That's not the same issue, please start a new thread.
On Wed, Apr 24, 2019, 07:41 <[email protected]> wrote:
> Hello Thenuka,
> wondering if you found solution for the error, I am facing same issue:
>
> 2019/04/24 14:59:43 machine readable: amazon-ebs,error []string{"Error
> launching source instance: InvalidBlockDeviceMapping: snapshotId cannot be
> modified on root device\n\tstatus code: 400, request id:
> ecf7e228-bf92-4e1a-9d65-57dea48c99a5"}
>
>
> On Thursday, November 23, 2017 at 10:08:08 PM UTC+11, Thenuka
> Keerthibandara wrote:
>>
>> When I change my block device mapping as follows accorfing to
>> https://github.com/hashicorp/packer/issues/2765
>> <https://github.com/hashicorp/packer/issues/2765>
>>
>> "ami_block_device_mappings": [
>> {
>> "device_name": "/dev/sdb",
>> "volume_size": 25,
>> "volume_type": "gp2",
>> "delete_on_termination": true
>> }
>> ],
>> "launch_block_device_mappings": [
>> {
>> "device_name": "/dev/sdb",
>> "snapshot_id": "snap-00d5d1ebd4558da90",
>> "volume_size": 25,
>> "volume_type": "gp2",
>> "delete_on_termination": true
>> }
>> ]
>>
>> Then I get the following error from packer. How to exactly attach the
>> already created snapshot to packer?
>>
>> [1;32m==> amazon-ebs: Prevalidating AMI Name... [0m
>> [0;32m amazon-ebs: Found Image ID: ami-80861296 [0m
>> [1;32m==> amazon-ebs: Creating temporary keypair:
>> packer_5a16ab0c-8b80-643f-6f53-e890a3fe3143 [0m
>> [1;32m==> amazon-ebs: Creating temporary security group for this
>> instance... [0m
>> [1;32m==> amazon-ebs: Authorizing access to port 22 the temporary security
>> group... [0m
>> [1;32m==> amazon-ebs: Launching a source AWS instance... [0m
>> [1;31m==> amazon-ebs: Error launching source instance:
>> InvalidBlockDeviceMapping: snapshotId can only be modified on EBS devices
>> ==> amazon-ebs: status code: 400, request id:
>> 42e8cf61-fb92-4ab6-9953-d79a469ab87c [0m
>> [1;32m==> amazon-ebs: No volumes to clean up, skipping [0m
>> [1;32m==> amazon-ebs: Deleting temporary security group... [0m
>> [1;32m==> amazon-ebs: Deleting temporary keypair... [0m
>> [1;31mBuild 'amazon-ebs' errored: Error launching source instance:
>> InvalidBlockDeviceMapping: snapshotId can only be modified on EBS devices
>> status code: 400, request id: 42e8cf61-fb92-4ab6-9953-d79a469ab87c [0m
>>
>> ==> Some builds didn't complete successfully and had errors:
>> --> amazon-ebs: Error launching source instance: InvalidBlockDeviceMapping:
>> snapshotId can only be modified on EBS devices
>> status code: 400, request id: 42e8cf61-fb92-4ab6-9953-d79a469ab87c
>>
>> ==> Builds finished but no artifacts were created.
>> Finished: FAILURE
>>
>>
>> On Wednesday, November 22, 2017 at 5:20:02 PM UTC+5:30, Thenuka
>> Keerthibandara wrote:
>>>
>>> I'm using a packer script to encrypt my EBS volumes on AWS by creating
>>> a new AMI with encrypted EBS.
>>>
>>> I have a created a CMK using KMS and have added the kms_key_id in packer
>>> script builder section as follows.
>>>
>>> "variables": {
>>> ....................
>>> "kms_key_prod": "{{env `kms_key_prod`}}",
>>> ....................
>>> },
>>>
>>> "builders": [
>>> {
>>> "type": "amazon-ebs",
>>> "access_key": "{{user `aws_access_key`}}",
>>> "secret_key": "{{user `aws_secret_key`}}",
>>> "vpc_id": "{{user `aws_vpc_id`}}",
>>> "subnet_id": "{{user `subnet_id`}}",
>>> "region": "{{user `region`}}",
>>> "kms_key_id": "{{user `kms_key_prod`}}",
>>> "source_ami": "{{user `base_ami`}}",
>>> "instance_type": "t2.micro",
>>> "ssh_username": "ubuntu",
>>> "ami_name": "{{user `name`}}-Default-{{isotime
>>> \"2006-01-02-1504\"}}",
>>> "ami_description": "Base AMI for Ubuntu 16.04",
>>> "tags": {
>>> "Name": "Default-Base",
>>> "Project": "Public Cloud",
>>> "Build": "{{ user `buildtime` }}"
>>> },
>>> "ami_block_device_mappings": [
>>> {
>>> "device_name": "/dev/xvdk",
>>> "volume_size": 25,
>>> "Encrypted": true,
>>> "volume_type": "gp2",
>>> "delete_on_termination": true
>>> }
>>> ],
>>> "launch_block_device_mappings": [
>>> {
>>> "device_name": "/dev/xvdk",
>>> "volume_size": 25,
>>> "Encrypted": true,
>>> "volume_type": "gp2",
>>> "delete_on_termination": true
>>> }
>>> ]
>>> }
>>> ],
>>>
>>>
>>> But when packer runs, the generated AMI has an attached snapshots of the
>>> devices I have attached encrpted with the "default" CMK which is "aws/ebs"
>>> that is unique for the specific region.
>>>
>>> I don't need my boot volume to get encrypted but the attahced EBS
>>> volumes to be encrypted with the KMS key that I have created.
>>>
>>> Does anyone know if this a limitation in packer or if there is any other
>>> way to achieve this through packer?
>>>
>>> Regards,
>>> Thenuka
>>>
>>>
>>> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in
> violation of those guidelines may result in your removal from this mailing
> list.
>
> GitHub Issues: https://github.com/mitchellh/packer/issues
> IRC: #packer-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Packer" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/packer-tool/bf028940-ddcd-4793-bfb6-fbadfb76cda5%40googlegroups.com
> <https://groups.google.com/d/msgid/packer-tool/bf028940-ddcd-4793-bfb6-fbadfb76cda5%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/CALz9Rt9oQLhK57gQt%3DozOx0x7WPKb1ju-StmFW7B9-rBRTBKwQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
