What happened:
I applied this diff:
diff --git a/Makefile b/Makefile index 9b8133b..84b5d12 100644 --- a/Makefile +++ b/Makefile @@ -11,12 +11,10 @@ EKS_116_VERSION := 1.16.15 EKS_117_VERSION := 1.17.12 EKS_118_VERSION := 1.18.9 EKS_119_VERSION := 1.19.6 +EKS_121_VERSION := 1.21.5 build: packer build \ - --var 'aws_region=$(AWS_REGION)' \ - --var 'vpc_id=$(VPC_ID)' \ - --var 'subnet_id=$(SUBNET_ID)' \ $(foreach packerVar,$(PACKER_VARIABLES), $(if $($(packerVar)),--var $(packerVar)='$($(packerVar))',)) \ $(PACKER_FILE) @@ -105,6 +103,12 @@ build-rhel8-1.18: build-rhel8-1.19: $(MAKE) build PACKER_FILE=amazon-eks-node-rhel8.json eks_version=$(EKS_119_VERSION) eks_build_date=2021-01-05 +build-rhel7-1.21-fips: + $(MAKE) build PACKER_FILE=amazon-eks-node-rhel7.json eks_version=$(EKS_121_VERSION) eks_build_date=2021-11-10 hardening_flag=stig + +build-rhel8-1.21-fips: + $(MAKE) build PACKER_FILE=amazon-eks-node-rhel8.json eks_version=$(EKS_121_VERSION) eks_build_date=2021-11-10 hardening_flag=stig + # CentOS 7 #----------------------------------------------------- build-centos7-1.15:
I attempted to build this via make build-rhel8-1.21-fips and make build-rhel7-1.21-fips and got:
<snip>
amazon-ebs: usbguard-1.0.0-2.el8.x86_64 usbguard-selinux-1.0.0-2.el8.noarch
amazon-ebs:
amazon-ebs: Complete!
amazon-ebs: Remediating rule 359/362: 'xccdf_org.ssgproject.content_rule_service_usbguard_enabled'
amazon-ebs: Created symlink /etc/systemd/system/basic.target.wants/usbguard.service → /usr/lib/systemd/system/usbguard.service.
amazon-ebs: Remediating rule 360/362: 'xccdf_org.ssgproject.content_rule_configure_usbguard_auditbackend'
amazon-ebs: Remediating rule 361/362: 'xccdf_org.ssgproject.content_rule_usbguard_generate_policy'
amazon-ebs: Remediating rule 362/362: 'xccdf_org.ssgproject.content_rule_xwindows_remove_packages'
==> amazon-ebs: Provisioning with shell script: ./scripts/rhel8/cleanup.sh
amazon-ebs:
amazon-ebs: We trust you have received the usual lecture from the local System
amazon-ebs: Administrator. It usually boils down to these three things:
amazon-ebs:
amazon-ebs: #1) Respect the privacy of others.
amazon-ebs: #2) Think before you type.
amazon-ebs: #3) With great power comes great responsibility.
amazon-ebs:
amazon-ebs: [sudo] password for ec2-user: Sorry, try again.
amazon-ebs: [sudo] password for ec2-user:
amazon-ebs: sudo: no password was provided
amazon-ebs: sudo: 1 incorrect password attempt
==> amazon-ebs: Provisioning step had errors: Running the cleanup provisioner, if present...
==> amazon-ebs: Terminating the source AWS instance...
==> amazon-ebs: Cleaning up any extra volumes...
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary security group...
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored after 13 minutes 29 seconds: Script exited with non-
I noticed README.md mentions:
- Packer does not support RHEL 8 in FIPS mode. SSH authentication breaks once FIPS is enabled. This repository enables FIPS as the last step as a workaround.
Is this relevant here (hashicorp/packer#8609)? I don't see any SSH hanshake failures, only a sudo failure.
When I dropped the hardening=stig flag, the build worked.
What you expected to happen:
Build successful
How to reproduce it (as minimally and precisely as possible):
See diff above.
Environment:
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4