New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to allow skipping of EC2 instance checks #5705
Comments
Have you done a time comparison to determine whether the build length is actually different? This check prevents Packer from trying to connect until there's a chance of connecting; I have a suspicion that the build time just feels different because the bulk of the waiting has been moved to a different step in the build. |
we should investigate this further. We've discovered that we can't reliably try to connect to an instance until its status checks pass, and I'd rather err on the side of repeatability at the cost of build time. I could conceivably see adding an option to adjust the "instance ready marker", but it seems like a big change for what seems like a trivial improvement. Would love to see more data about how much of an increase this actually is. |
Hi, I just ran a simple test for the same scenario. It's ~40 seconds with SSH vs ~2m50s with EC2 checks for a t2.medium with CentOS 7 AMI. ec2 checks (packer 1.1.3):
ssh wait only (packer 1.1.1):
This is not as much of a penalty for pipelines but local development where multiple serial runs are needed may be significantly slower. I think my ideal would be to make the ready check type configurable with possible values being EC2 and SSH, EC2 being the default. |
That does seem like a fairly significant wait time increase. This is definitely worth chewing on -- is simplicity of the checking code worth this inefficiency? |
+1 for making check types configurable. We saw significant increase builds times (total: 9 min, waiting for becoming ready - 4 min) |
I'll take a look at making this check configurable |
trying to decide the best way to do this... at first blush we could add a config key that swaps between Perhaps the best thing to do would be to force us into |
There are two reports of "waiting for instance to become running" on the
user list when the instance never reaches running state or at least not
within the timeout. This might be related.
…On Dec 15, 2017 19:48, "Matthew Hooker" ***@***.***> wrote:
trying to decide the best way to do this...
at first blush we could add a config key that swaps between
WaitUntilInstanceRunning and WaitUntilInstanceStatusOk. We'd probably
want to have the default be WaitUntilInstanceRunning, since that works
for the general case. This has the unfortunate side effect of breaking BC
for anyone who was depending on the new check to get their build running.
Perhaps the best thing to do would be to force us into
WaitUntilInstanceStatusOk if we're not explicitly using
WaitUntilInstanceRunning if the user has a c5.x instance type.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#5705 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AAiCg2YeEbirOKqhlAdFinRX903ywSHxks5tAr7fgaJpZM4RCXJ4>
.
|
I am unable to create any packer AMIs in |
Same as @onlydole. With Packer 1.1.3, using the current (ami-8fd760f6) or previous (ami-785db401) AMIs for Ubuntu 16.04 LTS, the build hangs on "Waiting for instance....".
|
I bumped into this same issue couple of days ago and I realised it was due to missing |
@lenfree That is not the problem for me, I also tested with a different set of permissions to see if that was it. |
Adding myself to the list of people who cannot generate an AMI anymore since 1.1.3 (1.1.2 works fine) |
Thank you @lenfree, adding |
There's an issue where we realized we didn't update the docs about the permissions (#5694), and I want to apologize here about our poor communication around that. We didn't notice at the time that we were introducing another permission requirement, and I'm going to see about writing a test to make sure it doesn't happen again. I think most of the issues with the new version are related to permissions, while at the same time I recognize that the added time is undesirable. Still working towards a good solution for the next release |
I even tried with EC2:* permissions and it still got stuck. I believe I've
got a non permission based issue.
…--
Miguel
On 19 Dec 2017 6:15 p.m., "Matthew Hooker" ***@***.***> wrote:
There's an issue where we realized we didn't update the docs about the
permissions (#5694 <#5694>),
and I want to apologize here about our poor communication around that. We
didn't notice at the time that we were introducing another permission
requirement, and I'm going to see about writing a test to make sure it
doesn't happen again.
I think most of the issues with the new version are related to
permissions, while at the same time I recognize that the added time is
undesirable. Still working towards a good solution for the next release
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#5705 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEzKhpd0Kw3Xvm1LeHlMJwcOznaiZ6NHks5tB_01gaJpZM4RCXJ4>
.
|
Okay, thanks, I thought I saw an issue where the permissions were in place, but couldn't find it off hand |
Cool Matthew. Let me know if I can provide any sort of tests/logs/etc.
—
Miguel
IT Infrastructure Engineer <https://www.linkedin.com/in/migueldavid/> -
migueldavid.eu
On 19 December 2017 at 18:38:17, Matthew Hooker (notifications@github.com) wrote:
Okay, thanks, I thought I saw an issue where the permissions were in place,
but couldn't find it off hand
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#5705 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEzKhk-zfC3mZz3VNo6nEmFwr7_DwVJWks5tCAKYgaJpZM4RCXJ4>
.
|
I recently came across this as well, but it seems like I may have encountered some racy behavior where
It is quite confusing to see that it is starting to delete things and clean up while it simultaneously continues to provision the instance. Here is the corresponding template.
EDIT: It is possible that this could be output from a previous |
I'm using the previous version while this is being fixed, it works without any issues. |
@lenfree's permission fix above also fixed this for us. Could the packer logs indicate in more detail if the correct permissions are not present? There should be an AWS SDK error being receive but seems like it is being swallowed somewhere. |
The wait time for status checks is excruciating and almost never warranted once SSH is available. Please revert or provide a way to disable this unnecessary wait. |
The new, slow “host is ready” check is only necessary for the new KVM-based C5 instances, correct? Could it be only used there? I use aws-vault (unrelated to hashicorp vault) with role assumption to manage credentials locally. An extra 2-3 minutes might not seem like a lot, but given AWS is “eventually consistent”, I keep running into different time-outs, each requiring their own artisinally crafted knob to increase. |
There's a PR that should solve this in #5773 that I would appreciate some eyes on. |
When is 1.1.4 going to land? This wait time is driving me nuts, but 1.1.2 has its own bugs I'd rather not deal with. |
We're gonna skip 1.1.4 and go straight to 1.2.0 for the next release; we're going to try to get it out in the next two weeks. Sorry for the long lead time between releases this time. |
I've not used 1.1.3 here as it is slower. See hashicorp/packer#5705
Just reporting since this stills open: The Hey guys, isn't there a way to make the Packer errors a little bit more meaningful in this case? I just saw something like "a error happened, we're killing your job" instead of a Thanks |
This issue has been closed for a while; Can you open a new issue with your problem please? |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
#5678 introduced EC2 checks before attempting to connect via SSH (when using ansible). I've just upgraded from 1.1.1 to 1.1.3 and noticed significant wait before it attempts an SSH connection. It would be nice to be able to skip this and only rely on SSH being ready as in our case it's unnecessary wait time with default being EC2 checks.
The text was updated successfully, but these errors were encountered: