Ansible Provisioner results in failure

[AravindhStanley]

Folks, trying to build Rocky 9 image. I wanted to run our ansible hardening scripts as well before packing the image. When I add provisioner, it fails to execute the KS config.

Could someone please point me towards the right directions? Looks more like a packer knowledge problem, but any assistance is appreciated.

[r00ta]

Folks, trying to build Rocky 9 image. I wanted to run our ansible hardening scripts as well before packing the image. When I add provisioner, it fails to execute the KS config.

Could someone please point me towards the right directions? Looks more like a packer knowledge problem, but any assistance is appreciated.

Hi @AravindhStanley ,

Could you elaborate more the steps to reproduce your issue and paste here the full stacktrace of the error you get?

[SK1Y101]

@AravindhStanley Are you still having issues with Rocky9?
If so, please do attach relevant details here and we can attempt to help!
And if you're no longer facing issues, we'd still appreciate leaving details here so other users can follow your steps in future.

[jurekh]

Closing due to lack of activity. If the issue persists or if a community member has an idea about a fix, it can be reopened.

[GR360RY]

@AravindhStanley

To be able to provision the image with Ansible some changes are required to both the packer HCL template and the kickstart files:

1. Replace the poweroff with reboot in rocky9/http/rocky.ks

Ansible needs to connect to the instance over ssh and by default the machines will be powered off after installation with kickstart.

2. Remove the cleanup block from the rocky.ks file:

# Clean up install config not applicable to deployed environments.
for f in resolv.conf fstab; do
    rm -f /etc/$f
    touch /etc/$f
    chown root:root /etc/$f
    chmod 644 /etc/$f
done

rm -f /etc/sysconfig/network-scripts/ifcfg-[^lo]*

The above can be accomplished with shell provisioner or directly with Ansible as the last configuration step.
Keeping those lines will result in failed DBUS and SSH services startup following the reboot.

3. Add your ansible user to kickstart file to be able to access the machine during ansible provisioning:

user --name=ansible --groups=wheel --password='password' --plaintext

4. Allow ansible to sudo without password in kickstart post section:

%post --erroronfail
...
# Passwordless sudo for ansible user
echo ansible ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/ansible
chmod 440 /etc/sudoers.d/ansible

5. In rocky9.pkr.hcl change the communicator from none to ssh. Add the below to source "qemu":

ssh_username     = var.communicator == "ssh" ? var.ssh_username : null
ssh_password     = var.communicator == "ssh" ? var.ssh_password : null

6. Add ansible provisioner and update required plugins section.

See example here for centos7:

https://github.com/GR360RY/packer-maas/tree/packer_provisioner_refactoring/centos7

[GR360RY]

@jurekh I think this is a real issue and it should be addressed or at least explained in the docs.
I can provide more details if needed.

[jurekh]

Thanks @GR360RY. Do you think there's a way of incorporating your solution into the template in such a way that it works with and without Ansible? PRs are welcome, if you're up for giving it a shot.

[GR360RY]

Sure it can be done, but I think first we need to address this case I've opened today: Issue #197
@jurekh , I will be happy to provide a PR. Can you please take a look at the proposed changes for centos7 https://github.com/canonical/packer-maas/compare/main...GR360RY:packer-maas:packer_refactor_ks_generation?expand=1 ? I'll need to replicate this logic for the rest of the OSes. This will allow to do better templating for kickstart files and the next step will be adding Ansible provisioning. I'd rather split the changes into 2 PRs.

Below is the example code that works without provisioner by default, but can be easily updated to use Ansible:
https://github.com/GR360RY/packer-maas/blob/packer_provisioner_refactoring/centos7/centos7.pkr.hcl

[github-actions]

This issue is stale because it has been open for 30 days with no activity.

[github-actions]

This issue was closed because it has been inactive for 30 days since being marked as stale.