssh >>>> session >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [DEBUG] starting remote >>>> command: chmod +x /tmp/script_6094.sh; PACKER_BUILDER_TYPE='amazon-ebs' >>>> PACKER_BUILD_NAME='eks' /tmp/script_6094.sh >>>> 2019/04/22 12:30:21 [INFO] 46 bytes written for 'stdout' >>>> 2019/04/22 12:30:21 [INFO] 0 bytes written for 'stderr' >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [ERROR] Remote command >>>> exited with '126': chmod +x /tmp/script_6094.sh; >>>> PACKER_BUILDER_TYPE='amazon-ebs' PACKER_BUILD_NAME='eks' >>>> /tmp/script_6094.sh >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC endpoint: >>>> Communicator ended with: 126 >>>> 2019/04/22 12:30:21 [INFO] RPC client: Communicator ended with: 126 >>>> 2019/04/22 12:30:21 [INFO] RPC endpoint: Communicator ended with: 126 >>>> eks: bash: /tmp/script_6094.sh: Permission denied >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] 46 bytes written >>>> for 'stdout' >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] 0 bytes written >>>> for 'stderr' >>>> 2019/04/22 12:30:21 packer: 2019/04/22 12:30:21 [INFO] RPC client: >>>> Communicator ended with: 126 >>>> 2019/04/22 12:30:21 [INFO] (telemetry) ending shell >>>> ==> eks: Terminating the source AWS instance... >>>> ==> eks: Cleaning up any extra volumes... >>>> ==> eks: No volumes to clean up, skipping >>>> ==> eks: Deleting temporary security group... >>>> ==> eks: Deleting temporary keypair... >>>> 2019/04/22 12:30:53 [INFO] (telemetry) ending amazon-ebs >>>> 2019/04/22 12:30:53 ui error: Build 'eks' errored: Script exited with >>>> non-zero exit status: 126.Allowed exit codes are: [0] >>>> 2019/04/22 12:30:53 Builds completed. Waiting on interrupt barrier... >>>> Build 'eks' errored: Script exited with non-zero exit status: >>>> 126.Allowed exit codes are: [0] >>>> >>>> 2019/04/22 12:30:53 machine readable: error-count []string{"1"} >>>> 2019/04/22 12:30:53 ui error: >>>> ==> Some builds didn't complete successfully and had errors: >>>> 2019/04/22 12:30:53 machine readable: eks,error []string{"Script exited >>>> with non-zero exit status: 126.Allowed exit codes are: [0]"} >>>> ==> Some builds didn't complete successfully and had errors: >>>> 2019/04/22 12:30:53 ui error: --> eks: Script exited with non-zero exit >>>> status: 126.Allowed exit codes are: [0] >>>> ==> Builds finished but no artifacts were created. >>>> --> eks: Script exited with non-zero exit status: 126.Allowed exit >>>> codes are: [0] >>>> >>>> ==> Builds finished but no artifacts were created. >>>> 2019/04/22 12:30:53 [INFO] (telemetry) Finalizing. >>>> 2019/04/22 12:30:53 waiting for all plugin processes to complete... >>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >>>> 2019/04/22 12:30:53 /usr/local/bin/packer: plugin process exited >>>> >>>> And these are my variables. >>>> >>>> { >>>> "variables": { >>>> "ami_name_prefix": "rhel76", >>>> "kubernetes_version": "1.12", >>>> "aws_region": "us-east-1", >>>> "ami_name": "amazon-eks-node-{{timestamp}}", >>>> "version_str": "{{ timestamp }}", >>>> "binary_bucket_name": "amazon-eks", >>>> "binary_bucket_region": "us-east-1", >>>> "binary_bucket_path": "1.12.7/2019-03-27/bin/linux/amd64", >>>> "docker_version": "18.06", >>>> "aws_subnet_id": "subnet-111111111", >>>> "creator": "DevOps", >>>> "instance_type": "m4.large", >>>> "source_ami_owners": "1111111111", >>>> "source_ami_regex": "rhel76-hardened*", >>>> "encrypted": "false", >>>> "kms_key_id": "", >>>> "cni_version": "v0.6.0", >>>> "cni_plugin_version": "v0.7.5", >>>> "aws_access_key_id": "{{env `AWS_ACCESS_KEY_ID`}}", >>>> "aws_secret_access_key": "{{env `AWS_SECRET_ACCESS_KEY`}}", >>>> "aws_session_token": "{{env `AWS_SESSION_TOKEN`}}" >>>> } >>>> >>>> On Monday, April 22, 2019 at 12:25:00 PM UTC-4, Rickard von Essen wrote: >>>>> >>>>> Could you rerun with PACKER_LOG=1 and supply the full output and what >>>>> variables