Correct way to use keypair for cloudstack

[David Curran]

I'm trying to automate the build process for templates and have run into an issue when trying to use a keypair.

I've created a valid keypair in the API:

(local) > list sshkeypairs

count = 1

sshkeypair:

name = keyname

I copied the output of the command used to create the key to a file as detailed in https://shankerbalan.net/blog/ssh-keys-on-cloudstack-guest-instances-using-cloud-init/

This is my .json file:

{

  "builders": [{

    "type": "cloudstack",

    "api_url": "{{user `api_url`}}",

    "api_key": "{{user `api_key`}}",

    "network": "{{user `network`}}",

    "secret_key": "{{user `secret_key`}}",

    "service_offering": "{{user `service_offering`}}",

    "source_template": "{{user `source_template`}}",

    "template_os": "{{user `template_os`}}",

    "zone": "{{user `zone`}}",

    "instance_name": "{{ user `instance_name`}}-{{timestamp}}",

    "template_name": "{{user `template_name`}}-{{timestamp}}",

    "template_password_enabled": true,

    "template_scalable": true,

    "expunge": true,

    "ssh_username": "{{user `ssh_username`}}",

    "ssh_private_key_file": "/root/to/cloudstack.pem",

    "keypair": "{{user `keypair`}}"

  }],

}

The variables are set in another file.

With this configuration I am getting:

==> cloudstack: Waiting for SSH to become available...

Build 'cloudstack' errored: unexpected EOF

==> Some builds didn't complete successfully and had errors:

--> cloudstack: unexpected EOF

I've also tried without the ssh_private_key_file setting but it hangs on waiting for SSH to become available and eventually times out.

I am able to log in with the key file when I run packer and it is waiting for ssh to become available and checked that the public key matches that from http://vr/latest/public-keys

Assuming I'm doing something stupid, is anyone able to point me in the right direction?

many thanks.

[Rickard von Essen]

Are you running the latest version (released today). I have been working on some cloudstack improvements that was released now some of them involved improved ssh support. 

/ Rickard 

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/16a89b29-0d4d-4df2-bf71-ac3aa9e5514a%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[David Curran]

Just upgraded now

packer -v

1.1.0

Made a change to use "ssh_agent_auth" and added the below to my ssh config:

Host first.three.octets.*

IdentityFile ~/.ssh/cloudstack.pem

{

  "builders": [{

    "type": "cloudstack",

    "api_url": "{{user `api_url`}}",

    "api_key": "{{user `api_key`}}",

    "network": "{{user `network`}}",

    "secret_key": "{{user `secret_key`}}",

    "service_offering": "{{user `service_offering`}}",

    "source_template": "{{user `source_template`}}",

    "template_os": "{{user `template_os`}}",

    "zone": "{{user `zone`}}",

    "instance_name": "{{ user `instance_name`}}-{{timestamp}}",

    "template_name": "{{user `template_name`}}-{{timestamp}}",

    "template_password_enabled": true,

    "template_scalable": true,

    "expunge": true,

    "ssh_agent_auth": true,

    "ssh_username": "{{user `ssh_username`}}",

    "keypair": "{{user `keypair`}}"

  }]

}

Now I get timeouts. Assuming the key, keypair and username are all correct, is this a correct set up for configuring a connection using ssh key?

To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool...@googlegroups.com.

[David Curran]

A little more digging suggests that it's not even attempting the SSH connection (or is trying the wrong IP/Port?) We're not seeing anything hit the virtual router in cloudstack while packer waits for SSH and when I edited the config so that it uses a key pair that doesn't match the key file being used it still times out. I would expect a near immediate authentication error in this case.

debug isn't much use as it just pauses for input rather than showing any further detail but with PACKER_LOG=1 I see

[DEBUG] Error getting SSH config: SSH_AUTH_SOCK is not set

which would suggest ssh is not working correctly. But I can SSH from this box just fine...

[Rickard von Essen]

This works with a temporary ssh keypair:

{

  "builders": [

  {

    "type": "cloudstack",

    "api_url": "https://api.auroracompute.eu/ams/",

    "network": "GuestNetworkForAMS05",

    "service_offering": "Agile | 512M",

    "source_template": "Ubuntu 16.04",

    "zone": "ams05",

    "ssh_username": "root",

    "use_local_ip_address": true,

    "security_groups": [ "ssh-from-any" ],

    "template_name": "Packer-test",

    "template_display_text": "Packer test",

    "template_os": "fa5df8b3-2eda-11e7-8c80-0030489db374"

  }]

}

cloudstack output will be in this color.

==> cloudstack: Preparing config...

    cloudstack: Config has been prepared!

==> cloudstack: Creating temporary keypair: packer_59b96ee7-8adc-2506-8a34-bf5af388821f ...

==> cloudstack: Created temporary keypair: packer_59b96ee7-8adc-2506-8a34-bf5af388821f

==> cloudstack: Creating instance...

    cloudstack: Instance has been created!

==> cloudstack: Setup networking...

    cloudstack: Using the local IP address...

    cloudstack: Networking has been setup!

==> cloudstack: Waiting for SSH to become available...

==> cloudstack: Connected to SSH!

==> cloudstack: Shutting down instance...

    cloudstack: Instance has been shutdown!

==> cloudstack: Creating template: Packer-test

    cloudstack: Retrieving the ROOT volume ID...

    cloudstack: Creating the new template...

    cloudstack: Template has been created!

==> cloudstack: Cleanup networking...

    cloudstack: Networking has been cleaned!

==> cloudstack: Deleting instance...

    cloudstack: Instance has been deleted!

==> cloudstack: Deleting temporary keypair: packer_59b96ee7-8adc-2506-8a34-bf5af388821f ...

Build 'cloudstack' finished.

==> Builds finished. The artifacts of successful builds are:

--> cloudstack: A template was created: Packer-test

It runs on a public cloud https://www.pcextreme.com/ - aurora compute. You can register and test this out your self.

In your case I recommend that you run with: packer build -on-error=ask template.json 

So you manually can try to ssh into the instance and also debug from the console. Check the usual, network, ssh, authorization and cloud-init.

If you still have problem run with PACKER_LOG=1 and link the log here and we can see if there is anything going wrong.

To unsubscribe from this group and stop receiving emails from it, send an email to packer-tool+unsubscribe@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/03830284-f606-47d2-b07e-692b9dde8969%40googlegroups.com.

[David Curran]

Thanks,

I'll just use temporary keypairs as this has worked perfectly. Odd that it doesn't work for an existing keypair though...must be missing something at my end.