Hi Team,
I am trying to create Windows Image in GCP using Packer.
I am trying to achieve this using IAP tunnelling , without Public IP.
I am using IAP tunnelling for Linux hosts and it works fine.
However for Windows its troubling me a lot.
I have the IAP tunnelling working locally with gcloud command, i can even SSH with the private key that the packer uses, however it doesnt work with packer.
I am installing OpenSSH on WindowsVM from the userdata
SSH works with IAP Tunnelling without public IP and Private Key used by Packer with gcloud command locally.
bash-3.2$ gcloud compute start-iap-tunnel packer-66e2f21c-42d8-78e1-0942-4ced26d61a1a 22 --local-host-port=localhost:2200 --zone=us-west2-a
WARNING:
To increase the performance of the tunnel, consider installing NumPy. For instructions,
please see Using IAP for TCP forwarding | Identity-Aware Proxy | Google Cloud
Testing if tunnel connection works.
Listening on port [2200].
bash-3.2$ ssh -i ~/git_repos/ITOPS-12912/gcp-bakery/pvt1.key Administrator@localhost -p 2200 -o StrictHostKeyChecking=no
Warning: Permanently added ‘[localhost]:2200’ (ED25519) to the list of known hosts.
PowerShell 7.4.4
PS C:\Users\administrator.PACKER-66E2F21C>
This is my packer config for windows
project_id = “{var.project_id}"
source_image_project_id = [ "windows-cloud" ]
source_image = "{var.windows2022_source_image}”
image_family = “windows-2022”
image_storage_locations = “{var.image_storage_locations}"
service_account_email = "{var.service_account_email}”
credentials_file = “{var.credentials_file}"
zone = "{var.zone}”
machine_type = “e2-medium”
communicator = “ssh”
use_os_login = true
use_internal_ip = true
omit_external_ip = true
use_iap = true
network = “{var.vpc_id}"
subnetwork = "{var.subnet_id}”
disk_size = 64
disk_type = “{var.disk_type}"
windows_password_timeout = "15m"
ssh_timeout = "20m"
ssh_username = "Administrator"
ssh_pty = true
ssh_private_key_file = "/data/packer_ssh_key"
metadata_files = {
windows-startup-script-ps1 = "packer/scripts/windows/install-openssh.ps1"
}
metadata = {
enable-windows-ssh = "TRUE"
pub_key = "{var.pub_key}”
}