diff --git a/experiments/image-builder/.gitignore b/experiments/image-builder/.gitignore deleted file mode 100644 index e1b5e64..0000000 --- a/experiments/image-builder/.gitignore +++ /dev/null @@ -1 +0,0 @@ -image-builder diff --git a/experiments/image-builder/README.md b/experiments/image-builder/README.md deleted file mode 100644 index 961dcff..0000000 --- a/experiments/image-builder/README.md +++ /dev/null @@ -1,381 +0,0 @@ -# Image-builder for Windows Nodes - -This folder hosts the necessary tools to build and ship Windows node images builded from zero. -It uses `image-builder` and few custom customization to provide a build-in CNI and proper configuration, -the machine here is intend to be used into the `sig-windows-dev-tools` repository primarly. - -Only the VirtualBox hypervisor is fully tested, but OVA images building can be made as well. - -## Running - -After getting the ISO from MSDN inform it via the `VBOX_WINDOWS_ISO` environment variable. - -``` -cd image-builder -VBOX_WINDOWS_ISO=file:/tmp/windows-2019.iso ./image-builder.sh -``` - -Use `DEBUG=1` to enable verbosity in the build. - -## What is included in the node - -The official `image-builder` for Windows nodes already includes a few Kubernetes artifacts, plus -the ones added by this project: - -1. Kubeadm -2. Kubelet -3. Kubectl -4. CNI plugins - -NOTE 1: These files are coming from a burrito installation -NOTE 2: This script MUST support both Calico or Antrea installation. - -### Steps required on Vagrant - -It's still required to join the control plane, and this step is required -via Kubejoin, with a provision, this is an usage example: - -``` -winw1.vm.provision "shell", path: "sync/shared/kubejoin.ps1", privileged: true -``` - -## How image-builder creates the image - -![Image builder Diagram](images/diagram.jpg "Image-builder diagram") - -The intent of this section is to describe with more details how image-builder runs -and generates the final Windows node. Since the steps here a focused on Vagrant boxes, -to the local node build for Windows 2019 target is used. - -``` -cd images/capi -make build-node-vbox-local-windows-2019 -``` - -At this point the only necessary part is the [MSDN Windows ISO](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2019), -the Evaluation version is fine to be used here. - -### Packer - -[Packer](https://www.packer.io) is the default system used by `image-builder` to build all target nodes, it is modularized enough -to use different Hypervisors, for this project it is being used the [Virtualbox](https://www.packer.io/docs/builders/virtualbox/iso) -with ISO mode generation. When running the make target packer is invoked and here is a breakdown of the command line arguments: - -``` -$ packer build \ - -## Common Configuration files - --var-file="images/capi/packer/config/kubernetes.json" \ --var-file="images/capi/packer/config/containerd.json" \ --var-file="images/capi/packer/config/goss-args.json" \ --var-file="images/capi/packer/config/additional_components.json" \ - -## Windows specific configuration files - --var-file="images/capi/packer/config/windows/kubernetes.json" \ --var-file="images/capi/packer/config/windows/containerd.json" \ --var-file="images/capi/packer/config/windows/docker.json" \ --var-file="images/capi/packer/config/windows/ansible-args-windows.json" \ --var-file="images/capi/packer/config/windows/common.json" \ --var-file="images/capi/packer/config/windows/cloudbase-init.json" \ - -## Virtualbox Windows specific configuration - --var-file="packer/vbox/packer-common.json" \ --var-file="images/capi/packer/vbox/windows-2019.json" \ - -# Builder choice -only=vmware-iso is the important filter. - --except=esx \ --except=vsphere \ --only=vmware-iso \ - -# Packer Windows Configuration - -packer/vbox/packer-windows.json -``` - -These configurations files does not matters much until now, they will exists in the default target -install, the way to [extend these values](https://image-builder.sigs.k8s.io/capi/capi.html#customization) is to add -more custom configuration JSON files via the `PACKER_VAR_FILES` environment variable, these fiels are going to take -precedence over the existent values. - -### Breaking