Unable to SSH in Azure VM created with Packer

Question

So, I am creating an Azure image using Packer.

{
  "builders": [{
    "type": "azure-arm",

    "client_id"      : "{{user `client_id`}}",
    "client_secret"  : "{{user `client_secret`}}",
    "subscription_id": "{{user `subscription_id`}}",
    "tenant_id"      : "{{user `tenant_id`}}",

    "managed_image_resource_group_name": "{{user `resource_group`}}",
    "managed_image_name": "CentOS7_w_GitlabCE_{{timestamp}}",

    "os_type"        : "Linux",
    "image_publisher": "OpenLogic",
    "image_offer"    : "CentOS",
    "image_sku"      : "7.3",
    "image_version"  : "latest",

    "location": "{{user `location`}}",
    "vm_size" : "Standard_DS2_v2"
  }],
  "provisioners": [
    {
      "type": "ansible",
      "playbook_file": "./gitlab/ansible/install-gitlab.yml",
      "extra_arguments": [
        "-vvvv"
      ]
    }
  ]
}

The image is created nicely and lives inside my resource group in Azure.

Then, I feed its details in Terraform to create a Scale Set.

data "azurerm_image" "image" {
  count = "${var.create_gitlab ? 1 : 0}"

  //notice: the image must have been created beforehand by Packer (inside the specific resource group)
  name                = "${var.vm_img_built_via_packer}"
  resource_group_name = "${var.resource_group}"
}

resource "azurerm_virtual_machine_scale_set" "vmss" {

...other stuff....

  storage_profile_image_reference {
    // reference the id of the custom image created with Packer
    id = "${data.azurerm_image.image.id}"
  }

  os_profile {
    computer_name_prefix = "${var.prefix}-vm"
    admin_username       = "someuser"
  }

  os_profile_linux_config {
    disable_password_authentication = true

    ssh_keys {
      path     = "/home/someuser/.ssh/authorized_keys"
      key_data = "${file(var.someuser_ssh_pubkey)}"
    }
  }

...other stuff...

}

When I launch the VMSS I get Permission denied (publickey,gssapi-keyex,gssapi-with-mic). when I try to SSH in a VM.

However, if I use the same Centos image but directly from Azure, I can SSH in a VM.

Also, what makes me mad is that when I create a Centos image via Packer, without provisioning it with Ansible (really just a Centos image), and use it with the scale set ... I also CANNOT SSH in it.

Feels like Packer makes something nasty.

Answer 1

Looks like you are skipping deprovision step https://packer.io/docs/builders/azure-arm.html#deprovision which is mandatory to empty network and local accounts configurations and to reuse image after.

For Linux you need to execute this command:

/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync

Look on example here : https://github.com/hashicorp/packer/blob/master/examples/azure/linux_custom_image.json

Azure docs: https://docs.microsoft.com/en-us/azure/virtual-machines/linux/capture-image#step-1-deprovision-the-vm