Packer: Ansible provisioner do not execute "become: yes" during AWS packing.
Ansible returns an error during packing an image. The problem is in "become: yes" because when I change task to shell with sudo it works fine.
- name: iptables allowing established incoming connections tcp
shell: sudo -t filter -A INPUT -p TCP -j ACCEPT -m conntrack --ctstate ESTABLISHED,RELATED
- Packer version from
Packer v1.1.0 - Host platform
Linux 4.4.0-96-generic #119-Ubuntu SMP Tue Sep 12 14:59:54 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux - Debug log output https://gist.github.com/winmasta/a7cec35085782e9c8bf0f2855f0d33c6
- Template https://gist.github.com/winmasta/adf4ec0c4f4c5f45c9059fe42f0034a6
- Ansible playbook https://gist.github.com/winmasta/52ada4e7041c7148f8b2e5b5be244860
winmasta
All 19 comments
I cannot reproduce with:
Packer version: Packer v1.1.1-dev
Host: Linux #44-Ubuntu SMP Tue Sep 12 17:27:47 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial
Ansible version: ansible 2.3.2.0
Debug output:
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 new env request: LANG=en_GB.UTF-8
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 new exec request: /bin/sh -c '( umask 77 && mkdir -p "echo /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299" && echo ansible-tmp-1507364002.18-81261622796299="echo /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299" ) && sleep 0'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 opening new ssh session
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 starting remote command: /bin/sh -c '( umask 77 && mkdir -p "echo /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299" && echo ansible-tmp-1507364002.18-81261622796299="echo /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299" ) && sleep 0'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] RPC endpoint: Communicator ended with: 0
2017/10/07 09:13:22 [INFO] 108 bytes written for 'stdout'
2017/10/07 09:13:22 [INFO] 0 bytes written for 'stderr'
2017/10/07 09:13:22 [INFO] RPC client: Communicator ended with: 0
2017/10/07 09:13:22 [INFO] RPC endpoint: Communicator ended with: 0
2017/10/07 09:13:22 [INFO] 0 bytes written for 'stdin'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 108 bytes written for 'stdout'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 0 bytes written for 'stderr'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] RPC client: Communicator ended with: 0
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 0 bytes written for 'stdin'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 new env request: LANG=en_GB.UTF-8
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 new exec request: scp -t /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299/iptables.py
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 opening new ssh session
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 62226 bytes written for 'uploadData'
2017/10/07 09:13:22 [INFO] 62226 bytes written for 'uploadData'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 Starting remote scp process: scp -vt /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 Started SCP session, beginning transfers...
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [DEBUG] scp: Uploading iptables.py: perms=C0600 size=62226
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 SCP session complete, closing stdin pipe.
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 Waiting for SSH session to complete.
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 scp stderr (length 30): Sink: C0600 62226 iptables.py
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 new env request: LANG=en_GB.UTF-8
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 new exec request: /bin/sh -c 'chmod u+x /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299/ /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299/iptables.py && sleep 0'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 opening new ssh session
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 starting remote command: /bin/sh -c 'chmod u+x /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299/ /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299/iptables.py && sleep 0'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] RPC endpoint: Communicator ended with: 0
2017/10/07 09:13:22 [INFO] 0 bytes written for 'stdout'
2017/10/07 09:13:22 [INFO] 0 bytes written for 'stderr'
2017/10/07 09:13:22 [INFO] RPC client: Communicator ended with: 0
2017/10/07 09:13:22 [INFO] RPC endpoint: Communicator ended with: 0
2017/10/07 09:13:22 [INFO] 0 bytes written for 'stdin'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 0 bytes written for 'stdout'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 0 bytes written for 'stderr'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] RPC client: Communicator ended with: 0
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 0 bytes written for 'stdin'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 ansible provisioner pty-req request
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 new env request: LANG=en_GB.UTF-8
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 new exec request: /bin/sh -c 'sudo -H -S -n -u root */bin/sh -c '"'"'echo BECOME-SUCCESS-azbxtogfzetdcguypszkyjtoogkxdlis; /usr/bin/python /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299/iptables.py; rm -rf "/home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299/" > /dev/null 2>&1'"'"' && sleep 0'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 opening new ssh session
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 starting remote command: /bin/sh -c 'sudo -H -S -n -u root /bin/sh -c '"'"'echo BECOME-SUCCESS-azbxtogfzetdcguypszkyjtoogkxdlis; /usr/bin/python /home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299/iptables.py; rm -rf "/home/ubuntu/.ansible/tmp/ansible-tmp-1507364002.18-81261622796299/" > /dev/null 2>&1'"'"' && sleep 0'*
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] RPC endpoint: Communicator ended with: 0
2017/10/07 09:13:22 [INFO] 911 bytes written for 'stdout'
2017/10/07 09:13:22 [INFO] 0 bytes written for 'stderr'
2017/10/07 09:13:22 [INFO] RPC client: Communicator ended with: 0
2017/10/07 09:13:22 [INFO] RPC endpoint: Communicator ended with: 0
2017/10/07 09:13:22 [INFO] 0 bytes written for 'stdin'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 911 bytes written for 'stdout'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 0 bytes written for 'stderr'
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] RPC client: Communicator ended with: 0
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 [INFO] 0 bytes written for 'stdin'
2017/10/07 09:13:22 ui: amazon-ebs: changed: [default]
amazon-ebs: changed: [default]
2017/10/07 09:13:22 ui: amazon-ebs:
amazon-ebs:
2017/10/07 09:13:22 ui: amazon-ebs: PLAY RECAP **********************
amazon-ebs: PLAY RECAP **********************
2017/10/07 09:13:22 ui: amazon-ebs: default : ok=2 changed=1 unreachable=0 failed=0
amazon-ebs: default : ok=2 changed=1 unreachable=0 failed=0
2017/10/07 09:13:22 ui: amazon-ebs:
amazon-ebs:
2017/10/07 09:13:22 packer: 2017/10/07 09:13:22 shutting down the SSH proxy
2017/10/07 09:13:22 [INFO] (telemetry) ending ansible
alessiot77
on 7 Oct 2017
Try running the packer process as a user <> root, or specify
"user": "ubuntu"
I.e. some user that is not root. It'll work, it did for me.
