Cannot complete SSH handshake on Windows machine with Cygwin with OpenStack builder
117 views
Skip to first unread message
jho...@redhat.com
Oct 10, 2016, 6:17:47 AM10/10/16
to Packer
Hi,
I'm having following problem. I want to create a Windows image in OpenStack, which has already installed Cygwin, which is configured to accept SSH connection. If I try to manually create the machine in OpenStack, I can successfully connect to it via SSH (ssh Admin@<IP address>). The Windows user is "Admin".
Now I want to automate it with Packer, hence I create a very simple JSON:
The Ansible playbook does simple ECHO into file.
However, the SSH handshake always fails during the "openstack: Waiting for SSH to become available...", even though that when I run with -debug, after creation of the image and associating floating IP, I can manually connect to the machine via SSH, either with ssh Admin@<IP adress> or ssh -i os_openstack.pem Admin@<IP address>. The relevant part of output with PACKER_LOG=1 is here: http://pastebin.com/hRCtQe81
I don't see, why Packer would make any difference between my SSH connection and his, but I have to be missing something obvious, probably something with SSH keys, but I understand that Packer generated temporary keys, hence I do not have to specify any.
The above Packer JSON works fine if I use it to create RHEL image (only with difference that the ssh_username is "root"). I also tried to use WinRM communicator, i.e. specified communicator to WinRM, correct username, corrent winrm port and it succeeds. The trouble is that connecting via WinRM ends up "jumping" onto newly created machine into PowerShell, which is something I don't want to do (the image should be then used for testing of a project and the testing on Windows machines is done via Cygwin, hence I need to set up the Cygwin environment).
Do you have any idea what I'm missing?
Thanks,
Jiri
I'm having following problem. I want to create a Windows image in OpenStack, which has already installed Cygwin, which is configured to accept SSH connection. If I try to manually create the machine in OpenStack, I can successfully connect to it via SSH (ssh Admin@<IP address>). The Windows user is "Admin".
Now I want to automate it with Packer, hence I create a very simple JSON:
{
"builders": [
{
"type": "openstack",
"identity_endpoint": <url>,
"source_image": "1284b45f-d164-43ab-9b4a-6024497b1b3f",
"ssh_username": "Admin",
"image_name": "Windows-packer-test"
"flavor": "m4.xlarge",
"floating_ip_pool": "10.8.172.0/22",
"insecure": "true"
}
],
"provisioners": [
{
"type": "ansible",
"playbook_file": "../ansible/playbooks/images/windows-image.yaml",
"groups": ["packer"]
} ]
}
The Ansible playbook does simple ECHO into file.
However, the SSH handshake always fails during the "openstack: Waiting for SSH to become available...", even though that when I run with -debug, after creation of the image and associating floating IP, I can manually connect to the machine via SSH, either with ssh Admin@<IP adress> or ssh -i os_openstack.pem Admin@<IP address>. The relevant part of output with PACKER_LOG=1 is here: http://pastebin.com/hRCtQe81
I don't see, why Packer would make any difference between my SSH connection and his, but I have to be missing something obvious, probably something with SSH keys, but I understand that Packer generated temporary keys, hence I do not have to specify any.
The above Packer JSON works fine if I use it to create RHEL image (only with difference that the ssh_username is "root"). I also tried to use WinRM communicator, i.e. specified communicator to WinRM, correct username, corrent winrm port and it succeeds. The trouble is that connecting via WinRM ends up "jumping" onto newly created machine into PowerShell, which is something I don't want to do (the image should be then used for testing of a project and the testing on Windows machines is done via Cygwin, hence I need to set up the Cygwin environment).
Do you have any idea what I'm missing?
Thanks,
Jiri
Rickard von Essen
Oct 10, 2016, 6:54:26 AM10/10/16
to packe...@googlegroups.com
Do you have any of:
In your packer log (PACKER_LOG=1) ?Couldn't parse SSH key, trying work around for [GH-2526]Couldn't find OpenSSL, aborting work around.OpenSSL failed with error:Successfully converted BER encoded SSH key to DER encoding.
Does both
ssh Admin@<IP adress>
and
ssh -i os_openstack.pem Admin@<IP address>
Work?
Could you attach (pastebin/gist) your full log?
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/111ce419-35ec-4025-8430-6071c0740ffc%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
jho...@redhat.com
Oct 10, 2016, 7:03:27 AM10/10/16
to Packer
Hi Rickard,
thanks for such a quick response. Answers inline.
thanks for such a quick response. Answers inline.
Do you have any of:In your packer log (PACKER_LOG=1) ?Couldn't parse SSH key, trying work around for [GH-2526]Couldn't find OpenSSL, aborting work around.OpenSSL failed with error:Successfully converted BER encoded SSH key to DER encoding.
No, I have never seen any of these.
Does bothssh Admin@<IP adress>andssh -i os_openstack.pem Admin@<IP address>Work?
Yes, both work.
Could you attach (pastebin/gist) your full log?
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
Rickard von Essen
Oct 10, 2016, 7:50:25 AM10/10/16
to packe...@googlegroups.com
Which OpenStack release are you using?
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/71db03fa-0247-4f86-9bca-277950a88ddc%40googlegroups.com.
jho...@redhat.com
Oct 10, 2016, 8:02:31 AM10/10/16
to Packer
Which OpenStack release are you using?
OpenStack Kilo.
Rickard von Essen
Oct 10, 2016, 9:44:37 AM10/10/16
to packe...@googlegroups.com
Ok, then you don't need the workaround for GH-2526.
I'll recommend that you run with debug and ssh into the instance and read the audit log and see why ssh is failing.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/60189de3-2a20-4672-9919-6e94aa6e46ea%40googlegroups.com.
jho...@redhat.com
Oct 10, 2016, 10:40:16 AM10/10/16
to Packer
Thanks for responses. I'm currently trying to find the audit.log, maybe I'll need some more configuration, I'll get back to you once I'll have more info.
jho...@redhat.com
Oct 11, 2016, 11:30:24 AM10/11/16
to Packer
After investigation based on your suggestion, I found out that there isn't the temporary SSH key uploaded in the ~/.ssh/authorized_keys, hence it makes sense why it's not connected. There is only my key, which is there because I used it when creating the base image. Hence, it explains why Packer is not being able to SSH, but I can.
The question is now why the temporary SSH key is not uploaded there. I suspect that Cloud-init is not working properly, maybe it's stopped during the VM creation, which would cause the key not being copied into authorized_keys. I'm trying to verify this now. Does that make sense to you or do you have any more suggestions where to look?
Thanks,
Jiri
The question is now why the temporary SSH key is not uploaded there. I suspect that Cloud-init is not working properly, maybe it's stopped during the VM creation, which would cause the key not being copied into authorized_keys. I'm trying to verify this now. Does that make sense to you or do you have any more suggestions where to look?
Thanks,
Jiri
On Monday, October 10, 2016 at 3:44:37 PM UTC+2, Rickard von Essen wrote:
Rickard von Essen
Oct 11, 2016, 3:05:30 PM10/11/16
to packe...@googlegroups.com
That sounds very reasonable. There should be some logs for cloudbase-init. Review them an you will most likely get a step closer to solve this.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/ce0d4336-0976-4054-8ac3-5a4953c96305%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages