packer-plugin-ansible icon indicating copy to clipboard operation
packer-plugin-ansible copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

Build fails from RHEL 9.2

Open joubbi opened this issue 2 years ago • 3 comments

Overview of the Issue

Building a machine works fine with vsphere.iso until Ansible connects to the machine and fails with the following error message: mux_client_read_packet: read header failed: Broken pipe

It fails when I run the build from a machine running Rocky Linux 9.2. It does not fail if I run the build from a laptop running Ubuntu in WSL and using a bstion host running RHEL 7.9. I have tried building both RHEL 8 and RHEL 9 with the same error.

Note: I have use_proxy = true. Setting it to false gives another error that has been reported here by others: Next authentication method: publickey\r\ndebug1: Trying private key: /tmp/ansible-key1926188557\r\nLoad key \"/tmp/ansible-key1926188557\": error in libcrypto\r\ndebug2: we did not send a packet, disable method\r\ndebug1: No more authentication methods to try.\r\[email protected]: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).", vsphere-iso.rhel8-cis1: "unreachable": true

Reproduction Steps

Create a RHEL 8 or 9 machine with Packer in my environment using vsphere.iso and the ansible provisioner. The ansible provisioner will fail.

Plugin and Packer version

1.9.1

Simplified Packer Buildfile

provisioner "ansible" { ansible_ssh_extra_args = [ "-oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa" ] playbook_file = "../ansible/fix_firewalld.yml" user = "${local.ssh_username}" extra_arguments = [ "--extra-vars", "ansible_become_pass=${var.new_ssh_pass}", "-vvvv" ] sftp_command = "/usr/libexec/openssh/sftp-server -e" use_proxy = true }

Operating system and Environment details

$ ansible-playbook --version ansible-playbook [core 2.14.6] config file = None configured module search path = ['/home/username/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home/username/.local/lib/python3.9/site-packages/ansible ansible collection location = /home/username/.ansible/collections:/usr/share/ansible/collections executable location = /home/username/.local/bin/ansible-playbook python version = 3.9.16 (main, Dec 8 2022, 00:00:00) [GCC 11.3.1 20221121 (Red Hat 11.3.1-4)] (/usr/bin/python3) jinja version = 3.1.2 libyaml = True

$ packer --version 1.9.1

$ cat /etc/redhat-release Rocky Linux release 9.2 (Blue Onyx)

Log Fragments and crash.log files

https://gist.github.com/joubbi/1190b2c1499d7bc9917261f11128bfb0

joubbi avatar Jun 05 '23 13:06 joubbi

I have done some more digging into this.

I have installed a fresh machine with RHEL 9.2 and installed packer on it. Building RHEL 8 or 9 from it fails.

I have installed a fresh machine running RHEL 8.7 the same way as the 9.2 using the almost same kickstart file and installed packer on it. Building RHEL 8 or 9 from this works fine.

With RHEL 8.7 both use_proxy = true and use_proxy = false works fine.

With RHEL 9.2 I have to do sudo update-crypto-policies --set DEFAULT:SHA1 in order to not get "error in libcrypto". That is not needed with 8.7, probably since this is not needed either: ansible_ssh_extra_args = [ "-oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa" ]

joubbi avatar Jun 07 '23 16:06 joubbi

I had the same problem and when I changed the use_proxy to false the default generated ansible key are empty and the communication didn't work.

cello86 avatar Jun 27 '23 10:06 cello86

@joubbi https://github.com/hashicorp/packer-plugin-ansible/issues/42#issuecomment-1609414998

cello86 avatar Jun 27 '23 12:06 cello86