Windows image on gce with ssh communicator

koboldul · June 3, 2021, 5:37pm

Hi,

I’m trying to create a a Windows Server 2019 in Google Cloud ideally using a ssh communicator but I have problems on applying the windows-startup-script-cmd metadata in the sense that seems to be completely ignored. I don’t know how to collect logs from the command that should run after the instance is up and running and I would really appreciate any idea on this matter.

I have started from the build script provided here. and I’m using a service account that has the Compute Instance Admin (v1) & Service Account User roles.

ssh communicator:

packer {

  required_plugins {
    aws = {
      version = ">= 0.0.1"
      source = "github.com/hashicorp/googlecompute"
    }
  }
}

variables {
    gce_project_id=""
    zone="northamerica-northeast1-a"
    image_id="windows-server-2019-dc-v20200813"
    instance_type="e2-small"
    ssh_pwd=""
    ssh_usr="packer_user"

    bootstrap_data="../scripts/setup.ps1"
}

source "googlecompute" "xin" {
  project_id = var.gce_project_id
  source_image = var.image_id
  zone = var.zone
  disk_size = 50
  machine_type = var.instance_type
  communicator = "ssh"
  #ssh_password = var.ssh_pwd
  ssh_username = var.ssh_usr
  ssh_timeout="59m"

  account_file="../../_secrets/svc.json"

  metadata = {
    windows-startup-script-cmd="powershell Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 & powershell Start-Service sshd & powershell Start-Service ssh-agent"
  }
}

build {
  sources = ["sources.googlecompute.xin"]
}

The same flow works perfectly on aws.

As a note not event the winrm communicator doesn’t seem to work on my setup.
This is the winrm script:

packer {
  required_plugins {
    aws = {
      version = ">= 0.0.1"
      source = "github.com/hashicorp/googlecompute"
    }
  }
}

variables {
    gce_project_id=""
    zone="us-central1-a"
    ami_id="windows-server-2019-dc-v20200813"
    user="packer_user"
}

source "googlecompute" "dvf" {
  project_id = var.gce_project_id
  source_image = var.ami_id
  zone = var.zone
  disk_size = 50
  machine_type = "n1-standard-2"
  communicator = "winrm"
  winrm_username = var.user
  winrm_insecure = true
  winrm_use_ssl = true
  #wrap_startup_script=false 
  #state_timeout="5m"
  account_file="../../_secrets/svc_key.json"
  metadata = {
    startup-script-log-dest= "c:/strtup.log"
    wrap_startup_script="false"
    windows-startup-script-cmd = "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}"
  }
}
build {
  sources = ["sources.googlecompute.dvf"]
}

Packer version: 1.7.2
I start the build on windows from a wsl cmd line.

Thank you.

lmayorga1980 · November 23, 2021, 2:45pm

@koboldul,

The following worked for me

source "googlecompute" "windows-example" {
  project_id = var.project_id
  source_image_project_id = ["windows-cloud"]
  source_image_family = "windows-2019"
  zone = "us-east4-a"
  disk_size = 50
  machine_type = "n1-standard-8"
  communicator = "ssh"
  ssh_username = var.packer_username
  ssh_password = var.packer_user_password
  ssh_timeout = "1h"
  tags = ["packer"]
  preemptible = true
  image_name = "gcp-win-2019-full-baseline"
  image_description = "GCP Windows 2019 Base Image"
  image_labels = {
      server_type = "windows-2019"
  }
  metadata = {
    windows-startup-script-cmd = "net user ${var.packer_username} \"${var.packer_user_password}\" /add /y & wmic UserAccount where Name=\"${var.packer_username}\" set PasswordExpires=False & net localgroup administrators ${var.packer_username} /add & powershell Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 & powershell Start-Service sshd & powershell Set-Service -Name sshd -StartupType 'Automatic' & powershell New-NetFirewallRule -Name 'OpenSSH-Server-In-TCP' -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 & powershell.exe -NoProfile -ExecutionPolicy Bypass -Command \"Set-ExecutionPolicy -ExecutionPolicy bypass -Force\""
  }
  account_file = var.account_file_path

}

build {
  sources = ["sources.googlecompute.windows-example"]

  provisioner "powershell" {
    script = "../scripts/install-features.ps1"
    elevated_user     = var.packer_username
    elevated_password = var.packer_user_password
  }
  provisioner "powershell" {
    inline          = [ "Write-Host \"Hello from PowerShell\""]
  }
}