vagrant + aws + windows server 2012: configuration issues

[vishagilityroots]

Learnings from provisioning Windows Server 2012 over Vagrant AWS

We hit this issue when provisioning Windows Server instances over AWS. https://github.com/mitchellh/vagrant-aws/issues/180

Instance AMI ; ami-93acd5fc

[vishagilityroots]

Looks like the provisioner is actually expecting ssh to be installed on Windows! This is clearly wrong, it should be using WinRM!

 INFO runner: Preparing hooks for middleware sequence...
 INFO runner: 2 hooks defined.
 INFO runner: Running action: machine_action_read_ssh_info #<Vagrant::Action::Builder:0x000000024b0c88>
 INFO warden: Calling IN action: #<VagrantPlugins::Triggers::Action::Trigger:0x0000000248aa38>
 INFO warden: Calling IN action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000002398238>
DEBUG trigger: Looking for triggers with:
DEBUG trigger: -- action: read_ssh_info
DEBUG trigger: -- condition: instead_of
DEBUG trigger: -- vm: biztalk-server
 INFO warden: Calling IN action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000002266900>
DEBUG trigger: Looking for triggers with:
DEBUG trigger: -- action: read_ssh_info
DEBUG trigger: -- condition: before
DEBUG trigger: -- vm: biztalk-server
 INFO warden: Calling IN action: #<Vagrant::Action::Builtin::ConfigValidate:0x000000020e44d8>
 INFO warden: Calling IN action: #<VagrantPlugins::AWS::Action::ConnectAWS:0x000000020e4438>
 INFO connect_aws: Connecting to AWS...
 INFO warden: Calling IN action: #<VagrantPlugins::AWS::Action::ReadSSHInfo:0x00000001e9ed40>
 INFO warden: Calling OUT action: #<VagrantPlugins::AWS::Action::ReadSSHInfo:0x00000001e9ed40>
 INFO warden: Calling OUT action: #<VagrantPlugins::AWS::Action::ConnectAWS:0x000000020e4438>
 INFO warden: Calling OUT action: #<Vagrant::Action::Builtin::ConfigValidate:0x000000020e44d8>
 INFO warden: Calling OUT action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000002266900>
 INFO warden: Calling OUT action: #<VagrantPlugins::Triggers::Action::Trigger:0x00000002398238>
DEBUG trigger: Looking for triggers with:
DEBUG trigger: -- action: read_ssh_info
DEBUG trigger: -- condition: after
DEBUG trigger: -- vm: biztalk-server
 INFO warden: Calling OUT action: #<VagrantPlugins::Triggers::Action::Trigger:0x0000000248aa38>
 INFO interface: Machine: action ["read_ssh_info", "end", {:target=>:"biztalk-server"}]
DEBUG ssh: Checking key permissions: /home/vagrant/.ssh/vish_agility_aws_apsouth1.pem
 INFO ssh: Attempting SSH connection...
 INFO ssh: Attempting to connect to SSH...
 INFO ssh:   - Host: ec2-35-154-146-149.ap-south-1.compute.amazonaws.com
 INFO ssh:   - Port: 22
 INFO ssh:   - Username: windowsuser
 INFO ssh:   - Password? false
 INFO ssh:   - Key Path: ["/home/vagrant/.ssh/vish_agility_aws_apsouth1.pem"]
DEBUG ssh:   - connect_opts: {:auth_methods=>["none", "hostbased", "publickey"], :config=>false, :forward_agent=>false, :send_env=>false, :keys_only=>true, :paranoid=>false, :password=>nil, :port=>22, :timeout=>15, :user_known_hosts_file=>[], :verbose=>:debug, :logger=>#<Logger:0x000000036361b0 @progname=nil, @level=0, @default_formatter=#<Logger::Formatter:0x00000003636188 @datetime_format=nil>, @formatter=nil, @logdev=#<Logger::LogDevice:0x00000003636138 @shift_size=nil, @shift_age=nil, @filename=nil, @dev=#<StringIO:0x00000003636200>, @mutex=#<Logger::LogDevice::LogDeviceMutex:0x00000003636110 @mon_owner=nil, @mon_count=0, @mon_mutex=#<Mutex:0x00000003636098>>>>, :keys=>["/home/vagrant/.ssh/vish_agility_aws_apsouth1.pem"]}

[vishagilityroots]

👍 Turns out I had to set up two additional parameters to allow configuration via WinRM

  config.vm.communicator = "winrm"
  config.vm.guest = :windows

With this, it now attempts connection via WinRM.

DEBUG ssh: Checking key permissions: /home/vagrant/.ssh/vish_agility_aws_apsouth1.pem
DEBUG winrmshell: initializing WinRMShell
 INFO winrmshell: Attempting to connect to WinRM...
 INFO winrmshell:   - Host: ec2-13-126-19-107.ap-south-1.compute.amazonaws.com
 INFO winrmshell:   - Port: 5985
 INFO winrmshell:   - Username: vagrant
 INFO winrmshell:   - Transport: negotiate
DEBUG winrmshell: [WinRM] opening remote shell on http://ec2-13-126-19-107.ap-south-1.compute.amazonaws.com:5985/wsman

[vishagilityroots]

Also, it attempts communication on port 5985 of the instance, so remember that port 5985 needs to be open in firewall settings and AWS Security Group.

