Packer: Packer 1.6 + Ansible 2.9.10 + Azure with error: "basic: the specified credentials were rejected by the server"
Overview of the Issue
When run Packer 1.6 using Ansible 2.9.10 as provisioner to build a Win2019 image on Azure, got error from Ansible.
==> azure-arm: Connected to WinRM!
==> azure-arm: Provisioning with Ansible...
azure-arm: Not using Proxy adapter for Ansible run:
azure-arm: Using WinRM Password from Packer communicator...
==> azure-arm: Executing Ansible: ansible-playbook -e packer_build_name=azure-arm -e packer_builder_type=azure-arm -e packer_http_addr=ERR_HTTP_ADDR_NOT_IMPLEMENTED_BY_BUILDER -e ansible_winrm_server_cert_validation=ignore -e ansible_password= -i /var/folders/zj/2l_p9tb52zq_qm4pm62g2dqr0000gn/T/packer-provisioner-ansible475399946 /path/to/playbook/ansible/playbook-azure.yml
azure-arm:
azure-arm: PLAY [all] *********************
azure-arm:
azure-arm: TASK [install-iis] *******************
azure-arm: fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "basic: the specified credentials were rejected by the server", "unreachable": true}
azure-arm:
azure-arm: PLAY RECAP **********************
azure-arm: default : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
azure-arm:
==> azure-arm: Provisioning step had errors: Running the cleanup provisioner, if present...
==> azure-arm: Removing the created Deployment object: 'pkrdpxgm0la2vts'
==> azure-arm: Removing the created Deployment object: 'kvpkrdpxgm0la2vts'
==> azure-arm:
==> azure-arm: Cleanup requested, deleting resource group ...
Reproduction Steps
run Packer 1.6 using Ansible 2.9.10 as provisioner to build a Win2019 image on Azur.
I run it on my MacOS Mojave v10.14.5
Packer version
Packer 1.6
Simplified Packer Buildfile
"builders": [{
"type": "azure-arm",
"client_id": "{{user `azure-client-id`}}",
"client_secret": "{{user `azure-client-secret`}}",
"tenant_id": "{{user `azure-tenant-id`}}",
"subscription_id": "{{user `azure-subscription-id`}}",
"managed_image_resource_group_name": "{{user `azure-resource-group`}}",
"managed_image_name": "WIN2019-demo-{{user `build_version`}}",
"os_type": "Windows",
"image_publisher": "MicrosoftWindowsServer",
"image_offer": "WindowsServer",
"image_sku": "2019-Datacenter",
"azure_tags": {
"dept": "demo",
"task": "Image deployment"
},
"communicator": "winrm",
"winrm_use_ssl": true,
"winrm_insecure": true,
"winrm_timeout": "5m",
"winrm_username": "packer",
"location": "{{user `azure-region`}}",
"vm_size": "Standard_DS1_v2"
}],
"provisioners": [
{
"type": "ansible",
"playbook_file": "ansible/playbook-azure.yml",
"user": "packer",
"use_proxy": false,
"extra_arguments": ["-e", "ansible_winrm_server_cert_validation=ignore"],
"ansible_env_vars": ["no_proxy=\"*\""]
},]
Operating system and Environment details
Run packer on MacOS Mojave v10.14.5 (18F132)
Epoxboy
All 15 comments
this might relate to WinRM @SwampDragons
Epoxboy
on 27 Jun 2020
the code works well when use Powershell as provisioner.
Epoxboy
on 27 Jun 2020
Hey there! While reading your logs I noticed something was wrong with the ansible command.
I wrote a fix for that and I would like you to try it out and let me know if the error persists. Here the binaries you can use https://circleci.com/gh/hashicorp/packer/62833#artifacts/containers/0.
Let me know if it works for you.
sylviamoss
on 29 Jun 2020
hey @sylviamoss ! just tested with your new binary, still got error!
==> azure-arm: Connected to WinRM!
==> azure-arm: Provisioning with Ansible...
azure-arm: Not using Proxy adapter for Ansible run:
azure-arm: Using WinRM Password from Packer communicator...
==> azure-arm: Executing Ansible: ansible-playbook -e packer_build_name=azure-arm -e packer_builder_type=azure-arm -e ansible_winrm_server_cert_validation=ignore -e ansible_password= -i /var/folders/zj/2l_p9tb52zq_qm4pm62g2dqr0000gn/T/packer-provisioner-ansible380722536 /path/to/ansible/playbook-azure.yml
azure-arm:
azure-arm: PLAY [all] *********************
azure-arm:
azure-arm: TASK [install-iis] *******************
azure-arm: fatal: [default]: UNREACHABLE! => {"changed": false, "msg": "basic: the specified credentials were rejected by the server", "unreachable": true}
azure-arm:
azure-arm: PLAY RECAP **********************
azure-arm: default : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0
azure-arm:
==> azure-arm: Provisioning step had errors: Running the cleanup provisioner, if present...
Epoxboy
on 29 Jun 2020
Ok! So the error is somewhere else. Thanks for testing!
sylviamoss
on 29 Jun 2020
Ok! So the error is somewhere else. Thanks for testing!
Could it be something wrong when passing in WinRM Password to ansible_password? because Powershell provisioner works fine.
Epoxboy
on 29 Jun 2020
To help debug, can you set "keep_inventory_file": true in your ansible provisioner config (https://www.packer.io/docs/provisioners/ansible.html#keep_inventory_file)? Then you can check to see whether the inventory file that Packer creates is mangled somehow.
