Packer: Amazon SSH timeouts with 0.11.0

Created on 25 Oct 2016  路  12Comments  路  Source: hashicorp/packer

FOR FEATURES:

I'm running one t2.micro instance per region to create an AMI.

FOR BUGS:

When trying to use Amazon builders with 0.11.0, it fails to creates the AMIs and timeouts at various stages (some during security group, some running shell commands).

  • Packer version: 0.11.0
  • Host platform: Ubuntu 16.04.1 LTS

Same script works absolutely fine with 0.10.2 and lower.

bug buildeamazon regression
Source
picture jloisel

Most helpful comment

It seems that an extra ec2 permission is needed:

ec2:DescribeSecurityGroups

picture np5 on 25 Oct 2016
👍4

All 12 comments

Please supply the information requested in the issue template:

  • Packer version (packer version)
  • Host platform (uname -a etc.)
  • Debug log output from PACKER_LOG=1 packer build template.json.
    Please paste this in a gist.
  • The _simplest example template and scripts_ needed to reproduce the bug.
    Include these in your gist.
rickard-von-essen picture rickard-von-essen on 25 Oct 2016

It seems that an extra ec2 permission is needed:

ec2:DescribeSecurityGroups

np5 picture np5 on 25 Oct 2016
👍4

I'm running into this as well. Here's some gists:

ubuntu@box237:~$ uname -a
Linux box237.localdomain 2.13.0-91-generic #138-Ubuntu SMP Fri Jun 24 17:00:34 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
ubuntu@box237:~$ packer version
Packer v0.11.0

Packer Logs:
https://gist.github.com/jtslear/d11a5167d96a3ffbf021fc4c352231a7

EC2 Describe:
https://gist.github.com/jtslear/59f5f4e903f2e20be3c327f753dc97b0

It would appear that packer is not assigning the instance the appropriate security group. And relying on the default one. Despite my config instructing packer to use the temporary security group it creates.

jtslear picture jtslear on 25 Oct 2016

I confirm that @np5 is correct. Adding the item to the IAM policy fixes the issue.

jtslear picture jtslear on 25 Oct 2016

Maybe because of this commit https://github.com/mitchellh/packer/commit/080806243ea3aa668b7b041094786f96f11a67dd ?

np5 picture np5 on 25 Oct 2016

I would agree.

The end result is that It silently applied the default security group for the AWS instance. I think this error should be prominently displayed. Without debugging, it's not known why this happened. This maybe the type of error that should stop and terminate the build immediately?

jtslear picture jtslear on 25 Oct 2016
👍1

uname -a outputs:
Linux desktop 4.4.0-45-generic #66-Ubuntu SMP Wed Oct 19 14:12:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

Simple template to reproduce:
https://gist.github.com/jloisel/34b11aba25ac440b4bf984dc5dd66c02

Create relevant variables related to your AWS config to make it work.

This is the current IAM configuration I use which works fine with 0.10.2:
https://gist.github.com/jloisel/6693c6ba7ac732d066a23986109e800d

jloisel picture jloisel on 25 Oct 2016

I was experiencing this issue after upgrading to 0.11.0, after adding ec2:DescribeSecurityGroups to my IAM user, the issue was resolved. Thanks @np5.

bantonj picture bantonj on 28 Oct 2016

I've added this to my IAM too, still experiencing timeouts (but less). No issue at all with 0.10.2.

jloisel picture jloisel on 29 Oct 2016

docs updated in #4059 but this seems like a different issue

mwhooker picture mwhooker on 31 Oct 2016

@jloisel Can you post a log of the failure that's not because of ec2:DescribeSecurityGroups permissions?

mwhooker picture mwhooker on 2 Nov 2016

If I reproduce again, i'll post logs. I don't have saved the logs last time it happened.

jloisel picture jloisel on 2 Nov 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

PartyImp picture PartyImp  路  3Comments
craigsimon picture craigsimon  路  3Comments
mushon4 picture mushon4  路  3Comments
paulcdejean picture paulcdejean  路  3Comments
Tensho picture Tensho  路  3Comments