Correct use of ssh_private_key_file option

[Rob Weir]

Hi there,


I'm trying to figure out how to use the ssh_private_key_file option when building an AWS EBS image, however all the permutations I've tried seem to end up with SSH auth failures during the image build. I've tried:
* have AWS generate a PEM file, point ssh_private_key_file at the PEM file
* generate my own pub/priv key with 'ssh-keygen -f blah', then point ssh_private_key_file at 'blah'
* each of the above with temporary_key_pair_name set to the name of the key in the AWS console

Could someone point out what I'm missing?

Cheers,

Rob

[Alvaro Miranda Aguilera]

What do you want to do?

--
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Rob Weir]

I'd like to provide a key from local disk, rather than having Packer provision a new keypair for every build.

[Alvaro Miranda Aguilera]

Hi there,

I was thinking, and seems is a chicken egg here.

This is how I understand the goal of this.

You start with a packer template, it get a source ami + AWS key/secret

It boots, it create a random pair for the provisioning work (this is important), and then shutdown.. then start.. and shutdown.. I think this is for confirmation it does boot after provision.

The generated key is only used on the provision, and then is discarded. This is way when you want to name this pair, is only a temporary pair.

So, what you want to do: use a private key pair, for this provision leads to this error:

  ==> amazon-ebs: Waiting for SSH to become available...                                                                                                                                                                                        

  ==> amazon-ebs: Error waiting for SSH: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain                                                         ==> amazon-ebs: Terminating the source AWS instance... 

Which I think is fine, perhaps a bit better wording on the documentation is needed.. I did couple of test and check the source code..

So to make this working..

So, I created 2 templates.. one that set my public key for ubuntu user.. and a second use the ami generated with my previous one and my private key.. and did work.

So I think the option here is, if your ami have a known private key, you can use for the provision, otherwise let the random one be created and then deleted.

here the templates and logs

https://gist.github.com/4430a102d4a30a7c17c5

Alvaro.

On Mon, Nov 10, 2014 at 11:08 AM, Rob Weir <rw...@ertius.org> wrote:

I'd like to provide a key from local disk, rather than having Packer provision a new keypair for every build.

--

[Jerome Touffe-Blin]

Hi Alvaro,

I may be wrong but my understanding is the same as Rob i.e. the intent of this ssh_private_key_file field is that you can create a key pair in the Amazon console, and then reuse this key pair in your packer builds to avoid creating a new one on each build. When a packer build fails, sometimes the created key is left hanging and we have more than 50 of those in our account, starts getting messy. 

When you launch a new EC2 instance in the AWS console or API you can specify which existing key pair to use or to create a new one so I assume this is what this feature is originally supposed to mimic. The fix would be to use the provided ssh_private_key_file and pass it to the AWS API when packer launches the ec2 instance. Otherwise as it is today, this feature doesn't really provide a lot of value.

Does that make sense?

Thank you

Jerome