WinRm errors: Using the Packer Ansible provisioner

Welcome Forums General PowerShell Q&A WinRm errors: Using the Packer Ansible provisioner

Viewing 6 reply threads
  • Author
    Posts
    • #259723
      Participant
      Topics: 31
      Replies: 75
      Points: 201
      Rank: Participant

      I have been trying to get the Ansible provisioner in Packer to work on a Windows 2019 AMI in AWS. So far I have had no luck, and after days of fighting through it, I am down to what appears to WinRM errors. Can anyone give me an idea of what can be giving me these errors?

      ==> amazon-ebs: Connected to WinRM!
      ==> amazon-ebs: Provisioning with Powershell…
      ==> amazon-ebs: Provisioning with powershell script: scripts/dansps.ps1
      amazon-ebs: Hi this is Dan!
      amazon-ebs:
      amazon-ebs: Major Minor Build Revision
      amazon-ebs: —– —– —– ——–
      amazon-ebs: 5 1 17763 1432
      amazon-ebs: ————————————————————————————-
      amazon-ebs: Service
      amazon-ebs: RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)(A;;GR;;;IU)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
      amazon-ebs: MaxConcurrentOperations = 4294967295
      amazon-ebs: MaxConcurrentOperationsPerUser = 1500
      amazon-ebs: EnumerationTimeoutms = 240000
      amazon-ebs: MaxConnections = 300
      amazon-ebs: MaxPacketRetrievalTimeSeconds = 120
      amazon-ebs: AllowUnencrypted = false
      amazon-ebs: Auth
      amazon-ebs: Basic = true
      amazon-ebs: Kerberos = true
      amazon-ebs: Negotiate = true
      amazon-ebs: Certificate = true
      amazon-ebs: CredSSP = true
      amazon-ebs: CbtHardeningLevel = Relaxed
      amazon-ebs: DefaultPorts
      amazon-ebs: HTTP = 5985
      amazon-ebs: HTTPS = 5986
      amazon-ebs: IPv4Filter = *
      amazon-ebs: IPv6Filter = *
      amazon-ebs: EnableCompatibilityHttpListener = false
      amazon-ebs: EnableCompatibilityHttpsListener = false
      amazon-ebs: CertificateThumbprint
      amazon-ebs: AllowRemoteAccess = true
      amazon-ebs:
      amazon-ebs: ————————————————————————————-
      amazon-ebs: Client
      amazon-ebs: NetworkDelayms = 5000
      amazon-ebs: URLPrefix = wsman
      amazon-ebs: AllowUnencrypted = false
      amazon-ebs: Auth
      amazon-ebs: Basic = true
      amazon-ebs: Digest = true
      amazon-ebs: Kerberos = true
      amazon-ebs: Negotiate = true
      amazon-ebs: Certificate = true
      amazon-ebs: CredSSP = true
      amazon-ebs: DefaultPorts
      amazon-ebs: HTTP = 5985
      amazon-ebs: HTTPS = 5986
      amazon-ebs: TrustedHosts
      amazon-ebs:
      amazon-ebs: ————————————————————————————-
      amazon-ebs: Winrs
      amazon-ebs: AllowRemoteShellAccess = true
      amazon-ebs: IdleTimeout = 7200000
      amazon-ebs: MaxConcurrentUsers = 2147483647
      amazon-ebs: MaxShellRunTime = 2147483647
      amazon-ebs: MaxProcessesPerShell = 2147483647
      amazon-ebs: MaxMemoryPerShellMB = 1024
      amazon-ebs: MaxShellsPerUser = 2147483647
      amazon-ebs:
      amazon-ebs: ————————————————————————————-
      amazon-ebs: Listener
      amazon-ebs: Address = *
      amazon-ebs: Transport = HTTP
      amazon-ebs: Port = 5985
      amazon-ebs: Hostname
      amazon-ebs: Enabled = true
      amazon-ebs: URLPrefix = wsman
      amazon-ebs: CertificateThumbprint
      amazon-ebs: ListeningOn = 10.184.21.13, 127.0.0.1, ::1, fe80::cd13:3008:306:1292%4
      amazon-ebs:
      amazon-ebs: Listener
      amazon-ebs: Address = *
      amazon-ebs: Transport = HTTPS
      amazon-ebs: Port = 5986
      amazon-ebs: Hostname
      amazon-ebs: Enabled = true
      amazon-ebs: URLPrefix = wsman
      amazon-ebs: CertificateThumbprint = CA420E272D499E74B026A72B5395D48DB7AB104B
      amazon-ebs: ListeningOn = 10.184.21.13, 127.0.0.1, ::1, fe80::cd13:3008:306:1292%4
      amazon-ebs:
      amazon-ebs: ————————————————————————————-
      ==> amazon-ebs: Provisioning with Ansible…
      amazon-ebs: Not using Proxy adapter for Ansible run:
      amazon-ebs: Using WinRM Password from Packer communicator…