down packer-windows.json - -An important part is the configuration file used by packer, it's divided in 4 sections: - -* builders - responsible for creating machines and generating images from them for various platforms. -* post-processors - run after the image is built by the builder and provisioned by the provisioner(s). -* provisioners - use builtin and third-party software to install and configure the machine image after booting. -* variables - User variables allow your templates to be further configured with variables from the command-line, environment variables, Vault, or files. - -### VirtualBox-iso builder - -All fields comments are in the official documentation, a few of them are interesting to notice. -It's being used `winrm` communicator this is enabled as the last step of the bootstrap of the guest -machine, as noted in the floppy files listing. - -The other important scripting here is the `autounattend.xml` or -[Automated Windows Setup](https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/automate-windows-setup), this XML -is reponsible to setup a few settings in the bootstrap time, it can be generated using [Windows AFG](https://www.windowsafg.com/server2019.html): - -* General install settings -* Regional configuration -* Out of Box Experience settings -* Windows Update Settings -* Partition creation -* User Account information - -Example of default builder settings: - -``` -{ - "boot_wait": "{{user `boot_wait`}}", - "communicator": "winrm", - "cpus": "{{user `cpu`}}", - "disk_size": "{{user `disk_size`}}", - "floppy_files": [ - "./packer/vbox/windows/{{user `build_name`}}/autounattend.xml", - "./packer/vbox/windows/disable-network-discovery.cmd", - "./packer/vbox/windows/disable-winrm.ps1", - "./packer/vbox/windows/enable-winrm.ps1", - "./packer/vbox/windows/sysprep.ps1" - ], - "guest_additions_mode": "disable", - "guest_os_type": "{{user `local_guest_os_type`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "iso_urls": [ - "{{user `os_iso_url`}}" - ], - "memory": "{{user `memory`}}", - "name": "virtualbox-iso", - "output_directory": "{{user `output_dir`}}", - "shutdown_command": "powershell A:/sysprep.ps1", - "shutdown_timeout": "1h", - "type": "virtualbox-iso", - "vm_name": "{{user `build_version`}}", - "winrm_password": "S3cr3t0!", - "winrm_timeout": "4h", - "winrm_username": "Administrator" -} -``` - -## Exporting with post processing - -In other jobs we the post-processor job uses a Python script to generate the OVA image. For this builder -a final compressed image for Vagrant is generated. The output `output/windows-2019.box` can be used -directly in the Vagrantfile, or uploaded to a repository on Vagrantup. - -As noted a Vagrantfile template is provided as well. - -``` -{ - "keep_input_artifact": false, - "output": "{{ user `output_dir`}}/windows-2019.box", - "type": "vagrant", - "vagrantfile_template": "./packer/vbox/vagrantfile-windows_2019.template" -} -``` - -### Ansible provisioning - -The next step is to provision the machine with Ansible scripts, `ansible_*_vars` from variables -are the way to configure Ansible here: - -``` -{ - "extra_arguments": [ - "-e", - "ansible_winrm_scheme=http", - "--extra-vars", - "{{user `ansible_common_vars`}}", - "--extra-vars", - "{{user `ansible_extra_vars`}}", - "--extra-vars", - "{{user `ansible_user_vars`}}" - ], - "playbook_file": "ansible/windows/node_windows.yml", - "type": "ansible", - "use_proxy": false, - "user": "Administrator" -}, -``` - -Breaking down the Ansible running command here: - -``` -ansible-playbook \ --e packer_build_name="virtualbox-iso" --e packer_builder_type=virtualbox-iso --e packer_http_addr=10.0.2.2:0 --e ansible_winrm_scheme=http ---extra-vars - runtime=docker-ee - docker_ee_version=19.03.12 - containerd_url=https://github.com/containerd/containerd/releases/download/v1.5.5/containerd-1.5.5-windows-amd64.tar.gzcontainerd_sha256=036428b8c4055b2eeba7c62ac84dc96552be9a2c14e3a8a6ac4052684cf73db0 - pause_image= - additional_debug_files="" - containerd_additional_settings= - custom_role_names= - http_proxy= - https_proxy= - no_proxy= - kubernetes_base_url=https://kubernetesreleases.blob.core.windows.net/kubernetes/v1.20.10/binaries/node/windows/amd64 - kubernetes_semver=v1.20.10 - kubernetes_install_path=c:\k - cloudbase_init_url="https://github.com/cloudbase/cloudbase-init/releases/download/1.1.2/CloudbaseInitSetup_1_1_2_x64.msi" - cloudbase_plugins=" - cloudbaseinit.plugins.common.ephemeraldisk.EphemeralDiskPlugin, - cloudbaseinit.plugins.common.mtu.MTUPlugin, - cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin, - cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin, - cloudbaseinit.plugins.common.userdata.UserDataPlugin, - cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin, - cloudbaseinit.plugins.windows.createuser.CreateUserPlugin, - cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin" - cloudbase_metadata_services="cloudbaseinit.metadata.services.vmwareguestinfoservice.VMwareGuestInfoService" - cloudbase_plugins_unattend="cloudbaseinit.plugins.common.mtu.MTUPlugin" - cloudbase_metadata_services_unattend="cloudbaseinit.metadata.services.vmwareguestinfoservice.VMwareGuestInfoService" - prepull=true - wins_url=https://github.com/rancher/wins/releases/download/v0.0.4/wins.exe - windows_updates_kbs="" - windows_updates_categories="" - windows_service_manager=nssm - nssm_url=https://azurek8scishared.blob.core.windows.net/nssm/nssm.exe - distribution_version= - netbios_host_name_compatibility=true - disable_hypervisor=false - cloudbase_logging_serial_port= - load_additional_components=false - additional_registry_images=false - additional_registry_images_list= - additional_url_images=false - additional_url_images_list= - additional_executables=false - additional_executables_list= - additional_executables_destination_path= ---extra-vars ---extra-vars --e ansible_password=***** -images/capi/ansible/windows/node_windows.yml -``` - -Ansbile default tasks resides on `images/capi/ansible/windows/node_windows.yml`, this is a summary of them. - -#### Default tasks - -- Check if cloudbase-init url is set] -- Check if wins url is set -- Optimise powershell -- Get Install Drive -- Get Program Files Directory -- Get All Users profile path -- Get TEMP Directory - -#### System preparation tasks - -- Remove Windows updates default registry settings -- Add Windows update registry path -- Add Windows automatic update registry path -- Disable Windows automatic updates in registry -- Set Windows automatic updates to notify only in registry -- Set WinRm Service to delayed start -- Update Windows Defender signatures -- Install OpenSSH -- Set default SSH shell to Powershell -- Create SSH program data folder -- Enable ssh login without a password -- Set SSH service startup mode to auto and ensure it is started] *** -- Apply HNS fix for Multple LB policies -- Add required Windows Features -- Add Hyper-V - -#### Cloudbase init - -What is [cloudbase-init](https://cloudbase-init.readthedocs.io/en/latest/)? - -- Download Cloudbase-init -- Ensure log directory -- Install Cloudbase-init -- Set up cloudbase-init unattend configuration -- Set up cloudbase-init configuration -- Configure set up complete - -#### Runtime - -Containerd vs Docker - -- Install docker via OneGet -- Start Docker Service -- Set up Docker Network - -#### Kubernetes - -- Download kubernetes binaries - -* kubeadm -* kubectl -* kubelet - -- Add kubernetes folder to path -- Create kubelet directory structure - -* C:\var\log\kubelet -* C:\var\lib\kubelet\etc\kubernetes -* C:\var\lib\kubelet\etc\kubernetes\manifests -* C:\etc\kubernetes\pki - -- Symlink kubelet pki folder -- Download nssm -- Create kubelet start file for nssm] -- Install kubelet via nssm -- Ensure kubelet is installed -- Add firewall rule for kubelet -- Get wins -- Register wins.exe -- Ensure that wins service is running - -#### Debugging - -Debugging helper files are downloaded: - -``` -debug/collectlogs.ps1 -debug/dumpVfpPolicies.ps1 -debug/portReservationTest.ps1 -debug/starthnstrace.cmd -debug/startpacketcapture.cmd -debug/stoppacketcapture.cmd -debug/VFP.psm1 -helper.psm1 -hns.psm1 -hack/DebugWindowsNode.ps1 -``` - -### Goss provisioning - -[GOSS](https://github.com/aelsabbahy/goss) is a quick and easy server validation, -this runs as the last provision step. - -## Modifying the box with custom steps - -``` -WARNING: Experiment in progress -``` - -Installing Hyperv, ssh, containerd and Kubernetes binaries are already being contemplated -in the Ansible tasks installations. - -### Cloudinit - -Basic details of the box, vagrant user, ssh key, etc. ? -Kubeadm reconfiguration and IP setting can be made here -What username and password are used here, and how to change it? - -### Custom ansible roles - -#### CNI installation details - -Move forked *-calico.ps1 scripts to built-in. -CNI configuration must work with the new IP NIC. diff --git a/experiments/image-builder/image-builder.sh b/experiments/image-builder/image-builder.sh deleted file mode 100755 index a1d908a..0000000 --- a/experiments/image-builder/image-builder.sh +++ /dev/null @@ -1,89 +0,0 @@ -#!/bin/bash - -# Copyright 2021 The Kubernetes Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -[[ -n ${DEBUG:-} ]] && set -o xtrace - -tmpfile=$(mktemp) -OVERLAYS_FOLDER=${ROOT_OVERLAYS:-${PWD}/overlays} - -IMAGE_BUILDER_FOLDER="${IMAGE_BUILDER_FOLDER:-image-builder}" -echo "IMAGE_BUILDER_FOLDER: $IMAGE_BUILDER_FOLDER" -IMAGE_BUILDER_BRANCH="${IMAGE_BUILDER_BRANCH:-master}" -echo "IMAGE_BUILDER_BRANCH: $IMAGE_BUILDER_BRANCH" -IMAGE_BUILDER_REPO="${IMAGE_BUILDER_REPO:-https://github.com/kubernetes-sigs/image-builder.git}" -echo "IMAGE_BUILDER_REPO: $IMAGE_BUILDER_REPO" -CAPI_IMAGES_PATH=${IMAGE_BUILDER_FOLDER}/images/capi - -CONTAINERD_PREPULL_IMAGES=${CONTAINERD_PREPULL_IMAGES:-docker.io/stefanscherer/whoami:windows-amd64-2.0.1} # comma separated -ANSIBLE_VARS="custom_role=true load_additional_components=true additional_registry_images=true additional_registry_images_list=${CONTAINERD_PREPULL_IMAGES}" - -# Settings and building configuration file from environment variables -VBOX_WINDOWS_ISO="${VBOX_WINDOWS_ISO:-file:/tmp/windows.iso}" -VBOX_WINDOWS_RUNTIME="${VBOX_WINDOWS_RUNTIME:-containerd}" -VBOX_WINDOWS_ROLES=${VBOX_WINDOWS_CUSTOM_ROLES:-utilities} - -function clean { - rm -f ${tmpfile} -} - - -function build_configuration { - jq --null-input \ - --arg iso_url "${VBOX_WINDOWS_ISO}" \ - --arg runtime "${VBOX_WINDOWS_RUNTIME}" \ - --arg custom_role_names "${VBOX_WINDOWS_ROLES}" \ - --arg ansible_extra_vars "${ANSIBLE_VARS}" \ - --arg windows_updates_kbs "KB5009557" \ - '{ - "os_iso_url": $iso_url, - "runtime": $runtime, - "ansible_extra_vars": $ansible_extra_vars, - "custom_role_names": $custom_role_names, - "windows_updates_kbs": $windows_updates_kbs, - }' > ${tmpfile} -} - -function copy_overlay_files { - # Overlay copy - cp -r ${OVERLAYS_FOLDER}/ansible/roles/utilities ./ansible/windows/roles/ - cp ${OVERLAYS_FOLDER}/autounattend.xml ./packer/vbox/windows/windows-2019/autounattend.xml - cp ${OVERLAYS_FOLDER}/vm-guest-tools.ps1 ./packer/vbox/windows/vm-guest-tools.ps1 - cp ${OVERLAYS_FOLDER}/packer-windows.json ./packer/vbox/packer-windows.json -} - -# adding the choco package manager plugin to ansible (see https://community.chocolatey.org/packages) -ansible-galaxy collection install chocolatey.chocolatey - -# Cloning the image-builder repository -[[ ! -d ${IMAGE_BUILDER_FOLDER} ]] && git clone ${IMAGE_BUILDER_REPO} ${IMAGE_BUILDER_FOLDER} - -# Build local virtualbox artifact -pushd ${CAPI_IMAGES_PATH} - hack/ensure-jq.sh - git checkout ${IMAGE_BUILDER_BRANCH} - - build_configuration - copy_overlay_files - - make clean-vbox - PACKER_VAR_FILES="${tmpfile}" make build-vbox-windows-2019 -popd - -clean diff --git a/experiments/image-builder/images/diagram.jpg b/experiments/image-builder/images/diagram.jpg deleted file mode 100644 index 5cdd598..0000000 Binary files a/experiments/image-builder/images/diagram.jpg and /dev/null differ diff --git a/experiments/image-builder/overlays/ansible/roles/utilities/tasks/main.yml b/experiments/image-builder/overlays/ansible/roles/utilities/tasks/main.yml deleted file mode 100644 index 8a48d78..0000000 --- a/experiments/image-builder/overlays/ansible/roles/utilities/tasks/main.yml +++ /dev/null @@ -1,37 +0,0 @@ -- name: Enable ssh login with password - win_shell: Set-Content -Path "$env:ProgramData\ssh\sshd_config" -Value "PasswordAuthentication yes`nPubkeyAuthentication yes" - -## Install Kube-Proxy - -- name: Download Kubernetes kube-proxy - win_get_url: - url: "{{ kubernetes_base_url }}/kube-proxy.exe" - dest: '{{ kubernetes_install_path }}\' - retries: 5 - delay: 3 - -## Install CRI and pull images - -- name: Download crictl - win_get_url: - url: "https://github.com/kubernetes-sigs/cri-tools/releases/download/v1.22.0/crictl-v1.22.0-windows-amd64.tar.gz" - dest: '{{ programfiles.stdout | trim }}\containerd\crictl-v1.22.0-windows-amd64.tar.gz' - retries: 5 - delay: 3 - -- name: Decompress crictl binary - win_shell: | - tar xvf "{{ programfiles.stdout | trim }}\containerd\crictl-v1.22.0-windows-amd64.tar.gz" - - -# CHOCO PACKAGES -# for more packages: https://community.chocolatey.org/packages -# on how to use ansible's choco plugin: https://docs.ansible.com/ansible/latest/collections/chocolatey/chocolatey/win_chocolatey_module.html#examples - -- name: Ensure Chocolatey itself is installed and use internal repo as source - win_chocolatey: - name: chocolatey - -- name: Install vim via Choco - win_chocolatey: - name: vim diff --git a/experiments/image-builder/overlays/autounattend.xml b/experiments/image-builder/overlays/autounattend.xml deleted file mode 100644 index 198d552..0000000 --- a/experiments/image-builder/overlays/autounattend.xml +++ /dev/null @@ -1,254 +0,0 @@ - - - - - - - - - - a:\ - - - - - - - - - 1 - 350 - Primary - - - 2 - true - Primary - - - - - NTFS - - 1 - 1 - 0x27 - - - 2 - 2 - C - - NTFS - - - 0 - true - - - - - - 0 - 2 - - - - /IMAGE/NAME - Windows Server 2019 SERVERSTANDARDCORE - - - - - - true - Vagrant - Vagrant - - - - - - true - - - - en-US - - 0409:00000409 - en-US - en-US - en-US - en-US - - - - - false - - - - - 1 - - - - - 0409:00000409 - en-US - en-US - en-US - en-US - - - true - - - 0 - - - - N69G4-B89J2-4G8F4-WWYCC-J464C - - - - - - - vagrant - true</PlainText> - </Password> - <Enabled>true</Enabled> - <Username>vagrant</Username> - </AutoLogon> - <FirstLogonCommands> - <SynchronousCommand wcm:action="add"> - <Order>1</Order> - <Description>Set Execution Policy 64 Bit</Description> - <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <Order>2</Order> - <Description>Set Execution Policy 32 Bit</Description> - <CommandLine>%SystemDrive%\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> - <RequiresUserInput>true</RequiresUserInput> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine> - <Order>3</Order> - <Description>Show file extensions in Explorer</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine> - <Order>4</Order> - <Description>Enable QuickEdit mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine> - <Order>5</Order> - <Description>Show Run command in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine> - <Order>6</Order> - <Description>Show Administrative Tools in Start Menu</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine> - <Order>7</Order> - <Description>Zero Hibernation File</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine> - <Order>8</Order> - <Description>Disable Hibernation Mode</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE</CommandLine> - <Order>9</Order> - <Description>Disable password expiration for Administrator user</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c a:\install-vm-tools.cmd</CommandLine> - <Order>10</Order> - <Description>Install VMware Tools</Description> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c %SystemDrive%\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1</CommandLine> - <Description>Enable WinRM</Description> - <Order>11</Order> - </SynchronousCommand> - <SynchronousCommand wcm:action="add"> - <CommandLine>cmd.exe /c a:\disable-network-discovery.cmd</CommandLine> - <Description>Disable Network Discovery</Description> - <Order>12</Order> - </SynchronousCommand> - </FirstLogonCommands> - <OOBE> - <HideEULAPage>true</HideEULAPage> - <HideLocalAccountScreen>true</HideLocalAccountScreen> - <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> - <HideOnlineAccountScreens>true</HideOnlineAccountScreens> - <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> - <NetworkLocation>Work</NetworkLocation> - <ProtectYourPC>1</ProtectYourPC> - <SkipMachineOOBE>true</SkipMachineOOBE> - <SkipUserOOBE>true</SkipUserOOBE> - </OOBE> - <RegisteredOrganization>Organization</RegisteredOrganization> - <RegisteredOwner>Owner</RegisteredOwner> - <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet> - <TimeZone>Pacific