Make the --debug pausing after each step optional #1687
Comments
|
I think this can be accomplished by simply https://www.packer.io/docs/other/debugging.html I think this provides most if not all of the information that debug does in the log, without the pauses. |
|
It provides the info, but it exits and cleans-up / removes the VMs on The --debug flag does a number of useful things, and overall it works
|
|
a quick and dirty alternative would be to add a shell script provisioner at the end with something like: to cause it to hang. |
|
I don't think it would make it to that provisioner if it failed on a prior
|
|
Did you try this? the shell provisioner specifically states that it respects order: https://packer.io/docs/provisioners/shell.html While I am not certain of whether or not packer respects order in provisioners [i.e. if you specify a shell provisioner after other provisioners will it be last?], I would suspect that it does. [looking at the source now, I think this should work] |
|
Yes, packer respects order. It also respects exit status of all of the
|
|
I also feel we're getting off topic. I think making the built-in --debug If nobody wants to make this change, then that's fine, but I think it's a
|
|
+1 for @ziuchkovski suggestion. Our packer builds often take 5-10mins, and launching an ec2 instance with the resulting AMI isn't that fast either. To improve our debug-workflow I would really like a 'fire and forget' debug mode which allows me to switch to something else and when I come back I can see the output and log in to the instance to determine the steps needed to get the desired result. (Ideally I would have our rake task that fires packer log in to the instance for me, but that's also somewhat off topic. It also seems near-impossible to use the 'hang' @joshuacox suggested in this use-case) |
sethvargo
changed the title
|
I've been watching feature request #409 for close to two years now (not long after it was created). As many people have commented on that issue and as @Mil0dV and @ziuchkovski have requested here, we really do need a way to fire a build, come back later and if there's an error, have the opportunity to inspect the instance. So, here's another +1 for this (or #409). |
|
Not to detract from your +1, but don't forget about setting |
|
just a suggestion on perhaps a name and implied functionality:
|
|
Yeah, bringing up |
|
I'm also having difficulty debugging Packer provisioning failures. The debug logs do not provide enough useful information...I really need a way to have the VM left intact to inspect. |
|
Situation where I can't think of an alternative to a way to pause in the middle: Using packer:vmware-iso builder, I had added the tools_upload options on a windows guest. The upload appeared to be working, but 7zip failed to extract the archive. I had to enable the head, log in on the head and open explorer while other provisioning was being done. Then opened explorer to watch the folder, and see that the file was 0bytes. However, this wasted a lot of time because I had to baby-sit the VM creation from start to finish. The first suggestion is definitely what I was looking for when I found this problem. The log gave no real info except that 7zip failed due to a bad archive file. |
|
orivej/multistep@e02bce9 implements @ziuchkovski's suggestion regarding behaviour of |
|
Oops, wrong link, the patch for packer is at https://github.com/orivej/packer/tree/debug-on-error |
|
And the ability to re-run a step if it errors! It pains me to start a build, wait 20 minutes to see if the error that happened last time is still present (Which it usually is) and re-start the process 5 times (I'm in the midst of doing that now!). |
|
https://github.com/orivej/packer/tree/debug-on-error-2 allows you to retry the failed step, although without further modifications the overall build is likely to fail even if retry succeeds. Currently build steps are coarse-grained; in particular, the whole provisioners sections is a single step. This branch is recent enough to incorporate #2608 (packer with built-in plugins), and to use it you have to delete previously installed plugin binaries (with names starting with |
|
dropping into an ssh session on error would be super helpful to make my debug loop shorter. |
|
+1 for any way to make it possible to ssh into an instance after a failed build. "--debug" is annoying not only because it requires pressing "Enter" every time but mainly because it sometimes silently requires more than one "Enter", requiring almost random pressing extra "Enter"'s until I see a response. |
|
@amosshapira, reliable input handling can be restored by removing the call to |
|
An option that would help would be I believe I saw this idea mentioned elsewhere, but can't find it at the moment. |
|
Well, I'd be a fan of don't destroy, like vagrant. I set the log var and the detailed output does help a lot, but for now my workaround is simply to put a long sleep in a shell provisioner before the failure and ssh into the box to run the failure by hand, which makes me feel silly, but works. I name the ssh key for the amazon-ebs builder so packer doesn't make its own. |
|
For those who share my goal of compiling the latest packer dev release while also integrating orivej earlier fix that pauses on first fail of packer build here are the steps I took that worked for me.
I can confirm that this worked for me and provisioning only paused when there was an error. I was not able to successfully merge https://github.com/orivej/packer/tree/debug-on-error-2. I'm curious, I'm fairly new to packer and git and this issue; is there some other way people have been implementing orivej's fixes then how I have described? |
|
It can't merge because debug-on-error-2 is so far behind origin/master and there's bound to be conflicts. Also this fix needs to become a PR based on a current dev branch of packer. I'm taking a look now and will try to submit something useful. This is a much needed feature. |
|
Closing this since the |
|
I don't think the --on-error flag addresses the issue the OP raised, which is to enter debug mode with a keyfile and IP address when an error is encountered. As things are currently stand omitting the -debug flag skips the output of the IP address and download of the key file early on.. so even though the partial build is saved, accessing it is difficult if not impossible. |
|
Finding the IP is simple and for getting access I recommend to using a non temporary ssh key pair. |
|
Hi, @rickard-von-essen! With respect, using a non-temporary ssh key is a workaround. If setting the key to a known, probably shared key is a requirement to get tighter feedback loops during development, developers will do so, and are incentivized to check this key into the repo. At this point, one must ask: what is the purpose of supporting temporary ssh keys if we can't use them effectively? |
|
The point of ephemeral temporary keys is that the are secure, they only exist in memory for the duration of the build. In small organizations it's easy to have personal keypairs in AWS that you can reference in a user variable. In larger organizations centralized auth is inevitable. So getting access is not handled by Packer/AWS at all. |
|
@rickard-von-essen, thanks for the response! Granted: it's on me and my organization to provision SSH keys or other means of access. Possibly this provisioning happens at Packer build time, possibly it happens via some other bootstrapping with Chef or Ansible post-launch. As I understand the OP, the request here is for behavior that, on error during Packer provisioning, uses the in-memory, ephemeral credentials to drop me in an SSH session automatically. As I understand it, the new If that can't be arranged, the secondary ask is that the ephemeral credentials can be written out to disk, without having to manually step through all steps, as the |
That is correct. That exact solution requires allot of work. I don't say we object it but it's not a priority for us currently.
Feel free to open a PR.
I don't see how the current solution contradict Tao. There is basically three types of debugging/developing of a Packer template. 1) Builder part where dropping to SSH doesn't help since the problem is not in that area. 2) Connectivity issues, requires some sort of out of band trouble shooting since SSH is (obviously) not working. 3) Provisioner problem/issue, these are best to troubleshoot with a |
|
+1 In order to speed up debugging I would also like to be able to log in to a virtual machine without having to press enter throughout the build process. I'm quite confused why this issue has been closed. |
|
See #5107 |
It would be wonderful if, by default, --debug only paused after an error is encountered. I can see where there are times it would be useful to pause after every step, but more often than not I'm only interested in pausing at the point packer fails.
Proposed:
--debug behaves exactly as it does now, except it only pauses when an error is encountered
--stepwise switch added to pause after every step, switch valid only if --debug is enabled
The text was updated successfully, but these errors were encountered: