HashiCorp packer amazon-linux cracklib gotcha

HashiCorp packer amazon-linux cracklib gotcha
Photo by Ivan Rudoy / Unsplash

While setting up packer for the first time in ages I found a little cracklib quirk when using amazon linux while following the instructions from the website.

Let get into it!

Packer setup

HashiCorp has some great documentation here on getting started with packer.

Install Packer | Packer - HashiCorp Learn
Packer must first be installed on the machine you want to run it on.

I spun up an EC2 instance using amazon linux and grabbed the commands for installing packer. Going great so far....

[root@ip-172-31-17-111 ~]# sudo yum install -y yum-utils
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Package yum-utils-1.1.31-46.amzn2.0.1.noarch already installed and latest version
Nothing to do
[root@ip-172-31-17-111 ~]# sudo yum-config-manager --add-repo https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
adding repo from: https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo
grabbing file https://rpm.releases.hashicorp.com/AmazonLinux/hashicorp.repo to /etc/yum.repos.d/hashicorp.repo
repo saved to /etc/yum.repos.d/hashicorp.repo
[root@ip-172-31-17-111 ~]# sudo yum -y install packer
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
hashicorp                                                                                                                             | 1.4 kB  00:00:00
hashicorp/x86_64/primary                                                                                                              |  91 kB  00:00:00
hashicorp                                                                                                                                            658/658
Resolving Dependencies
--> Running transaction check
---> Package packer.x86_64 0:1.8.2-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

 Package                             Arch                                Version                                Repository                              Size
 packer                              x86_64                              1.8.2-1                                hashicorp                               33 M

Transaction Summary
Install  1 Package

Total download size: 33 M
Installed size: 151 M
Downloading packages:
warning: /var/cache/yum/x86_64/2/hashicorp/packages/packer-1.8.2-1.x86_64.rpm: Header V4 RSA/SHA512 Signature, key ID a3219f7b: NOKEY |  17 MB  --:--:-- ETA
Public key for packer-1.8.2-1.x86_64.rpm is not installed
packer-1.8.2-1.x86_64.rpm                                                                                                             |  33 MB  00:00:01
Retrieving key from https://rpm.releases.hashicorp.com/gpg
Importing GPG key 0xA3219F7B:
 Userid     : "HashiCorp Security (HashiCorp Package Signing) <security+packaging@hashicorp.com>"
 Fingerprint: e8a0 32e0 94d8 eb4e a189 d270 da41 8c88 a321 9f7b
 From       : https://rpm.releases.hashicorp.com/gpg
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
  Verifying  : packer-1.8.2-1.x86_64                                                                                                                     1/1

  packer.x86_64 0:1.8.2-1

[root@ip-172-31-17-111 ~]#


Verifying the Installation

As per the doco we can now just test our binary with the following command.

$ packer

Hmmm.... just hangs no output this doesn't seem right...

Hit enter a couple of times... odd!

ok so what is getting executed, lets check the path to the binary

[root@ip-172-31-17-111 ~]# which packer

and what did our package install

[root@ip-172-31-17-111 ~]# rpm -ql packer-1.8.2-1.x86_64

Ah ok that's the issue we have another binary in our system path that is conflicting as we are running as root.

A quick query of the RPM database and we can see its cracklib-dicts

[root@ip-172-31-17-111 ~]# rpm -qif /usr/sbin/packer
Name : cracklib-dicts
Version : 2.9.0
Release : 11.amzn2.0.2
Architecture: x86_64
Install Date: Mon 13 Jun 2022 06:52:47 PM UTC
Group : System Environment/Libraries
Size : 9389116
License : LGPLv2+
Signature : RSA/SHA256, Thu 23 Aug 2018 11:50:38 PM UTC, Key ID 11cf1f95c87f5b1a
Source RPM : cracklib-2.9.0-11.amzn2.0.2.src.rpm
Build Date : Tue 31 Jul 2018 04:07:32 PM UTC
Build Host : build.amazon.com
Relocations : (not relocatable)
Packager : Amazon Linux
Vendor : Amazon Linux
URL : http://sourceforge.net/projects/cracklib/
Summary : The standard CrackLib dictionaries
Description :
The cracklib-dicts package includes the CrackLib dictionaries.
CrackLib will need to use the dictionary appropriate to your system,
which is normally put in /usr/share/dict/words. Cracklib-dicts also
contains the utilities necessary for the creation of new dictionaries.

If you are installing CrackLib, you should also install cracklib-dicts.

Quick fix

We could mess about with removing packages but the easiest for me in this case was just to provide the full path to the packer bin as follows

[root@ip-172-31-17-111 ~]# /usr/bin/packer
Usage: packer [--version] [--help] <command> [<args>]

Available commands are:
    build           build image(s) from template
    console         creates a console for testing variable interpolation
    fix             fixes templates from old versions of packer
    fmt             Rewrites HCL2 config files to canonical format
    hcl2_upgrade    transform a JSON template into an HCL2 configuration
    init            Install missing plugins or upgrade plugins
    inspect         see components of a template
    plugins         Interact with Packer plugins and catalog
    validate        check that a template is valid
    version         Prints the Packer version

[root@ip-172-31-17-111 ~]#

Hope this helps someone else!