Standard Time</TimeZone> - <UserAccounts> - <AdministratorPassword> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </AdministratorPassword> - <LocalAccounts> - <LocalAccount wcm:action="add"> - <Password> - <Value>vagrant</Value> - <PlainText>true</PlainText> - </Password> - <Group>administrators</Group> - <DisplayName>Vagrant</DisplayName> - <Name>vagrant</Name> - <Description>Vagrant User</Description> - </LocalAccount> - </LocalAccounts> - </UserAccounts> - </component> - </settings> -</unattend> \ No newline at end of file diff --git a/experiments/image-builder/overlays/packer-windows.json b/experiments/image-builder/overlays/packer-windows.json deleted file mode 100644 index 3fd1a58..0000000 --- a/experiments/image-builder/overlays/packer-windows.json +++ /dev/null @@ -1,129 +0,0 @@ -{ - "builders": [ - { - "boot_wait": "{{user `boot_wait`}}", - "communicator": "winrm", - "cpus": "{{user `cpu`}}", - "disk_size": "{{user `disk_size`}}", - "floppy_files": [ - "./packer/vbox/windows/{{user `build_name`}}/autounattend.xml", - "./packer/vbox/windows/enable-winrm.ps1", - "./packer/vbox/windows/sysprep.ps1" - ], - "guest_additions_mode": "disable", - "guest_os_type": "{{user `local_guest_os_type`}}", - "iso_checksum": "{{user `iso_checksum`}}", - "iso_urls": [ - "{{user `os_iso_url`}}" - ], - "memory": "{{user `memory`}}", - "name": "virtualbox-iso", - "output_directory": "{{user `output_dir`}}", - "shutdown_command": "powershell A:/sysprep.ps1", - "shutdown_timeout": "1h", - "type": "virtualbox-iso", - "vm_name": "{{user `build_version`}}", - "winrm_password": "vagrant", - "winrm_timeout": "4h", - "winrm_username": "vagrant", - "vboxmanage": [ - ["modifyvm", "{{.Name}}", "--nic2", "hostonly"], - ["modifyvm", "{{.Name}}", "--hostonlyadapter2", "vboxnet0"] - ] - } - ], - "post-processors": [ - { - "keep_input_artifact": true, - "output": "./output/windows-2019.box", - "type": "vagrant", - "vagrantfile_template": "./packer/vbox/vagrantfile-windows_2019.template" - } - ], - "provisioners": [ - { - "extra_arguments": [ - "-e", - "ansible_winrm_scheme=http", - "--extra-vars", - "{{user `ansible_common_vars`}}", - "--extra-vars", - "{{user `ansible_extra_vars`}}", - "--extra-vars", - "{{user `ansible_user_vars`}}" - ], - "playbook_file": "ansible/windows/node_windows.yml", - "type": "ansible", - "use_proxy": false, - "user": "vagrant" - }, - { - "restart_check_command": "powershell -command \"& {if ((get-content C:\\ProgramData\\lastboot.txt) -eq (Get-WmiObject win32_operatingsystem).LastBootUpTime) {Write-Output 'Sleeping for 600 seconds to wait for reboot'; start-sleep 600} else {Write-Output 'Reboot complete'}}\"", - "restart_command": "powershell \"& {(Get-WmiObject win32_operatingsystem).LastBootUpTime > C:\\ProgramData\\lastboot.txt; Restart-Computer -force}\"", - "type": "windows-restart" - }, - { - "arch": "{{user `goss_arch`}}", - "download_path": "{{user `goss_download_path`}}", - "format": "{{user `goss_format`}}", - "format_options": "{{user `goss_format_options`}}", - "goss_file": "{{user `goss_entry_file`}}", - "inspect": "{{user `goss_inspect_mode`}}", - "remote_folder": "{{user `goss_remote_folder`}}", - "remote_path": "{{user `goss_remote_path`}}", - "skip_install": "{{user `goss_skip_install`}}", - "target_os": "Windows", - "tests": [ - "{{user `goss_tests_dir`}}" - ], - "type": "goss", - "url": "{{user `goss_url`}}", - "use_sudo": false, - "vars_env": { - "GOSS_MAX_CONCURRENT": "1", - "GOSS_USE_ALPHA": "1" - }, - "vars_file": "{{user `goss_vars_file`}}", - "vars_inline": { - "OS": "{{user `distro_name` | lower}}", - "PROVIDER": "virtualbox", - "containerd_version": "{{user `containerd_version`}}", - "distribution_version": "{{user `distro_version`}}", - "docker_ee_version": "{{user `docker_ee_version`}}", - "kubernetes_version": "{{user `kubernetes_semver`}}", - "pause_image": "{{user `pause_image`}}", - "runtime": "{{user `runtime`}}" - }, - "version": "{{user `goss_version`}}" - } - ], - "variables": { - "ansible_common_vars": "", - "ansible_extra_vars": "", - "ansible_user_vars": "", - "build_name": null, - "build_timestamp": "{{timestamp}}", - "build_version": "{{user `build_name`}}-kube-{{user `kubernetes_semver`}}", - "cloudbase_init_url": "https://github.com/cloudbase/cloudbase-init/releases/download/{{user `cloudbase_init_version`}}/CloudbaseInitSetup_{{user `cloudbase_init_version` | replace_all `.