Packer does not execute provisioner "ansible" via SSH over SSM on Windows

[alesiobitaGit]

I'm trying to user session_manager for windows (for linux it works okay meanwhile), the docs have an example with linux but not windows

I attempted to use this config but its not working:

Windows Server v2019

data "amazon-ami" "amazon-source-images-windows_server_v2019" {
filters = {
virtualization-type = "hvm"
name = "Windows_Server-2019English-Full-Base-"
root-device-type = "ebs"
}
owners = ["801119661308"]
most_recent = true
}

source "amazon-ebs" "ansible-playbook" {

Set source_ami based on OS

source_ami = data.amazon-ami.amazon-source-images-windows_server_v2019.id
ami_name = "WindowsServerv2019-test-ami"
region = "eu-central-1"
instance_type = "t2.micro"
ssh_timeout = "20m"
ssh_username = "Administrator"
communicator = "ssh"
ssh_interface = "session_manager"
user_data_file = "../helper_scripts/01-configure-source-ssh.ps1"
iam_instance_profile = var.instance_role

metadata_options {
http_endpoint = "enabled"
# http_tokens = "optional"
# http_put_response_hop_limit = 1
}

build {
sources = ["source.amazon-ebs.ansible-playbook"]

provisioner "ansible" {
use_proxy = false
playbook_file = "../ansible/os/base_windows_server_v2019_playbook.yml"
ansible_env_vars = ["PACKER_BUILD_NAME={{ build_name }}"]
extra_arguments = [ "-vvvv" ]
inventory_file_template = "{{ .HostAlias }} ansible_host={{ .ID }} ansible_user={{ .User }} ansible_ssh_common_args='-o StrictHostKeyChecking=no -o ProxyCommand="sh -c \"aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p\""'\n"
}

}

01-configure-source-ssh.ps1 :

Install sshd

Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22

Save the private key from intance metadata

New-Item -Path C:\ProgramData\ssh\administrators_authorized_keys -ItemType File
Set-Content -Path C:\ProgramData\ssh\administrators_authorized_keys -Value ((New-Object System.Net.WebClient).DownloadString('http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key'))

Set sshd to automatic and start

Set-Service -Name sshd -StartupType "Automatic"
Start-Service sshd

Set appropriate permissions on administrators_authorized_keys by copying them from an existing key

Get-ACL C:\ProgramData\ssh\ssh_host_rsa_key | Set-ACL C:\ProgramData\ssh\administrators_authorized_keys

Set ssh-agent to automatic and start

Must set to automatic first as the default state is disabled

Set-Service -Name ssh-agent -StartupType "Automatic"
Start-Service ssh-agent

Set the default login shell for SSH connections to Powershell

New-Item -Path HKLM:\SOFTWARE\OpenSSH -Force
New-ItemProperty -Path HKLM:\SOFTWARE\OpenSSH -Name DefaultShell
-Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" `
-ErrorAction Stop

true

Error output as below:

