Description
Overview of the Issue
To properly make an image to be booted by new machines, data specific to a specific boot needs to be deleted, or recreated at the next boot. One such example is SSH hosts keys: they will be generated by the packer boot then stored in the image, hence all instances created from this image will share the same SSH host keys. Another example is the DUID used by DHCP clients; while it is not an issue for the public interface, it is an issue for the DHCP provided by the VPC Public Gateway: all instances spawned from the same image will get the same IP address.
Reproduction Steps
- Create any kind of image using packer (even with no steps)
- Boot at least two instances based off this image
- Observed machine-specific data be shared across instances:
- ssh into the first one, accept its host keys
- ssh into the second one, you will not be prompted to accept its keys as they are the same as the first one
Plugin and Packer version
Latest
Simplified Packer Buildfile
{
"type": "scaleway",
"project_id": "YOUR PROJECT ID",
"access_key": "YOUR ACCESS KEY",
"secret_key": "YOUR SECRET KEY",
"image": "ubuntu_focal",
"zone": "fr-par-1",
"commercial_type": "DEV1-S",
"ssh_username": "root",
"ssh_private_key_file": "~/.ssh/id_rsa"
}Resolution steps
For most of the data mentioned here, this is controlled by the /etc/machine-id file, which needs to be cleared at the end of the build process. This will make systemd consider the next boot as the first boot of the machine, effectively regenerating all data specific to the machine:
- machine id itself
- DUID, which is derived from the machine id
- SSH host keys
The best solution would be for the plugin to add an extra step, after all the user steps and before the machine shutdown, that would:
- clear
/etc/machine-id(NOT delete it, only clear it) - clear logs generated during packer
- cloud-init reset (which holds a cache)
- systemd-networkd temporary files and lease file
- clear bash_history?
- ... and more I may not think about
Thanks!