The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Virtual Machines!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

 locked
VM from Image fails to place Administrator SSH Public Key at start-up RRS feed

  • Question

  • We are spinning up a VM from our own Packer-created custom image and when asked for Administrator Account, we choose SSH Public Key, enter Username, and the correct SSH Public Key. Later when all is said and done, we cannot SSH in and find by "Resetting Password" on a NEW user that the original Administrator Account was never created (does not exist in /etc/passwd file).

    Why is this occurring?

    I see the following in the VM Export Templates:

    "adminUsername": "devops",
    "linuxConfiguration": {
    "disablePasswordAuthentication": true,
    "ssh": {
    "publicKeys": [
    {
    "path": "/home/devops/.ssh/authorized_keys",
    "keyData": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDH3FOW6mYGR4p/OHypZRhuy7VuzW6QGKUo2gB8I8qrsAhyQtTa2Q/oWd8oKweRNxNdj948VKHTEVsoWCvBB4dK6jWuuptMIuOgGSgCw0JwBxxwubE23dKwjWfgiQLrbZLONF56h+Y/p2SGcwlfiT5LQcJrwAhOqd3rwKv1TzEVfPj8iu6mYDqg+6/TyAwyN0PR6FB8JFFMN4vhe/EEYRh2kPFNSsV7HGwbo45N6dL40zqClIAxu4XUTWRBsEFv2wu5iH7iLVixAhXWZkjB+szrVAb4wuBTKwsODJ3sfdK2XCmrIEgLEXLsaZn0QLkc0CjiVj+CKKi6Cqch3eqxmHON cloudinfra-px-482"
    }

    ]

    However, When I set the password (or the SSH-key - but the password is enough!) for a completely new user (!) in the Azure webinterface (via the "Reset password" option), that new user gets the SSH-key I passed.

    When I log in using that new user, I find that the devops account was never created!

    I see the following logs in bootstrap:

    2019/09/17 17:03:31.847977 WARNING Daemon VM is provisioned, but the VM unique identifier has changed -- clearing cached state
    2019/09/17 17:03:31.941262 INFO Daemon Detect protocol endpoints
    2019/09/17 17:03:31.945747 INFO Daemon Clean protocol
    2019/09/17 17:03:31.949412 INFO Daemon WireServer endpoint is not found. Rerun dhcp handler
    2019/09/17 17:03:31.955047 INFO Daemon Test for route to 168.63.129.16
    2019/09/17 17:03:31.959358 INFO Daemon Route to 168.63.129.16 exists
    2019/09/17 17:03:31.963454 INFO Daemon Wire server endpoint:168.63.129.16
    2019/09/17 17:03:32.047248 INFO Daemon Fabric preferred wire protocol version:2015-04-05
    2019/09/17 17:03:32.054280 INFO Daemon Wire protocol version:2012-11-30
    2019/09/17 17:03:32.058919 INFO Daemon Server preferred version:2015-04-05
    hv_balloon: Received INFO_TYPE_MAX_PAGE_CNT
    hv_balloon: Data Size is 8
    2019/09/17 17:03:36.728128 INFO Daemon Provisioning already completed, skipping.

    • Edited by ProvDevOps Tuesday, September 17, 2019 5:31 PM added more logs/details.
    Tuesday, September 17, 2019 4:37 PM

Answers

  • Solution discovered:

    With Packer, we must add the Deprovision clause in the provisioners section:

    {
     "provisioners": [
       {
         "execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo -E sh '{{ .Path }}'",
         "inline": [
           "/usr/sbin/waagent -force -deprovision+user && export HISTSIZE=0 && sync"
         ],
         "inline_shebang": "/bin/sh -x",
         "type": "shell"
       }
     ]
    }

    Then it will work.

    • Marked as answer by ProvDevOps Tuesday, September 17, 2019 7:12 PM
    Tuesday, September 17, 2019 7:12 PM