I didn't trace exactly what's happeninig, but maybe we can fix this. We've experienced this bug with an upgrade to packer 1.1.0 and a switch to running in a container.
ofosos
on 11 Oct 2017
I have tried executing packer from ubuntu user and from root user from AWS instance, and from root user from DO instance - didn't work with the same error.
winmasta
on 11 Oct 2017
Have you tried setting the user variable in the ansible provisioner to sth. that is not equal to 'root'?
ofosos
on 11 Oct 2017
No, I will try.
winmasta
on 11 Oct 2017
Did that fix your problem?
ofosos
on 11 Oct 2017
I'll update here as asap.
winmasta
on 11 Oct 2017
Removing "remote_user: root" from ansible playbook and executing packer from non-root user solves the problem.
winmasta
on 12 Oct 2017
I'm not sure if this is a bug introduced with 1.1.0, there were some changes in the ChangeLog that indicate some ansible stuff changed. Did this problem coincide for you with a packer update?
ofosos
on 12 Oct 2017
Closing this since this is unrelated to packer. See the logs for more info.
rickard-von-essen
on 12 Oct 2017
Problem comes again and adding "extra_arguments": [ "--extra-vars", "user=ubuntu" ] to ansible provisioner didn't helps. Problem comes when I try to pack image (ami) in AWS. Same packeng in DO works fine.
winmasta
on 31 Oct 2017
@winmasta that limitation is described in the docs.
rickard-von-essen
on 31 Oct 2017
@rickard-von-essen Is there any way to solve this problem ?
winmasta
on 31 Oct 2017
This problem comes when I execute packer build from the root user, but when I create regular (non-root) user and execute packer build (without sudo and other privilege escalation) it runs without any errors.
winmasta
on 5 Nov 2017
Please ask for general help here. Use _IRC #packer-tool on Freenode_ or the mailing list for that.
rickard-von-essen
on 6 Nov 2017
Thanks @ofosos! That sorted the issue I was having for 4 hours! :)
minac
on 19 Dec 2017
This was a fun issue:
- my packer would run fine in Travis _and_ locally
- while moving to Jenkins, it doesn't run half the ansible with
become
Finally, I fixed it by specifying the user under the provisioner:
"provisioners": [{
"type": "ansible",
"playbook_file": "packer.yml",
"ansible_env_vars": ["ANSIBLE_FORCE_COLOR=true"],
"extra_arguments": ["--extra-vars", "pizza={{ user `pepperoni` }}"],
"sftp_command": "/usr/libexec/openssh/sftp-server -e",
"user": "me"
}]
}
I guess the issue all along was that Jenkins runs its jobs as the root user. Wooptie doo. Here's my packer.yml for reference (tasks in stuff did not execute with become until the above was added):
- name: pizza dough
hosts: all
become: true
roles:
- stuff
- things
- users
- packages
- dirtbags
- sand
smaslennikov
on 14 Feb 2018
This was a fun issue:
- my packer would run fine in Travis _and_ locally
- while moving to Jenkins, it doesn't run half the ansible with
becomeFinally, I fixed it by specifying the user under the provisioner:
"provisioners": [{ "type": "ansible", "playbook_file": "packer.yml", "ansible_env_vars": ["ANSIBLE_FORCE_COLOR=true"], "extra_arguments": ["--extra-vars", "pizza={{ user `pepperoni` }}"], "sftp_command": "/usr/libexec/openssh/sftp-server -e", "user": "me" }] }I guess the issue all along was that Jenkins runs its jobs as the
rootuser. Wooptie doo. Here's mypacker.ymlfor reference (tasks instuffdid not execute with become until the above was added):- name: pizza dough hosts: all become: true roles: - stuff - things - users - packages - dirtbags - sand
Sir, you just saved my day.
Regards.
phrules
on 14 Aug 2019
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 29 Mar 2020
Related issues
shashanksinha89
ยท
3Comments
mvermaes
ยท
3Comments
paulcdejean
ยท
3Comments
wduncanfraser
ยท
3Comments
russmac
ยท
3Comments
Most helpful comment
This was a fun issue:
becomeFinally, I fixed it by specifying the user under the provisioner:
I guess the issue all along was that Jenkins runs its jobs as the
rootuser. Wooptie doo. Here's mypacker.ymlfor reference (tasks instuffdid not execute with become until the above was added):