我可以在macOS上使用打包器创建AMI吗？

Question

I am trying to build a Windows AMI (Custom AWS Image) with Packer. Is there a way to use WinRM on macOS, or do I have to build the image on a windows machine?

We are using a mix of Ubuntu and Windows servers and the majority are Ubuntu servers. I would like to build it all on my macbook. In production we are using Jenkins.

The purpose of the image is to run IIS and Sitecore.

I need to install

• IIS
• Sitecore
• Filebeat

Code example:

resource "aws_key_pair" "mykey" {
  key_name = "mykey"
  public_key = "${file("${var.PATH_TO_PUBLIC_KEY}")}"
}

resource "aws_instance" "win-example" {
  security_groups = [ "${aws_security_group.windows-admin.id}" ]
  subnet_id = "subnet-730c9c16"
  ami = "ami-40003a26"
  instance_type = "t2.micro"
  associate_public_ip_address = true
  key_name = "${aws_key_pair.mykey.key_name}"
  tags {
    Name = "win-example"
  }
  user_data = <<EOF
<powershell>
net user ${var.INSTANCE_USERNAME} ${var.INSTANCE_PASSWORD} /add
net localgroup administrators ${var.INSTANCE_USERNAME} /add

winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'

netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow

net stop winrm
sc.exe config winrm start=auto
net start winrm
</powershell>
EOF

  provisioner "file" {
    source = "test.txt"
    destination = "C:/test.txt"
    connection {
      type = "winrm"
      user = "${var.INSTANCE_USERNAME}"
      password = "${var.INSTANCE_PASSWORD}"
      insecure = true
      timeout = "10m"
    }
  }
  connection {
    type = "winrm"
    user = "${var.INSTANCE_USERNAME}"
    password = "${var.INSTANCE_PASSWORD}"
    insecure = true
    timeout = "10m"
  }
}

terraform reports an error:

Error applying plan:
1 error(s) occurred:
* aws_instance.win-example: 1 error(s) occurred:
* unknown error Post http://54.229.229.22:5985/wsman: dial tcp 54.229.229.22:5985: getsockopt: operation timed out

The powershell script runs and the user is created but the file "test.txt" are not copied to the server.

Answer 1

I have built Linux AMIs from a Windows host, so I know that much about the process. It just uses AWS APIs to create the instance from a source AMI, SSHs in and executes the commands you want, shuts it down and stores the new AMI for you (with some details left out). So it shouldn't matter which OS you use to create the AMI.

However I don't have any experience with WinRM, but based on these articles it doesn't look too trivial:

• WinRM and the infinite sadness (Getting Packer to work for Windows on AWS)
• Windows AMIs Without The Tears

WinRM seems to have been supported for two years already:

JUN 23 2015 | MITCHELL HASHIMOTO | PACKER

We've released Packer 0.8. Packer is a tool for building virtual machine images, containers, and other deployable artifacts.

Feature highlights for Packer 0.8:

• WinRM and Windows Provisioners
• Windows AWS Images

Have you actually tried building Windows images and faced some issues?

Answer 2

Packer has no dependnecies on you OS when building with a cloud builder (eg amazon-ebs ). This is a working example to get you started, template.json :

{
  "builders": [{
    "type": "amazon-ebs",
    "region": "eu-west-1",
    "instance_type": "m3.medium",
    "source_ami": "ami-d593bba6",
    "ami_name": "packer-demo-{{timestamp}}",
    "user_data_file": "userdata.txt",
    "communicator": "winrm",
    "winrm_username": "Administrator"
  }],
  "provisioners": [{
    "type": "powershell",
    "inline": [
      "dir c:\\"
    ]
  }]
}

And userdata.txt :

<powershell>
winrm quickconfig -q
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="300"}'
winrm set winrm/config '@{MaxTimeoutms="1800000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'

netsh advfirewall firewall add rule name="WinRM 5985" protocol=TCP dir=in localport=5985 action=allow
netsh advfirewall firewall add rule name="WinRM 5986" protocol=TCP dir=in localport=5986 action=allow

net stop winrm
sc config winrm start=auto
net start winrm

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope LocalMachine
</powershell>

Answer 3

I actually achieve the outcome you are looking for by building an OVA with Packer, but instead of installing vmware tools, I install the amazon cloud utils. This isn't exactly what you are looking for, but I think you can get the desired outcome this way.

Then, from the command line (or my build script), with the AWS tools installed I do the following:

1. aws s3 cp my-machine.ova s3://some-folder/mymachine.ova
2. aws ec2 import-image --cli-input-json '{ "Platform": "Linux", "Architecture": "x86_64", "Description": "Some Centos AMI v21.2.1", "DiskContainers": [{ "Description": "Some_App", "UserBucket": { "S3Bucket": "centos-builds", "S3Key": "some-build-ami.ova"}}]}'
3. aws ec2 describe-import-image-tasks

A few assumptions - such as your EC2 Secret and Access Key are environment variable, and that you have the AWS tools installed on your build machine. The import image takes about 15 minutes, then you have a nice fresh AMI waiting for you up in ec2.

For what it's worth, this just uses the local vmware fusion builder then converts it into an AMI, which is desired by me for local troubleshooting.

More info here.