`packer validate` always gives an error when `iso_checksum` is derived from datasource
sebastian-de opened this issue · 2 comments
Overview of the Issue
When a datasource is involved to set iso_checksum, running packer validate sets its value to <unknown>. That itself is fine, but it always leads to an error, even if the template file is otherwise correct:
* invalid checksum: encoding/hex: invalid byte: U+003C '<' in "<unknown>"
Reproduction Steps
Create a template file debian-http.pkr.hcl with the following contents:
data "http" "debian_current" {
url = "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/SHA512SUMS"
}
locals {
iso_file = split(" ", split("\n", data.http.debian_current.body)[0])[1]
sha512sum = split(" ", split("\n", data.http.debian_current.body)[0])[0]
}
source "proxmox-iso" "debian" {
iso_url = replace(data.http.debian_current.url, "SHA512SUMS", local.iso_file)
iso_checksum = local.sha512sum
iso_storage_pool = "local-zfs"
vm_name = "debian-http"
cloud_init = true
cloud_init_storage_pool = "local-zfs"
cores = 2
insecure_skip_tls_verify = true
memory = 2048
network_adapters {
bridge = "vmbr0"
model = "virtio"
}
node = "pve"
os = "l26"
token = "token"
proxmox_url = "https://pve:8006/api2/json"
qemu_agent = true
scsi_controller = "virtio-scsi-single"
sockets = 1
ssh_username = "root"
template_name = "debian-template"
username = "root@pam!packer"
}
build {
sources = ["source.proxmox-iso.debian"]
}
- Running
packer build debian-http.pkr.hclsuccessfully downloads and checks the iso file. - Running
packer validate debian-http.pkr.hclgives an error:
* invalid checksum: encoding/hex: invalid byte: U+003C '<' in "<unknown>"
on debian-http.pkr.hcl line 10:
(source code not available)
Error: 1 error(s) occurred:
2022/12/03 22:56:11 [INFO] (telemetry) Finalizing.
* invalid checksum: encoding/hex: invalid byte: U+003C '<' in "<unknown>"
on debian-http.pkr.hcl line 10:
(source code not available)
Packer Plugin SDK version
0.3.2
Operating system and Environment details
Fedora 37, Packer installed from Hashicorp repository
Possible fix
Adding a case for
"<unknown>" similar to "none" that gives a warning instead of an error should be enough, I guess. I'll work on a PR.Hi @sebastian-de,
For templates like yours, this is a known problem, and one that has been expressed some times. The <unknown> value you get is the default value that will be given for variables that are of the cty.Unknown type at runtime, when trying to validate a template that has a relation to some external part (typically datasources).
Datasources are normally evaluated at build-time, but not when validating. This is a conscious choice, as some datasources may hit external resources that will bill on demand, hence why this isn't the default behaviour.
However, we did add one flag to the packer validate command that lets you evaluate those datasources on demand. Your template looks like the textbook case for when it should be useful.
Please note that this is not yet available in the latest Packer release, but will be soon as we plan to release v1.8.5 this week.
In the meantime, you can probably try this option out on your template with the latest nightly.
As for the proposed solution, I'm not sure this is a good workaround, as it may likely result in unexpected behaviour during builds. If the checksum indeed is unknown, we should definitely check against that, and return an error as this is not an expected, valid, checksum value.
If you agree, with the flag for evaluating datasources, this should work out-of-the-box, including for cases like these, so I would propose we close this issue, and the PR associated to it.
Please let me know what you think, and if the option does the trick for you, if anything feels out-of-place do let us know, we're always open to suggestions to make the product clearer to use.
Thanks again!
@lbajolet-hashicorp thanks for your answer and detailed explanation.
I tested my example template with packer validate -evaluate-datasources and it works as expected. This is the perfect solution for my problem.
Here is the PR for reference: hashicorp/packer#12106
Thanks! Closing.