Packer: Ansible : amazon-ebs: failed to handshake

Created on 30 Dec 2017  ยท  11Comments  ยท  Source: hashicorp/packer

packer version: v1.0.2
initiator OS: macos
guest image OS: ubuntu 16.04
ansible version: 2.3.1.0

Json:
image

Output:


`2017/12/30 21:22:21 [INFO] 401 bytes written for 'stderr'
2017/12/30 21:22:21 [INFO] 14943 bytes written for 'stdout'
2017/12/30 21:22:21 [INFO] RPC client: Communicator ended with: 0
2017/12/30 21:22:21 [INFO] RPC endpoint: Communicator ended with: 0
2017/12/30 21:22:21 packer: 2017/12/30 21:22:21 [INFO] 14943 bytes written for 'stdout'
2017/12/30 21:22:21 packer: 2017/12/30 21:22:21 [INFO] 401 bytes written for 'stderr'
2017/12/30 21:22:21 packer: 2017/12/30 21:22:21 [INFO] RPC client: Communicator ended with: 0
2017/12/30 21:22:21 packer: 2017/12/30 21:22:21 opening new ssh session
2017/12/30 21:22:21 packer: 2017/12/30 21:22:21 starting remote command: rm -f /tmp/script_3626.sh
2017/12/30 21:22:21 packer: 2017/12/30 21:22:21 [INFO] RPC endpoint: Communicator ended with: 0
2017/12/30 21:22:21 [INFO] RPC client: Communicator ended with: 0
2017/12/30 21:22:21 [INFO] RPC endpoint: Communicator ended with: 0
2017/12/30 21:22:21 packer: 2017/12/30 21:22:21 [INFO] RPC client: Communicator ended with: 0
2017/12/30 21:22:21 [INFO] (telemetry) ending shell
2017/12/30 21:22:21 [INFO] (telemetry) Starting provisioner ansible
2017/12/30 21:22:21 ui: ==> amazon-ebs: Provisioning with Ansible...
==> amazon-ebs: Provisioning with Ansible...
2017/12/30 21:22:22 packer: 2017/12/30 21:22:22 SSH proxy: serving on 127.0.0.1:49297
2017/12/30 21:22:22 ui: ==> amazon-ebs: Executing Ansible: ansible-playbook --extra-vars packer_build_name=amazon-ebs packer_builder_type=amazon-ebs -i /var/folders/1d/2mj011kj7fg8w80_8jfvlz800000gy/T/packer-provisioner-ansible887620501 /Users/dlenard/Documents/ubuntu/git repos/demo/ami.yml --private-key /var/folders/1d/2mj011kj7fg8w80_8jfvlz800000gy/T/ansible-key770617742
==> amazon-ebs: Executing Ansible: ansible-playbook --extra-vars packer_build_name=amazon-ebs packer_builder_type=amazon-ebs -i /var/folders/1d/2mj011kj7fg8w80_8jfvlz800000gy/T/packer-provisioner-ansible887620501 /Users/dlenard/Documents/ubuntu/git repos/demo/ami.yml --private-key /var/folders/1d/2mj011kj7fg8w80_8jfvlz800000gy/T/ansible-key770617742
    amazon-ebs:
2017/12/30 21:22:23 ui:     amazon-ebs:
2017/12/30 21:22:23 ui:     amazon-ebs: PLAY [dependency provisioning] *************************************************
    amazon-ebs: PLAY [dependency provisioning] *************************************************
    amazon-ebs:
2017/12/30 21:22:23 ui:     amazon-ebs:
2017/12/30 21:22:23 ui:     amazon-ebs: TASK [setup] *******************************************************************
    amazon-ebs: TASK [setup] *******************************************************************
2017/12/30 21:22:23 packer: 2017/12/30 21:22:23 SSH proxy: accepted connection
2017/12/30 21:22:23 packer: 2017/12/30 21:22:23 authentication attempt from 127.0.0.1:49301 to 127.0.0.1:49297 as ubuntu using none
2017/12/30 21:22:23 packer: 2017/12/30 21:22:23 authentication attempt from 127.0.0.1:49301 to 127.0.0.1:49297 as ubuntu using publickey
2017/12/30 21:22:23 packer: 2017/12/30 21:22:23 authentication attempt from 127.0.0.1:49301 to 127.0.0.1:49297 as ubuntu using publickey
2017/12/30 21:22:23 packer: 2017/12/30 21:22:23 authentication attempt from 127.0.0.1:49301 to 127.0.0.1:49297 as ubuntu using publickey
2017/12/30 21:22:23 packer: 2017/12/30 21:22:23 authentication attempt from 127.0.0.1:49301 to 127.0.0.1:49297 as ubuntu using publickey
2017/12/30 21:22:23 packer: 2017/12/30 21:22:23 authentication attempt from 127.0.0.1:49301 to 127.0.0.1:49297 as ubuntu using publickey
2017/12/30 21:22:23 packer: 2017/12/30 21:22:23 authentication attempt from 127.0.0.1:49301 to 127.0.0.1:49297 as ubuntu using publickey
2017/12/30 21:22:23 ui error: ==> amazon-ebs: failed to handshake
==> amazon-ebs: failed to handshake
2017/12/30 21:22:23 ui:     amazon-ebs: fatal: [testing]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh.", "unreachable": true}`

