As I read this more carefully, it seems to e saying I can't generate a
password because I don't have permission. So, how do I make it use the
password I want, when I use a PowerShell provisioned, it doesn't seem to
have an issue with winrm.
On Monday, September 28, 2020 at 12:05:24 PM UTC-4 i255d wrote:
> <powershell>
> # Set administrator password
> net user Administrator SuperS3cr3t!
> wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE
>
> # First, make sure WinRM can't be connected to
> netsh advfirewall firewall set rule name="Windows Remote Management
> (HTTP-In)" new enable=yes action=block
>
> # Delete any existing WinRM listeners
> winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null
> winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null
>
> # Create a new WinRM listener and configure
> winrm create winrm/config/listener?Address=*+Transport=HTTP
> winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
> winrm set winrm/config '@{MaxTimeoutms="7200000"}'
> winrm set winrm/config/service '@{AllowUnencrypted="true"}'
> winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'
> winrm set winrm/config/service/auth '@{Basic="true"}'
> winrm set winrm/config/service/auth '@{Certificate="true"}'
> winrm set winrm/config/client/auth '@{Basic="true"}'
> winrm set winrm/config/client/auth '@{Certificate="true"}'
>
> # Configure UAC to allow privilege elevation in remote shells
> $Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
> $Setting = 'LocalAccountTokenFilterPolicy'
> Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force
>
> # Configure and restart the WinRM Service; Enable the required firewall
> exception
> Stop-Service -Name WinRM
> Set-Service -Name WinRM -StartupType Automatic
> netsh advfirewall firewall set rule name="Windows Remote Management
> (HTTP-In)" new action=allow localip=any remoteip=any
> Start-Service -Name WinRM
> </powershell>
>
> Here is my user_data.txt file from the line
> "user_data_file": "scripts/user_data.txt.
>
> As you can see, I want to be able to use a predetermined password.
>
>
> ==> amazon-ebs: Force Deregister flag found, skipping prevalidating AMI
> Name
> 171
> amazon-ebs: Found Image ID: ami-0eb7fbcc77e5e6ec6
> 172
> ==> amazon-ebs: Creating temporary keypair:
> packer_5f720690-c3aa-4a5b-103b-b244e5cfaf67
> 173
> ==> amazon-ebs: Creating temporary security group for this instance:
> packer_5f720692-6518-386c-fcfb-64088f3bdde8
> 174
> ==> amazon-ebs: Authorizing access to port 5986 from [0.0.0.0/0] in the
> temporary security groups...
> 175
> ==> amazon-ebs: Launching a source AWS instance...
> 176
> ==> amazon-ebs: Adding tags to source instance
> 177
> amazon-ebs: Adding tag: "Name": "Packer Builder"
> 178
> amazon-ebs: Instance ID: i-076f324e8ca7a0f28
> 179
> ==> amazon-ebs: Waiting for instance (i-076f324e8ca7a0f28) to become
> ready...
> 180
> ==> amazon-ebs: Waiting for auto-generated password for instance...
> 181
> amazon-ebs: It is normal for this process to take up to 15 minutes,
> 182
> amazon-ebs: but it usually takes around 5. Please wait.
> 183
> ==> amazon-ebs: Error waiting for password: retry count exhausted. Last
> err: Error retrieving auto-generated instance password:
> UnauthorizedOperation: You are not authorized to perform this operation.
> Encoded authorization failure message:
>
>
>
> On Monday, September 28, 2020 at 11:57:24 AM UTC-4 i255d wrote:
>
>> {
>> "variables": {
>> "region": "{{env `region`}}",
>> "environment": "{{env `env`}}",
>> "lob": "{{env `lob`}}",
>> "vpc_id": "{{env `vpc_id`}}",
>> "subnet_id": "{{env `subnet_id`}}",
>> "account": "{{env `account`}}",
>> "role": "{{env `iam_instance_profile`}}",
>> "kms_key": "{{env `kms_key_id`}}"
>> },
>> "builders": [
>> {
>> "type": "amazon-ebs",
>> "region": "{{user `region`}}",
>> "vpc_id": "{{user `vpc_id`}}",
>> "subnet_id": "{{user `subnet_id`}}",
>> "instance_type": "t2.medium",
>> "source_ami_filter": {
>> "filters": {
>> "virtualization-type": "hvm",
>> "name": "Windows_Server-2019-English-Full-Base-*",
>> "root-device-type": "ebs"
>> },
>> "most_recent": true,
>> "owners": "amazon"
>> },
>> "ami_name": "test-ansible-packer",
>> "user_data_file": "scripts/user_data.txt",
>> "communicator": "winrm",
>> "force_deregister": true,
>> "winrm_insecure": true,
>> "winrm_username": "Administrator",
>> "winrm_use_ssl": true,
>> "iam_instance_profile": "{{user `role`}}",
>> "skip_profile_validation" : true
>> }
>> ],
>> "provisioners": [
>> {
>> "type": "ansible",
>> "playbook_file": "./playbook.yml",
>> "user": "Administrator",
>> "use_proxy": false,
>>
>> "extra_arguments": ["-e",
>> "ansible_winrm_server_cert_validation=ignore"]
>> }
>> ]
>> }
>> Here is my win2019.json file.
>>
>>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/c6e40d98-42b8-48d9-86ac-321d9c0b114fn%40googlegroups.com.
