-
Notifications
You must be signed in to change notification settings - Fork 3.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure | azure_arm | custom_data_file for Windows #8626
Comments
Hi! My understanding is that the custom_data_file only pre-installs the script (and doesn't run it) unless cloud-init is installed. I believe cloud-init is not available to you for your use case. So I don't think it is the right workaround in this situation. Unless Azure has some API tools for starting WinRM on an image, I'm not sure how Packer can fix this for you. |
Thanks @SwampDragons . As I understand it this is a limitation of Azure VMs, correct? |
I believe so. |
similar to #6548 |
This does appear to be an Azure issue but technically you can run a custom script extension on a freshly provisioned server. So if packer had a builder for azure extensions then people could execute via the custom scripts extension. I am sure there are other use cases where people would like to be able to run an azure extension on deployment such as disk encryption. |
Hello @amarkulis I did like to execute a windows script at the time of first boot on a windows machine provisioned using Packer in Azure. Do you happen to know of a workaround for the same? Thanks, |
Hello, I had the same kind of issue when I tried to build an Windows image using our already existing provisioning stack. We were using the Azure DSC VM Extension, and I wanted to be able to reuse most of the setup. I created a small Packer provisioner to do that. I just got notified by Github that #6548 was closed, and so I figured out that I should quickly open-source our small provisioner. Disclaimer: I probably won't maintain it, because we don't use it anymore (it was still used 1 month ago). But hopefully, you can find what you are looking for. The code is really simple and should work with any Azure VM Extension. It may need to be adapted a little bit for the latest version of Packer (due to HCL2). Repository: https://github.com/dethi/packer-provisioner-azurerm-vm-extension |
Hello I've implemented your solution (and updated the code to support the new packer version, if it works ill make a PR) but still getting:
If i'm not mistaken the provisioner part still requires WINRM to communicate to the VM right? if WinRM is deactivated by default it is impossible to connect to the machine, in my case I'm using a CIS image and it seems I can't use packer. Any help would be greatly appreciated. |
Hello @dethi Sincere apologies for the delayed response. Thanks a ton for open sourcing your code. Much appreciated. |
I've confirmed that when packer is waiting for WinRM to become available if I go to azure portal, search the deployed VM and then click the option => Run Command => Run powershell command:
Then the process is finished successfully. With the az cli we would use the command:
Is there any way to integrate this in the packer build phase? |
@FreddyAyala I hit exactly the same issue today, using packer to build a Windows 2019 server in Azure. Did you find a solution? |
Hello from our side the only solution was to create an Automation Account that will detect when a virtual machine is deployed using a tag packer=true and then it will execute a powershell script that enables WinRM. No other solution has worked and we tried very hard. |
Hello, @david-wells-1 @FreddyAyala Is this an issue with WinRM being enabled? Could you please state your exact scenario? When I initially commented on this thread, I had issues getting Packer to run with Winrm authentication. However, I have resolved that problem quite some time back. So I would be interested to know about the issue that you are facing so that I can share my learning. I don't know if you are using a hardened image where WinRM is disabled and hence you have issues. I am using the images provided by Microsoft. |
Hi @kirannhegde We are using Packer to build azure Windows 2019 VM and WinRM connection always timeout. Using an existing Vault so just looking at creating a self-signed cert as this may be missing, preventing the WinRM connection. |
Here is what i have in my Packer json file:
Is yours the same and yet you are facing this issue? Regards, |
From what I can tell, Packer itself configures WinRM on the VM when using the azure-arm builder, and there shouldn't any need to preconfigure WinRM when using the azure-arm builder. You can see this if you extract the ARM template for the VM from the portal:
Essentially what it's doing under the hood is performing these steps: https://docs.microsoft.com/en-us/azure/virtual-machines/windows/winrm. It would be useful if Packer included this detail in their documentation for the azure-arm builder, as it's not obvious and caused us quite a bit of confusion. The configuration options for WinRM using ARM are quite limited: https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines#winrmconfiguration-object Regarding custom data, indeed it looks as if this is not currently possible using Windows VMs: https://docs.microsoft.com/en-us/azure/virtual-machines/custom-data#windows |
This issue has been automatically migrated to hashicorp/packer-plugin-azure#40 because it looks like an issue with that plugin. If you believe this is not an issue with the plugin, please reply to hashicorp/packer-plugin-azure#40. |
Hello, I know this is closed but I think it can still help someone. I managed to deploy the CIS policies on a standard windows 2022 image, simply editing the policies as described here. https://aws.amazon.com/blogs/devops/cis-windows-ec2-image-builder/ |
Feature Description
Use of 'custom_data_file' property in the Azure / azure-arm builder on Windows VM's
Use Case(s)
This is creating a blocker for us using the Windows CIS marketplace image which has WinRM disabled by default preventing us using the hardened image.
Example
Builder: "type": "amazon-ebs"
Link: https://blog.petegoo.com/2016/05/10/packer-aws-windows/
Following the steps in this blog post it's possible to workaround these issues on AWS with a Windows AMI, the same steps don't seem to work on Azure
The text was updated successfully, but these errors were encountered: