Overview of the Issue
When using the vmware-iso builder with remote_type=esx5 and ssh_bastion_host set to an ssh bastion server, it seems that Packer does not always use the ssh bastion configuration when attempting to communicate to the host for provisioning. This results in the builder failing with (10.0.81.104 is the IP of the VM interface, which is only accessible through the ssh bastion):
16:30:28 2020/03/10 20:30:28 packer-****-vmware-iso plugin: [DEBUG] Opening new ssh session
16:30:28 2020/03/10 20:30:28 packer-****-vmware-iso plugin: [DEBUG] starting remote command: esxcli --formatter csv network vm port list -w 2472597
16:30:31 2020/03/10 20:30:31 packer-****-vmware-iso plugin: Timeout connecting to 10.0.81.104
16:30:31 2020/03/10 20:30:31 packer-****-vmware-iso plugin: [DEBUG] Error getting SSH address: No interface on the VM has an IP address ready
I suspect this is because the lines from
|
// When multiple NICs are connected to the same network, choose |
|
// one that has a route back. This Dial should ensure that. |
|
conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", record["IPAddress"], port), 2*time.Second) |
|
if err != nil { |
|
if e, ok := err.(*net.OpError); ok { |
|
if e.Timeout() { |
|
log.Printf("Timeout connecting to %s", record["IPAddress"]) |
|
continue |
|
} |
|
} |
Which attempt to communicate to the VM without using the ssh bastion. In my use case the VM is only accessible via the ssh bastion, so this network check fails.
I built a custom binary using this hack, and I got past the above issue:
diff --git a/builder/vmware/common/driver_esx5.go b/builder/vmware/common/driver_esx5.go
index 109b91967..ea9b226c0 100644
--- a/builder/vmware/common/driver_esx5.go
+++ b/builder/vmware/common/driver_esx5.go
@@ -437,11 +437,11 @@ func (ESX5Driver) UpdateVMX(_, password string, port int, data map[string]string
}
func (d *ESX5Driver) CommHost(state multistep.StateBag) (string, error) {
- sshc := state.Get("sshConfig").(*SSHConfig).Comm
- port := sshc.SSHPort
- if sshc.Type == "winrm" {
- port = sshc.WinRMPort
- }
+ //sshc := state.Get("sshConfig").(*SSHConfig).Comm
+ //port := sshc.SSHPort
+ //if sshc.Type == "winrm" {
+ // port = sshc.WinRMPort
+ //}
if address, ok := state.GetOk("vm_address"); ok {
return address.(string), nil
@@ -495,22 +495,26 @@ func (d *ESX5Driver) CommHost(state multistep.StateBag) (string, error) {
if record["IPAddress"] == "0.0.0.0" {
continue
}
- // When multiple NICs are connected to the same network, choose
- // one that has a route back. This Dial should ensure that.
- conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", record["IPAddress"], port), 2*time.Second)
- if err != nil {
- if e, ok := err.(*net.OpError); ok {
- if e.Timeout() {
- log.Printf("Timeout connecting to %s", record["IPAddress"])
- continue
- }
- }
- } else {
- defer conn.Close()
- address := record["IPAddress"]
- state.Put("vm_address", address)
- return address, nil
- }
+
+ address := record["IPAddress"]
+ state.Put("vm_address", address)
+ return address, nil
+ //// When multiple NICs are connected to the same network, choose
+ //// one that has a route back. This Dial should ensure that.
+ //conn, err := net.DialTimeout("tcp", fmt.Sprintf("%s:%d", record["IPAddress"], port), 2*time.Second)
+ //if err != nil {
+ // if e, ok := err.(*net.OpError); ok {
+ // if e.Timeout() {
+ // log.Printf("Timeout connecting to %s", record["IPAddress"])
+ // continue
+ // }
+ // }
+ //} else {
+ // defer conn.Close()
+ // address := record["IPAddress"]
+ // state.Put("vm_address", address)
+ // return address, nil
+ //}
}
return "", errors.New("No interface on the VM has an IP address ready")
}
Reproduction Steps
Note: the below probably only fails if the VM network itself (not esxi) is actually not reachable from where packer is running (thus the need for the ssh bastion):
- Configure your
packer.json to use the vmware-iso builder with remote_type=esx5
- Configure the
ssh configs for accessing the VM via an SSH bastion
Packer version
Packer v1.5.4
I didn't test with master, but that code path does not seem to have changed.
Simplified Packer Buildfile
https://gist.github.com/paulcichonski/a18033e5978f9a169813efbc81f293f7
Log Fragments and crash.log files
https://gist.github.com/paulcichonski/708c5b5c28e425a7888bf679dfc384c5
Overview of the Issue
When using the
vmware-isobuilder withremote_type=esx5andssh_bastion_hostset to an ssh bastion server, it seems that Packer does not always use the ssh bastion configuration when attempting to communicate to the host for provisioning. This results in the builder failing with (10.0.81.104is the IP of the VM interface, which is only accessible through the ssh bastion):I suspect this is because the lines from
packer/builder/vmware/common/driver_esx5.go
Lines 498 to 507 in 5f02150
Which attempt to communicate to the VM without using the ssh bastion. In my use case the VM is only accessible via the ssh bastion, so this network check fails.
I built a custom binary using this hack, and I got past the above issue:
Reproduction Steps
Note: the below probably only fails if the VM network itself (not esxi) is actually not reachable from where packer is running (thus the need for the ssh bastion):
packer.jsonto use thevmware-isobuilder withremote_type=esx5sshconfigs for accessing the VM via an SSH bastionPacker version
Packer v1.5.4
I didn't test with
master, but that code path does not seem to have changed.Simplified Packer Buildfile
https://gist.github.com/paulcichonski/a18033e5978f9a169813efbc81f293f7
Log Fragments and crash.log files
https://gist.github.com/paulcichonski/708c5b5c28e425a7888bf679dfc384c5