Issue
I am currently setting up my Jenkins server to create EC2 instanced when a build is initialized. It perfectly creates and destroys the instance but it wont connect with WinRM. I have tried everything online at this point, been at it for a total of 16 hours atleast.
Powershell commands:
Enable-PSRemoting -Force
winrm set winrm/config/service '@{AllowUnencrypted="true"}'
winrm set winrm/config/service/auth '@{Basic="true"}'
Tried changing group policies to allow all hosts and enabeling untrusted connection Tried connecting from my local machine with powershell and basic auth (worked perfectly) Tried changing bassicly all settings both on jenkins and AWS. Searched the entire web Downgraded the EC2 plugin from 5.1 to 4.2
I am completely out of ideas on what I could do.
This output below is infinitely looping:
Connecting to ******.eu-west-3.compute.amazonaws.com(52.47.***.**) with WinRM as
administrator
Waiting for WinRM to come up. Sleeping 10s.
Solution
I just finished a trip down this rabbit hole and managed to get things working. My setup is Jenkins server 2.235.5 and ec2-plugin version 1.55. I build an AMI using packer, configure the user data and enable smb. Within Jenkins, I configure the agent to use HTTPS and the self signed certificate. The agent uses the password generated for the Administrator account. Be sure that the role has the ability to fetch the password.
Packer builder
"builders": [
{
"type": "amazon-ebs",
"communicator": "winrm",
"winrm_username": "Administrator",
"winrm_use_ssl": true,
"winrm_insecure": true,
"user_data_file": "/opt/scripts/EC2UserData.ps1",
...
Ec2UserData.ps1
<powershell>
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"
# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
Enable-PSRemoting -force
Set-Item WSMan:\localhost\Client\trustedhosts -value * -force
# Create a self-signed certificate to let ssl work
$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force
# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
</powershell>
Packer provisioners
"provisioners": [
{
"type": "file",
"source": "/opt/config/jdk_11.0.2/cacerts",
"destination": "c:\\temp\\cacerts"
},
{
"type": "powershell",
"scripts": [
"/opt/scripts/InstallJava.ps1",
"/opt/scripts/InstallJenkinsSlave.ps1",
"/opt/scripts/EnableSmb.ps1"
]
},
InstallJava.ps1
wget 'http://javadl.oracle.com/webapps/download/AutoDL?BundleId=210185' -Outfile 'C:\jreinstaller.exe'
Start-Process -filepath C:\jreinstaller.exe -passthru -wait -argumentlist "/s","INSTALLDIR=c:\Java\jre1.8.0_91"
del C:\jreinstaller.exe
Copy-Item "C:\Java\jre1.8.0_91\lib\security\cacerts" -Destination "C:\Java\jre1.8.0_91\lib\security\cacerts.original"
Copy-Item "c:\temp\cacerts" -Destination "C:\Java\jre1.8.0_91\lib\security\cacerts" -Force
$env:JAVA_HOME="c:\Java\jre1.8.0_91"
setx PATH "$env:path;c:\Java\jre1.8.0_91\bin"
InstallJenkinsSlave.ps1
# enable UserData to run on next launch
cd C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts
./InitializeInstance.ps1 -Schedule
Set-NetFirewallProfile -Profile Public,Private -Enabled False
EnableSmb.ps1
echo "Enabling smb1"
#Enable SMB1 protocol to workaround Windows on-demand issues
Enable-WindowsOptionalFeature -Online -FeatureName smb1protocol -NoRestart
Set-SmbServerConfiguration -EnableSMB1Protocol $true -Confirm:$true -Force #may work on 2012 but not 2019
set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters SMB1 -Type DWORD -Value 1 -Force
#Just in case firewall really didn't get disabled
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
echo "restarting lanman"
Restart-Service lanmanserver
Answered By - bruce szalwinski
Answer Checked By - Mary Flores (JavaFixing Volunteer)