packer-plugin-proxmox
packer-plugin-proxmox copied to clipboard
hashicorp
Ansible provisionner try to connect to localhost
Overview of the Issue
When I specify a an ansible provisionner :
build {
name = "test_template"
sources = [
"sources.proxmox-iso.debian-tmpl",
]
provisioner "ansible" {
playbook_file = "playbooks/debian-tmpl.yml"
user = "reachable_user"
}
}
The process work great until the ansible part where ansible try to connect to localhost instead of the server. The server gets it's address and has the qemu-guest-agent active, I can see the IP in the proxmox webUI.
Reproduction Steps
- Create a minimal packer build with an ansible playbook
- Run it.
Plugin and Packer version
Packer 1.7.4
Simplified Packer Buildfile
build {
name = "debian_template"
sources = [
"sources.proxmox-iso.debian-template",
]
provisioner "ansible" {
playbook_file = "playbooks/debian-template.yml"
user = "reachable_user"
}
}
Source:
source "proxmox-iso" "debian-template" {
proxmox_url = "${var.proxmox_hostname}/api2/json"
insecure_skip_tls_verify = false
username = var.proxmox_username
password = var.proxmox_password
node = var.proxmox_node_name
vm_name = "debian-11-packer-${var.template_name}"
template_name = "debian-11-template-${var.template_name}"
template_description = "Template ready to be terraformed."
memory = 4096
cores = 8
os = "l26"
network_adapters {
model = "virtio"
bridge = "vmbr1"
}
qemu_agent = true
cloud_init = true
cloud_init_storage_pool = "local-lvm"
scsi_controller = "virtio-scsi-single"
disks {
type = "virtio"
io_thread = true
disk_size = 8
storage_pool = "local-lvm"
storage_pool_type = "lvm"
format = "raw"
}
iso_file = var.iso_file
iso_storage_pool = "local-lvm"
iso_checksum = var.iso_checksum
ssh_username = var.ssh_username
ssh_password = var.ssh_password
ssh_timeout = "30m"
boot_wait = "4s"
unmount_iso = true
boot_command = [
"<esc><wait>",
"auto ",
"url=${var.user_data_server}preseed.cfg ",
"<enter><wait>"
]
http_directory = "http"
}
Operating system and Environment details
Arch linux for the client
Log Fragments and crash.log files
==> debian_template.proxmox-iso.debian-practice: Connected to SSH!
==> debian_template.proxmox-iso.debian-practice: Provisioning with Ansible...
debian_template.proxmox-iso.debian-practice: Setting up proxy adapter for Ansible....
==> debian_template.proxmox-iso.debian-practice: Executing Ansible: ansible-playbook -e packer_build_name="debian-template" -e packer_builder_type=proxmox-iso -e packer_http_addr=192.168.1.100:8873 --ssh-extra-args '-o IdentitiesOnly=yes' -e ansible_ssh_private_key_file=/tmp/ansible-key589778536 -i /tmp/packer-provisioner-ansible3468307636 /home/remi/Documents/packer/playbooks/debian-templaye.yml
student_debian_template.proxmox-iso.debian-practice: ______________________
student_debian_template.proxmox-iso.debian-practice: < PLAY [Minimum setup] >
student_debian_template.proxmox-iso.debian-practice: ----------------------
student_debian_template.proxmox-iso.debian-practice: \ ^__^
student_debian_template.proxmox-iso.debian-practice: \ (oo)\_______
student_debian_template.proxmox-iso.debian-practice: (__)\ )\/\
student_debian_template.proxmox-iso.debian-practice: ||----w |
student_debian_template.proxmox-iso.debian-practice: || ||
student_debian_template.proxmox-iso.debian-practice:
student_debian_template.proxmox-iso.debian-practice: ________________________
student_debian_template.proxmox-iso.debian-practice: < TASK [Gathering Facts] >
student_debian_template.proxmox-iso.debian-practice: ------------------------
student_debian_template.proxmox-iso.debian-practice: \ ^__^
student_debian_template.proxmox-iso.debian-practice: \ (oo)\_______
student_debian_template.proxmox-iso.debian-practice: (__)\ )\/\
student_debian_template.proxmox-iso.debian-practice: ||----w |
student_debian_template.proxmox-iso.debian-practice: || ||
student_debian_template.proxmox-iso.debian-practice:
==> student_debian_template.proxmox-iso.debian-practice: failed to handshake
student_debian_template.proxmox-iso.debian-practice: fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: Unable to negotiate with 127.0.0.1 port 39235: no matching host key type found. Their offer: ssh-rsa", "unreachable": true}
There is one thing that bothers me. It's the "ssh-rsa". the ssh key used is an ed25519 key, I have both an ed25519 key and an rsa key but it doesn't seem to work too.
I have this same issue. But this works on vsphere so i think its a bug. But there is a workaround to solve this problem:
}{% if provision_with_ansible %},
{
"type": "ansible",
"playbook_file": "./playbook.yml",
"extra_arguments": ["-e ansible_ssh_pass={{ ssh_password }}{% if debug is defined %} -vv{% endif %}"],
"user": "{{ ssh_username }}"
}
{% endif %}
Add extra_arguments: ["-e ansible_ssh_pass=mypassword"] so ansible connects via username and password. You need sshpass installed on your system.
This issue is discussed in hashicorp/packer-plugin-ansible#69 and is a result of OpenSSH deprecating RSA/SHA-1. It has yet to be fixed but there are two workarounds available:
- Turn off the proxy adapter if you do not need it:
provisioner "ansible" {
...
use_proxy = false
...
}
- Or allow SSH to accept the
ssh-rsaalgorithm:
provisioner "ansible" {
...
ansible_ssh_extra_args = ["-oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedKeyTypes=+ssh-rsa -o IdentitiesOnly=yes"]
extra_arguments = [ "--scp-extra-args", "'-O'" ]
...
}