❗️ For good measure, keep 5985 (insecure) and 5986 (secure) opened in AWS Security Group.

❗️ Make sure the instance's Firewall settings are also configured to allow above ports.

DEBUG winrmshell: [WinRM] opening remote shell on http://ec2-13-126-19-107.ap-south-1.compute.amazonaws.com:5985/wsman

[vishagilityroots]

So why is WinRM connection not being established?

I have checked that WinRM service is installed and running on the AWS Instance. I have checked that a listener is enabled.

C:\Users\Administrator>winrm e winrm/config/listener
Listener
    Address = *
    Transport = HTTP
    Port = 5985
    Hostname
    Enabled = true
    URLPrefix = wsman
    CertificateThumbprint
    ListeningOn = 127.0.0.1, 172.31.31.198, ::1, 2001:0:9d38:90d7:2409:1e5:53e0:
e039, fe80::5efe:172.31.31.198%15, fe80::2409:1e5:53e0:e039%13, fe80::b546:c929:
9a17:7f61%12

However the connection gets stuck at the following:

❗️ ( note you need to run vagrant up --debug to see output below)

DEBUG winrmshell: [WinRM] opening remote shell on http://ec2-13-126-214-191.ap-south-1.compute.amazonaws.com:5985/wsman
DEBUG winrmshell: [WinRM] opening remote shell on http://ec2-13-126-214-191.ap-south-1.compute.amazonaws.com:5985/wsman
DEBUG winrmshell: [WinRM] opening remote shell on http://ec2-13-126-214-191.ap-south-1.compute.amazonaws.com:5985/wsman

[vishagilityroots]

Observation:

I was running All of the Above commands via my Linux VM.

On a hunch I moved to Cygwin and it went past the above message. What did I do different?

DEBUG ssh: Checking key permissions: /home/vagrant/.vagrant.d/insecure_private_key
DEBUG winrmshell: initializing WinRMShell
 INFO winrmshell: Attempting to connect to WinRM...
 INFO winrmshell:   - Host: ec2-13-126-150-164.ap-south-1.compute.amazonaws.com
 INFO winrmshell:   - Port: 5985
 INFO winrmshell:   - Username: Administrator
 INFO winrmshell:   - Transport: plaintext
DEBUG winrmshell: [WinRM] opening remote shell on http://ec2-13-126-150-164.ap-south-1.compute.amazonaws.com:5985/wsman
DEBUG winrmshell: [WinRM] opening remote shell on http://ec2-13-126-150-164.ap-south-1.compute.amazonaws.com:5985/wsman
DEBUG winrmshell: [WinRM] opening remote shell on http://ec2-13-126-150-164.ap-south-1.compute.amazonaws.com:5985/wsman
DEBUG winrmshell: [WinRM] opening remote shell on http://ec2-13-126-150-164.ap-south-1.compute.amazonaws.com:5985/wsman
DEBUG winrmshell: [WinRM] remote shell created with shell_id: 2AFFF8B3-7E93-479D-85B2-867B61A06088
DEBUG winrmshell: [WinRM] Command created for hostname with id: 3AF81573-4272-4EDA-8391-D18B6F4F7833
DEBUG winrmshell: [WinRM] creating command_id: 3AF81573-4272-4EDA-8391-D18B6F4F7833 on shell_id 2AFFF8B3-7E93-479D-85B2-867B61A06088
DEBUG winrmshell: [WinRM] Waiting for output...
DEBUG winrmshell: [WinRM] Processing output
DEBUG winrmshell: [WinRM] cleaning up command_id: 3AF81573-4272-4EDA-8391-D18B6F4F7833 on shell_id 2AFFF8B3-7E93-479D-85B2-867B61A06088
DEBUG winrmshell: Output: #<WinRM::Output:0x00000001ded5b8 @data=[{:stdout=>"WIN-CUFGSSHS5M5"}, {:stdout=>"\r\n"}], @exitcode=0>
 INFO winrm: WinRM is ready!
 INFO run_instance: Time for SSH ready: 195.83435654640198
 INFO interface: info: Machine is booted and ready for use!
 INFO interface: info: ==> biztalk-server: Machine is booted and ready for use!
==> biztalk-server: Machine is booted and ready for use!

[vishagilityroots]

❗️ Some stuff I did differently to make the boot happen:

• remove all references to ssh from Vagrantfile
• moved to Vagrant on Cygwin and Windows. communication happens through Powershell Remoting, so you need to be on Windows.
• configured a user_data.txt that gets run on the AWS instance at startup. This sets up WinRM via HTTP instead of HTTPS. reference