Packer WinRM 连接被拒绝
Packer WinRM connection refused
我正在使用加壳器在 GCP 中创建一个 Windows 主机。
这是我的打包文件:
source "googlecompute" "windows-winrm-ansible" {
image_name = "windows-image-name"
project_id = var.google_project
source_image = var.source_image
zone = var.zone
subnetwork = var.subnetwork
omit_external_ip = true
use_internal_ip = true
machine_type = var.machine_type
disk_size = 50
communicator = "winrm"
winrm_username = "packer_user"
winrm_insecure = true
winrm_use_ssl = true
metadata = {
windows-startup-script-cmd = "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}"
}
}
build {
sources = ["sources.googlecompute.windows-winrm-ansible"]
}
我还创建了一条防火墙规则来打开以下端口:
- WinRM: 5985, 5986
- RDP:3389
- HTTP: 80
当 运行 上面的加壳文件时,他能够很好地创建 .pem 文件,但它卡在了:
googlecompute.windows-winrm-ansible: Waiting for WinRM to become available...
打开调试我可以看到:
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [INFO] Attempting WinRM connection...
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [DEBUG] connecting to remote shell using WinRM
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [ERROR] connection error: unknown error Post "https://XXXXXXX:5986/wsman": dial tcp XXXXXXX:5986: connect: connection refused
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [ERROR] WinRM connection err: unknown error Post "https://XXXXXXX:5986/wsman": dial tcp XXXXXXX:5986: connect: connection refused
这很奇怪,因为我能够使用 RDP 并且 运行 nc 输出这个:
nc -z -w1 XXXXXXX 5986;echo $?
Connection to XXXXXXX port 5986 [tcp/wsmans] succeeded!
0
在虚拟机内部我可以看到:
PS C:\Windows\system32> winrm enumerate winrm/config/listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = XXXXXXXXXXXXXXXXXXX
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint = YYYYYYYYYYYYYYYYYYYYYY
ListeningOn = XXXXXXXXXXXXXXXXXXX
packer 无法将 WinRM 加载到 VM 的原因是什么?
回答我自己的问题,如果其他人 运行 进入这个问题。
我的“allow-winrm”防火墙针对具有特定标记的虚拟机。将该标记添加到 Packer VM 后,它起作用了。请参阅下面的 ** 行
source "googlecompute" "windows-winrm-ansible" {
image_name = "windows-image-name"
project_id = var.google_project
source_image = var.source_image
zone = var.zone
subnetwork = var.subnetwork
omit_external_ip = true
use_internal_ip = true
machine_type = var.machine_type
disk_size = 50
communicator = "winrm"
winrm_username = "packer_user"
winrm_insecure = true
winrm_use_ssl = true
**tags = ["TAG_IN_FIREWALL"]**
metadata = {
windows-startup-script-cmd = "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}"
}
}
build {
sources = ["sources.googlecompute.windows-winrm-ansible"]
}
我正在使用加壳器在 GCP 中创建一个 Windows 主机。
这是我的打包文件:
source "googlecompute" "windows-winrm-ansible" {
image_name = "windows-image-name"
project_id = var.google_project
source_image = var.source_image
zone = var.zone
subnetwork = var.subnetwork
omit_external_ip = true
use_internal_ip = true
machine_type = var.machine_type
disk_size = 50
communicator = "winrm"
winrm_username = "packer_user"
winrm_insecure = true
winrm_use_ssl = true
metadata = {
windows-startup-script-cmd = "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}"
}
}
build {
sources = ["sources.googlecompute.windows-winrm-ansible"]
}
我还创建了一条防火墙规则来打开以下端口:
- WinRM: 5985, 5986
- RDP:3389
- HTTP: 80
当 运行 上面的加壳文件时,他能够很好地创建 .pem 文件,但它卡在了:
googlecompute.windows-winrm-ansible: Waiting for WinRM to become available...
打开调试我可以看到:
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [INFO] Attempting WinRM connection...
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [DEBUG] connecting to remote shell using WinRM
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [ERROR] connection error: unknown error Post "https://XXXXXXX:5986/wsman": dial tcp XXXXXXX:5986: connect: connection refused
2022/03/15 13:56:40 packer-builder-googlecompute plugin: [ERROR] WinRM connection err: unknown error Post "https://XXXXXXX:5986/wsman": dial tcp XXXXXXX:5986: connect: connection refused
这很奇怪,因为我能够使用 RDP 并且 运行 nc 输出这个:
nc -z -w1 XXXXXXX 5986;echo $?
Connection to XXXXXXX port 5986 [tcp/wsmans] succeeded!
0
在虚拟机内部我可以看到:
PS C:\Windows\system32> winrm enumerate winrm/config/listener
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = XXXXXXXXXXXXXXXXXXX
Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint = YYYYYYYYYYYYYYYYYYYYYY
ListeningOn = XXXXXXXXXXXXXXXXXXX
packer 无法将 WinRM 加载到 VM 的原因是什么?
回答我自己的问题,如果其他人 运行 进入这个问题。
我的“allow-winrm”防火墙针对具有特定标记的虚拟机。将该标记添加到 Packer VM 后,它起作用了。请参阅下面的 ** 行
source "googlecompute" "windows-winrm-ansible" {
image_name = "windows-image-name"
project_id = var.google_project
source_image = var.source_image
zone = var.zone
subnetwork = var.subnetwork
omit_external_ip = true
use_internal_ip = true
machine_type = var.machine_type
disk_size = 50
communicator = "winrm"
winrm_username = "packer_user"
winrm_insecure = true
winrm_use_ssl = true
**tags = ["TAG_IN_FIREWALL"]**
metadata = {
windows-startup-script-cmd = "winrm quickconfig -quiet & net user /add packer_user & net localgroup administrators packer_user /add & winrm set winrm/config/service/auth @{Basic=\"true\"}"
}
}
build {
sources = ["sources.googlecompute.windows-winrm-ansible"]
}