如何使用包装器为Windows 2025服务器设置WinRM？等待winrm成为可用的 我正在尝试使用包装器之后使用Packer创建Windows Server的AMI，但是它似乎使用旧版本的Windows Server版本似乎不起作用。我如何创建m ...

和

bootstrap_win.txt

# A Packer config that works with this example would be: # # # "winrm_username": "Administrator", # "winrm_password": "SuperS3cr3t!!!", # "winrm_insecure": true, # "winrm_use_ssl": true # # <powershell> # Create username and password net user Administrator SuperS3cr3t!!! wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore # Don't set this before Set-ExecutionPolicy as it throws an error $ErrorActionPreference = "stop" # Remove HTTP listener Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse # Create a self-signed certificate to let ssl work $Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer" New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force # WinRM write-output "Setting up WinRM" write-host "(host) setting up WinRM" # Configure WinRM to allow unencrypted communication, and provide the # self-signed cert to the WinRM listener. cmd.exe /c winrm quickconfig -q cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}' cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}' cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}' cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}' cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}' cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}" # Make sure appropriate firewall port openings exist cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986" # Restart WinRM, and set it so that it auto-launches on startup. cmd.exe /c net stop winrm cmd.exe /c sc config winrm start= auto cmd.exe /c net start winrm </powershell>

nover of the with在这里：

==> ado-windows-build.amazon-ebs.windows_image: Waiting for WinRM to become available...

如果您正在使用Packer，则可以使用此脚本设置WinRM：

<powershell>
# Set administrator password
net user ${winrm_username} ${winrm_password}
wmic useraccount where "name='${winrm_username}'" set PasswordExpires=FALSE

# First, make sure WinRM can't be connected to
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block

# Delete any existing WinRM listeners
winrm delete winrm/config/listener?Address=*+Transport=HTTP  2>$Null
winrm delete winrm/config/listener?Address=*+Transport=HTTPS 2>$Null

# Disable group policies which block basic authentication and unencrypted login

Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Client -Name AllowUnencryptedTraffic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowBasic -Value 1
Set-ItemProperty -Path HKLM:\Software\Policies\Microsoft\Windows\WinRM\Service -Name AllowUnencryptedTraffic -Value 1


# Create a new WinRM listener and configure
winrm create winrm/config/listener?Address=*+Transport=HTTP
winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="0"}'
winrm set winrm/config '@{MaxTimeoutms="7200000"}'
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service '@{MaxConcurrentOperationsPerUser="12000"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
winrm set winrm/config/client/auth '@{Basic="true"}'

# Configure UAC to allow privilege elevation in remote shells
$Key = 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System'
$Setting = 'LocalAccountTokenFilterPolicy'
Set-ItemProperty -Path $Key -Name $Setting -Value 1 -Force

# Configure and restart the WinRM Service; Enable the required firewall exception
Stop-Service -Name WinRM
Set-Service -Name WinRM -StartupType Automatic
netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new action=allow localip=any remoteip=any
Start-Service -Name WinRM
</powershell>

可以将其设置为user_data这样的设置：

user_data = templatefile("${path.root}/../scripts/build/bootstrap_win.pkrtpl.hcl", { winrm_username = local.winrm_username, winrm_password = local.winrm_password })