Problems using Packer and Ansible with WinRM Connection

Packer
15

user_data.txt

net user Administrator SuperS3cr3t! wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

USERDATA SCRIPT FOR AMAZON SOURCE WINDOWS SERVER AMIS

BOOTSTRAPS WINRM VIA SSL

Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
$ErrorActionPreference = “stop”

Remove any existing Windows Management listeners

Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

Create self-signed cert for encrypted WinRM on port 5986

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName “packer-ami-builder”
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

Configure WinRM

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set “winrm/config” ‘@{MaxTimeoutms=“1800000”}’
cmd.exe /c winrm set “winrm/config/winrs” ‘@{MaxMemoryPerShellMB=“1024”}’
cmd.exe /c winrm set “winrm/config/service” ‘@{AllowUnencrypted=“true”}’
cmd.exe /c winrm set “winrm/config/client” ‘@{AllowUnencrypted=“true”}’
cmd.exe /c winrm set “winrm/config/service/auth” ‘@{Basic=“true”}’
cmd.exe /c winrm set “winrm/config/client/auth” ‘@{Basic=“true”}’
cmd.exe /c winrm set “winrm/config/service/auth” ‘@{CredSSP=“true”}’
cmd.exe /c winrm set “winrm/config/client/auth” ‘@{CredSSP=“true”}’
cmd.exe /c winrm set “winrm/config/service/auth” ‘@{Negotiate=“true”}’
cmd.exe /c winrm set “winrm/config/client/auth” ‘@{Negotiate=“true”}’
cmd.exe /c winrm set “winrm/config/service/auth” ‘@{Certificate=“true”}’
cmd.exe /c winrm set “winrm/config/client/auth” ‘@{Certificate=“true”}’
cmd.exe /c winrm set “winrm/config/listener?Address=*+Transport=HTTPS” “@{Port="5986”;Hostname="$env:ComputerName";CertificateThumbprint="$($Cert.Thumbprint)“}”
cmd.exe /c netsh advfirewall firewall add rule name=“WinRM-SSL (5986)” dir=in action=allow protocol=TCP localport=5986
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start=auto
cmd.exe /c net start winrm

win2019.json

{
“variables”: {
“region”: “{{env region}}”,
“environment”: “{{env env}}”,
“lob”: “{{env lob}}”,
“vpc_id”: “{{env vpc_id}}”,
“subnet_id”: “{{env subnet_id}}”,
“account”: “{{env account}}”,
“role”: “{{env iam_instance_profile}}”,
“kms_key”: “{{env kms_key_id}}”
},
“builders”: [
{
“type”: “amazon-ebs”,
“region”: “{{user region}}”,
“vpc_id”: “{{user vpc_id}}”,
“subnet_id”: “{{user subnet_id}}”,
“instance_type”: “t2.medium”,
“source_ami_filter”: {
“filters”: {
“virtualization-type”: “hvm”,
“name”: “Windows_Server-2019-English-Full-Base-*”,
“root-device-type”: “ebs”
},
“most_recent”: true,
“owners”: “amazon”
},
“ami_name”: “{{user lob}}-{{user environment}}-win2019”,
“user_data_file”: “scripts/user_data.txt”,
“communicator”: “winrm”,
“force_deregister”: true,
“winrm_insecure”: true,
“winrm_username”: “Administrator”,
“winrm_password”: “SuperS3cr3t!”,
“winrm_use_ssl”: true,
“winrm_port”: 5986,
“winrm_timeout”: “15m”,

  "iam_instance_profile": "{{user `role`}}",

  "skip_profile_validation" : true
}

],
“provisioners”: [
{
“type”: “powershell”,
“script”: “scripts/dansps.ps1”
},
{
“type”: “ansible”,

  "playbook_file": "playbook.yml",
  "user": "Administrator",
  "use_proxy": false,
  "extra_arguments": ["-vvv", "-e", "ansible_winrm_server_cert_validation=ignore ansible_password=SuperS3cr3t! ansible_connection=winrm ansible_winrm_transport=basic ansible_port=5986 ansible_shell_type=powershell ansible_python_interpreter=/usr/bin/python3"]

}

]

}
playbook.yml

  • hosts: all
    tasks:
    • name: Create directory structure
      ansible.windows.win_file:
      path: C:\Temp\folder\subfolder
      state: directory

ansible.cfg
empty.