      ==> amazon-ebs: Executing Ansible: ansible-playbook -e packer_build_name=”amazon-ebs” -e packer_builder_type=amazon-ebs -vvv -e ansible_winrm_server_cert_validation=ignore ansible_password=***** ansible_connection=winrm ansible_winrm_transport=basic ansible_port=5986 -e ansible_password=***** -i /tmp/packer-provisioner-ansible198710331 /codebuild/output/src454050726/src/git.nylcloud.com/Cloud-Team/packer-aws-nyl-win2016/playbook.yml
      amazon-ebs: ansible-playbook 2.10.1
      amazon-ebs: config file = /codebuild/output/src454050726/src/git.nylcloud.com/Cloud-Team/packer-aws-nyl-win2016/ansible.cfg
      amazon-ebs: configured module search path = [‘/root/.ansible/plugins/modules’, ‘/usr/share/ansible/plugins/modules’]
      amazon-ebs: ansible python module location = /root/.pyenv/versions/3.8.3/lib/python3.8/site-packages/ansible
      amazon-ebs: executable location = /root/.pyenv/versions/3.8.3/bin/ansible-playbook
      amazon-ebs: python version = 3.8.3 (default, Aug 28 2020, 18:43:52) [GCC 7.3.1 20180712 (Red Hat 7.3.1-9)]
      amazon-ebs: Using /codebuild/output/src454050726/src/git.nylcloud.com/Cloud-Team/packer-aws-nyl-win2016/ansible.cfg as config file
      amazon-ebs: host_list declined parsing /tmp/packer-provisioner-ansible198710331 as it did not pass its verify_file() method
      amazon-ebs: script declined parsing /tmp/packer-provisioner-ansible198710331 as it did not pass its verify_file() method
      amazon-ebs: auto declined parsing /tmp/packer-provisioner-ansible198710331 as it did not pass its verify_file() method
      amazon-ebs: Parsed /tmp/packer-provisioner-ansible198710331 inventory source with ini plugin
      amazon-ebs:
      amazon-ebs: PLAYBOOK: playbook.yml *********************************************************
      amazon-ebs: 1 plays in /codebuild/output/src454050726/src/git.nylcloud.com/Cloud-Team/packer-aws-nyl-win2016/playbook.yml
      amazon-ebs:
      amazon-ebs: PLAY [all] *********************************************************************
      amazon-ebs:
      amazon-ebs: TASK [Gathering Facts] *********************************************************
      amazon-ebs: task path: /codebuild/output/src454050726/src/git.nylcloud.com/Cloud-Team/packer-aws-nyl-win2016/playbook.yml:2
      amazon-ebs: redirecting (type: modules) ansible.builtin.setup to ansible.windows.setup
      amazon-ebs: Using module file /root/.pyenv/versions/3.8.3/lib/python3.8/site-packages/ansible_collections/ansible/windows/plugins/modules/setup.ps1
      amazon-ebs: Pipelining is enabled.
      amazon-ebs: <10.184.21.13> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT 5986 TO 10.184.21.13
      amazon-ebs: EXEC (via pipeline wrapper)
      amazon-ebs: [WARNING]: ERROR DURING WINRM SEND INPUT – attempting to recover: WinRMError
      amazon-ebs: The pipe is being closed. (extended fault data: {‘transport_message’: ‘Bad
      amazon-ebs: HTTP response returned from server. Code 500’, ‘http_status_code’: 500,
      amazon-ebs: ‘wsmanfault_code’: ‘232’, ‘fault_code’: ‘s:Receiver’, ‘fault_subcode’:
      amazon-ebs: ‘w:InternalError’})
      amazon-ebs: fatal: [default]: FAILED! => {
      amazon-ebs: “msg”: “winrm send_input failed; \nstdout: \nstderr C\u0000a\u0000n\u0000n\u0000o\u0000t\u0000 \u0000s\u0000t\u0000a\u0000r\u0000t\u0000 \u0000W\u0000i\u0000n\u0000d\u0000o\u0000w\u0000s\u0000 \u0000P\u0000o\u0000w\u0000e\u0000r\u0000S\u0000h\u0000e\u0000l\u0000l\u0000 \u0000v\u0000e\u0000r\u0000s\u0000i\u0000o\u0000n\u0000 \u00006\u0000.\u00002\u0000.\u00006\u0000 \u0000b\u0000e\u0000c\u0000a\u0000u\u0000s\u0000e\u0000 \u0000i\u0000t\u0000 \u0000i\u0000s\u0000 \u0000n\u0000o\u0000t\u0000 \u0000i\u0000n\u0000s\u0000t\u0000a\u0000l\u0000l\u0000e\u0000d\u0000.\u0000\r\u0000\n\u0000”
      amazon-ebs: }
      amazon-ebs:
      amazon-ebs: PLAY RECAP *********************************************************************
      amazon-ebs: default : ok=0 changed=0 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
      amazon-ebs:
      ==> amazon-ebs: Provisioning step had errors: Running the cleanup provisioner, if present…
      ==> amazon-ebs: Terminating the source AWS instance…
      ==> amazon-ebs: Cleaning up any extra volumes…
      ==> amazon-ebs: No volumes to clean up, skipping
      ==> amazon-ebs: Deleting temporary security group…

