-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
az token expires before packer finishes all the steps #456
Comments
If this is run under Federated Identity (OIDC) this is know issue I had the same when switching from password auth to federated identity, because maximum time for token refresh is 60 minutes. Azure/azure-cli#28708 |
That might be it. My last working packer run used older az cli (2.65.0 vs 2.67.0). The new run added Old (working) run:
New run:
Is there a way to forcibly use the previous az version? |
BTW, for some reason the same packer file works flawlessly for Windows 11 marketplace image. Does anyone have any idea why? |
The OS version should not have big impact, what was image build time ? Was it shorter ? Could be if you uses faster VM or storage it will able to Finnish before authentication token expire. You are using in your configuration "use_azure_cli_auth = true" this means -> Flag to use Azure CLI authentication. Defaults to false. CLI auth will use the information from an active az login session to connect to Azure ... This means to me that you are already authenticated to azure cli when packer is running and will just uses active azure CLI login. |
Okay, so the problem wasn't with the packer itself and settings there had nothing to do with the problem. I used the What I did to resolve the problem, was to override login before running packer steps, I used a service principal to achieve that: Hopefully this will be helpful for others. |
Ty for the detailed explanation @Dellson, and thanks @fajterini for helping out! I think this will be helpful for others experiencing this issue in the future, closing as requested |
Overview of the Issue
After packer successfully finishes running the hcl file, it attempts to delete the remaining Azure resources.
It fails to do so with the
Error: retry count exhausted. Last err: performing Delete: authorizing request: running Azure CLI: exit status 1: ERROR: AADSTS700024: Client assertion is not within its valid time range.
I noticed the issue for the first time last Wednesday. I did not modify none of the scripts used by Packer in the meantime.
Plugin and Packer version
source "azure-arm"
Simplified Packer Buildfile
Operating system and Environment details
Reproduced on Windows 10 (win10-22h2-pron-g2 from Azure).
Log Fragments and crash.log files
Last bit of the logs (redacted):
The text was updated successfully, but these errors were encountered: