I was having the same trouble. I was trying to run an `install.ps1` script
using the elevated_user and elevated_password. This worked fine on Windows
Server 2012/2016/2019 in AWS but failed to run on Windows 10 in Azure. The
provisioner would just hang indefinitely.
{
"type": "powershell",
"elevated_user": "packer",
"elevated_password": "{{.WinRMPassword}}",
"script": "scripts/install.ps1"
}
I did a lot of digging into the problem and discovered that elevated_user
and elevated_password tells packer to create a Windows scheduled task to
run the provisioner's script (or inline commands). For some reason Windows
10 won't run the scheduled task until the admin user (packer in this case)
has logged into the system. I spent a lot of time trying to figure out what
it was about logging into the system that allowed the scheduled task to run
but I couldn't figure it out. I got things working by enabling auto-logon
for the packer user and restarting the system prior to running the
provisioner that uses elevated_user. After the scheduled task runs I
disable auto-logon.
{
"type": "powershell",
"script": "scripts/enable-autologon.ps1",
"environment_vars": ["ADMIN_PASSWORD={{.WinRMPassword}}"]
},
{
"type": "windows-restart"
},
{
"type": "powershell",
"elevated_user": "packer",
"elevated_password": "{{.WinRMPassword}}",
"script": "scripts/install.ps1"
},
{
"type": "powershell",
"script": "scripts/disable-autologon.ps1"
}
Here are the contents of enable-autologon.ps1
# Stop script execution when a non-terminating error occurs
$ErrorActionPreference = "Stop"
If ([string]::IsNullOrEmpty($Env:ADMIN_PASSWORD)) { Throw "Env:ADMIN_PASSWORD
must be set" }
# Our testing has shown that Windows 10 does not allow packer to run a
Windows scheduled task until the admin user (packer) has logged into the
system.
# So we enable AutoAdminLogon and use packer's windows-restart provisioner
to get the system into a good state to allow scheduled tasks to run.
Write-Output "Enabling AutoAdminLogon to allow packer's scheduled task
created by elevated_user to run..."
Set-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon' -Name AutoAdminLogon -Value 1 -type String
Set-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon' -Name DefaultUsername -Value $Env:UserName
-type String
Set-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon' -Name DefaultPassword -Value "
$Env:ADMIN_PASSWORD" -type String
Here are the contents of disable-autologon.ps1
# Stop script execution when a non-terminating error occurs
$ErrorActionPreference = "Stop"
Write-Output "Disabling AutoAdminLogon..."
Remove-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon' -Name AutoAdminLogon
Remove-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon' -Name DefaultUsername
Remove-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon' -Name DefaultPassword
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to packer-tool+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/b0470859-0367-40ba-856e-2ef5ffc290fd%40googlegroups.com.