you are using. >>>>> >>>>> On Mon, Apr 22, 2019, 17:19 Zachary Estrella <[email protected]> >>>>> wrote: >>>>> >>>>>> Hello All, >>>>>> >>>>>> I am trying to use Amazon's provided packer scripts to create a base >>>>>> EKS ami. I am using this packer script here >>>>>> https://github.com/awslabs/amazon-eks-ami/blob/master/eks-worker-al2.json >>>>>> . >>>>>> One issue that I am running into is a permission denied error for >>>>>> scp. I am not too sure what I need to do to fix this though. >>>>>> >>>>>> ==> eks: Uploading ./files/ => /tmp/worker/ >>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Upload dir >>>>>> './files/' to '/tmp/worker/' >>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Opening new >>>>>> ssh session >>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Starting >>>>>> remote scp process: scp -rvt /tmp/worker/ >>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] Started SCP >>>>>> session, beginning transfers... >>>>>> 2019/04/22 10:53:01 packer: 2019/04/22 10:53:01 [DEBUG] scp: >>>>>> Uploading kubelet-config-with-secret-polling.json: perms=C0644 size=779 >>>>>> 2019/04/22 10:53:01 [INFO] (telemetry) ending file >>>>>> ==> eks: Terminating the source AWS instance... >>>>>> ==> eks: Cleaning up any extra volumes... >>>>>> ==> eks: No volumes to clean up, skipping >>>>>> ==> eks: Deleting temporary security group... >>>>>> ==> eks: Deleting temporary keypair... >>>>>> 2019/04/22 10:53:33 [INFO] (telemetry) ending amazon-ebs >>>>>> 2019/04/22 10:53:33 ui error: Build 'eks' errored: scp: >>>>>> /tmp/worker//kubelet-config-with-secret-polling.json: Permission denied >>>>>> 2019/04/22 10:53:33 Builds completed. Waiting on interrupt barrier... >>>>>> 2019/04/22 10:53:33 machine readable: error-count []string{"1"} >>>>>> Build 'eks' errored: scp: >>>>>> /tmp/worker//kubelet-config-with-secret-polling.json: Permission denied >>>>>> >>>>>> Is there any chance someone can help me solve this? >>>>>> >>>>>> -- >>>>>> This mailing list is governed under the HashiCorp Community >>>>>> Guidelines - https://www.hashicorp.com/community-guidelines.html. >>>>>> Behavior in violation of those guidelines may result in your removal from >>>>>> this mailing list. >>>>>> >>>>>> GitHub Issues: https://github.com/mitchellh/packer/issues >>>>>> IRC: #packer-tool on Freenode >>>>>> --- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Packer" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to [email protected]. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/packer-tool/46e67e2f-7bfd-49c0-82c4-5ec1e4c8750e%40googlegroups.com >>>>>> <https://groups.google.com/d/msgid/packer-tool/46e67e2f-7bfd-49c0-82c4-5ec1e4c8750e%40googlegroups.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> For more options, visit https://groups.google.com/d/optout. >>>>>> >>>>> -- >>> This mailing list is governed under the HashiCorp Community Guidelines - >>> https://www.hashicorp.com/community-guidelines.html. Behavior in >>> violation of those guidelines may result in your removal from this mailing >>> list. >>> >>> GitHub Issues: https://github.com/mitchellh/packer/issues >>> IRC: #packer-tool on Freenode >>> --- >>> You received this message because you are subscribed to the Google >>> Groups "Packer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/packer-tool/02e4100a-0099-4825-8c5b-e908b5635627%40googlegroups.com >>> <https://groups.google.com/d/msgid/packer-tool/02e4100a-0099-4825-8c5b-e908b5635627%40googlegroups.com?utm_medium=email&utm_source=footer> >>> . >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/packer-tool/dfd88b39-a3f1-41cd-9f76-57bfa77c05a6%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/dfd88b39-a3f1-41cd-9f76-57bfa77c05a6%40googlegroups.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt80em4w3hr4jnLSGEK3OPSAtdNK5r1ouQsfhyXqyiwKPg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
