Reputation: 1
Where does packer store the private key?
From ubuntu shell I ran below command, to talk to aws platform, to customise amazon ami(ami-9abea4fb):
$ packer build -debug template.packer
Debug mode enabled. Builds will not be parallelized.
amazon-ebs output will be in this color.
==> amazon-ebs: Prevalidating AMI Name...
==> amazon-ebs: Pausing after run of step 'StepPreValidate'. Press enter to continue.
==> amazon-ebs: Inspecting the source AMI...
==> amazon-ebs: Pausing after run of step 'StepSourceAMIInfo'. Press enter to continue.
==> amazon-ebs: Creating temporary keypair: packer 5dfe9f3b-9cc2-cbfa-7349-5c8ef50c64d5
amazon-ebs: Saving key for debug purposes: ec2_amazon-ebs.pem
==> amazon-ebs: Pausing after run of step 'StepKeyPair'. Press enter to continue.
where template.packer is:
{
"builders": [
{
"type": "amazon-ebs",
"region": "us-west-2",
"source_ami": "ami-9abea4fb",
"instance_type": "t2.micro",
"ssh_username": "ubuntu",
"ami_name": "MiddleTier-{{isotime | clean_ami_name}}",
"ami_description": "Amazon AMI customised",
"tags": {
"role": "MiddleTier"
},
"run_tags":{
"role": "buildSystem"
}
}
],
"provisioners": [
],
"post-processors":[
]
}
and my understanding is, AWS has created a private key(ec2_amazon-ebs.pem) for packer to talk to EC2 instance in passwordless way, as mentioned in above steps.
But I do not see packer copying the private key(ec2_amazon-ebs.pem) in my laptop(as ~/.ssh/ec2_amazon-ebs.pem)
How does packer talk to EC2? without copying as ~/.ssh/ec2_amazon-ebs.pem in my laptop
Upvotes: 11
Views: 10056
Answers (2)
Reputation: 700
I think the best way to connect to the instance is to set following 2 properties.
ssh_keypair_name # provide the aws keypair name which already exists.
ssh_private_key_file # provide the path to private key associated with above keypair. ~ resolves to current user's home directory.
Also set the associate_public_ip_address if public IP is not allocated to the instance (or else you will have to use bastion host to ssh into the machine).
This should allow you to ssh as follows:
ssh -i ~/.ssh/private_key.pem ec2-user@<InstancePublicIP>
Change the file name as per the actual private key path. Also change the user name as per the OS (eg. ubuntu for ubuntu based machine instead of ec2-user)
You can either use the breakpoint provisioner to pause the packer execution like this:
provisioner "breakpoint" {
disable = true
note = "this is a breakpoint"
}
or you can pause the packer execution on error something like this.
packer build -on-error=ask .
This will allow you to ssh into the instance to verify the script while packer is paused for input.
Debug flag as follows
packer build -debug .
will also allow you to pause the packer build.
Once the build is paused use the above ssh command to connect to the instance.
Upvotes: 1
Reputation: 4288
Unless Packer is given a private SSH with the ssh_private_key_file Packer creates an ephemeral that is only kept in memory while Packer is running.
When you run with the -debug flag this ephemeral key is saved into the current working directory. This is to enable you to troubleshoot the build by manually SSH'ing into the instance.
Upvotes: 14
Related Questions
- How does EC2 install the public key from your keypair?
- Packer: Generate AMI from a running EC2 Instance
- Having problems with Packer: amazon-ebs: Timeout waiting for SSH
- How can I copy an AMI to another account using Packer?
- How do I copy an encrypted AMI from one aws account to another?
- AWS AMI cannot retrieve password after packer creation using private key
- Where can I find private key file for EC2 instance I create through Elastic Beanstalk CLI?
- Where is my pem key file on EC2?
- How to create an EC2 machine with Packer?
- Acquire interactive shell in Packer?