Adding this line before the packer build line works:
- export POWERSHELL_VERSION=""
- ./packer build win2019.json
On Wednesday, September 30, 2020 at 2:27:09 PM UTC-4 i255d wrote:
> I wonder if I can install Powershell core on the servers before I try and
> do this, and if that would help.
> Does packer suport PWSH for Powershell Core?
>
> Also on my build speck I am going to try
> export POWERSHELL_VERSION=None to my build spec file, or
> aws configure set POWERSHELL_VERSION None
> if that doesn’t work.
>
>
> I have a $PSversiontable in the powershell provisioner that shows it is
> PowerShell version 5.1, when I switch the OS from 2019 to 2016, and the
> when the Ansible part runs is says this: amazon-ebs: <10.184.21.18>
> WINRM EXEC 'PowerShell' ['-Version', '6.2.6', '-NoProfile',
> '-NonInteractive', '-ExecutionPolicy', 'Unrestricted', '-EncodedCommand',
> I am pretty sure the version 6.2.6 is the issue.
>
> Here is someone who worked around this issue on reddit:
>
>
> https://www.reddit.com/r/devops/comments/bdr9l3/packer_ansible_and_the_dreaded_winrm_in_aws/
>
> captnron76
> 1 year ago
> Hiyas...
> for posterity in case anyone else comes across this thread:
> The problem seems to be that CodeBuild sets an environment variable
> POWERSHELL_VERSION (amongst several other *_VERSION variables), in my case
> it was 6.1.3.
> Ansible's powershell.py unfortunately uses the same environment variable
> to enable PowerShell executed over WinRM with a specific version of
> PowerShell.
> The fix for me at least was to unset POWERSHELL_VERSION before invoking
> packer, although doing that as a CodeBuild step didn't seem to work (I
> didn't spend long on it). Our call to packer is wrapped in a shell script
> anyway, so I did it there with success.
> HTH,
>
> I think the powershell.py above is this script below.
>
> https://github.com/ansible/ansible/blob/8f02819db02459ed144e131db3808dee0a7356db/lib/ansible/plugins/shell/powershell.py#L35-L37
> ,
>
> Here is the part that shows where the POWERSHELL_VERSION is passed by code
> build to ansible.
>
> _common_args = ['PowerShell', '-NoProfile', '-NonInteractive',
> '-ExecutionPolicy', 'Unrestricted']
>
> # Primarily for testing, allow explicitly specifying PowerShell version via
> # an environment variable.
> _powershell_version = os.environ.get('POWERSHELL_VERSION', None)
> if _powershell_version:
> _common_args = ['PowerShell', '-Version', _powershell_version] +
> _common_args[1:]
>
>
>
> On Monday, September 28, 2020 at 3:35:58 PM UTC-4 i255d wrote:
>
>> I feel lIke we are so close. I think this has to do with SSL???
>>
>>
>> ==> amazon-ebs: Provisioning with Ansible...
>> amazon-ebs: Not using Proxy adapter for Ansible run:
>> amazon-ebs: Using WinRM Password from Packer communicator...
