Build Windows EC2 Image with Packer

Question

when running packer build, I am getting Error while Waiting for WinRM to become available... and failing after 15 minutes. Any suggestions, please!

I am using packer -version --> 1.5.5

Running the packer build as packer build packer-aws-windows-ami.json

Details are given below:-

Execution Logs:

amazon-ebs: output will be in this color.

==> amazon-ebs: Prevalidating any provided VPC information
==> amazon-ebs: Prevalidating AMI Name: Nigam-Packer-Win2016-Test
    amazon-ebs: Found Image ID: ami-0b2ce977c1b36856d
==> amazon-ebs: Creating temporary keypair: packer_5ea79a20-dd01-a7d5-6760-xa134e097ff1
==> amazon-ebs: Launching a source AWS instance...
==> amazon-ebs: Adding tags to source instance
    amazon-ebs: Adding tag: "Name": "Packer Builder"
    amazon-ebs: Instance ID: i-025xebcexa6b7cc28
==> amazon-ebs: Waiting for instance (i-025xebcexa6b7cc28) to become ready...
==> amazon-ebs: Skipping waiting for password since WinRM password set...
==> amazon-ebs: Using winrm communicator to connect: 16.226.144.187
==> amazon-ebs: Waiting for WinRM to become available...
==> amazon-ebs: Timeout waiting for WinRM.
==> amazon-ebs: Terminating the source AWS instance...
==> amazon-ebs: Cleaning up any extra volumes...
==> amazon-ebs: No volumes to clean up, skipping
==> amazon-ebs: Deleting temporary keypair...
Build 'amazon-ebs' errored: Timeout waiting for WinRM.

==> Some builds didn't complete successfully and had errors:
--> amazon-ebs: Timeout waiting for WinRM.

==> Builds finished but no artifacts were created.

packer-aws-windows-ami.json

{
  "variables": {
    "build_version": "{{isotime \"2020.04.29.103307\"}}",
    "aws_access_key": "{{env `AWS_ACCESS_KEY_ID`}}",
    "aws_secret_key": "{{env `AWS_SECRET_ACCESS_KEY`}}",
    "region": "us-east-2",
    "instance_type": "t3.large",
    "vpc_id": "myvpc",
    "subnet_id": "mysubnet",
    "ssh_keypair_name": "./key.pem",
    "security_group_id": "sg-id",
    "user_data_file": "userdata.txt",
    "name": "Packer_AMI_TEST"
  },
  "builders": [
      {
        "type": "amazon-ebs",
        "access_key": "{{ user `aws_access_key` }}",
        "secret_key": "{{ user `aws_secret_key` }}",
        "region": "{{ user `region` }}",
        "ami_name": "Test_Packer-Win-{{timestamp}}",
        "source_ami_filter": {
          "filters": {
            "name": "Windows_Server-2016-English-Full-Base-*",
            "root-device-type": "ebs",
            "virtualization-type": "hvm" },
          "most_recent": true,
          "owners": ["amazon"]
        },
        "instance_type": "{{user `instance_type`}}",
        "vpc_id": "{{user `vpc_id`}}",
        "subnet_id": "{{user `subnet_id`}}",
        "security_group_id": "{{user `security_group_id`}}",
        "user_data_file": "{{user `user_data_file`}}",
        "ami_name": "Nigam-Packer-Win2016-Test",
        "ssh_private_key_file": "{{user `ssh_keypair`}}",
        "associate_public_ip_address": true,
        "communicator": "winrm",
        "winrm_username": "Administrator",
        "winrm_password": "SuperS3cr3t!",
        "winrm_timeout": "15m",
        "winrm_use_ssl": true,
        "winrm_insecure": true
      }
  ],
  "provisioners": [
    {
      "type": "powershell",
      "inline": [
        "Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServerRole",
        "Enable-WindowsOptionalFeature -Online -FeatureName IIS-WebServer"
      ]
    },
    {
      "type": "windows-restart",
      "restart_check_command": "powershell -command \"& {Write-Output 'Machine restarted.'}\""
    },
    {
      "type": "powershell",
      "inline": [
        "C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Scripts\\InitializeInstance.ps1 -Schedule",
        "C:\\ProgramData\\Amazon\\EC2-Windows\\Launch\\Scripts\\SysprepInstance.ps1 -NoShutdown"
      ]
    }
]

}

userdata.txt

# Create username and password
net user Administrator SuperS3cr3t!!!
wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

# Configure WinRM to allow unencrypted communication, and provide the
# self-signed cert to the WinRM listener.
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"

# Make sure appropriate firewall port openings exist
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"

# Restart WinRM, and set it so that it auto-launches on startup.
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm

Answer 1

Remove the password

"winrm_password": "SuperS3cr3t!",

I had the same issue and for some reason this fixed it.

Answer 2

In my case, the code which was working fine in aws, suddenly stopped working today. After lot of searching, I found out that it's due to the fact that I was using non-default VPC/SUBNET now and the public IP was not available on that subnet to connect with winrm port. Make sure you're able to connect to port 5986 using winrm.

Answer 3

If this is still an issue, you can try to run packer build with PACKER_LOG=1 to know why exactly winrm is timing out. I am also seeing the same issue with winrm, the error says

2020/06/18 02:22:37 packer-builder-amazon-ebs plugin: Using host value: 18.191.144.100
2020/06/18 02:22:37 packer-builder-amazon-ebs plugin: [INFO] Attempting WinRM connection...
2020/06/18 02:22:37 packer-builder-amazon-ebs plugin: [DEBUG] connecting to remote shell using WinRM
2020/06/18 02:23:07 packer-builder-amazon-ebs plugin: [ERROR] connection error: unknown error Post "http://18.191.144.100:5986/wsman": dial tcp 18.191.144.100:5986: i/o timeout

Answer 4

My guess is that packer can't connect to the instance created in the VPC or the user-data script fails on startup.

To check connectivity you can run packer build -debug packer.json and it will stop on each step, so you can check if you can connect to the instance from machine where packer is executed.

To check the second guess, you can launch an instance with the same base AMI w/o user-data. Then try to connect to it via RDP and if you in, debug the script. You can try to test it on official AWS AMI with the same version of Windows.