Hi, I am trying to build a packer using CIS Benchmark 2016 hardened windows image from AWS market place using docker container running ansible integrated with CircleCi tool. I had referred the code https://gist.github.com/SwampDragons/a0044e88c614a507a533ee9323cf8e0c provided here https://github.com/hashicorp/packer/issues/9003
I tested this code locally on Macbook and found it is working where WinRM
is able to established a connection with packer however, when I run the
same code using my github account which is integrated with CircleCi running
on docker container, WinRM is just simply failed to connect to packer
instance with an error "*WinRM connection err: http response error: 401 -
invalid content type*" .
Also I wondered when i had built packer using below packer userdata locally
on my macbook and ran "winrm get winrm/config" it doesn't even make any
changes to "AllowUnencrypted" and "basic" auth for client and service
config. The winrm output shows those parameters are blocked by
[Source="GPO"]. I am not sure how it works locally but it works?
Well, my problem is WinRM failed to connect on docker container using
ansible which is integrated with CirccleCi.
*Eg:- WinRM Output of packer instance ran locally on machine:-*
Client
NetworkDelayms = 5000
URLPrefix = wsman
*AllowUnencrypted = false [Source="GPO"]*
Auth
*Basic = false [Source="GPO"]*
*Note:- The above output can been seen on packer instance built by CircleCi
docker container.*
*packer userdata is :-*
<powershell>
# MAKE SURE IN YOUR PACKER CONFIG TO SET:
# "winrm_username": "Administrator",
# "winrm_insecure": true,
# "winrm_use_ssl": true,
#
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction
Ignore
# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"
# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My
-DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address *
-CertificateThumbPrint $Cert.Thumbprint -Force
# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"
winrm quickconfig -q
winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
winrm set "winrm/config/service/auth" '@{Basic="true"}'
winrm set "winrm/config/client/auth" '@{Basic="true"}'
winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
winrm set "winrm/config/listener?Address=*+Transport=HTTPS"
"@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
netsh advfirewall firewall set rule group="remote administration" new
enable=yes
netsh firewall add portopening TCP 5986 "Port 5986"
stop-service winrm
set-service -name winrm -startuptype Automatic
start-service winrm
</powershell>
I have also attached *packer.json and packer *inventory file which is being
referred by an ansible. Can someone review the attached files and let me
know if I am missing something here?
Appreciate your inputs. Thanks.
Regards,
Sagar
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/mitchellh/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/bcebecb9-c396-4678-b689-2103bca2972c%40googlegroups.com.
packer
Description: Binary data
packer.json
Description: application/json
