Hi! Which Packer version are you using? segunda-feira, 27 de Abril de 2020 às 16:57:17 UTC+2, Sagar Jadhav escreveu: > > Hi, > > I am trying to build a packer using CIS Benchmark 2016 hardened windows > image from AWS market place using docker container running ansible > integrated with CircleCi tool. I had referred the code > https://gist.github.com/SwampDragons/a0044e88c614a507a533ee9323cf8e0c > provided > here https://github.com/hashicorp/packer/issues/9003 > > I tested this code locally on Macbook and found it is working where WinRM > is able to established a connection with packer however, when I run the > same code using my github account which is integrated with CircleCi running > on docker container, WinRM is just simply failed to connect to packer > instance with an error "*WinRM connection err: http response error: 401 - > invalid content type*" . > Also I wondered when i had built packer using below packer userdata > locally on my macbook and ran "winrm get winrm/config" it doesn't even > make any changes to "AllowUnencrypted" and "basic" auth for client and > service config. The winrm output shows those parameters are blocked by > [Source="GPO"]. I am not sure how it works locally but it works? > > Well, my problem is WinRM failed to connect on docker container using > ansible which is integrated with CirccleCi. > > *Eg:- WinRM Output of packer instance ran locally on machine:-* > Client > NetworkDelayms = 5000 > URLPrefix = wsman > *AllowUnencrypted = false [Source="GPO"]* > Auth > *Basic = false [Source="GPO"]* > > *Note:- The above output can been seen on packer instance built by > CircleCi docker container.* > > *packer userdata is :-* > > <powershell> > > # MAKE SURE IN YOUR PACKER CONFIG TO SET: > > # "winrm_username": "Administrator", > # "winrm_insecure": true, > # "winrm_use_ssl": true, > # > > write-output "Running User Data Script" > write-host "(host) Running User Data Script" > > Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction > Ignore > > # Don't set this before Set-ExecutionPolicy as it throws an error > $ErrorActionPreference = "stop" > > # Remove HTTP listener > Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse > > # Create a self-signed certificate to let ssl work > $Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My > -DnsName "packer" > New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * > -CertificateThumbPrint $Cert.Thumbprint -Force > > # WinRM > write-output "Setting up WinRM" > write-host "(host) setting up WinRM" > > winrm quickconfig -q > winrm set "winrm/config" '@{MaxTimeoutms="1800000"}' > winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}' > winrm set "winrm/config/service" '@{AllowUnencrypted="true"}' > winrm set "winrm/config/client" '@{AllowUnencrypted="true"}' > winrm set "winrm/config/service/auth" '@{Basic="true"}' > winrm set "winrm/config/client/auth" '@{Basic="true"}' > winrm set "winrm/config/service/auth" '@{CredSSP="true"}' > winrm set "winrm/config/listener?Address=*+Transport=HTTPS" > "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}" > netsh advfirewall firewall set rule group="remote administration" new > enable=yes > netsh firewall add portopening TCP 5986 "Port 5986" > stop-service winrm > set-service -name winrm -startuptype Automatic > start-service winrm > > </powershell> > > I have also attached *packer.json and packer *inventory file which is > being referred by an ansible. Can someone review the attached files and let > me know if I am missing something here? > > Appreciate your inputs. Thanks. > > Regards, > Sagar > > > >
-- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/mitchellh/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/4e1ab944-5c08-4b1a-a877-eaa20212eeec%40googlegroups.com.