amazon-ebs.ansible-playbook: ESTABLISH SSH CONNECTION FOR USER: Administrator
amazon-ebs.ansible-playbook: SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/tmp/ansible-key1091301697"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="Administrator"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -o 'ProxyCommand=sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p"' '-o IdentitiesOnly=yes' -o 'ControlPath="/home/runner/.ansible/cp/fd5007ef42"' i-0c9baaec4dcaf29b6 '/bin/sh -c '"'"'echo "pwd" && sleep 0'"'"''
amazon-ebs.ansible-playbook: (1, b'', b'OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files\r\ndebug1: /etc/ssh/ssh_config line 21: Applying options for \r\ndebug3: expanded UserKnownHostsFile '/.ssh/known_hosts' -> '/home/runner/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '/.ssh/known_hosts2' -> '/home/runner/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2045\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\n/b
amazon-ebs.ansible-playbook: Failed to connect to the host via ssh: OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
amazon-ebs.ansible-playbook: debug1: Reading configuration data /etc/ssh/ssh_config
amazon-ebs.ansible-playbook: debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files
amazon-ebs.ansible-playbook: debug1: /etc/ssh/ssh_config line 21: Applying options for *
amazon-ebs.ansible-playbook: debug3: expanded UserKnownHostsFile '/.ssh/known_hosts' -> '/home/runner/.ssh/known_hosts'
amazon-ebs.ansible-playbook: debug3: expanded UserKnownHostsFile '/.ssh/known_hosts2' -> '/home/runner/.ssh/known_hosts2'
amazon-ebs.ansible-playbook: debug1: auto-mux: Trying existing master
amazon-ebs.ansible-playbook: debug2: fd 3 setting O_NONBLOCK
amazon-ebs.ansible-playbook: debug2: mux_client_hello_exchange: master version 4
amazon-ebs.ansible-playbook: debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
amazon-ebs.ansible-playbook: debug3: mux_client_request_session: entering
amazon-ebs.ansible-playbook: debug3: mux_client_request_alive: entering
amazon-ebs.ansible-playbook: debug3: mux_client_request_alive: done pid = 2045
amazon-ebs.ansible-playbook: debug3: mux_client_request_session: session request sent
amazon-ebs.ansible-playbook: debug1: mux_client_request_session: master session id: 2
amazon-ebs.ansible-playbook: /bin/sh : The term '/bin/sh' is not recognized as the name of a cmdlet, function, script file, or
amazon-ebs.ansible-playbook: operable program. Check the spelling of the name, or if a path was included, verify that the path
amazon-ebs.ansible-playbook: is correct and try again.
amazon-ebs.ansible-playbook: At line:1 char:1
amazon-ebs.ansible-playbook: + /bin/sh -c 'echo "pwd" && sleep 0'
amazon-ebs.ansible-playbook: + ~~~~~~~
amazon-ebs.ansible-playbook: + CategoryInfo : ObjectNotFound: (/bin/sh:String) [], CommandNotFoundException
amazon-ebs.ansible-playbook: + FullyQualifiedErrorId : CommandNotFoundException
amazon-ebs.ansible-playbook:
amazon-ebs.ansible-playbook: debug3: mux_client_read_packet: read header failed: Broken pipe
amazon-ebs.ansible-playbook: debug2: Received exit status from master 1
amazon-ebs.ansible-playbook: ESTABLISH SSH CONNECTION FOR USER: Administrator
amazon-ebs.ansible-playbook: SSH: EXEC ssh -vvv -C -o ControlMaster=auto -o ControlPersist=60s -o StrictHostKeyChecking=no -o 'IdentityFile="/tmp/ansible-key1091301697"' -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o 'User="Administrator"' -o ConnectTimeout=10 -o StrictHostKeyChecking=no -o IdentitiesOnly=yes -o 'ProxyCommand=sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p"' '-o IdentitiesOnly=yes' -o 'ControlPath="/home/runner/.ansible/cp/fd5007ef42"' i-0c9baaec4dcaf29b6 '/bin/sh -c '"'"'( umask 77 && mkdir -p "echo ~/.ansible/tmp"&& mkdir "echo ~/.ansible/tmp/ansible-tmp-1710431567.9814148-2022-2756788989247" && echo ansible-tmp-1710431567.9814148-2022-2756788989247="echo ~/.ansible/tmp/ansible-tmp-1710431567.9814148-2022-2756788989247" ) && sleep 0'"'"''
amazon-ebs.ansible-playbook: (1, b'', b'OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files\r\ndebug1: /etc/ssh/ssh_config line 21: Applying options for \r\ndebug3: expanded UserKnownHostsFile '/.ssh/known_hosts' -> '/home/runner/.ssh/known_hosts'\r\ndebug3: expanded UserKnownHostsFile '/.ssh/known_hosts2' -> '/home/runner/.ssh/known_hosts2'\r\ndebug1: auto-mux: Trying existing master\r\ndebug2: fd 3 setting O_NONBLOCK\r\ndebug2: mux_client_hello_exchange: master version 4\r\ndebug3: mux_client_forwards: request forwardings: 0 local, 0 remote\r\ndebug3: mux_client_request_session: entering\r\ndebug3: mux_client_request_alive: entering\r\ndebug3: mux_client_request_alive: done pid = 2045\r\ndebug3: mux_client_request_session: session request sent\r\ndebug1: mux_client_request_session: master session id: 2\r\n/b
