To my knowledge the is no paid version of Packer, there might be enterprise support from HashiCorp. KMS is supposed to work, it's a rather new feature to allow multi region and CMS keys. But it was a well requested feature so if it was broken in the last releases I would have expected bug reports. If you still have trouble with 1.2.3 please supply your full template and we can check and test it.
On 26 May 2018 at 06:27, John Roh <[email protected]> wrote: > Thank you, Richard. > However, packer 1.2.0 had a bug that I wasn't able to create. > Trying with 1.2.1 and 1.2.2, there is no error about adding additional > region, however, KMS encrypted ebs volume doesn't get copied to other > regions. > I'm going to try with 1.2.3 tomorrow. > Is there paid version of packer? I just wonder if the KMS encryption ebs > volume is really working or not. > If anyone can share the experience, I'd like to hear from you. > > John. > > > On Tuesday, May 22, 2018 at 5:17:31 PM UTC-7, [email protected] wrote: >> >> Hi all, >> >> I have added a new region, eu-west-3, for existing KMS aws ebs volume to >> get encrypted in this new region. However, it gets failed with two errors. >> However, everything works fine if I remove this new region. >> >> >> [BETA: CentOS7-AWS-Dev] logger: upguard: node not found >> uw1-dev-jks001.csodsandbox.corp [BETA: CentOS7-AWS-Dev] logger: upguard: >> failed to find or create node to scan [BETA: CentOS7-AWS-Dev] logger: >> upguard: failed to kick off logoff node scan against >> uw1-dev-jks001.csodsandbox.corp [BETA: CentOS7-AWS-Ext] [1;32maws-ext >> output will be in this color. [0m [BETA: CentOS7-AWS-Ext] [BETA: >> CentOS7-AWS-Ext] 2 error(s) occurred: [BETA: CentOS7-AWS-Ext] [BETA: >> CentOS7-AWS-Ext] * Unknown region: eu-west-3 [BETA: CentOS7-AWS-Ext] * >> Region eu-west-3 is in region_kms_key_ids but not in ami_regions [BETA: >> CentOS7-AWS-Int] [Packer-Build-CentOS7] Running shell script >> >> I'm on packer 1.1.0 on centos and ansible v2.5.1 running the packer build >> script at https://github.com/WeekendsBull/packerbuild-error/blob/ >> master/centos7build.json (currently the actual values got updated xxxx >> for security reason). >> >> >> I have defined the variables as below. >> >> "variables": >> { >> "version" : "{{ user `version` }}", >> .... >> >> "kms_key_id_int_us-west-1" : "arn:aws:kms:us-west-1:xxxxxxx >> xxxx:key/xxxxx-xxxx-xxxx-xxxx-xxxxx", >> "kms_key_id_ext_us-west-1" : "arn:aws:kms:us-west-1:xxxxxxx >> xxxx:key/xxxxx-xxxx-xxxx-xxxx-xxxxx8", >> "kms_key_id_ext_us-east-1" : "arn:aws:kms:us-east-1:xxxxxxx >> xxxx:key/xxxxx-xxxx-xxxx-xxxx-xxxxx", >> "kms_key_id_ext_eu-west-2" : "arn:aws:kms:eu-west-2:xxxxxxx >> xxxx:key/xxxxx-xxxx-xxxx-xxxx-xxxxx", >> "kms_key_id_ext_eu-central-1" : "arn:aws:kms:eu-central-1:xxxx >> xxxxxxx:key/xxxxx-xxxx-xxxx-xxxx-xxxxx", >> "kms_key_id_ext_eu-west-3" : "arn:aws:kms:eu-west-3:xxxxxxx >> xxxx:key/xxxxx-xxxx-xxxx-xxxx-xxxxxx" >> } ................................. ............................ >> { >> "name" : "aws-ext", >> "type" : "amazon-ebs", ....................... >> "force_deregister" : true, >> "kms_key_id" : "{{user `kms_key_id_ext_us-west-1`}}", >> "region_kms_key_ids" : { >> "us-west-1": "{{user `kms_key_id_ext_us-west-1`}}", >> "us-east-1": "{{user `kms_key_id_ext_us-east-1`}}", >> "eu-west-2": "{{user `kms_key_id_ext_eu-west-2`}}", >> "eu-central-1": "{{user `kms_key_ext_id_eu-central-1`}}", "eu-west-3": >> "{{user >> `kms_key_id_ext_eu-west-3`}}", >> }, >> >> "ami_regions" : [ >> "us-west-1", >> "us-east-1", >> "eu-west-2", >> "eu-central-1", "eu-west-3" >> ], >> Is there limit how many ebs volume I could encrypt with KMS key? >> If I remove "eu-west-3": "{{user `kms_key_id_ext_eu-west-3`}}" & >> "eu-west-3" under ami_regions, it works fine. >> These error messages are really not making any sense to me since I have >> defined eu-west-3 under ami_regions. >> >> * Unknown region: eu-west-3 * Region eu-west-3 is in region_kms_key_ids >> but not in ami_regions >> >> >> Any help or guidance will be appreciated >> >> John. >> >> -- > This mailing list is governed under the HashiCorp Community Guidelines - > https://www.hashicorp.com/community-guidelines.html. Behavior in > violation of those guidelines may result in your removal from this mailing > list. > > GitHub Issues: https://github.com/mitchellh/packer/issues > IRC: #packer-tool on Freenode > --- > You received this message because you are subscribed to the Google Groups > "Packer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/d/ > msgid/packer-tool/9de6611c-84b8-4e32-bb5f-447abce704b4%40googlegroups.com > <https://groups.google.com/d/msgid/packer-tool/9de6611c-84b8-4e32-bb5f-447abce704b4%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/CALz9Rt9imM8zcNopk8b9N6pSB9NEdBQTuB_Tk9acwm_7Z40sAQ%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