>> ==> amazon-ebs: Executing Ansible: ansible-playbook -e
>> packer_build_name="amazon-ebs" -e packer_builder_type=amazon-ebs -e
>> ansible_winrm_server_cert_validation=ignore ansible_password=*****
>> ansible_connection=winrm ansible_winrm_transport=basic -e
>> ansible_password=***** -i /tmp/packer-provisioner-ansible765667905
>> /codebuild/output/src538734588/src/
>> git.nylcloud.com/Cloud-Team/packer-aws-nyl-win2016/playbook.yml
>> amazon-ebs:
>> amazon-ebs: PLAY [all]
>> *********************************************************************
>> amazon-ebs:
>> amazon-ebs: TASK [Gathering Facts]
>> *********************************************************
>> amazon-ebs: [WARNING]: ERROR DURING WINRM SEND INPUT - attempting to
>> recover: WinRMError
>> amazon-ebs: The pipe is being closed. (extended fault data:
>> {'transport_message': 'Bad
>> amazon-ebs: HTTP response returned from server. Code 500',
>> 'http_status_code': 500,
>> amazon-ebs: 'wsmanfault_code': '232', 'fault_code': 's:Receiver',
>> 'fault_subcode':
>> amazon-ebs: 'w:InternalError'})
>> amazon-ebs: fatal: [default]: FAILED! => {"msg": "winrm send_input
>> failed; \nstdout: \nstderr C\u0000a\u0000n\u0000n\u0000o\u0000t\u0000
>> \u0000s\u0000t\u0000a\u0000r\u0000t\u0000
>> \u0000W\u0000i\u0000n\u0000d\u0000o\u0000w\u0000s\u0000
>> \u0000P\u0000o\u0000w\u0000e\u0000r\u0000S\u0000h\u0000e\u0000l\u0000l\u0000
>> \u0000v\u0000e\u0000r\u0000s\u0000i\u0000o\u0000n\u0000
>> \u00006\u0000.\u00002\u0000.\u00006\u0000
>> \u0000b\u0000e\u0000c\u0000a\u0000u\u0000s\u0000e\u0000
>> \u0000i\u0000t\u0000 \u0000i\u0000s\u0000 \u0000n\u0000o\u0000t\u0000
>> \u0000i\u0000n\u0000s\u0000t\u0000a\u0000l\u0000l\u0000e\u0000d\u0000.\u0000\r\u0000\n\u0000"}
>> amazon-ebs:
>> amazon-ebs: PLAY RECAP
>> *********************************************************************
>> amazon-ebs: default : ok=0 changed=0
>> unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
>>
>>
>> On Monday, September 28, 2020 at 2:45:08 PM UTC-4 i255d wrote:
>>
>>>
>>> I seem to have made it past the above problem by added winrm_password to
>>> the build.
>>>
>>> This is back to where I have been stuck all along now, waiting for
>>> winrm???
>>>
>>> ==> amazon-ebs: Force Deregister flag found, skipping prevalidating AMI
>>> Name
>>> amazon-ebs: Found Image ID: ami-0eb7fbcc77e5e6ec6
>>> ==> amazon-ebs: Creating temporary keypair:
>>> packer_5f722e4c-5acb-dd97-e2bc-3d2748cc83df
>>> ==> amazon-ebs: Creating temporary security group for this instance:
>>> packer_5f722e4e-875f-3fe7-a2f0-104cb20e0fbf
>>> ==> amazon-ebs: Authorizing access to port 5986 from [0.0.0.0/0] in the
>>> temporary security groups...
>>> ==> amazon-ebs: Launching a source AWS instance...
>>> ==> amazon-ebs: Adding tags to source instance
>>> amazon-ebs: Adding tag: "Name": "Packer Builder"
>>> amazon-ebs: Instance ID: i-07fd947bd9857679f
>>> ==> amazon-ebs: Waiting for instance (i-07fd947bd9857679f) to become
>>> ready...
>>> ==> amazon-ebs: Skipping waiting for password since WinRM password set...
>>> ==> amazon-ebs: Using winrm communicator to connect: 10.184.21.17
>>> ==> amazon-ebs: Waiting for WinRM to become available...
