I wonder if I can install Powershell core on the servers before I try and do this, and if that would help. Does packer suport PWSH for Powershell Core?
Also on my build speck I am going to try export POWERSHELL_VERSION=None to my build spec file, or aws configure set POWERSHELL_VERSION None if that doesn’t work. I have a $PSversiontable in the powershell provisioner that shows it is PowerShell version 5.1, when I switch the OS from 2019 to 2016, and the when the Ansible part runs is says this: amazon-ebs: <10.184.21.18> WINRM EXEC 'PowerShell' ['-Version', '6.2.6', '-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand', I am pretty sure the version 6.2.6 is the issue. Here is someone who worked around this issue on reddit: https://www.reddit.com/r/devops/comments/bdr9l3/packer_ansible_and_the_dreaded_winrm_in_aws/ captnron76 1 year ago Hiyas... for posterity in case anyone else comes across this thread: The problem seems to be that CodeBuild sets an environment variable POWERSHELL_VERSION (amongst several other *_VERSION variables), in my case it was 6.1.3. Ansible's powershell.py unfortunately uses the same environment variable to enable PowerShell executed over WinRM with a specific version of PowerShell. The fix for me at least was to unset POWERSHELL_VERSION before invoking packer, although doing that as a CodeBuild step didn't seem to work (I didn't spend long on it). Our call to packer is wrapped in a shell script anyway, so I did it there with success. HTH, I think the powershell.py above is this script below. https://github.com/ansible/ansible/blob/8f02819db02459ed144e131db3808dee0a7356db/lib/ansible/plugins/shell/powershell.py#L35-L37, Here is the part that shows where the POWERSHELL_VERSION is passed by code build to ansible. _common_args = ['PowerShell', '-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Unrestricted'] # Primarily for testing, allow explicitly specifying PowerShell version via # an environment variable. _powershell_version = os.environ.get('POWERSHELL_VERSION', None) if _powershell_version: _common_args = ['PowerShell', '-Version', _powershell_version] + _common_args[1:] On Monday, September 28, 2020 at 3:35:58 PM UTC-4 i255d wrote: > I feel lIke we are so close. I think this has to do with SSL??? > > > ==> amazon-ebs: Provisioning with Ansible... > amazon-ebs: Not using Proxy adapter for Ansible run: > amazon-ebs: Using WinRM Password from Packer communicator... > ==> amazon-ebs: Executing Ansible: ansible-playbook -e > packer_build_name="amazon-ebs" -e packer_builder_type=amazon-ebs -e > ansible_winrm_server_cert_validation=ignore ansible_password=***** > ansible_connection=winrm ansible_winrm_transport=basic -e > ansible_password=***** -i /tmp/packer-provisioner-ansible765667905 > /codebuild/output/src538734588/src/ > git.nylcloud.com/Cloud-Team/packer-aws-nyl-win2016/playbook.yml > amazon-ebs: > amazon-ebs: PLAY [all] > ********************************************************************* > amazon-ebs: > amazon-ebs: TASK [Gathering Facts] > ********************************************************* > amazon-ebs: [WARNING]: ERROR DURING WINRM SEND INPUT - attempting to > recover: WinRMError > amazon-ebs: The pipe is being closed. (extended fault data: > {'transport_message': 'Bad > amazon-ebs: HTTP response returned from server. Code 500', > 'http_status_code': 500, > amazon-ebs: 'wsmanfault_code': '232', 'fault_code': 's:Receiver', > 'fault_subcode': > amazon-ebs: 'w:InternalError'}) > amazon-ebs: fatal: [default]: FAILED! => {"msg": "winrm send_input > failed; \nstdout: \nstderr C\u0000a\u0000n\u0000n\u0000o\u0000t\u0000 > \u0000s\u0000t\u0000a\u0000r\u0000t\u0000 > \u0000W\u0000i\u0000n\u0000d\u0000o\u0000w\u0000s\u0000 > \u0000P\u0000o\u0000w\u0000e\u0000r\u0000S\u0000h\u0000e\u0000l\u0000l\u0000 > \u0000v\u0000e\u0000r\u0000s\u0000i\u0000o\u0000n\u0000 > \u00006\u0000.\u00002\u0000.\u00006\u0000 > \u0000b\u0000e\u0000c\u0000a\u0000u\u0000s\u0000e\u0000 > \u0000i\u0000t\u0000 \u0000i\u0000s\u0000 \u0000n\u0000o\u0000t\u0000 > \u0000i\u0000n\u0000s\u0000t\u0000a\u0000l\u0000l\u0000e\u0000d\u0000.