Unable to connect packer instance via ansible remote

I’m trying to build a google image and run ansible playbook via Ansible remote provisioner. But its ended up with an error “Unreachable and permission denied”

Packer code:

    "builders": [{
                "type": "googlecompute",
                "account_file": "{{user `account_file`}}",
                "project_id": "{{user `project_id`}}",
                "network": "{{user `network`}}",
                "subnetwork": "{{user `subnetwork`}}" ,
                "network_project_id": "{{user `network_project_id`}}",
                "region": "{{user `region`}}",
                "zone": "{{user `zone`}}",
                "source_image_family": "{{user `source_image_family`}}",
                "source_image_project_id": "{{user `source_image_project_id`}}",
                "disk_size": "{{user `disk_size`}}",
                "state_timeout": "20m",
                "ssh_username": "{{user `ssh_username`}}",
                "image_name":"{{user `image_name`}}",
                "image_family": "{{user `image_family`}}" ,
                "image_description": "{{user `image_description`}}",
                "instance_name": "{{user `instance_name`}}",
                "use_internal_ip": "{{user `use_internal_ip`}}",
                "omit_external_ip": "{{user `omit_external_ip`}}",
                "tags": "{{user `tags`}}"
         "provisioners": [
              "type": "ansible",
              "extra_arguments": ["--extra-vars", "account_file={{user `account_file`}}"],
              "playbook_file": "../home/user1/develop/Ansible/installation.yml"

Error output:

==> googlecompute: Executing Ansible: ansible-playbook --extra-vars packer_build_name=googlecompute packer_builder_type=googlecompute -o IdentitiesOnly=yes -i /home/user1/develop/Ansible/installation.yml -e ansible_ssh_private_key_file=/tmp/ansible-key935455812 --extra-vars account_file=/opt/account.json
    googlecompute: PLAY [Installtion Ansible Playbook] ************************************
    googlecompute: TASK [Gathering Facts] *********************************************************
    googlecompute: fatal: [gce-packer1testing1]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@The RSA host key for gce-packer1testing1 has changed,and the key for the corresponding IP address 10.x.x.x. is unknown. This could either mean that DNS SPOOFING is happening or the IP address for the host and its host key have changed at the same time.
	@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed.The fingerprint for the RSA key sent by the remote host is SHA256:zqX6yzBtnQ1UAbzRoLKnyftfu0HUWh+Dc0AR8DsrZms.Please contact your system administrator. Add correct host key in /home/user1/.ssh/known_hosts to get rid of this message. Offending RSA key in /home/user1/.ssh/known_hosts:3 Challenge response authentication is disabled to avoid man-in-the-middle attacks.
	Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password,keyboard-interactive).", "unreachable": true}
    googlecompute: PLAY RECAP *********************************************************************
    googlecompute: gce-packer1testing1        : ok=0    changed=0    unreachable=1    failed=0    skipped=0    rescued=0    ignored=0

I tried clearing my known_hosts file. I’m not pretty sure which key packer build will use to login to the temporary machine for ansible remote provisioner. But my intention to use the specific ssh_username which I have mentioned in the build configuration.

Hi, if you want to use the ssh_username and not the user running Packer, you need to set the “user” option in Ansible too:

Thanks for your time. I tried with the user option in Ansible and still facing the same problem. Could you please explain me, how the Ansible remote provisioner SSH connectivity works in a different scenario?

Here is my actual scenario. I’m taking the image1 as a source image which has an existing user called user1. During the packer build, trying to execute the ansible playbooks on the temporary instance with the user1 user.

Now, for the above scenario to work perfectly, what should I do exactly. What will happens to the temporary SSH key created by packer?

Please help me on this.


              "type": "ansible",
              "user": "user1"
              "use_proxy": "false",
              "extra_arguments": ["--extra-vars", "account_file={{user `account_file`}}"],
              "playbook_file": "../home/user1/develop/Ansible/installation.yml"

Hopefully removing the ssh proxy will resolve this for you.

My Packer version: 1.4.4

It gives me an error like below,

googlecompute output will be in this color.

2020/09/03 17:45:51 Build debug mode: false
2020/09/03 17:45:51 Force build: true
2020/09/03 17:45:51 On error:
2020/09/03 17:45:51 Preparing build: googlecompute
1 error occurred:
        * unknown configuration key: "use_proxy"

        * unknown configuration key: "use_proxy"

2020/09/03 17:45:51 [INFO] (telemetry) Finalizing.

Hi there, support for use_proxy was added in Packer v1.5.6. Please try updating to v1.5.6 or later and try again.

Does it mean that, we cannot use ansible remote provisioner with Packer version 1.4.4?

Because upgrading any tools in our environment is a huge process and it will take longer time.

Also, if you look at the error I’m getting is Permission denied. What is all about that. I don’t understand that.