Have you also checked your firewalls are open for the relevant winRM ports
being used? Both on the server being provisioned (Windows Firewall) and in
your corp infrastructure and security group? (I am AWS but the therory is
the same)
I am using the following userdata file for WinRM and this is working well:
<powershell>
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction
Ignore
# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"
# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My
-DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address *
-CertificateThumbPrint $Cert.Thumbprint -Force
#Create Folder for Package Source Files (AMI Install Version)
Write-Host "Doing Temp File Folder Creation"
New-Item -Path "c:\" -name "temp" -itemType "directory" -force
# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS"
"@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote
administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
Set-Item WSMan:\localhost\Shell\MaxMemoryPerShellMB 2048
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
</powershell>
This is called from my builder .json files as so:
"builders": [{
"type": "amazon-ebs",
"vpc_id": "vpc-xxx",
"subnet_id": "subnet-xxx",
"region": "xxx",
"source_ami": "xxx",
"ami_name": "my-ami-name-{{timestamp}}",
*"user_data_file": "./USERDATA2.0.txt", <=== CALL IT HERE*
"communicator": "winrm",
"winrm_username": "Administrator",
"instance_type": "t2.large",
"winrm_use_ssl": true,
"winrm_insecure": true
}],
See how you go.
On Wednesday, 28 August 2019 07:41:40 UTC+1, Sim wrote:
>
> Hi,
>
> I am currently running into an issue that my Terraform could not connect
> back to the VM it provisioned in order to connect to Chef server (via chef
> provisioner) because it could not establish a connection to the VM. I think
> it might be because the Packer image that I used in Terraform has not been
> enabled for the winrm. I have looked around on the internet, but still
> could not find out a good way to enable winrm in the packer.
> I have tried to call a powershell file in the Packer template. The PS
> script has a bunch of PS commands that enable winrm. But it didnt work when
> I ran Packer build.
>
> What I have tried:
> #bootstrap-winrm.ps1
> # Set administrator password
> net user admin admin12
> wmic useraccount where "name='admin'" set PasswordExpires=FALSE
>
> # First, make sure WinRM can't be connected to
> netsh advfirewall firewall set rule name="Windows Remote Management
> (HTTP-In)" new enable=yes action=block
>
> # Delete any existing WinRM listeners
> winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null
> winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null
>
> # Create a new WinRM listener and configure
> winrm create winrm/config/listener?Address=*+Transport=HTTP
> winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
> winrm set winrm/config '@{MaxTimeoutms="7200000"}'
> winrm set winrm/config/service '@{AllowUnencrypted="true"}'
> winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'
> winrm set winrm/config/service/auth '@{Basic="true"}'
> winrm set winrm/config/client/auth '@{Basic="true"}'
>
> # Configure UAC to allow privilege elevation in remote shells
> $Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
> $Setting = 'LocalAccountTokenFilterPolicy'
> Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force
>
> # Configure and restart the WinRM Service; Enable the required firewall
> exception
> Stop-Service -Name WinRM
> Set-Service -Name WinRM -StartupType Automatic
> netsh advfirewall firewall set rule name="Windows Remote Management
> (HTTP-In)" new action=allow localip=any remoteip=any
> Start-Service -Name WinRM
>
>
>
> Packer template
> {
> "variables": {
> "client_id": "",
> "client_secret": "",
> "tenant_id": "",
> "subscription_id": "",
> "object_id": "",
> "managed_image_resource_group_name": "",
> "managed_image_name": "",
> "virtual_network_name": "",
> "virtual_network_subnet_name": "",
> "virtual_network_resource_group_name": "",
> "file_source": "",
> "packer_ado_pat": ""
> },
> "builders": [{
> "type": "azure-arm",
>
> "client_id": "{{user `client_id`}}",
> "client_secret": "{{user `client_secret`}}",
> "tenant_id": "{{user `tenant_id`}}",
> "subscription_id": "{{user `subscription_id`}}",
> "object_id": "{{user `object_id`}}",
>
> "managed_image_resource_group_name": "{{user
> `managed_image_resource_group_name`}}",
> "managed_image_name": "{{user `managed_image_name`}}",
>
> "virtual_network_name": "{{user `virtual_network_name`}}",
>
> "virtual_network_subnet_name": "{{user
> `virtual_network_subnet_name`}}",
> "virtual_network_resource_group_name": "{{user
> `virtual_network_resource_group_name`}}",
>
> "os_type": "Windows",
> "image_publisher": "MicrosoftWindowsServer",
> "image_offer": "WindowsServer",
> "image_sku": "2016-Datacenter",
>
> "user_data_file": "{{user `file_source`}}/Bootstrap-Winrm.ps1",
>
> "communicator": "winrm",
> "winrm_use_ssl": "true",
> "winrm_insecure": "true",
> "winrm_timeout": "5m",
> "winrm_username": "admin",
> "winrm_password": "admin12",
>
>
> "location": "australiasoutheast",
> "vm_size": "Standard_A4m_v2"
> }],
> "provisioners": [
> {
> "type": "powershell",
> "inline": ["mkdir c:\\Packer"]
> },{
> "type": "file",
> "source": "{{user `file_source`}}",
> "destination": "c:\\Packer"
> },{
> "type": "powershell",
> "scripts": "{{user `file_source`}}/Bootstrap-winrm.ps1"
> },{
> "type": "powershell",
> "inline": [
> "Add-WindowsFeature Web-Server",
> "if( Test-Path
> $Env:SystemRoot\\windows\\system32\\Sysprep\\unattend.xml
> ){ rm $Env:SystemRoot\\windows\\system32\\Sysprep\\unattend.xml -Force}",
> "& $Env:SystemRoot\\System32\\Sysprep\\Sysprep.exe /oobe
> /generalize /quiet /quit"
> ]
> }]
> }
>
>
> Could anyone please link me or give me any better suggestions of what
> should I do to achieve this? if winrm seems to be so difficult, would ssh
> another better approach (but again I am not sure how could packer set up
> ssh and generate the key here in the image again, that can be used later in
> the Terraform template).
>
> Thanks.
>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/1459308a-6552-4aa3-b9e2-9db643706da5%40googlegroups.com.
