Re: [packer] Instances based on Packer AMI, SSH Connection Refused

[Rickard von Essen]

The only two security related things packer does is setting up temporary security groups and that is only relevant to the building of the AMI. And it creates a temporary ssh key and uploads the public key to aws which injects it into the instance via cloud-init. I feel there is some key information missing here.

For trouble shooting I recomend:
1) check the console log of the instance you can't access. Does it contain any errors regarding network, sshd, or authorized?
2) run packer with debug logging enabled: PACKER_LOG=1 packer build template.json, this will reveal exactly what packer does.
3) in your AMI build, including a hard-coded authorized public key that you can use. This will allow you to ssh a into the instance even if there is some cloud-init related problems.

On Sep 16, 2016 00:52, "Synaesthete" <ryan.v...@gmail.com> wrote:

I've been building AMIs using Packer for a while. I'm basing these on Amazon Linux, and have been using the same base AMI version. I'm using Packer 10.1. Recently I have not been able to SSH in to instances built from these Packer base AMIs. I get a Connection Refused error. I'm using a Terraform configuration to manage my infrastructure, so have defined security groups, etc. with that. If I build my infrastructure with the hard-coded Amazon Linux base AMI, I'm able to SSH in. If I do the same with a Packer-built AMI, I can't log in. I've even tried removing the provisioner block from my Packerfile. It's as if Packer is doing something that prevents SSH (disables SSH agent? Messes with the firewall?)

Does this ring a bell for anyone? What could be happening?

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/9d70cf00-a2db-48ae-8a13-cb0ee8b26b9e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Vivek Vvk]

Hi, I am facing the same issue. Specifically when building ubuntu18.04 image. did you find any solution to this issue by any chance?

On Friday, 16 September 2016 11:51:07 UTC+5:30, Rickard von Essen wrote:

The only two security related things packer does is setting up temporary security groups and that is only relevant to the building of the AMI. And it creates a temporary ssh key and uploads the public key to aws which injects it into the instance via cloud-init. I feel there is some key information missing here.

For trouble shooting I recomend:
1) check the console log of the instance you can't access. Does it contain any errors regarding network, sshd, or authorized?
2) run packer with debug logging enabled: PACKER_LOG=1 packer build template.json, this will reveal exactly what packer does.
3) in your AMI build, including a hard-coded authorized public key that you can use. This will allow you to ssh a into the instance even if there is some cloud-init related problems.

On Sep 16, 2016 00:52, "Synaesthete" <ryan.v...@gmail.com> wrote:

I've been building AMIs using Packer for a while. I'm basing these on Amazon Linux, and have been using the same base AMI version. I'm using Packer 10.1. Recently I have not been able to SSH in to instances built from these Packer base AMIs. I get a Connection Refused error. I'm using a Terraform configuration to manage my infrastructure, so have defined security groups, etc. with that. If I build my infrastructure with the hard-coded Amazon Linux base AMI, I'm able to SSH in. If I do the same with a Packer-built AMI, I can't log in. I've even tried removing the provisioner block from my Packerfile. It's as if Packer is doing something that prevents SSH (disables SSH agent? Messes with the firewall?)

Does this ring a bell for anyone? What could be happening?

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.

To unsubscribe from this group and stop receiving emails from it, send an email to packe...@googlegroups.com.

[Virt Man]

I too faced similar issue some time ago. update the qemu-kvm or qemu-x86_64 binary to the latest and check. This might help.

Thanks

VirtM

To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/483ccee5-1b74-425f-b79d-c9e19ad2c1df%40googlegroups.com.