Add skip_build_key_vault_create to skip build Keyvault create during window builds #393
Conversation
Add skip_create_build_key_vault
|
|
|
@JenGoldstrich @nywilken please take a look. thank you. |
|
Hey @garimakhulbe02 thanks for opening this PR, can you post the custom_script and user_data example to load the WinRM certificate that you mentioned in the issue, would be helpful so that I can quickly test this feature, and also add to document how to use this feature, as the new field won't work otherwise as I understand it |
|
@JenGoldstrich updated PR with example. please take a look. thanks. |
|
Hey @garimakhulbe02 I emailed you too but just to have the context here for any other contributors or readers I am running into the following error from the VM extension when trying to deploy the VM template |
let me check. will send you by tomorrow EOD. |
| New-NetFirewallRule -Name "Allow WinRM HTTPS" -DisplayName "WinRM HTTPS" -Enabled True -Profile Any -Action Allow -Direction Inbound -LocalPort 5986 -Protocol TCP | ||
|
|
||
| # Used for creating the WinRM certificate for authentication | ||
| $thumbprint = (New-SelfSignedCertificate -DnsName $env:COMPUTERNAME -CertStoreLocation Cert:\LocalMachine\My -NotAfter $(Get-Date).AddDays(1)).Thumbprint |
There was a problem hiding this comment.
One thing I'm not sure of, how does the certificate get passed along to the plugin if it's used for authentication? Unless I'm mistaken this script executes early on the Windows instance, before we can connect to the instance itself, so how do we get this?
Or is the certificate only so HTTPS can be used for the connection?
There was a problem hiding this comment.
I believe this is only so HTTPS can be used for the certificate, you can't create a WinRM HTTPS listener without a certificate, I do not believe the certificate is given to the user
Co-authored-by: Lucas Bajolet <[email protected]>
Co-authored-by: Lucas Bajolet <[email protected]>
This PR is add this attribute #357
New attribute/input skip_build_key_vault_create in packer config to skip Keyvault deployment during packer build for windows images. Packer does two ARM deployments during build. First deployment for Keyvault to save WinRM certificate and second deployment for build VM. This attribute will give an option to skip this build Keyvault deployment during build.