From 9d010267bd72baa1148397ec9b797b89de254031 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Thu, 14 Nov 2024 10:25:08 +1300 Subject: [PATCH 1/2] feat: upgrade to windows 11b --- vhdbuilder/packer/configure-windows-vhd.ps1 | 11 +++++++ .../generate-windows-vhd-configuration.ps1 | 33 ++++++++++++------- .../packer/test/windows-vhd-content-test.ps1 | 12 +++++++ vhdbuilder/packer/windows-image.env | 11 ++++--- .../packer/write-release-notes-windows.ps1 | 8 ++++- 5 files changed, 57 insertions(+), 18 deletions(-) diff --git a/vhdbuilder/packer/configure-windows-vhd.ps1 b/vhdbuilder/packer/configure-windows-vhd.ps1 index 318b6e6363a..fc0a0760f65 100644 --- a/vhdbuilder/packer/configure-windows-vhd.ps1 +++ b/vhdbuilder/packer/configure-windows-vhd.ps1 @@ -720,6 +720,12 @@ function Update-Registry { Write-Log "Enable 1 fix in 2024-09B" Enable-WindowsFixInFeatureManagement -Name 4288867982 + + Write-Log "Enable 3 fixes in 2024-11B" + Enable-WindowsFixInFeatureManagement -Name 1825620622 + Enable-WindowsFixInFeatureManagement -Name 684111502 + Enable-WindowsFixInFeatureManagement -Name 1455863438 + } if ($env:WindowsSKU -Like '23H2*') { @@ -728,6 +734,11 @@ function Update-Registry { Write-Log "Enable 1 fix in 2024-08B" Enable-WindowsFixInFeatureManagement -Name 1800977551 + + Write-Log "Enable 3 fixes in 2024-11B" + Enable-WindowsFixInFeatureManagement -Name 3197800078 + Enable-WindowsFixInFeatureManagement -Name 340036751 + Enable-WindowsFixInFeatureManagement -Name 2020509326 } } diff --git a/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 b/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 index 7badf4456c3..adb4b055727 100644 --- a/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 +++ b/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 @@ -60,9 +60,16 @@ $global:defenderUpdateInfoUrl = "https://go.microsoft.com/fwlink/?linkid=870379& switch -Regex ($windowsSku) { "2019-containerd" { - # TODO: clean up when you bump 11B - $global:patchUrls = @("https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/10/windows10.0-kb5044277-x64_5a0128140341e370680ab2542eb9da87de878110.msu") - $global:patchIDs = @("KB5044277") + # TODO: clean up when you bump 12B. These patches do an upgrade from 10B to 12B in a way that doesn't break openssh. + + $global:patchUrls = @( + "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/11/windows10.0-kb5046615-x64_d88444ff882129230297936cb0a221157099d074.msu", + "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/09/windows10.0-kb5044016-x64_64b2bcbd9edcc7fc1dd860751fdb537c947cf037.msu" + ) + $global:patchIDs = @( + "KB5046615", + "KB5044016" + ) $global:imagesToPull = @( "mcr.microsoft.com/windows/servercore:ltsc2019", @@ -97,32 +104,33 @@ switch -Regex ($windowsSku) { $global:imagesToPull += @( "mcr.microsoft.com/oss/kubernetes/pause:3.9-hotfix-20230808", + # This is for test purpose only to reduce the test duration. "mcr.microsoft.com/windows/servercore/iis:latest", + # CSI. Owner: andyzhangx (Andy Zhang) "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.12.0", # for k8s 1.27+ "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.13.1", # for k8s 1.30+ "mcr.microsoft.com/oss/kubernetes-csi/livenessprobe:v2.14.0", # for k8s 1.30+ + "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.10.1", # for k8s 1.27+ "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.11.1", # for k8s 1.30+ "mcr.microsoft.com/oss/kubernetes-csi/csi-node-driver-registrar:v2.12.0", # for k8s 1.30+ - "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.10-windows-hp", # for k8s 1.27.x + "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.28.11-windows-hp", # for k8s 1.27.x - "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.29.9-windows-hp", # for k8s 1.28.x "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.29.10-windows-hp", # for k8s 1.28.x - "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.30.4-windows-hp", # for k8s 1.30.x "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.30.5-windows-hp", # for k8s 1.30.x "mcr.microsoft.com/oss/kubernetes-csi/azuredisk-csi:v1.31.0-windows-hp", # for k8s 1.31.x - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.12-windows-hp", # for k8s 1.27.x + "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.28.13-windows-hp", # for k8s 1.27.x - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.8-windows-hp", # for k8s 1.28.x "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.29.9-windows-hp", # for k8s 1.28.x - "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.30.5-windows-hp", # for k8s 1.29.x "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.30.6-windows-hp", # for k8s 1.29.x "mcr.microsoft.com/oss/kubernetes-csi/azurefile-csi:v1.31.0-windows-hp", # for k8s 1.31.x + # Addon of Azure secrets store. Owner: jiashun0011 (Jiashun Liu) "mcr.microsoft.com/oss/kubernetes-csi/secrets-store/driver:v1.4.5", "mcr.microsoft.com/oss/azure/secrets-store/provider-azure:v1.5.3", + # Azure cloud node manager. Owner: nilo19 (Qi Ni), lzhecheng (Zhecheng Li) "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.21", # for k8s 1.27.x "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.27.21-windows-hpc", # for k8s 1.27.x @@ -134,15 +142,16 @@ $global:imagesToPull += @( "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.30.7-windows-hpc", # for k8s 1.30.x "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.1", # for k8s 1.31.x "mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager:v1.31.1-windows-hpc", # for k8s 1.31.x + # OMS-Agent (Azure monitor). Owner: ganga1980 (Ganga Mahesh Siddem) "mcr.microsoft.com/azuremonitor/containerinsights/ciprod:win-3.1.24", + # CNS (Container Networking Service) Owner: jaer-tsun (Jaeryn) - "mcr.microsoft.com/containernetworking/azure-cns:v1.4.56", "mcr.microsoft.com/containernetworking/azure-cns:v1.4.52", - "mcr.microsoft.com/containernetworking/azure-cns:v1.5.35", + "mcr.microsoft.com/containernetworking/azure-cns:v1.4.56", "mcr.microsoft.com/containernetworking/azure-cns:v1.5.38", - "mcr.microsoft.com/containernetworking/azure-cns:v1.6.7", "mcr.microsoft.com/containernetworking/azure-cns:v1.6.13", + # CNI installer for azure-vnet. Owner: evanbaker "mcr.microsoft.com/containernetworking/azure-cni:v1.4.56", "mcr.microsoft.com/containernetworking/azure-cni:v1.5.35", diff --git a/vhdbuilder/packer/test/windows-vhd-content-test.ps1 b/vhdbuilder/packer/test/windows-vhd-content-test.ps1 index da8fc818d49..c18f56a5c8a 100644 --- a/vhdbuilder/packer/test/windows-vhd-content-test.ps1 +++ b/vhdbuilder/packer/test/windows-vhd-content-test.ps1 @@ -339,6 +339,7 @@ function Test-RegistryAdded { Validate-WindowsFixInFeatureManagement -Name 1605443213 } + if ($env:WindowsSKU -Like '2022*') { Validate-WindowsFixInFeatureManagement -Name 2629306509 Validate-WindowsFixInHnsState -Name HnsPolicyUpdateChange @@ -398,11 +399,22 @@ function Test-RegistryAdded { Validate-WindowsFixInFeatureManagement -Name 260097166 Validate-WindowsFixInFeatureManagement -Name 4288867982 + + # 2024-11B + Validate-WindowsFixInFeatureManagement -Name 1825620622 + Validate-WindowsFixInFeatureManagement -Name 684111502 + Validate-WindowsFixInFeatureManagement -Name 1455863438 } + if ($env:WindowsSKU -Like '23H2*') { Validate-WindowsFixInHnsState -Name PortExclusionChange -Value 0 Validate-WindowsFixInFeatureManagement -Name 1800977551 + + # 2024-11B + Validate-WindowsFixInFeatureManagement -Name 3197800078 + Validate-WindowsFixInFeatureManagement -Name 340036751 + Validate-WindowsFixInFeatureManagement -Name 2020509326 } } diff --git a/vhdbuilder/packer/windows-image.env b/vhdbuilder/packer/windows-image.env index 8c0f96c1e4d..748979d0fd8 100644 --- a/vhdbuilder/packer/windows-image.env +++ b/vhdbuilder/packer/windows-image.env @@ -4,13 +4,14 @@ # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:2019-Datacenter-Core-smalldisk:latest WINDOWS_2019_BASE_IMAGE_SKU=2019-Datacenter-Core-smalldisk -# TODO: update global:patch in generate-windows-vhd-configuration.ps1 and remove this comment when you bump 11B +# TODO: update global:patch in generate-windows-vhd-configuration.ps1 and remove this comment when you bump 12B - but revert and bring back if +# open ssh fails when you build the VHD. This image is 9B. WINDOWS_2019_BASE_IMAGE_VERSION=17763.6293.240905 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:2022-Datacenter-Core-smalldisk:latest WINDOWS_2022_BASE_IMAGE_SKU=2022-Datacenter-Core-smalldisk -WINDOWS_2022_BASE_IMAGE_VERSION=20348.2762.241006 +WINDOWS_2022_BASE_IMAGE_VERSION=20348.2849.241102 # CLI example to get all available image version under a SKU (suffix g2 for Gen 2): # az vm image list --all --publisher MicrosoftWindowsServer --offer WindowsServer --output table -s 2022-datacenter-core-smalldisk-g2 @@ -22,7 +23,7 @@ WINDOWS_2022_GEN2_BASE_IMAGE_VERSION=20348.2762.241006 # CLI example to get the latest image version: # az vm image show --urn MicrosoftWindowsServer:WindowsServer:23h2-datacenter-core:latest WINDOWS_23H2_BASE_IMAGE_SKU=23h2-datacenter-core -WINDOWS_23H2_BASE_IMAGE_VERSION=25398.1189.241004 +WINDOWS_23H2_BASE_IMAGE_VERSION=25398.1251.241105 # CLI example to get all available image version under a SKU (suffix g2 for Gen 2): # az vm image list --all --publisher MicrosoftWindowsServer --offer WindowsServer --output table -s 23h2-datacenter-core-g2 @@ -30,9 +31,9 @@ WINDOWS_23H2_BASE_IMAGE_VERSION=25398.1189.241004 # az vm image show --urn MicrosoftWindowsServer:WindowsServer:23h2-datacenter-core-g2:latest # NOTE: Please update $global:patchUrls and $global:patchIDs in vhdbuilder/packer/generate-windows-vhd-configuration.ps1 on demand WINDOWS_23H2_GEN2_BASE_IMAGE_SKU=23h2-datacenter-core-g2 -WINDOWS_23H2_GEN2_BASE_IMAGE_VERSION=25398.1189.241004 +WINDOWS_23H2_GEN2_BASE_IMAGE_VERSION=25398.1251.241105 # Please uncomment the following lines and set a larger os disk size that is at least 30GB when your PR check-in fails -# WINDOWS_2019_CONTAINERD_OS_DISK_SIZE_GB=30 +#WINDOWS_2019_CONTAINERD_OS_DISK_SIZE_GB=30 WINDOWS_2022_CONTAINERD_OS_DISK_SIZE_GB=35 WINDOWS_23H2_OS_DISK_SIZE_GB=35 \ No newline at end of file diff --git a/vhdbuilder/packer/write-release-notes-windows.ps1 b/vhdbuilder/packer/write-release-notes-windows.ps1 index 48c8c919b76..779748bb2fc 100644 --- a/vhdbuilder/packer/write-release-notes-windows.ps1 +++ b/vhdbuilder/packer/write-release-notes-windows.ps1 @@ -152,7 +152,13 @@ $wuRegistryNames = @( "747051149", "260097166", "1800977551", - "4288867982" + "4288867982", + "1825620622", + "684111502", + "1455863438", + "3197800078", + "340036751", + "2020509326" ) foreach ($key in $wuRegistryKeys) { From d3303aabf6168b4e24bdd63caa1d92e242208ba6 Mon Sep 17 00:00:00 2001 From: Tim Wright Date: Thu, 14 Nov 2024 10:59:32 +1300 Subject: [PATCH 2/2] add space to try to get PR checks to run --- vhdbuilder/packer/generate-windows-vhd-configuration.ps1 | 1 + 1 file changed, 1 insertion(+) diff --git a/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 b/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 index adb4b055727..8adf9d572d3 100644 --- a/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 +++ b/vhdbuilder/packer/generate-windows-vhd-configuration.ps1 @@ -66,6 +66,7 @@ switch -Regex ($windowsSku) { "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/11/windows10.0-kb5046615-x64_d88444ff882129230297936cb0a221157099d074.msu", "https://catalog.s.download.windowsupdate.com/d/msdownload/update/software/secu/2024/09/windows10.0-kb5044016-x64_64b2bcbd9edcc7fc1dd860751fdb537c947cf037.msu" ) + $global:patchIDs = @( "KB5046615", "KB5044016"