How to use provisioners to configure Windows VMs (in private subnet) via Linux bastion host

How to use Linux bastion host to login and configure Windows VMs while using Terraform Provisioners.


I am trying to restore a few Linux and windows instances from backup files using Terraform and do some basic configuration using provisioners. I have one public Linux VM in the same stack that is used as bastion host and rest all VMs are in private subnets.

The file and remote exec provisioners work perfectly for all Linux instances but when it comes to Windows the provisioners fail.

What I have noticed in logs is that while provisioners run for Windows, it does not seem to try to login via bastion host and tries directly. I finally see the connection timed out/no responce error. In case of Linux provisoners, the logs show that bastion host is being used.

I have checked on Windows VMs that administrator password is correct, winrm is configured and VMs are listening on port 5985 and 5986.

I dint find much help in documentation.

Sample snippet given below.

  provisioner "file" {
    source      = "files/abc.txt"
    destination = " C:/Users/administrator/Download/abc.txt"

    connection {
      type                = "winrm"
      insecure            = true
      https               = true
      port                = 5986
      host                = oci_core_instance.windowsvm.private_ip
      user                = "administrator"
      password            = "<password>"
      bastion_host        = oci_core_instance.linuxbastion.public_ip
      bastion_port        = "22"
      bastion_user        = "opc"
      bastion_private_key = file("./keys/sshkey.pem")

Not sure what am I missing!

1 Like