Im currently running into a problem when building an AMI, when I execute ansible playbook and run via the SSH proxy I cannot get the ssh connection to be successful.

provisioneansible-remote question
Source
picture jdmevo123

Most helpful comment

@jdmevo123 The problem I had (on Mac) was that ssh-add -l showed that Packer was adding keys to my local SSH agent without cleaning them up, and once that went past 6 entries (I already have a few myself in there) it would rotate through them locally until it hit the default MaxAuthTries on the Mac (which defaults to 6) and fail because the required key for the current run was after that.

Using ssh-add -D to clean up all current keys in the agent worked as a temporary solution.

picture WheresWardy on 9 Jan 2018
👍26 😄3

All 11 comments

Please supply the information requested in the issue template:

  • Packer version (packer version)
  • Host platform (uname -a etc.)
  • Debug log output from PACKER_LOG=1 packer build template.json.
    Please paste this in a gist.
  • The _simplest example template and scripts_ needed to reproduce the bug.
    Include these in your gist.

Especially no one is going to type the template in from you. You can't execute an image.

rickard-von-essen picture rickard-von-essen on 30 Dec 2017

apologies, I missed those,

packer version: Packer v1.1.3
Host Platform: Darwin xxx 17.2.0 Darwin Kernel Version 17.2.0: Fri Sep 29 18:27:05 PDT 2017; root:xnu-4570.20.62~3/RELEASE_X86_64 x86_64

Gist: https://gist.github.com/jdmevo123/0d24fea21476ceade3a064d13a7a13e3

I have included all the scripts in the gist.

Thanks

jdmevo123 picture jdmevo123 on 30 Dec 2017

No worries

rickard-von-essen picture rickard-von-essen on 30 Dec 2017

Hi @rickard-von-essen, are you waiting on anything else from me?

jdmevo123 picture jdmevo123 on 3 Jan 2018

No, don't think so. Just need some time to try to reproduce/read this through.

rickard-von-essen picture rickard-von-essen on 3 Jan 2018

@jdmevo123 The problem I had (on Mac) was that ssh-add -l showed that Packer was adding keys to my local SSH agent without cleaning them up, and once that went past 6 entries (I already have a few myself in there) it would rotate through them locally until it hit the default MaxAuthTries on the Mac (which defaults to 6) and fail because the required key for the current run was after that.

Using ssh-add -D to clean up all current keys in the agent worked as a temporary solution.

WheresWardy picture WheresWardy on 9 Jan 2018
👍26 😄3

I think I'm getting the same error, but the ssh-add -D command doesn't help me, I'm still getting amazon-ebs: failed to handshake error messages:

ssh-add -l
The agent has no identities.

packer log with debug in gist - https://gist.github.com/mtb-xt/3b2f4ad75e9f71b94d5f2c698987a0c4

I can connect to the instance using packer's debug mode and key, and there's nothing suspicious (for me) in the ssh debug log too. 