amazon-ebs.ansible-playbook: Failed to connect to the host via ssh: OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022
amazon-ebs.ansible-playbook: debug1: Reading configuration data /etc/ssh/ssh_config
amazon-ebs.ansible-playbook: debug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/.conf matched no files
amazon-ebs.ansible-playbook: debug1: /etc/ssh/ssh_config line 21: Applying options for *
amazon-ebs.ansible-playbook: debug3: expanded UserKnownHostsFile '/.ssh/known_hosts' -> '/home/runner/.ssh/known_hosts'
amazon-ebs.ansible-playbook: debug3: expanded UserKnownHostsFile '/.ssh/known_hosts2' -> '/home/runner/.ssh/known_hosts2'
amazon-ebs.ansible-playbook: debug1: auto-mux: Trying existing master
amazon-ebs.ansible-playbook: debug2: fd 3 setting O_NONBLOCK
amazon-ebs.ansible-playbook: debug2: mux_client_hello_exchange: master version 4
amazon-ebs.ansible-playbook: debug3: mux_client_forwards: request forwardings: 0 local, 0 remote
amazon-ebs.ansible-playbook: debug3: mux_client_request_session: entering
amazon-ebs.ansible-playbook: debug3: mux_client_request_alive: entering
amazon-ebs.ansible-playbook: debug3: mux_client_request_alive: done pid = 2045
amazon-ebs.ansible-playbook: debug3: mux_client_request_session: session request sent
amazon-ebs.ansible-playbook: debug1: mux_client_request_session: master session id: 2
amazon-ebs.ansible-playbook: /bin/sh : The term '/bin/sh' is not recognized as the name of a cmdlet, function, script file, or
amazon-ebs.ansible-playbook: operable program. Check the spelling of the name, or if a path was included, verify that the path
amazon-ebs.ansible-playbook: is correct and try again.
amazon-ebs.ansible-playbook: At line:1 char:1
amazon-ebs.ansible-playbook: + /bin/sh -c '( umask 77 && mkdir -p "echo ~/.ansible/tmp"&& mkdir ...
amazon-ebs.ansible-playbook: + ~~~~~~~
amazon-ebs.ansible-playbook: + CategoryInfo : ObjectNotFound: (/bin/sh:String) [], CommandNotFoundException
amazon-ebs.ansible-playbook: + FullyQualifiedErrorId : CommandNotFoundException
amazon-ebs.ansible-playbook:
amazon-ebs.ansible-playbook: debug3: mux_client_read_packet: read header failed: Broken pipe
amazon-ebs.ansible-playbook: debug2: Received exit status from master 1
amazon-ebs.ansible-playbook: fatal: [default]: UNREACHABLE! => {
amazon-ebs.ansible-playbook: "changed": false,
amazon-ebs.ansible-playbook: "msg": "Failed to create temporary directory. In some cases, you may have been able to authenticate and did not have permissions on the target directory. Consider changing the remote tmp path in ansible.cfg to a path rooted in "/tmp", for more error information use -vvv. Failed command was: ( umask 77 && mkdir -p "echo ~/.ansible/tmp"&& mkdir "echo ~/.ansible/tmp/ansible-tmp-1710431567.9814148-2022-2756788989247" && echo ansible-tmp-1710431567.9814148-2022-2756788989247="echo ~/.ansible/tmp/ansible-tmp-1710431567.9814148-2022-2756788989247" ), exited with result 1, stderr output: OpenSSH_8.9p1 Ubuntu-3ubuntu0.6, OpenSSL 3.0.2 15 Mar 2022\r\ndebug1: Reading configuration data /etc/ssh/ssh_config\r\ndebug1: /etc/ssh/ssh_config line 19: include /etc/ssh/ssh_config.d/*.conf matched no files\r\ndebug1: /etc/ssh/ssh_config line 21: Applying options for *\r\ndebug3: expanded UserKnownHostsFile '~/.ssh/known_hosts' -> '/home/runner/.ssh/known_hosts'\r\nd
amazon-ebs.ansible-playbook: "unreachable": true
amazon-ebs.ansible-playbook: }
amazon-ebs.ansible-playbook:
amazon-ebs.ansible-playbook: PLAY RECAP *********************************************************************
amazon-ebs.ansible-playbook: default : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0

When I run with provisioner "powershell" it creates the images with success.

provisioner "powershell" {
environment_vars = [
    "VAR1=A$Dollar",
    "VAR2=A`Backtick",
    "VAR3=A'SingleQuote",
    "VAR4=A\"DoubleQuote",
    "VAR5=${var.psvar}",
]
inline = [
  "Write-Output \"In the following examples the special character is interpreted correctly:\"",
  "Write-Output \"The dollar in VAR1:                            $Env:VAR1\"",
  "Write-Output \"The backtick in VAR2:                          $Env:VAR2\"",
  "Write-Output \"The single quote in VAR3:                      $Env:VAR3\"",
  "Write-Output \"The double quote in VAR4:                      $Env:VAR4\"",
  "Write-Output \"The dollar in VAR5 (expanded from a user var): $Env:VAR5\"",
]

}

[alesiobitaGit]

@nywilken your support will be highly appreciated :)