    • #259738
      Senior Moderator
      Topics: 9
      Replies: 1373
      Points: 5,061
      Helping Hand
      Rank: Community MVP

      https://groups.google.com/g/ansible-project/c/U0Y8Wisehrc/m/WMPDb4DJAQAJ is the best place for ansible related query and you got the reply from the best person in ansible.

    • #259840
      Participant
      Topics: 31
      Replies: 75
      Points: 201
      Rank: Participant

      If that was true, I would not here reaching out to my friends hoping someone might have worked with this. Plus, I think it is a winrm issue.

      https://gist.github.com/i255d/84220f955a019dc095452e46862beeaa

    • #259987
      Participant
      Topics: 31
      Replies: 75
      Points: 201
      Rank: Participant

      Here is the latest output, a little more verbose:

      https://gist.github.com/i255d/5d4d2a831b9519d0a669ab947c6c255c

    • #260047
      Participant
      Topics: 31
      Replies: 75
      Points: 201
      Rank: Participant

      added now: I have a $PSversiontable in the powershell provisioner that shows it is version 5.1, when I switch the OS from 2019 to 2016, and the when the Ansible part runs is says this: amazon-ebs: <10.184.21.18> WINRM EXEC ‘PowerShell’ [‘-Version’, ‘6.2.6’, ‘-NoProfile’, ‘-NonInteractive’, ‘-ExecutionPolicy’, ‘Unrestricted’, ‘-EncodedCommand’,
      I am pretty sure the version 6.2.6 is the issue.

    • #260074
      Participant
      Topics: 31
      Replies: 75
      Points: 201
      Rank: Participant

      That is a good idea, I am checking into that now as well. I am going to fill out a bug report as well.

      I am trying to add
      export POWERSHELL_VERSION=None to my build spec file, or
      aws configure set POWERSHELL_VERSION None
      if that doesn’t work.

      Here is the full background below.

      I have a $PSversiontable in the powershell provisioner that shows it is PowerShell version 5.1, when I switch the OS from 2019 to 2016, and the when the Ansible part runs is says this: amazon-ebs: <10.184.21.18> WINRM EXEC ‘PowerShell’ [‘-Version’, ‘6.2.6’, ‘-NoProfile’, ‘-NonInteractive’, ‘-ExecutionPolicy’, ‘Unrestricted’, ‘-EncodedCommand’,
      I am pretty sure the version 6.2.6 is the issue.

      Here is someone who worked around this issue on reddit:

      Packer, Ansible and the dreaded WinRM in AWS Codebuild from devops

      captnron76
      1 year ago
      Hiyas…
      for posterity in case anyone else comes across this thread:
      The problem seems to be that CodeBuild sets an environment variable POWERSHELL_VERSION (amongst several other *_VERSION variables), in my case it was 6.1.3.
      Ansible’s powershell.py unfortunately uses the same environment variable to enable PowerShell executed over WinRM with a specific version of PowerShell.
      The fix for me at least was to unset POWERSHELL_VERSION before invoking packer, although doing that as a CodeBuild step didn’t seem to work (I didn’t spend long on it). Our call to packer is wrapped in a shell script anyway, so I did it there with success.
      HTH,

      I think the powershell.py above is this script below.
      https://github.com/ansible/ansible/blob/8f02819db02459ed144e131db3808dee0a7356db/lib/ansible/plugins/shell/powershell.py#L35-L37,

      Here is the part that shows where the POWERSHELL_VERSION is passed by code build to ansible.

      _common_args = [‘PowerShell’, ‘-NoProfile’, ‘-NonInteractive’, ‘-ExecutionPolicy’, ‘Unrestricted’]

      # Primarily for testing, allow explicitly specifying PowerShell version via
      # an environment variable.
      _powershell_version = os.environ.get(‘POWERSHELL_VERSION’, None)
      if _powershell_version:
      _common_args = [‘PowerShell’, ‘-Version’, _powershell_version] + _common_args[1:]

    • #260077
      Participant
      Topics: 31
      Replies: 75
      Points: 201
      Rank: Participant

      Adding this line before the packer build line works:

      – export POWERSHELL_VERSION=””
      – ./packer build win2019.json

Viewing 6 reply threads
  • You must be logged in to reply to this topic.