` `_` }}_x64.msi", - "cloudbase_plugins": "cloudbaseinit.plugins.common.ephemeraldisk.EphemeralDiskPlugin, cloudbaseinit.plugins.common.mtu.MTUPlugin, cloudbaseinit.plugins.common.sethostname.SetHostNamePlugin, cloudbaseinit.plugins.common.sshpublickeys.SetUserSSHPublicKeysPlugin, cloudbaseinit.plugins.common.userdata.UserDataPlugin, cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin, cloudbaseinit.plugins.windows.createuser.CreateUserPlugin, cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin", - "cloudbase_plugins_unattend": "cloudbaseinit.plugins.common.mtu.MTUPlugin", - "containerd_sha256": null, - "containerd_url": "", - "calico_version": null, - "containerd_version": null, - "disable_hypervisor": null, - "disk_size": "81920", - "ib_version": "{{env `IB_VERSION`}}", - "kubernetes_base_url": "https://kubernetesreleases.blob.core.windows.net/kubernetes/{{user `kubernetes_semver`}}/binaries/node/windows/{{user `kubernetes_goarch`}}", - "kubernetes_http_package_url": "", - "kubernetes_typed_version": "kube-{{user `kubernetes_semver`}}", - "manifest_output": "manifest.json", - "netbios_host_name_compatibility": null, - "nssm_url": null, - "output_dir": "./output/{{user `build_version`}}", - "prepull": null, - "windows_service_manager": null, - "windows_updates_categories": null, - "windows_updates_kbs": null - } -} diff --git a/experiments/image-builder/overlays/vm-guest-tools.ps1 b/experiments/image-builder/overlays/vm-guest-tools.ps1 deleted file mode 100644 index c4a9c01..0000000 --- a/experiments/image-builder/overlays/vm-guest-tools.ps1 +++ /dev/null @@ -1,96 +0,0 @@ -if (!( Test-Path "C:\Windows\Temp\7z1900-x64.msi")) { - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi') - } - if (!(Test-Path "C:\Windows\Temp\7z1900-x64.msi")) { - Start-Sleep 5; [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi') - } - cmd /c msiexec /qb /i C:\Windows\Temp\7z1900-x64.msi - - if ("$env:PACKER_BUILDER_TYPE" -eq "vmware-iso") { - - Write-Output "Using VMware" - if (Test-Path "C:\Users\vagrant\windows.iso") { - Move-Item -force C:\Users\vagrant\windows.iso C:\Windows\Temp - } - - if (!(Test-Path "C:\Windows\Temp\windows.iso")) { - Try { - # Disabling the progress bar speeds up IWR https://github.com/PowerShell/PowerShell/issues/2138 - $ProgressPreference = 'SilentlyContinue' - $pageContentLinks = (Invoke-WebRequest('https://softwareupdate.vmware.com/cds/vmw-desktop/ws') -UseBasicParsing).Links | where-object { $_.href -Match "[0-9]" } | Select-Object href | ForEach-Object { $_.href.Trim('/') } - $versionObject = $pageContentLinks | ForEach-Object { new-object System.Version ($_) } | sort-object -Descending | select-object -First 1 -Property:Major, Minor, Build - $newestVersion = $versionObject.Major.ToString() + "." + $versionObject.Minor.ToString() + "." + $versionObject.Build.ToString() | out-string - $newestVersion = $newestVersion.TrimEnd("`r?`n") - - $nextURISubdirectoryObject = (Invoke-WebRequest("https://softwareupdate.vmware.com/cds/vmw-desktop/ws/$newestVersion/") -UseBasicParsing).Links | where-object { $_.href -Match "[0-9]" } | Select-Object href | where-object { $_.href -Match "[0-9]" } - $nextUriSubdirectory = $nextURISubdirectoryObject.href | Out-String - $nextUriSubdirectory = $nextUriSubdirectory.TrimEnd("`r?`n") - $newestVMwareToolsURL = "https://softwareupdate.vmware.com/cds/vmw-desktop/ws/$newestVersion/$nextURISubdirectory/windows/packages/tools-windows.tar" - Write-Output "The latest version of VMware tools has been determined to be downloadable from $newestVMwareToolsURL" - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile("$newestVMwareToolsURL", 'C:\Windows\Temp\vmware-tools.tar') - } - Catch { - Write-Output "Unable to determine the latest version of VMware tools. Falling back to hardcoded URL." - (New-Object System.Net.WebClient).DownloadFile('https://softwareupdate.vmware.com/cds/vmw-desktop/ws/15.5.5/16285975/windows/packages/tools-windows.tar', 'C:\Windows\Temp\vmware-tools.tar') - } - cmd /c "C:\PROGRA~1\7-Zip\7z.exe" x C:\Windows\Temp\vmware-tools.tar -oC:\Windows\Temp - Move-Item c:\windows\temp\VMware-tools-windows-*.iso c:\windows\temp\windows.iso - Try { Remove-Item "C:\Program Files (x86)\VMWare" -Recurse -Force -ErrorAction Stop } Catch { Write-Output "Directory didn't exist to be removed." } - } - - cmd /c "C:\PROGRA~1\7-Zip\7z.exe" x "C:\Windows\Temp\windows.iso" -oC:\Windows\Temp\VMWare - cmd /c C:\Windows\Temp\VMWare\setup.exe /S /v"/qn REBOOT=R\" - - Remove-Item -Force "C:\Windows\Temp\vmware-tools.tar" - Remove-Item -Force "C:\Windows\Temp\windows.iso" - Remove-Item -Force -Recurse "C:\Windows\Temp\VMware" - } - - if ("$env:PACKER_BUILDER_TYPE" -eq "virtualbox-iso") { - Write-Output "Using Virtualbox" - if (Test-Path "C:\Users\vagrant\VBoxGuestAdditions.iso") { - Move-Item -Force C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp - } - - if (!(Test-Path "C:\Windows\Temp\VBoxGuestAdditions.iso")) { - Try { - $pageContentLinks = (Invoke-WebRequest('https://download.virtualbox.org/virtualbox') -UseBasicParsing).Links | where-object { $_.href -Match "[0-9]" } | Select-Object href | where-object { $_.href -NotMatch "BETA" } | where-object { $_.href -NotMatch "RC" } | where-object { $_.href -Match "[0-9]\.[0-9]" } | ForEach-Object { $_.href.Trim('/') } - $versionObject = $pageContentLinks | ForEach-Object { new-object System.Version ($_) } | sort-object -Descending | select-object -First 1 -Property:Major, Minor, Build - $newestVersion = $versionObject.Major.ToString() + "." + $versionObject.Minor.ToString() + "." + $versionObject.Build.ToString() | out-string - $newestVersion = $newestVersion.TrimEnd("`r?`n") - - $nextURISubdirectoryObject = (Invoke-WebRequest("https://download.virtualbox.org/virtualbox/$newestVersion/") -UseBasicParsing).Links | Select-Object href | where-object { $_.href -Match "GuestAdditions" } - $nextUriSubdirectory = $nextURISubdirectoryObject.href | Out-String - $nextUriSubdirectory = $nextUriSubdirectory.TrimEnd("`r?`n") - $newestVboxToolsURL = "https://download.virtualbox.org/virtualbox/$newestVersion/$nextUriSubdirectory" - Write-Output "The latest version of VirtualBox tools has been determined to be downloadable from $newestVboxToolsURL" - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile("$newestVboxToolsURL", 'C:\Windows\Temp\VBoxGuestAdditions.iso') - } - Catch { - Write-Output "Unable to determine the latest version of VBox tools. Falling back to hardcoded URL." - [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; (New-Object System.Net.WebClient).DownloadFile('https://download.virtualbox.org/virtualbox/6.1.8/VBoxGuestAdditions_6.1.8.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso') - } - } - - cmd /c ""C:\PROGRA~1\7-Zip\7z.exe" x C:\Windows\Temp\VBoxGuestAdditions.iso -oC:\Windows\Temp\virtualbox" - Get-ChildItem "C:\Windows\Temp\virtualbox\cert\" -Filter vbox*.cer | Foreach-Object { C:\Windows\Temp\virtualbox\cert\VBoxCertUtil add-trusted-publisher $_.FullName --root $_.FullName } - cmd /c C:\Windows\Temp\virtualbox\VBoxWindowsAdditions.exe /S - cmd /c rd /S /Q "C:\Windows\Temp\virtualbox" - } - - if ("$env:PACKER_BUILDER_TYPE" -eq "parallels-iso") { - Write-Output "Using Parallels Desktop" - # This is required when using Parallels Desktop - # Currently the installation of Parallels Tools is broken if you're installing in Windows Server & Windows Server Core - # You will encounter an error in printui.dll module not found message. - # This feature will add the required libraries for printing services. - - # Parallels Tools is required for sync_folder to work. - # Vagrantfile config: v.update_guest_tools = true will be installed with no issues - if ($(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ProductName.StartsWith("Windows Server")) { - Write-Output "Installing Print Server service" - Install-WindowsFeature -Name Print-Server - } - } - - cmd /c msiexec /qb /x C:\Windows\Temp\7z1900-x64.msi \ No newline at end of file