How to log into VM during build, without pausing at every step?

We use packer to build AWS images, and have a provisioner that runs a bunch of scripts from the local repo on the EC2 instance, like this:

    {
      "type": "shell",
      "execute_command": "sudo bash -euxo pipefail -c '{{ .Vars }} {{ .Path }}'",
      "scripts": [
        "scripts/...",
        "scripts/...",
...

For working on these scripts, or troubleshooting failures, it can be very useful to log into the temporary EC2 instance during a Packer build and inspect things, and perhaps edit the scripts and re-run. Packer has two flags that make this possible:

  • -on-error=ask : Whenever a provisioner fails - which in this case can mean one of the scripts exited with an error - the build pauses and prompts you to continue, abort, or retry. I can edit the script in my local checkout and tell packer to retry, and the subsequent run will use my newly-edited script.

  • -debug : This does two things. a) It emits a .pem file at the start of the build, containing an ssh key I can use to ssh to ec2-user@[instance]. b) It tells packer to pause after every step, asking me if I want to abort, continue, or retry.

Although this works, it’s tedious and time consuming to have to hit enter a zillion times for a bunch of steps that happen before the provisioners I care about. I want it to just run all the way until some script exits with an error, and only then pause - that’s how it works if I use -on-error=ask without -debug. But without -debug, I don’t get the ssh key, so I can’t log into the instance and inspect things there!

Is there any way to get packer to run the build without waiting for confirmation, until it hits an error, but still allow me to log into the temporary instance during the packer build?

Since I have not yet been able to find anyone with an answer to this question, I guess packer just can’t do this. It’s really unfortunate that the ability to emit the SSH key has been combined with all other debug functionality and can’t be enabled separately.

I thought, okay, this must be a simple change, so I went to the github repo and started trying to add the flag… but it turns out that flags are plumbed all the way through to countless functions in a lot of different versions of different builders, and I got lost in the maze. The fact that I’m not a Go developer and don’t have an IDE set up certainly doesn’t help, because it’s impossible to follow chains of single-character names using simple search or grep.

So, here’s as far as I got before I realized this would take many hours trying to understand how the code is structured:

Would anyone who actually knows the packer code be willing to take my branch and turn it into something that works?