>>>
>>> On Monday, September 28, 2020 at 2:12:06 PM UTC-4 i255d wrote:
>>>
>>>>
>>>> <powershell>
>>>> # Set administrator password
>>>> net user Administrator SOMETHINGGOOD
>>>> wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE
>>>>
>>>> # First, make sure WinRM can't be connected to
>>>> netsh advfirewall firewall set rule name="Windows Remote Management
>>>> (HTTP-In)" new enable=yes action=block
>>>>
>>>> # Delete any existing WinRM listeners
>>>> winrm delete winrm/config/listener?Address=*+Transport=HTTP 2>$Null
>>>> winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null
>>>>
>>>> # Create a new WinRM listener and configure
>>>> winrm create winrm/config/listener?Address=*+Transport=HTTP
>>>> winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
>>>> winrm set winrm/config '@{MaxTimeoutms="7200000"}'
>>>> winrm set winrm/config/service '@{AllowUnencrypted="true"}'
>>>> winrm set winrm/config/service
>>>> '@{MaxConcurrentOperationsPerUser="12000"}'
>>>> winrm set winrm/config/service/auth '@{Basic="true"}'
>>>> winrm set winrm/config/service/auth '@{Certificate="true"}'
>>>> winrm set winrm/config/client/auth '@{Basic="true"}'
>>>> winrm set winrm/config/client/auth '@{Certificate="true"}'
>>>>
>>>> # Configure UAC to allow privilege elevation in remote shells
>>>> $Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
>>>> $Setting = 'LocalAccountTokenFilterPolicy'
>>>> Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force
>>>>
>>>> # Configure and restart the WinRM Service; Enable the required firewall
>>>> exception
>>>> Stop-Service -Name WinRM
>>>> Set-Service -Name WinRM -StartupType Automatic
>>>> netsh advfirewall firewall set rule name="Windows Remote Management
>>>> (HTTP-In)" new action=allow localip=any remoteip=any
>>>> Start-Service -Name WinRM
>>>> </powershell>
>>>>
>>>> Here is my user_data.txt file from the line
>>>> "user_data_file": "scripts/user_data.txt.
>>>>
>>>> As you can see, I want to be able to use a predetermined password.
>>>>
>>>>
>>>> ==> amazon-ebs: Force Deregister flag found, skipping prevalidating AMI
>>>> Name
>>>> 171
>>>> amazon-ebs: Found Image ID: ami-0eb7fbcc77e5e6ec6
>>>> 172
>>>> ==> amazon-ebs: Creating temporary keypair:
>>>> packer_5f720690-c3aa-4a5b-103b-b244e5cfaf67
>>>> 173
>>>> ==> amazon-ebs: Creating temporary security group for this instance:
>>>> packer_5f720692-6518-386c-fcfb-64088f3bdde8
>>>> 174
>>>> ==> amazon-ebs: Authorizing access to port 5986 from [0.0.0.0/0] in
>>>> the temporary security groups...
>>>> 175
>>>> ==> amazon-ebs: Launching a source AWS instance...
>>>> 176
>>>> ==> amazon-ebs: Adding tags to source instance
>>>> 177
>>>> amazon-ebs: Adding tag: "Name": "Packer Builder"
>>>> 178
>>>> amazon-ebs: Instance ID: i-076f324e8ca7a0f28
>>>> 179
>>>> ==> amazon-ebs: Waiting for instance (i-076f324e8ca7a0f28) to become
>>>> ready...
>>>> 180
>>>> ==> amazon-ebs: Waiting for auto-generated password for instance...
>>>> 181
>>>> amazon-ebs: It is normal for this process to take up to 15 minutes,
>>>> 182
>>>> amazon-ebs: but it usually takes around 5. Please wait.
>>>> 183
>>>> ==> amazon-ebs: Error waiting for password: retry count exhausted. Last
>>>> err: Error retrieving auto-generated instance password:
>>>> UnauthorizedOperation: You are not authorized to perform this operation.