Mar 19 06:14:39 ip-172-31-3-172 systemd-logind[1126]: New session 2 of user ubuntu.
Mar 19 06:14:39 ip-172-31-3-172 sshd[1512]: User child is on pid 1543
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: SELinux support disabled
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: PAM: establishing credentials
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: permanently_set_uid: 1000/1000
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: rekey after 4294967296 blocks
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: rekey after 4294967296 blocks
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: ssh_packet_set_postauth: called
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: Entering interactive session for SSH2.
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: server_init_dispatch_20
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: server_input_channel_open: ctype session rchan 0 win 2097152 max 32768
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: input_session_request
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: channel 0: new [server-session]
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: session_new: session 0
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: session_open: channel 0
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: session_open: session 0: link with channel 0
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: server_input_channel_open: confirm session
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: server_input_channel_req: channel 0 request [email protected] reply 1
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: session_by_channel: session 0 channel 0
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: session_input_channel_req: session 0 req [email protected]
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: temporarily_use_uid: 1000/1000 (e=1000/1000)
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: restore_uid: (unprivileged)
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: channel 1: new [auth socket]
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: session_by_channel: session 0 channel 0
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: session_close_by_channel: channel 0 child 0
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: Close session: user ubuntu from 101.98.165.203 port 33180 id 0
Mar 19 06:14:39 ip-172-31-3-172 sshd[1543]: debug1: channel 0: free: server-session, nchannels 2

^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T^T
Mar 19 06:14:49 ip-172-31-3-172 sshd[1543]: Connection closed by 101.98.165.203
Mar 19 06:14:49 ip-172-31-3-172 sshd[1543]: debug1: channel 1: free: auth socket, nchannels 1
Mar 19 06:14:49 ip-172-31-3-172 sshd[1543]: debug1: do_cleanup
Mar 19 06:14:49 ip-172-31-3-172 sshd[1543]: debug1: temporarily_use_uid: 1000/1000 (e=1000/1000)
Mar 19 06:14:49 ip-172-31-3-172 sshd[1543]: debug1: restore_uid: (unprivileged)
Mar 19 06:14:49 ip-172-31-3-172 sshd[1543]: Transferred: sent 2664, received 2060 bytes
Mar 19 06:14:49 ip-172-31-3-172 sshd[1543]: Closing connection to 101.98.165.203 port 33180
Mar 19 06:14:49 ip-172-31-3-172 sshd[1512]: debug1: PAM: cleanup
Mar 19 06:14:49 ip-172-31-3-172 sshd[1512]: debug1: PAM: closing session
Mar 19 06:14:49 ip-172-31-3-172 sshd[1512]: pam_unix(sshd:session): session closed for user ubuntu
Mar 19 06:14:49 ip-172-31-3-172 sshd[1512]: debug1: PAM: deleting credentials
Mar 19 06:14:49 ip-172-31-3-172 systemd-logind[1126]: Removed session 2.
Mar 19 06:17:01 ip-172-31-3-172 CRON[1545]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 19 06:17:01 ip-172-31-3-172 CRON[1545]: pam_unix(cron:session): session closed for user root
Mar 19 06:25:01 ip-172-31-3-172 CRON[1548]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 19 06:25:06 ip-172-31-3-172 CRON[1548]: pam_unix(cron:session): session closed for user root
mtb-xt picture mtb-xt on 19 Mar 2018

ok, for me it was case of misused ansible_ssh_user variables, sorry...

mtb-xt picture mtb-xt on 21 Mar 2018

Thanks a lot. Below command fixed my issue.
ssh-add -l

gvddk picture gvddk on 14 Jun 2018
👍1

Closing because original poster never responded, but folks with similar issues found a workaround using ssh-add.

SwampDragons picture SwampDragons on 11 Dec 2018

I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashibot[bot] picture hashibot[bot] on 30 Mar 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sourav82 picture sourav82  ยท  3Comments
znerd picture znerd  ยท  3Comments
DanielBo picture DanielBo  ยท  3Comments
brettswift picture brettswift  ยท  3Comments
paulcdejean picture paulcdejean  ยท  3Comments