Search code examples
amazon-ec2packerwindows-server-2016

Packer cannot communicate with AWS windows server 2016 instances to build custom ami

I am using packer 0.12.1 to build an AWS ami based on the existing windows server 2016 ami.

The way I used to get it to work with windows server 2012 is to specify in the packer template:

"communicator": "winrm",
"winrm_username": "Administrator",
"winrm_use_ssl": true,
"winrm_insecure": true,
"user_data_file":"./ec2-userdata-winserver2016.ps1",

And the user data file would look like:

<powershell>

write-output "Running User Data Script"
write-host "(host) Running User Data Script"

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

</powershell>

This works fine in windows server 2012, but not anymore in windows server 2016.

For server 2016, the output of packer is:

==> eu-west-1-builder: Waiting for auto-generated password for instance...
    eu-west-1-builder: It is normal for this process to take up to 15 minutes,
    eu-west-1-builder: but it usually takes around 5. Please wait.
    eu-west-1-builder:  
    eu-west-1-builder: Password retrieved!
==> eu-west-1-builder: Waiting for WinRM to become available...

And it hangs until timeout.

As AWS release windows server 2016 ami fairly recently, I couldn't find much information. I am not really a windows guru (I am usually on linux)

Any help / suggestions would be greatly appreciated.

Solution

  • Try changing "winrm_username" to something other than Administrator

    As per Packer documentationThe default user name is packer not root as in other builders. Most distros on Azure do not allow root to SSH to a VM hence the need for a non-root default user. Set the ssh_username option to override the default value.