>>>> Encoded authorization failure message:
>>>>
>>>>
>>>>
>>>>
>>>> On Monday, September 28, 2020 at 11:57:24 AM UTC-4 i255d wrote:
>>>> {
>>>> "variables": {
>>>> "region": "{{env `region`}}",
>>>> "environment": "{{env `env`}}",
>>>> "lob": "{{env `lob`}}",
>>>> "vpc_id": "{{env `vpc_id`}}",
>>>> "subnet_id": "{{env `subnet_id`}}",
>>>> "account": "{{env `account`}}",
>>>> "role": "{{env `iam_instance_profile`}}",
>>>> "kms_key": "{{env `kms_key_id`}}"
>>>> },
>>>> "builders": [
>>>> {
>>>> "type": "amazon-ebs",
>>>> "region": "{{user `region`}}",
>>>> "vpc_id": "{{user `vpc_id`}}",
>>>> "subnet_id": "{{user `subnet_id`}}",
>>>> "instance_type": "t2.medium",
>>>> "source_ami_filter": {
>>>> "filters": {
>>>> "virtualization-type": "hvm",
>>>> "name": "Windows_Server-2019-English-Full-Base-*",
>>>> "root-device-type": "ebs"
>>>> },
>>>> "most_recent": true,
>>>> "owners": "amazon"
>>>> },
>>>> "ami_name": "test-ansible-packer",
>>>> "user_data_file": "scripts/user_data.txt",
>>>> "communicator": "winrm",
>>>> "force_deregister": true,
>>>> "winrm_insecure": true,
>>>> "winrm_username": "Administrator",
>>>> "winrm_use_ssl": true,
>>>> "iam_instance_profile": "{{user `role`}}",
>>>> "skip_profile_validation" : true
>>>> }
>>>> ],
>>>> "provisioners": [
>>>> {
>>>> "type": "ansible",
>>>> "playbook_file": "./playbook.yml",
>>>> "user": "Administrator",
>>>> "use_proxy": false,
>>>>
>>>> "extra_arguments": ["-e",
>>>> "ansible_winrm_server_cert_validation=ignore"]
>>>> }
>>>> ]
>>>> }
>>>> Here is my win2019.json file.
>>>>
>>>>
>>>> On Monday, September 28, 2020 at 11:57:24 AM UTC-4 i255d wrote:
>>>>
>>>>> {
>>>>> "variables": {
>>>>> "region": "{{env `region`}}",
>>>>> "environment": "{{env `env`}}",
>>>>> "lob": "{{env `lob`}}",
>>>>> "vpc_id": "{{env `vpc_id`}}",
>>>>> "subnet_id": "{{env `subnet_id`}}",
>>>>> "account": "{{env `account`}}",
>>>>> "role": "{{env `iam_instance_profile`}}",
>>>>> "kms_key": "{{env `kms_key_id`}}"
>>>>> },
>>>>> "builders": [
>>>>> {
>>>>> "type": "amazon-ebs",
>>>>> "region": "{{user `region`}}",
>>>>> "vpc_id": "{{user `vpc_id`}}",
>>>>> "subnet_id": "{{user `subnet_id`}}",
>>>>> "instance_type": "t2.medium",
>>>>> "source_ami_filter": {
>>>>> "filters": {
>>>>> "virtualization-type": "hvm",
>>>>> "name": "Windows_Server-2019-English-Full-Base-*",
>>>>> "root-device-type": "ebs"
>>>>> },
>>>>> "most_recent": true,
>>>>> "owners": "amazon"
>>>>> },
>>>>> "ami_name": "test-ansible-packer",
>>>>> "user_data_file": "scripts/user_data.txt",
>>>>> "communicator": "winrm",
>>>>> "force_deregister": true,
>>>>> "winrm_insecure": true,
>>>>> "winrm_username": "Administrator",
>>>>> "winrm_use_ssl": true,
>>>>> "iam_instance_profile": "{{user `role`}}",
>>>>> "skip_profile_validation" : true
>>>>> }
>>>>> ],
>>>>> "provisioners": [
>>>>> {
>>>>> "type": "ansible",
>>>>> "playbook_file": "./playbook.yml",
>>>>> "user": "Administrator",
>>>>> "use_proxy": false,
>>>>>
>>>>> "extra_arguments": ["-e",
>>>>> "ansible_winrm_server_cert_validation=ignore"]
>>>>> }
>>>>> ]
>>>>> }
>>>>> Here is my win2019.json file.
>>>>>
>>>>>
--
This mailing list is governed under the HashiCorp Community Guidelines -
https://www.hashicorp.com/community-guidelines.html. Behavior in violation of
those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/packer/issues
IRC: #packer-tool on Freenode
---
You received this message because you are subscribed to the Google Groups
"Packer" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/packer-tool/563c84d5-7864-4be2-8d24-1deff9a79169n%40googlegroups.com.
