使用 Packer 構建 Windows EC2 映像

Question

運行打包程序構建時，我在Waiting for WinRM to become available...並在 15 分鍾后失敗。 任何建議，請！

我正在使用packer -version --> 1.5.5

以 packer build 運行packer build packer-aws-windows-ami.json

詳情如下：-

執行日志：

amazon-ebs: output will be in this color.

==> amazon-ebs: Prevalidating any provided VPC information
==> amazon-ebs: Prevalidating AMI Name: Nigam-Packer-Win2016-Test
    amazon-ebs: Found Image ID: ami-0b2ce977c1b36856d
==> amazon-ebs: Creating temporary keypair: packer_5ea79a20-dd01-a7d5-6760-xa134e097ff1
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Adding tags to source instance
    amazon-ebs: Adding tag: "Name": "Packer Builder"
    amazon-ebs: Instance ID: i-025xebcexa6b7cc28
==> amazon-ebs: Waiting for instance (i-025xebcexa6b7cc28) to become ready...
==> amazon-ebs: Skipping waiting for password since WinRM password set...
==> amazon-ebs: Using winrm communicator to connect: 16.226.144.187
==> amazon-ebs: Waiting for WinRM to become available...
==> amazon-ebs: Timeout waiting for WinRM.
==> amazon-ebs: Terminating the source AWS instance...
==> amazon-ebs: Cleaning up any extra volumes...
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Timeout waiting for WinRM.

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Timeout waiting for WinRM.

==> Builds finished but no artifacts were created.

打包機-aws-windows-ami.json

{
  "variables": {
    "build_version": "{{isotime \"2020.04.29.103307\"}}",
    "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
    "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
    "region": "us-east-2",
    "instance_type": "t3.large",
    "vpc_id": "myvpc",
    "subnet_id": "mysubnet",
    "ssh_keypair_name": "./key.pem",
    "security_group_id": "sg-id",
    "user_data_file": "userdata.txt",
    "name": "Packer_AMI_TEST"
  },
  "builders": [
      {
        "type": "amazon-ebs",
        "access_key": "{{ user `aws_access_key` }}",
        "secret_key": "{{ user `aws_secret_key` }}",
        "region": "{{ user `region` }}",
        "ami_name": "Test_Packer-Win-{{timestamp}}",
        "source_ami_filter": {
          "filters": {
            "name": "Windows_Server-2016-English-Full-Base-*",
            "root-device-type": "ebs",
            "virtualization-type": "hvm" },
          "most_recent": true,
          "owners": ["amazon"]
        },
        "instance_type": "{{user `instance_type`}}",
        "vpc_id": "{{user `vpc_id`}}",
        "subnet_id": "{{user `subnet_id`}}",
        "security_group_id": "{{user `security_group_id`}}",
        "user_data_file": "{{user `user_data_file`}}",
        "ami_name": "Nigam-Packer-Win2016-Test",
        "ssh_private_key_file": "{{user `ssh_keypair`}}",
        "associate_public_ip_address": true,
        "communicator": "winrm",
        "winrm_username": "Administrator",
        "winrm_password": "SuperS3cr3t!",
        "winrm_timeout": "15m",
        "winrm_use_ssl": true,
        "winrm_insecure": true
      }
  ],
  "provisioners": [
    {
      "type": "powershell",
      "inline": [
        "Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole",
        "Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServer"
      ]
    },
    {
      "type": "windows-restart",
      "restart_check_command": "powershell -command \"& {Write-Output 'Machine restarted.'}\""
    },
    {
      "type": "powershell",
      "inline": [
        "C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Scripts\\InitializeInstance.ps1 -Schedule",
        "C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Scripts\\SysprepInstance.ps1 -NoShutdown"
      ]
    }
]

}

用戶數據.txt

# Create username and password
net user Administrator SuperS3cr3t!!!
wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

# Configure WinRM to allow unencrypted communication, and provide the
# self-signed cert to the WinRM listener.
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"

# Make sure appropriate firewall port openings exist
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"

# Restart WinRM, and set it so that it auto-launches on startup.
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

Answer 1

我的猜測是打包程序無法連接到在 VPC 中創建的實例，或者用戶數據腳本在啟動時失敗。

要檢查連接性，您可以運行packer build -debug packer.json它將在每一步停止，因此您可以檢查是否可以從執行 packer 的機器連接到實例。

要檢查第二個猜測，您可以使用相同的基礎 AMI 啟動一個沒有用戶數據的實例。 然后嘗試通過 RDP 連接到它，如果你在，調試腳本。 您可以嘗試使用相同版本的 Windows 在官方 AWS AMI 上對其進行測試。

Answer 2

如果這仍然是一個問題，您可以嘗試使用 PACKER_LOG=1 運行打包程序構建，以了解 winrm 究竟為什么會超時。 我也看到與 winrm 相同的問題，錯誤說

2020/06/18 02:22:37 packer-builder-amazon-ebs plugin: Using host value: 18.191.144.100
2020/06/18 02:22:37 packer-builder-amazon-ebs plugin: [INFO] Attempting WinRM connection...
2020/06/18 02:22:37 packer-builder-amazon-ebs plugin: [DEBUG] connecting to remote shell using WinRM
2020/06/18 02:23:07 packer-builder-amazon-ebs plugin: [ERROR] connection error: unknown error Post "http://18.191.144.100:5986/wsman": dial tcp 18.191.144.100:5986: i/o timeout

Answer 3

就我而言，在aws中運行良好的代碼今天突然停止運行。 經過大量搜索，我發現這是因為我現在使用的是非默認VPC/SUBNET ，而公共 IP 在該子網上無法連接到winrm端口。 確保您能夠使用winrm連接到端口 5986。

Answer 4

刪除密碼

"winrm_password": "SuperS3cr3t,",

我有同樣的問題，出於某種原因，這解決了它。