-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
⭐️ add azure windows build example (#192)
- Loading branch information
1 parent
df75fc5
commit ea2cc3e
Showing
3 changed files
with
149 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| # Azure | ||
|
|
||
| This example shows how to build a Windows Server 2019 image in Azure. It uses | ||
| the [Azure RM Builder](https://www.packer.io/docs/builders/azure.html) to create a VM, install Windows, run a PowerShell | ||
| script to configure the VM, and then run cnspec packer plugin to assess the security. | ||
|
|
||
| 1. Install [Packer](https://www.packer.io/downloads.html) | ||
| and [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) | ||
|
|
||
| ```shell | ||
| az login | ||
| ``` | ||
|
|
||
| Update the variables.pkrvars.hcl file with your Azure subscription ID and tenant ID. | ||
|
|
||
| 2. Install all the required plugins | ||
|
|
||
| ```shell | ||
| packer init windows.pkr.hcl | ||
| ``` | ||
|
|
||
| 3. Build the image | ||
|
|
||
| ```shell | ||
| packer build -var-file=variables.hcl windows.pkr.hcl | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| # Copyright (c) Mondoo, Inc. | ||
| # SPDX-License-Identifier: BUSL-1.1 | ||
|
|
||
|
|
||
| tenantId = "00000000-0000-0000-0000-000000000000" | ||
| subscriptionId = "00000000-0000-0000-0000-000000000000" | ||
| resourceGroup = "myResourceGroup" | ||
| location = "westus2" | ||
|
|
||
| imageName = "myImage" | ||
| imageVersion = "1.6.0" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,112 @@ | ||
| # Copyright (c) Mondoo, Inc. | ||
| # SPDX-License-Identifier: BUSL-1.1 | ||
|
|
||
| packer { | ||
| required_plugins { | ||
| azure = { | ||
| source = "github.com/hashicorp/azure" | ||
| version = ">= 2" | ||
| } | ||
| cnspec = { | ||
| version = ">= 10.0.0" | ||
| source = "github.com/mondoohq/cnspec" | ||
| } | ||
| } | ||
| } | ||
|
|
||
| locals { | ||
| random = uuidv4() | ||
| date = timestamp() | ||
| } | ||
|
|
||
| variable "tenantId" { | ||
| type = string | ||
| description = "The Azure tenant ID" | ||
| } | ||
|
|
||
| variable "subscriptionId" { | ||
| type = string | ||
| description = "The Azure subscription ID" | ||
| } | ||
|
|
||
| variable "location" { | ||
| type = string | ||
| description = "The Azure region to deploy to" | ||
| } | ||
|
|
||
| variable "resourceGroup" { | ||
| type = string | ||
| description = "The Azure resource group to deploy to" | ||
| } | ||
|
|
||
| variable "galleryName" { | ||
| type = string | ||
| description = "The Azure Shared Image Gallery name" | ||
| } | ||
|
|
||
| variable "imageName" { | ||
| type = string | ||
| description = "The Azure Shared Image Gallery image name" | ||
| } | ||
|
|
||
| variable "imageVersion" { | ||
| type = string | ||
| description = "The Azure Shared Image Gallery image version" | ||
| } | ||
|
|
||
| source "azure-arm" "windows" { | ||
| use_azure_cli_auth = true | ||
|
|
||
| os_type = "Windows" | ||
| image_publisher = "MicrosoftWindowsServer" | ||
| image_offer = "WindowsServer" | ||
| image_sku = "2019-Datacenter" | ||
|
|
||
| azure_tags = { | ||
| packer = "true", | ||
| build-id = "${local.random}" | ||
| } | ||
|
|
||
| managed_image_name = "${var.imageName}-${var.imageVersion}" | ||
| managed_image_resource_group_name = var.resourceGroup | ||
|
|
||
| location = var.location | ||
| vm_size = "Standard_B4ms" | ||
|
|
||
| communicator = "winrm" | ||
| winrm_use_ssl = "true" | ||
| winrm_insecure = "true" | ||
| winrm_timeout = "50m" | ||
| winrm_username = "packer" | ||
| } | ||
|
|
||
| build { | ||
|
|
||
| sources = ["sources.azure-arm.windows"] | ||
|
|
||
| provisioner "cnspec" { | ||
| asset_name = "${var.imageName}-${var.imageVersion}" | ||
| # score_threshold = 80 | ||
| on_failure = "continue" | ||
| debug = false | ||
| annotations = { | ||
| os-type = "WindowsServer" | ||
| os-version = "2019-Datacenter" | ||
| image-version = "${var.imageVersion}" | ||
| build-time = "${local.date}" | ||
| build-id = "${local.random}" | ||
| } | ||
| } | ||
|
|
||
| provisioner "powershell" { | ||
| inline = [ | ||
| "# If Guest Agent services are installed, make sure that they have started.", | ||
| "foreach ($service in Get-Service -Name RdAgent, WindowsAzureTelemetryService, WindowsAzureGuestAgent -ErrorAction SilentlyContinue) { while ((Get-Service $service.Name).Status -ne 'Running') { Start-Sleep -s 5 } }", | ||
|
|
||
| "& $env:SystemRoot\\System32\\Sysprep\\Sysprep.exe /oobe /generalize /quiet /quit /mode:vm", | ||
| "while($true) { $imageState = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State | Select ImageState; if($imageState.ImageState -ne 'IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE') { Write-Output $imageState.ImageState; Start-Sleep -s 10 } else { break } }" | ||
| ] | ||
| } | ||
|
|
||
|
|
||
| } |