Using packer to copy file from host to generated image without password

shell ssh amazon-ec2 scp packer

10,353

You should use the file provisioner, something like:

"provisioners": [
  {
    "type": "file",
    "source": "source_file",
    "destination": "dest"
  },
  {
    "type": "script",
    "inline": [ "echo do something here" ]
  }
]

See documentation: provisioners

10,353

Author by

ComputerScientist

Updated on June 16, 2022

Comments

ComputerScientist almost 2 years
I am currently using packer to generate customized images from a given configuration. The packer .json file includes provisions, which are described in this packer tutorial.

Instead of typing the commands there, I used the shell option in which I can write a bunch of sudo apt-get install commands to customize the images.

The problem is that I need to copy a file from a computer I own to the images. To be clear, the computer I own is also the one I'm running the command packer build example.json.

In the shell script, how can I do a secure copy so that from the perspective of the newly-created images, the image can securely copy the file from my computer to itself, without having to type a password? This is a shell script so I couldn't type one in if I wanted to.

I understand that to avoid typing in the password, I need public/private key authentication. In the shell script, I have:
```
sudo ssh-keygen -t rsa -b 2048
sudo scp ~/.ssh/id_rsa.pub [email protected]:/home/user/.ssh/uploaded_key.pub
sudo ssh [email protected] "echo `cat ~/.ssh/uploaded_key.pub` >> ~/.ssh/authorized_keys"
```
(Taken from the example here and elsewhere. My understanding from this is that the image which is generated is running these commands.)

The problem with this and many approaches I see on StackOverflow, such as with this related question, is either one of two things.
- The first time this public/private authentication happens, it seems like a password is needed. However, this is done entirely in a shell script so I don't know how to avoid it.
- packer generates these images on the fly, so other approaches that require me to type in explicit AMI IDs for ssh or scp do not seem to work.
A closely related question uses the "file" provision type, but I would like to do this with the "shell" type and I'm not sure how to use both the file and the shell options.

How may I resolve this?
ComputerScientist almost 7 years

Ah, I didn't realize we could have an array of those, I thought I remember reading somewhere that we could have only one. Let me try those, though I'll have to figure out what exactly goes in the source/dest arguments.