"builders": [
{
"type": "azure-arm",
"client_id": "{{user `client_id`}}",
"client_secret": "{{user `client_secret`}}",
"tenant_id": "{{user `tenant_id`}}",
"subscription_id": "{{user `subscription_id`}}",
"managed_image_resource_group_name": "GoldenImages",
"managed_image_name": "Golden-SQL2016SP2",
"os_type": "Windows",
"image_publisher": "MicrosoftSQLServer",
"image_offer": "SQL2016SP2-WS2016",
"image_sku": "Enterprise",
"virtual_network_name": "{{user `virtual_network_name`}}",
"virtual_network_subnet_name": "{{user `virtual_network_subnet_name`}}",
"virtual_network_resource_group_name": "{{user
`virtual_network_resource_group_name`}}",
"communicator": "winrm",
"winrm_use_ssl": true,
"winrm_insecure": true,
"winrm_timeout": "6m",
"winrm_username": "{{user `winrm_username`}}",
"azure_tags": {
"BAC" : "",
"ResourceContact" : "",
"Environment" : "{{user `environment`}}"
},
"location": "{{user `location`}}",
"vm_size": "Standard_DS3_v2"
}
],
"provisioners": [
{
"type": "powershell",
"environment_vars":
[
"ARTIFACTORYCREDS={{user `artifactory_creds`}}"
],
"scripts": [
"./scripts/sql2016/install_java.ps1"
]
},
{
"type": "powershell",
"environment_vars":
[
"ARTIFACTORYCREDS={{user `artifactory_creds`}}"
],
"scripts":
[
"./scripts/sql2016/install_cis_cat.ps1"
]
},
{
"type": "powershell",
"scripts":
[
"./scripts/sql2016/install_pscp.ps1"
]
},
{
"type": "file",
"source": "./scripts/sql2016",
"destination": "c:\\Users\\packer\\",
"direction" : "upload"
},
{
"type": "windows-restart",
"restart_check_command": "powershell -command \"& {Write-Output
'restarted.'}\""
},
{
"type": "powershell",
"environment_vars": [
"WINRMUSER= {{user `winrm_username`}}"
],
"scripts": [
"./scripts/sql2016/harden_image.ps1"
]
}
]
}
This is what it looks at the moment.
I need to be able to add at least one more powershell script in
Provisioners that will create a test database in the VM that packer
creates, as well as get the connection string that I can pass to CIS-CAT
for the scan.
When run locally this is how the cis-cat command looks like, ".\CIS-CAT.BAT
-b benchmarks\CIS_Microsoft_SQL_Server_2016_Benchmark_v1.0.0-xccdf.xml -p
""Level 1 - Database Engine"" -D
xccdf_org.cisecurity_value_jdbc.url=jdbc:jtds:sqlserver://localhost:1433/master;domain=SQLSERVER;user=testadmin;password=password
-a -r ."
How can I pass the username and password when using winrm and packer?
I'm confused as to how I can achieve this using Packer. Just need some
direction.
On Friday, March 22, 2019 at 2:05:05 PM UTC-4, [email protected] wrote:
>
> What do you have so far?
>
> On Friday, March 22, 2019 at 2:57:27 PM UTC, [email protected] wrote:
>>
>> I have successfully created a SQL Image of SQL Server 2016 on Azure
>> Marketplace using Packer.
>>
>> To take this one step further,
>> I manually installed Java, then installed CIS-CAT, remediated according
>> and hardened the image.
>>
>> My goal is to use Packer to do all of this for me.
>>
>> I'm using winrm_username and winrm_password variables to try to
>> authenticate to the SQL Server post installation and it fails.
>>
>> The steps in the process:
>>
>> 1. Create a SQL Server Image from the Marketplace.
>>
>> 2. Install Java from internal Artifactory.
>>
>> 3. Install CIS-CAT too from internal Artifactory.
>>
>> 4. Create a Test DB ( *Fails, because I am unable to login to the SQL
>> Server via Windows Authentication by passing winrm creds*)
>>
>> 5. Run LGPO.exe (I copied the GPO settings that I acquired by manually
>> capturing it in a previous VM)
>>
>> 6. Once the policies have been applied, run the CIS-CAT benchmarks to
>> capture a report. (*Problem with the Connection String, can't generate
>> it using ENV_Variables passed through the template*)
>>
>> 7. Copy the report to a local machine
>>
>> 8. Sysprep and capture the image.
>>
>> If anyone has worked with SQL Server Images using Packer, do give me some
>> feedback to correct my approach.
>> Open to any kind of suggestions as well.
>>
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/5560bb5f-8837-4a6a-aa18-aa018932b89f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