SwampDragons
on 30 Jun 2020
thanks @SwampDragons ! Yeah, I ran the following builds with this parameter set, the inventory file looks good!
default ansible_host=my_instance_ip ansible_connection=winrm ansible_winrm_transport=basic ansible_shell_type=powershell ansible_user=packer ansible_port=5986
I ran with following configs:
packer1.6 + Azure image build config(pasted in above)
packer1.6 + AWS AMI build config(same provisioner config with Azure, no problem with AWS)
packer1.6.1-dev + Azure image build config
Epoxboy
on 1 Jul 2020
Interesting that this problem doesn't exist on AWS. Next step would be to add a breakpoint provisioner so you can test that inventory file manually/try to connect manually to the instance.
SwampDragons
on 1 Jul 2020
Hi, I was having the same issue and then i updated my provisioners to include the powershell script given by Ansible, and it worked.
"provisioners": [
{
"type": "powershell",
"script": "./ConfigureRemotingForAnsible.ps1"
}, {
"type": "ansible",
"playbook_file": "../ansible/iis.yml",
"user": "packer",
"use_proxy": false,
"extra_arguments": ["-e", "ansible_winrm_server_cert_validation=ignore"],
"keep_inventory_file": true
}]
logs
==> azure-arm: Waiting for WinRM to become available...
azure-arm: WinRM connected.
==> azure-arm: #< CLIXML
==> azure-arm: <Objs Version="1.1.0.1" xmlns="http://schemas.microsoft.com/powershell/2004/04"><Obj S="progress" RefId="0"><TN RefId="0"><T>System.Management.Automation.PSCustomObject</T><T>System.Object</T></TN><MS><I64 N="SourceId">1</I64><PR N="Record"><AV>Preparing modules for first use.</AV><AI>0</AI><Nil /><PI>-1</PI><PC>-1</PC><T>Completed</T><SR>-1</SR><SD> </SD></PR></MS></Obj><Obj S="progress" RefId="1"><TNRef RefId="0" /><MS><I64 N="SourceId">1</I64><PR N="Record"><AV>Preparing modules for first use.</AV><AI>0</AI><Nil /><PI>-1</PI><PC>-1</PC><T>Completed</T><SR>-1</SR><SD> </SD></PR></MS></Obj></Objs>
==> azure-arm: Connected to WinRM!
==> azure-arm: Provisioning with Powershell...
==> azure-arm: Provisioning with powershell script: ./ConfigureRemotingForAnsible.ps1
azure-arm: Ok.
azure-arm:
==> azure-arm: Provisioning with Ansible...
azure-arm: Not using Proxy adapter for Ansible run:
azure-arm: Using WinRM Password from Packer communicator...
==> azure-arm: Executing Ansible: ansible-playbook -e packer_build_name=azure-arm -e packer_builder_type=azure-arm -e packer_http_addr=ERR_HTTP_ADDR_NOT_IMPLEMENTED_BY_BUILDER -e ansible_winrm_server_cert_validation=ignore -e ansible_password=***** -i /tmp/packer-provisioner-ansible836858602 /home/ubuntu/telemed-infra/ansible/iis.yml
azure-arm:
azure-arm: PLAY [all] *********************************************************************
azure-arm:
azure-arm: TASK [Gathering Facts] *********************************************************
azure-arm: ok: [default]
azure-arm:
azure-arm: TASK [Create directory for website] ********************************************
azure-arm: changed: [default]
azure-arm:
azure-arm: TASK [install-iis] *************************************************************
azure-arm: changed: [default]
azure-arm:
azure-arm: TASK [Create web site] *********************************************************
azure-arm: fatal: [default]: FAILED! => {"changed": false, "msg": "Get-AnsibleParam: Missing required argument: site"}
azure-arm:
azure-arm: PLAY RECAP *********************************************************************
azure-arm: default : ok=3 changed=2 unreachable=0 failed=1 skipped=0 rescued=0 ignored=0
azure-arm:
==> azure-arm: Provisioning step had errors: Running the cleanup provisioner, if present...
==> azure-arm: Removing the created Deployment object: 'pkrdp8vw9mshzc3'
==> azure-arm: Removing the created Deployment object: 'kvpkrdp8vw9mshzc3'
==> azure-arm:
==> azure-arm: Cleanup requested, deleting resource group ...
Packer version: 1.6.0
Ansible version: 2.9.6
atiffarrukh
on 2 Jul 2020
@atiffarrukh thanks mate!
Can you share this PS script with me ?
Epoxboy
on 2 Jul 2020
@Epoxboy sure, its on Ansible repository: https://github.com/ansible/ansible/blob/devel/examples/scripts/ConfigureRemotingForAnsible.ps1
atiffarrukh
on 2 Jul 2020
Yep! This script works for me too!
Epoxboy
on 2 Jul 2020
I'll add that script to the Packer docs!
SwampDragons
on 2 Jul 2020
I'm going to lock this issue because it has been closed for _30 days_ โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
![hashibot[bot] picture](https://avatars2.githubusercontent.com/in/8332?v=4&s=40)
hashibot[bot]
on 2 Aug 2020
Related issues
shantanugadgil
ยท
3Comments
Tensho
ยท
3Comments
craigsimon
ยท
3Comments
PartyImp
ยท
3Comments
russmac
ยท
3Comments