Hello.
I’ve set up a vault server for storing sensitive information and have no issues reaching vault and fetching these values, from my server running packer, atleast using the vault cli and packer inspect. The problem comes up when I run ‘packer build’ and ‘packer validate’, then I get these errors:
Error: Unset variable “vsphere_password”
A used variable must be set or have a default value; see
Syntax - Configuration Language | Packer | HashiCorp Developer for details.Error: Unset variable “build_password”
A used variable must be set or have a default value; see
Syntax - Configuration Language | Packer | HashiCorp Developer for details.Error: Unset variable “vm_inst_os_kms_key_standard”
A used variable must be set or have a default value; see
Syntax - Configuration Language | Packer | HashiCorp Developer for details.
Which seems odd to me, seeing as when I run a command like ‘packer inspect’ the variables get filled into their respective local.var-name… sensitive or not it seems.
My local definitions for fetching the values from the kv v2 engine looks like this.
…
local “vsphere_password” {
expression = vault(“kv/data/packer/vsphere”, “vsphere_pw”)
sensitive = true
}
local “build_password” {
expression = vault(“kv/data/packer/build/windows/2022”, “build_pw”)
sensitive = true
}
local “vm_inst_os_kms_key_standard” {
expression = vault(“kv/data/packer/build/windows/2022/kms”, “2022_standard”)
sensitive = true
}
…
I have:
- double checked that these values are defined in my var.pkr.hcl (Shouldn’t matter when local right?)
- tried without the flag ‘sensitive’ in my local definition
- tried adding the definition in the locals block instead, without any flags obviously.
- upgraded packer from v1.8.7 to 1.9.1
My vault server is behind some very restricted iptables rules, that only allow traffic coming from my packer server. Does the vsphere need to be opened up for to? I couldn’t imagine it would need to.
Nothing seems to work and so I’m at a loss. If anyone has any tips or need more info, please tell me.