Open5
packer
ピン留めされたアイテム
dehio3参考リンク集
dehio3SSM経由でAnsibleを実行したい
エラーメッセージ1
Error waiting for SSH: Packer experienced an authentication error when trying to connect via SSH. This can happen if your username/password are wrong. You may want to double-check your credentials as part of your debugging process. original error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
調査
- packer build時に一時キーペアを作成してる
- packerで作ったbaseAMIを元に、packer buildで作ろうとするとキーペアがbaseのまま
amazon-ebs.base: Creating temporary keypair: packer_63241fed-4695-b903-aef4-610c427c605a
amazon-ebs.app: Creating temporary keypair: packer_63242275-37a5-1109-81b2-3d74ceccf18e
$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCb2tPreRYUMGHH57PqhiqoHdL7A83As8rmvLUCQ18FH1V7xsMbAUBNWbK7CnHAH1Ss93xU/BH8GEFtt/uQwtO15kgqJBoxk23vWFW5r3UF2D4xk0OmVxCdvovkiXq41sGHj6CeLWrD2VSpELh61R6S6tVeVzomZ1nnxD0I+1dNk1oonMGJCwRyEM6xa7NdnuERMq5scLrvzttsaSzyb8B4zjV//F5XqN3aJAg4eiPJ4RUBcv/pnW1xJA4gO+4kOhHIT95r5lnreK6HDO+i7v6Ijx//K31EF+32VEQpIsPR8fOSyakC5n1azdDo0s4Aid+wmEmgJvaQdX4VAICtyAQX packer_63241fed-4695-b903-aef4-610c427c605a
-
ssh_clear_authorized_keys = trueをベースイメージ作成で有効にするとベースイメージないの.ssh/authorized_keysはnullになる - 上記イメージを元にイメージを作成しようとすると、一時キーペアを発行したにもかかわらず、build中のイメージを確認するとnullになってしまい、SSHが失敗する。
dehio3amazon-ebs タイプ
- EBSボリュームに基づくAMIを作成
- ソースAMIからインスタンスを起動し、プロビジョニングしてからそのマシンのAMIを作成
- イメージ作成中はインスタンへの接続するために一時的なキーペア、セキュリティグループなどを作成
- AMI自体の管理は行わない
dehio3AmazonLinux2でキーペアの公開鍵が設定される箇所を探す
[ec2-user@ip-10-0-1-235 log]$ sudo grep authorized_keys /var/log/cloud-init.log
Sep 17 02:39:15 cloud-init[2846]: util.py[DEBUG]: Writing to /home/ec2-user/.ssh/authorized_keys - wb: [600] 425 bytes
Sep 17 02:39:15 cloud-init[2846]: util.py[DEBUG]: Changing the ownership of /home/ec2-user/.ssh/authorized_keys to 1000:1000
Sep 17 02:39:15 cloud-init[2846]: util.py[DEBUG]: Writing to /root/.ssh/authorized_keys - wb: [600] 582 bytes
Sep 17 02:39:15 cloud-init[2846]: util.py[DEBUG]: Changing the ownership of /root/.ssh/authorized_keys to 0:0
Sep 17 02:39:28 cloud-init[3337]: util.py[DEBUG]: Reading from /home/ec2-user/.ssh/authorized_keys (quiet=False)
Sep 17 02:39:28 cloud-init[3337]: util.py[DEBUG]: Read 425 bytes from /home/ec2-user/.ssh/authorized_keys
[root@ip-10-0-1-235 ~]# find / -name util.py
/usr/lib/python2.7/site-packages/rsa/util.py
/usr/lib/python2.7/site-packages/babel/util.py
/usr/lib/python3.7/site-packages/pip/_vendor/distlib/util.py
/usr/lib/python3.7/site-packages/setuptools/_distutils/util.py
/usr/lib/python3.7/site-packages/cfnbootstrap/util.py
/usr/lib64/python2.7/ctypes/util.py
/usr/lib64/python2.7/distutils/util.py
/usr/lib64/python2.7/multiprocessing/util.py
/usr/lib64/python2.7/unittest/util.py
/usr/lib64/python2.7/wsgiref/util.py
/usr/lib64/python3.7/distutils/util.py
/usr/lib64/python3.7/multiprocessing/util.py
/usr/lib64/python3.7/importlib/util.py
/usr/lib64/python3.7/ctypes/util.py
/usr/lib64/python3.7/unittest/util.py
/usr/lib64/python3.7/wsgiref/util.py
/usr/share/doc/python-pycurl-7.19.0/tests/util.py
[root@ip-10-0-1-235 ~]# find / -name util.py | xargs grep authorized_keys
[root@ip-10-0-1-235 ~]#
Error waiting for instance to stop: ResourceNotReady: exceeded wait attempts
30分程度要したansibleセットアップ完了後に以下のエラーでコケる
==> amazon-ebs.example: Automatic instance stop disabled. Please stop instance manually.
==> amazon-ebs.example: Waiting for the instance to stop...
==> amazon-ebs.example: Error waiting for instance to stop: ResourceNotReady: exceeded wait attempts
==> amazon-ebs.example: Provisioning step had errors: Running the cleanup provisioner, if present...
==> amazon-ebs.example: Terminating the source AWS instance...
==> amazon-ebs.example: Bad exit status: -1
Error waiting for instance to stop: ResourceNotReady: exceeded wait attempts
packerの処理はGitHubActionsで実行しており、AWSへのアクセス権限はActionsを使ってる