I don’t know where else to turn. I am trying to use Packer in a Jenkins pipeline to automate builds. Randomly (and frequently) the preseed prompts for additional media which stops the installation from continuing, and then Packer fails because it waits 30 minutes for SSH and never gets it, so it can’t continue to provision the system. If it doesn’t get prompted to insert media, then the provisioning finishes and there are no issues. The issue, is I have tried looking up the documentation and I have swapped values around in the preseed in hopes to fix it, but nothing seems to stick as it is random. I can literally hit retry on a build with the same variables and it will succeed.
Iv’e tried disabling the CD and doing the updates and installation through the network, and I have tried disabling network to do a minimum install from the cd.
Here is my butchered preseed file:
### Localization
d-i debian-installer/language string en
d-i debian-installer/country string US
d-i debian-installer/locale string en_US.UTF-8
d-i console-setup/ask_detect boolean false
d-i keyboard-configuration/xkb-keymap select us
### Set debconf priority to critical to skip non-critical questions
debconf debconf/priority select critical
### Clock and Timezone
d-i clock-setup/utc boolean true
d-i time/zone string America/Chicago
### Network Configuration
# These settings will be used for the installed system
# (not just during installation)
d-i netcfg/choose_interface select auto
#d-i netcfg/get_hostname string localhost
#d-i netcfg/get_domain string unassigned-domain
# Enable DHCP by default for the installed system
d-i netcfg/disable_autoconfig boolean false
d-i netcfg/dhcp_timeout string 60
d-i netcfg/dhcp_options select Configure network automatically
### Mirror settings
d-i mirror/country string enter information manually
d-i mirror/http/hostname string http.kali.org
d-i mirror/http/directory string /kali
d-i mirror/http/proxy string
# Disable security, updates and backports
d-i apt-setup/services-select multiselect
# Enable contrib and non-free
d-i apt-setup/non-free boolean true
d-i apt-setup/contrib boolean true
# No need for explicit sources - installer will configure from mirror settings
# Upgrade installed packages
#d-i pkgsel/upgrade select full-upgrade
# Disable automatic upgrades during installation
d-i pkgsel/upgrade select none
# Base system installation
d-i base-installer/kernel/image string linux-image-amd64
# Disable CDROM entries after install (following iesplin's approach)
d-i apt-setup/disable-cdrom-entries boolean true
# Disable question about extra media
d-i apt-setup/cdrom/set-first boolean false
d-i apt-setup/cdrom/set-next boolean false
d-i apt-setup/cdrom/set-failed boolean false
# Don't eject media during installation to prevent prompts
d-i cdrom-detect/eject boolean false
# Explicitly tell installer not to scan for additional CDs
d-i apt-setup/another boolean false
# Don't ask about scanning another CD/DVD
d-i apt-setup/scan-another-cd boolean false
# Disable polularity contest
popularity-contest popularity-contest/participate boolean false
### Disk Partitioning (auto, single partition, no LVM/crypto)
d-i grub-installer/only_debian boolean true # Install GRUB to MBR (if only OS)
d-i grub-installer/with_other_os boolean false # Don't search for other OSes
d-i grub-installer/skip boolean false
# Don't prompt for media during grub installation
grub-installer grub-installer/grub_not_mature_on_this_platform boolean false
# Prevent GRUB from asking about additional boot media
d-i grub-installer/choose_bootdev select /dev/vda
# Don't ask for confirmation on the boot device
d-i grub-installer/confirm_device string /dev/vda
d-i partman-auto/method string regular
d-i partman-auto-lvm/guided_size string max
d-i partman-auto/choose_recipe select atomic # "Atomic" = all files in one partition
d-i partman-md/confirm boolean true
d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
### Package Selection (Minimal headless install + SSH)
tasksel tasksel/first multiselect standard # Base system "standard" utilities
# Disable automatic upgrades during installation
d-i pkgsel/upgrade select none
d-i pkgsel/update-policy select none
d-i pkgsel/updatedb boolean false
#d-i pkgsel/include string kali-linux-headless, openssh-server, net-tools, isc-dhcp-client, network-manager
d-i pkgsel/include string openssh-server, net-tools, isc-dhcp-client, network-manager, python3
d-i pkgsel/install-language-support boolean false
### User Accounts (Root only, no normal user)
d-i passwd/root-login boolean true # Enable root account
d-i passwd/make-user boolean false # Do not create a regular user
d-i passwd/root-password password changeme
d-i passwd/root-password-again password changeme
### The installer will warn about weak passwords. If you are sure you know
### what you're doing and want to override it, uncomment this.
d-i user-setup/allow-password-weak boolean true
d-i user-setup/encrypt-home boolean false
### Boot Loader (simplified following iesplin's approach)
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean false
d-i grub-installer/bootdev string /dev/vda
# Prevent GRUB from scanning for other operating systems and media
d-i grub-installer/force-efi-extra-removable boolean false
d-i grub-installer/timeout string 1
# Don't update NVRAM in case of EFI
d-i grub-installer/update-nvram boolean false
# Allow probing but don't prompt for user input
d-i grub-installer/probe_devices boolean true
# Allow os-prober but don't prompt
d-i grub-installer/os-prober boolean true
# Don't ask about booting other operating systems - just proceed
d-i grub-installer/make_active boolean true
# Force GRUB installation without prompts
d-i grub-installer/force boolean true
### Finish installation without manual prompt
d-i finish-install/reboot_in_progress note
# Setup networking with DHCP using interfaces.d directory
d-i preseed/late_command string \
in-target apt-get remove -y qemu-guest-agent || true; \
in-target apt-mark hold qemu-guest-agent || true; \
sed -i 's/GRUB_CMDLINE_LINUX_DEFAULT="/GRUB_CMDLINE_LINUX_DEFAULT="net.ifnames=0 biosdevname=0 /' /target/etc/default/grub; \
in-target update-grub; \
mkdir -p /target/etc/network/interfaces.d; \
echo "auto eth0" > /target/etc/network/interfaces.d/eth0.cfg; \
echo "iface eth0 inet dhcp" >> /target/etc/network/interfaces.d/eth0.cfg; \
echo "source /etc/network/interfaces.d/*.cfg" >> /target/etc/network/interfaces; \
in-target systemctl enable networking.service; \
in-target sed -i 's/^#\?PermitRootLogin .*/PermitRootLogin yes/' /etc/ssh/sshd_config; \
in-target systemctl enable ssh; \
sed -i '/cdrom:/d' /target/etc/apt/sources.list; \
sed -i '/deb cdrom:/d' /target/etc/apt/sources.list; \
sed -i '/kali-last-snapshot/d' /target/etc/apt/sources.list; \
echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" > /target/etc/apt/sources.list; \
echo "deb-src http://http.kali.org/kali kali-rolling main contrib non-free" >> /target/etc/apt/sources.list; \
in-target update-grub
# After installation, make sure to boot from hard disk
d-i debian-installer/exit/always_halt boolean false
d-i debian-installer/exit/halt boolean false
d-i debian-installer/exit/poweroff boolean false
Here is some pertinent information from my pkr.hcl:
packer {
required_plugins {
qemu = {
version = ">= 1.0.0"
source = "github.com/hashicorp/qemu"
}
}
}
variable "hostname" { type = string }
variable "tailscale_key" { type = string }
variable "root_password" { type = string }
variable "output_format" { type = string }
variable "iso_url" { type = string }
variable "iso_checksum" { type = string }
# Define local variables for SCSI detection
locals {
# Extract the base format without -scsi suffix if present
base_format = replace(var.output_format, "-scsi", "")
# Determine if SCSI mode is enabled (only when explicitly requested with -scsi suffix)
use_scsi = contains(["ova-scsi", "vhd-scsi", "vmdk-scsi"], var.output_format)
# Shell-friendly boolean for use in inline scripts
scsi_enabled = local.use_scsi ? "true" : "false"
}
variable "addressing_type" {
type = string
default = "dhcp"
}
variable "static_ip" {
type = string
default = ""
}
variable "static_subnet" {
type = string
default = ""
}
variable "static_gateway" {
type = string
default = ""
}
variable "deploy_key_path" {
type = string
default = ""
}
source "qemu" "vm_image" {
iso_url = var.iso_url
iso_checksum = var.iso_checksum
vm_name = "${var.hostname}"
output_directory = "output"
format = "qcow2"
disk_size = "50000M"
cpus = 2
memory = 4096
# Enhanced VM configuration
accelerator = "kvm"
disk_interface = "virtio"
net_device = "virtio-net"
headless = false
use_default_display = true
# VNC Configuration - consistent with display setting
vnc_port_min = 5999
vnc_port_max = 5999
vnc_bind_address = "0.0.0.0"
# Improved SSH configuration
ssh_host = "127.0.0.1"
ssh_username = "root"
ssh_password = "changeme"
ssh_timeout = "30m"
ssh_handshake_attempts = 100
# QEMU binary and args
qemu_binary = "qemu-system-x86_64"
qemuargs = [
["-m", "4096M"],
["-smp", "2"],
# Boot from CD first (once=d), then automatically boot from hard disk on future boots (order=dc)
["-boot", "once=d,order=c"],
["-drive", "file=output/${var.hostname},if=virtio,cache=none,discard=ignore,format=qcow2,id=drive0"],
# Use IDE CD-ROM with index=2 to ensure proper device ordering
["-drive", "file=${var.iso_url},media=cdrom,readonly=on,if=ide,index=2,id=cdrom0"],
["-netdev", "user,id=user.0,hostfwd=tcp::{{ .SSHHostPort }}-:22"],
["-device", "virtio-net,netdev=user.0"],
["-machine", "accel=kvm"],
["-cpu", "host"],
["-serial", "stdio"]
]
# Boot configuration - simplified
boot_wait = "10s"
boot_command = [
# Wait for boot menu - press tab to edit boot options
"<esc><wait5>",
# Append installer options
"/install.amd/vmlinuz vga=788 auto=true priority=critical net.ifnames=0 biosdevname=0 ",
"url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ",
"initrd=/install.amd/initrd.gz --- quiet ",
"hostname=${var.hostname} ",
"domain= ",
"keyboard-configuration/xkb-keymap=us ",
"apt-setup/use_mirror=true ",
"apt-setup/disable-cdrom-entries=true ",
"apt-setup/non-free=true ",
"apt-setup/contrib=true ",
"cdrom-detect/eject=false ",
"grub-installer/bootdev=/dev/vda ",
"grub-installer/confirm_device=/dev/vda ",
"grub-installer/with_other_os=false ",
"grub-installer/skip=false ",
"debian-installer/allow_unauthenticated=true ",
"<enter><wait>"
]
# Debug output for HTTP server
http_directory = "http"
http_port_min = 8000
http_port_max = 8000
shutdown_command = "echo 'changeme' | sudo -S shutdown -h now"
}
build {
sources = ["source.qemu.vm_image"]
# Start with a single provisioner for most setup tasks
provisioner "shell" {
inline = [
"hostnamectl set-hostname ${var.hostname}",
"# Configure apt sources.list and remove all CD-ROM references",
"echo 'Configuring apt sources...'",
"# Remove any CD-ROM entries first",
"sed -i '/cdrom:/d' /etc/apt/sources.list",
"sed -i '/kali-last-snapshot/d' /etc/apt/sources.list",
"# Create APT config to prevent CD-ROM prompts",
"mkdir -p /etc/apt/apt.conf.d",
"echo 'APT::CDROM::NoMount \"true\";' > /etc/apt/apt.conf.d/00-no-cdrom",
"echo 'Acquire::cdrom::mount \"/nonexistent\";' >> /etc/apt/apt.conf.d/00-no-cdrom",
"# Now set up proper sources",
"cat > /etc/apt/sources.list << 'EOF'",
"# Default Kali Linux mirror",
"deb http://http.kali.org/kali kali-rolling main contrib non-free",
"deb-src http://http.kali.org/kali kali-rolling main contrib non-free",
"",
"# Uncomment to use the Berkeley mirror",
"#deb http://mirrors.ocf.berkeley.edu/kali/ kali-rolling main contrib non-free",
"#deb-src http://mirrors.ocf.berkeley.edu/kali/ kali-rolling main contrib non-free",
"EOF",
"apt update -y",
"# Remove qemu-guest-agent if installed",
"apt-get remove -y qemu-guest-agent || true",
"apt-get purge -y qemu-guest-agent || true",
"# Install all required packages (including tmux script dependencies)",
"apt install -y --allow-change-held-packages curl wget git golang tmux zsh util-linux coreutils python3 python2.7 certipy-ad coercer krb5-user ruby ruby-dev build-essential ntpsec-ntpdate mitm6 python3-venv fzf vim rsync",
# Ensure SSH allows root login with password - simplified approach
"echo 'Configuring SSH to allow root login...'",
"sed -i 's/^#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config",
"systemctl restart ssh",
"apt-get clean",
"rm -rf /var/lib/apt/lists/*",
"command -v history >/dev/null && history -c || true",
"echo 'Provisioning complete.'"
]
}
I’ve gotten so desperate that I have asked a couple different GPT’s and none of them have been able to figure it out.