SSH timeout when

55 views
Skip to first unread message

Arunkumar Janarthanan

unread,
Aug 30, 2018, 3:31:42 PM8/30/18
to Packer
I run Packer 1.2.5 on OSX, I have been trying to create encrypted volume AMI with CIS security hardened script enabled and facing numerous problems with it.

Problem #1. 

I am getting SSH timeout upon adding the below section, however without the below section AMI provisioning looks good except the root volume size always 2 gig. 

Error: 

2018/08/30 13:11:18 packer: 2018/08/30 13:11:18 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:11:38 packer: 2018/08/30 13:11:38 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:11:58 packer: 2018/08/30 13:11:58 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:12:18 packer: 2018/08/30 13:12:18 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:12:38 packer: 2018/08/30 13:12:38 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:12:58 packer: 2018/08/30 13:12:58 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:13:18 packer: 2018/08/30 13:13:18 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:13:38 packer: 2018/08/30 13:13:38 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:13:58 packer: 2018/08/30 13:13:58 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:14:18 packer: 2018/08/30 13:14:18 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:14:38 packer: 2018/08/30 13:14:38 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:14:58 packer: 2018/08/30 13:14:58 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout

2018/08/30 13:15:06 packer: 2018/08/30 13:15:06 No AWS timeout and polling overrides have been set. Packer will defalt to waiter-specific delays and timeouts. If you would like to customize the length of time between retries and max number of retries you may do so by setting the environment variables AWS_POLL_DELAY_SECONDS and AWS_MAX_ATTEMPTS to your desired values.

2018/08/30 13:15:18 packer: 2018/08/30 13:15:18 [DEBUG] TCP connection to SSH ip/port failed: dial tcp 54.190.59.198:22: i/o timeout



// -----------

  "ami_block_device_mappings": [ {

            "device_name": "/dev/sda1",

            "volume_size": 64,

            "delete_on_termination": true

        } ],

        "launch_block_device_mappings": [ {

            "device_name": "/dev/sda1",

            "volume_size": 64,

            "delete_on_termination": true

        } ],


// -----


Full json file: this works except it only creates 3 gig root volume. 


=======


{

    "variables" : {

        "region" : "us-west-2"

    },

    "builders" : [

        {

            "type" : "amazon-ebs",

            "profile" : "default",

            "region" : "{{user `region`}}",

            "instance_type" : "t2.micro",

            "source_ami" : "ami-37efa14f",

            "ssh_username" : "ec2-user",

            "ami_name" : "docker-17.12.1-ce",

            "ami_description" : "Amazon Linux Image with Docker-CE",

            "ami_block_device_mappings": [{

            "delete_on_termination": "true",

            "device_name": "/dev/sda1"

            }],

            "run_tags" : {

                "Name" : "AE-Plain",

                "Tool" : "Packer",

                "Author" : "AJ"

            }

        }

    ],

    "provisioners" : [

        {

            "type" : "shell",

            "script" : "./setup.sh"

        },

    {

      "type": "shell",

      "execute_command": "sudo -S bash '{{ .Path }}'",

      "scripts": [

        "amazonlinux-hardening.sh",

        "docker-secure.sh"

      ]

    }

    ]

}



Kindly advise.

Thanks,
AJ 

Arunkumar Janarthanan

unread,
Aug 30, 2018, 3:39:52 PM8/30/18
to Packer
Apologize for the short subject line and the missing salutations. 

Rickard von Essen

unread,
Sep 1, 2018, 9:01:50 AM9/1/18
to packe...@googlegroups.com
It looks like you are using the wrong device_name:

$ AWS_PROFILE=admin aws --region us-west-2 ec2 describe-images --image-ids ami-37efa14f                                                              {
    "Images": [
        {
            "Architecture": "x86_64",
            "CreationDate": "2018-06-22T23:29:16.000Z",
            "ImageId": "ami-37efa14f",
            "ImageLocation": "amazon/amzn2-ami-minimal-hvm-2.0.20180622.1-x86_64-ebs",
            "ImageType": "machine",
            "Public": true,
            "OwnerId": "137112412989",
            "State": "available",
            "BlockDeviceMappings": [
                {
                    "DeviceName": "/dev/xvda",
                    "Ebs": {
                        "Encrypted": false,
                        "DeleteOnTermination": true,
                        "SnapshotId": "snap-04e358335dc927649",
                        "VolumeSize": 2,
                        "VolumeType": "standard"
                    }
                }
            ],
            "Description": "Amazon Linux 2 AMI 2.0.20180622.1 x86_64 Minimal HVM ebs",
            "EnaSupport": true,
            "Hypervisor": "xen",
            "ImageOwnerAlias": "amazon",
            "Name": "amzn2-ami-minimal-hvm-2.0.20180622.1-x86_64-ebs",
            "RootDeviceName": "/dev/xvda",
            "RootDeviceType": "ebs",
            "SriovNetSupport": "simple",
            "VirtualizationType": "hvm"
        }
    ]
}

This thread contains more information:

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/4883a996-6688-4afd-aa29-34d87e8f7a3b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Arunkumar Janarthanan

unread,
Sep 4, 2018, 10:43:57 AM9/4/18
to packe...@googlegroups.com
Thanks Rickard, I wanted to have the root volume encrypted, for now I had to run another script after provisioning the image to encrypt the AMI through AWS cli. 

Best Regards,
Arun Janarthanan



To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt920KL0a8FpeD3WEJTR-mzH6y2VzAsrOoBDJEauATP7Qw%40mail.gmail.com.

Rickard von Essen

unread,
Sep 4, 2018, 1:32:27 PM9/4/18
to packe...@googlegroups.com


Best Regards,
Arun Janarthanan



To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALJ%2BeNLYoUAQwG2jWKULEnMbW8XZn7f0Oh54VJ3iN1%3DQtkkGTw%40mail.gmail.com.

Arunkumar Janarthanan

unread,
Sep 4, 2018, 1:43:25 PM9/4/18
to packe...@googlegroups.com
Thanks, do I not need to mention the KMS id ? 

Best Regards,
Arun Janarthanan




Best Regards,
Arun Janarthanan



To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt-k%2B1esM8Qc0FwJVqPm%3DSLuTRFeF%3DUO7p%3DWeW461t6QBg%40mail.gmail.com.

Rickard von Essen

unread,
Sep 4, 2018, 2:00:45 PM9/4/18
to packe...@googlegroups.com
If you don't set the kms_id you get the default kms key for EBS created by AWS for your account. Which is probably fine unless you have specific security requirements or need to share the underlying snapshots with other accounts.


Best Regards,
Arun Janarthanan




Best Regards,
Arun Janarthanan



To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALJ%2BeN%2BLKdPaw7BKbkCx1xt6hCPztUPd5RGivLsmZVmCh%3D5s0g%40mail.gmail.com.

Arunkumar Janarthanan

unread,
Sep 4, 2018, 2:18:05 PM9/4/18
to packe...@googlegroups.com
That should absolutely be fine for me. Thanks a ton ! 

Best Regards,
Arun Janarthanan




Best Regards,
Arun Janarthanan




Best Regards,
Arun Janarthanan



To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt_3_UFyCZ9n%3DDBJaPnTV0avEQjP12Usqn8_3n8y7ppt4A%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages