I'm using packer to create a Windows Host in GCP.
This is my packer file:
source "googlecompute" "windows-winrm-ansible" {
image_name = "windows-image-name"
project_id = var.google_project
source_image = var.source_image
zone = var.zone
subnetwork = var.subnetwork
omit_external_ip = true
use_internal_ip = true
machine_type = var.machine_type
disk_size = 50
communicator = "winrm"
winrm_username = "packer_user"
winrm_insecure = true
winrm_use_ssl = true
metadata = {
windows-startup-script-cmd = "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}"
}
}
build {
sources = ["sources.googlecompute.windows-winrm-ansible"]
}
I have also created a firewall rule to open the following ports:
When running the packer file above, he is able to create the .pem files fine, but it gets stuck in:
googlecompute.windows-winrm-ansible: Waiting for WinRM to become available...
Turning on debug I can see:
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [INFO] Attempting WinRM connection...
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [DEBUG] connecting to remote shell using WinRM
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [ERROR] connection error: unknown error Post "https://XXXXXXX:5986/wsman": dial tcp XXXXXXX:5986: connect: connection refused
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [ERROR] WinRM connection err: unknown error Post "https://XXXXXXX:5986/wsman": dial tcp XXXXXXX:5986: connect: connection refused
Which is weird because I'm able to RDP and running nc outputs this:
nc -z -w1 XXXXXXX 5986;echo $?
Connection to XXXXXXX port 5986 [tcp/wsmans] succeeded!
0
Inside the VM I can see:
PS C:\Windows\system32> winrm enumerate winrm/config/listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = XXXXXXXXXXXXXXXXXXX
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint = YYYYYYYYYYYYYYYYYYYYYY
ListeningOn = XXXXXXXXXXXXXXXXXXX
What could be the reason for packer to not be able to WinRM to the VM?
Answering my own question if others run into the issue.
My "allow-winrm" firewall was targeting VMs with a specific tag. After adding that tag to the Packer VM it worked. See ** line bellow
source "googlecompute" "windows-winrm-ansible" {
image_name = "windows-image-name"
project_id = var.google_project
source_image = var.source_image
zone = var.zone
subnetwork = var.subnetwork
omit_external_ip = true
use_internal_ip = true
machine_type = var.machine_type
disk_size = 50
communicator = "winrm"
winrm_username = "packer_user"
winrm_insecure = true
winrm_use_ssl = true
**tags = ["TAG_IN_FIREWALL"]**
metadata = {
windows-startup-script-cmd = "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}"
}
}
build {
sources = ["sources.googlecompute.windows-winrm-ansible"]
}