\u0000\r\u0000\n\u0000"} > amazon-ebs: > amazon-ebs: PLAY RECAP > ********************************************************************* > amazon-ebs: default : ok=0 changed=0 > unreachable=0 failed=1 skipped=0 rescued=0 ignored=0 > > > On Monday, September 28, 2020 at 2:45:08 PM UTC-4 i255d wrote: > >> >> I seem to have made it past the above problem by added winrm_password to >> the build. >> >> This is back to where I have been stuck all along now, waiting for >> winrm??? >> >> ==> amazon-ebs: Force Deregister flag found, skipping prevalidating AMI >> Name >> amazon-ebs: Found Image ID: ami-0eb7fbcc77e5e6ec6 >> ==> amazon-ebs: Creating temporary keypair: >> packer_5f722e4c-5acb-dd97-e2bc-3d2748cc83df >> ==> amazon-ebs: Creating temporary security group for this instance: >> packer_5f722e4e-875f-3fe7-a2f0-104cb20e0fbf >> ==> amazon-ebs: Authorizing access to port 5986 from [0.0.0.0/0] in the >> temporary security groups... >> ==> amazon-ebs: Launching a source AWS instance... >> ==> amazon-ebs: Adding tags to source instance >> amazon-ebs: Adding tag: "Name": "Packer Builder" >> amazon-ebs: Instance ID: i-07fd947bd9857679f >> ==> amazon-ebs: Waiting for instance (i-07fd947bd9857679f) to become >> ready... >> ==> amazon-ebs: Skipping waiting for password since WinRM password set... >> ==> amazon-ebs: Using winrm communicator to connect: 10.184.21.17 >> ==> amazon-ebs: Waiting for WinRM to become available... >> >> On Monday, September 28, 2020 at 2:12:06 PM UTC-4 i255d wrote: >> >>> >>> <powershell> >>> # Set administrator password >>> net user Administrator SOMETHINGGOOD >>> wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE >>> >>> # First, make sure WinRM can't be connected to >>> netsh advfirewall firewall set rule name="Windows Remote Management >>> (HTTP-In)" new enable=yes action=block >>> >>> # Delete any existing WinRM listeners >>> winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null >>> winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null >>> >>> # Create a new WinRM listener and configure >>> winrm create winrm/config/listener?Address=*+Transport=HTTP >>> winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}' >>> winrm set winrm/config '@{MaxTimeoutms="7200000"}' >>> winrm set winrm/config/service '@{AllowUnencrypted="true"}' >>> winrm set winrm/config/service >>> '@{MaxConcurrentOperationsPerUser="12000"}' >>> winrm set winrm/config/service/auth '@{Basic="true"}' >>> winrm set winrm/config/service/auth '@{Certificate="true"}' >>> winrm set winrm/config/client/auth '@{Basic="true"}' >>> winrm set winrm/config/client/auth '@{Certificate="true"}' >>> >>> # Configure UAC to allow privilege elevation in remote shells >>> $Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System' >>> $Setting = 'LocalAccountTokenFilterPolicy' >>> Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force >>> >>> # Configure and restart the WinRM Service; Enable the required firewall >>> exception >>> Stop-Service -Name WinRM >>> Set-Service -Name WinRM -StartupType Automatic >>> netsh advfirewall firewall set rule name="Windows Remote Management >>> (HTTP-In)" new action=allow localip=any remoteip=any >>> Start-Service -Name WinRM >>> </powershell> >>> >>> Here is my user_data.txt file from the line >>> "user_data_file": "scripts/user_data.txt. >>> >>> As you can see, I want to be able to use a predetermined password. >>> >>> >>> ==> amazon-ebs: Force Deregister flag found, skipping prevalidating AMI >>> Name >>> 171 >>> amazon-ebs: Found Image ID: ami-0eb7fbcc77e5e6ec6 >>> 172 >>> ==> amazon-ebs: Creating temporary keypair: >>> packer_5f720690-c3aa-4a5b-103b-b244e5cfaf67 >>> 173 >>> ==> amazon-ebs: Creating temporary security group for this instance: >>> packer_5f720692-6518-386c-fcfb-64088f3bdde8 >>> 174 >>> ==> amazon-ebs: Authorizing access to port 5986 from [0.0.0.0/0] in the >>> temporary security groups... >>> 175 >>> ==> amazon-ebs: Launching a source AWS instance... >>> 176 >>> ==> amazon-ebs: Adding tags to source instance >>> 177 >>> amazon-ebs: Adding tag: "Name": "Packer Builder" >>> 178 >>> amazon-ebs: Instance ID: i-076f324e8ca7a0f28 >>> 179 >>> ==> amazon-ebs: Waiting for instance (i-076f324e8ca7a0f28) to become >>> ready... >>> 180 >>> ==> amazon-ebs: Waiting for auto-generated password for instance... >>> 181 >>> amazon-ebs: It is normal for this process to take up to 15 minutes, >>> 182 >>> amazon-ebs: but it usually takes around 5. Please wait. >>> 183 >>> ==> amazon-ebs: Error waiting for password: retry count exhausted. Last >>> err: Error retrieving auto-generated instance password: >>> UnauthorizedOperation: You are not authorized to perform this operation. >>> Encoded authorization failure message: >>> >>> >>> >>> >>> On Monday, September 28, 2020 at 11:57:24 AM UTC-4 i255d wrote: >>> { >>> "variables": { >>> "region": "{{env `region`}}", >>> "environment": "{{env `env`}}", >>> "lob": "{{env `lob`}}", >>> "vpc_id": "{{env `vpc_id`}}", >>> "subnet_id": "{{env `subnet_id`}}", >>> "account": "{{env `account`}}", >>> "role": "{{env `iam_instance_profile`}}", >>> "kms_key": "{{env `kms_key_id`}}" >>> }, >>> "builders": [ >>> { >>> "type": "amazon-ebs", >>> "region": "{{user `region`}}", >>> "vpc_id": "{{user `vpc_id`}}", >>> "subnet_id": "{{user `subnet_id`}}", >>> "instance_type": "t2.medium", >>> "source_ami_filter": { >>> "filters": { >>> "virtualization-type": "hvm", >>> "name": "Windows_Server-2019-English-Full-Base-*", >>> "root-device-type": "ebs" >>> }, >>> "most_recent": true, >>> "owners": "amazon" >>> }, >>> "ami_name": "test-ansible-packer", >>> "user_data_file": "scripts/user_data.txt", >>> "communicator": "winrm", >>> "force_deregister": true, >>> "winrm_insecure": true, >>> "winrm_username": "Administrator", >>> "winrm_use_ssl": true, >>> "iam_instance_profile": "{{user `role`}}", >>> "skip_profile_validation" : true >>> } >>> ], >>> "provisioners": [ >>> { >>> "type": "ansible", >>> "playbook_file": "./playbook.yml", >>> "user": "Administrator", >>> "use_proxy": false, >>> >>> "extra_arguments": ["-e", >>> "ansible_winrm_server_cert_validation=ignore"] >>> } >>> ] >>> } >>> Here is my win2019.json file. >>> >>> >>> On Monday, September 28, 2020 at 11:57:24 AM UTC-4 i255d wrote: >>> >>>> { >>>> "variables": { >>>> "region": "{{env `region`}}", >>>> "environment": "{{env `env`}}", >>>> "lob": "{{env `lob`}}", >>>> "vpc_id": "{{env `vpc_id`}}", >>>> "subnet_id": "{{env `subnet_id`}}", >>>> "account": "{{env `account`}}", >>>> "role": "{{env `iam_instance_profile`}}", >>>> "kms_key": "{{env `kms_key_id`}}" >>>> }, >>>> "builders": [ >>>> { >>>> "type": "amazon-ebs", >>>> "region": "{{user `region`}}", >>>> "vpc_id": "{{user `vpc_id`}}", >>>> "subnet_id": "{{user `subnet_id`}}", >>>> "instance_type": "t2.medium", >>>> "source_ami_filter": { >>>> "filters": { >>>> "virtualization-type": "hvm", >>>> "name": "Windows_Server-2019-English-Full-Base-*", >>>> "root-device-type": "ebs" >>>> }, >>>> "most_recent": true, >>>> "owners": "amazon" >>>> }, >>>> "ami_name": "test-ansible-packer", >>>> "user_data_file": "scripts/user_data.txt", >>>> "communicator": "winrm", >>>> "force_deregister": true, >>>> "winrm_insecure": true, >>>> "winrm_username": "Administrator", >>>> "winrm_use_ssl": true, >>>> "iam_instance_profile": "{{user `role`}}", >>>> "skip_profile_validation" : true >>>> } >>>> ], >>>> "provisioners": [ >>>> { >>>> "type": "ansible", >>>> "playbook_file": "./playbook.yml", >>>> "user": "Administrator", >>>> "use_proxy": false, >>>> >>>> "extra_arguments": ["-e", >>>> "ansible_winrm_server_cert_validation=ignore"] >>>> } >>>> ] >>>> } >>>> Here is my win2019.json file. >>>> >>>> -- This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list. GitHub Issues: https://github.com/hashicorp/packer/issues IRC: #packer-tool on Freenode --- You received this message because you are subscribed to the Google Groups "Packer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/packer-tool/a1ffce18-e29e-4500-aa0b-f3c11e40081en%40googlegroups.com.
