From bc46f5f29c734eea8950afd0bb3e74fb7097b74a Mon Sep 17 00:00:00 2001 From: Joe Fitzgerald Date: Thu, 15 Oct 2015 19:02:00 -0600 Subject: [PATCH 01/11] Remove OpenSSH, Add WinRM --- answer_files/2012_r2/Autounattend.xml | 142 ++++++++------------------ scripts/disable-winrm.ps1 | 8 ++ scripts/enable-winrm.ps1 | 13 +++ scripts/win-updates.ps1 | 5 +- windows_2012_r2.json | 43 ++++---- 5 files changed, 91 insertions(+), 120 deletions(-) create mode 100644 scripts/disable-winrm.ps1 create mode 100644 scripts/enable-winrm.ps1 diff --git a/answer_files/2012_r2/Autounattend.xml b/answer_files/2012_r2/Autounattend.xml index 21668540..d68e28b9 100644 --- a/answer_files/2012_r2/Autounattend.xml +++ b/answer_files/2012_r2/Autounattend.xml @@ -1,7 +1,7 @@ - + en-US @@ -11,7 +11,7 @@ en-US en-US - + @@ -75,30 +75,49 @@ - + false vagrant-2012-r2 Pacific Standard Time - + - + true - + false false - + true - + true + + + + 1 + Set Execution Policy 64 Bit + cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force" + + + 2 + Set Execution Policy 32 Bit + cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force" + + + 3 + Disable WinRM + C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1 + + + - + vagrant @@ -121,129 +140,55 @@ true - cmd.exe /c winrm quickconfig -q - winrm quickconfig -q + C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1 + Disable WinRM 3 true - - cmd.exe /c winrm quickconfig -transport:http - winrm quickconfig -transport:http - 4 - true - - - cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"} - Win RM MaxTimoutms - 5 - true - - - cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"} - Win RM MaxMemoryPerShellMB - 6 - true - - - cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"} - Win RM AllowUnencrypted - 7 - true - - - cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"} - Win RM auth Basic - 8 - true - - - cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"} - Win RM client auth Basic - 9 - true - - - cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} - Win RM listener Address/Port - 10 - true - - - cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes - Win RM adv firewall enable - 11 - true - - - cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" - Win RM port open - 12 - true - - - cmd.exe /c net stop winrm - Stop Win RM Service - 13 - true - - - cmd.exe /c sc config winrm start= auto - Win RM Autostart - 14 - true - - - cmd.exe /c net start winrm - Start Win RM Service - 15 - true - %SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f - 16 + 4 Show file extensions in Explorer %SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f - 17 + 5 Enable QuickEdit mode %SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f - 18 + 6 Show Run command in Start Menu %SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f - 19 + 7 Show Administrative Tools in Start Menu %SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f - 20 + 8 Zero Hibernation File %SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f - 21 + 9 Disable Hibernation Mode cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE - 22 + 10 Disable password expiration for vagrant user - + @@ -284,13 +230,13 @@ - + - + false - + diff --git a/scripts/disable-winrm.ps1 b/scripts/disable-winrm.ps1 new file mode 100644 index 00000000..1ce92739 --- /dev/null +++ b/scripts/disable-winrm.ps1 @@ -0,0 +1,8 @@ +netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block +netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes +$winrmService = Get-Service -Name WinRM +if ($winrmService.Status -eq "Running"){ + Disable-PSRemoting -Force +} +Stop-Service winrm +Set-Service -Name winrm -StartupType Disabled diff --git a/scripts/enable-winrm.ps1 b/scripts/enable-winrm.ps1 new file mode 100644 index 00000000..c0c75872 --- /dev/null +++ b/scripts/enable-winrm.ps1 @@ -0,0 +1,13 @@ +Enable-PSRemoting -Force +winrm quickconfig -q +winrm quickconfig -transport:http +winrm set winrm/config '@{MaxTimeoutms="1800000"}' +winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="800"}' +winrm set winrm/config/service '@{AllowUnencrypted="true"}' +winrm set winrm/config/service/auth '@{Basic="true"}' +winrm set winrm/config/client/auth '@{Basic="true"}' +winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}' +netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes +netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow +Set-Service winrm -startuptype "auto" +Restart-Service winrm diff --git a/scripts/win-updates.ps1 b/scripts/win-updates.ps1 index 59a88d7b..17fcc40b 100644 --- a/scripts/win-updates.ps1 +++ b/scripts/win-updates.ps1 @@ -30,10 +30,10 @@ function Check-ContinueRestartOrEnd() { Install-WindowsUpdates } elseif ($script:Cycles -gt $global:MaxCycles) { LogWrite "Exceeded Cycle Count - Stopping" - Invoke-Expression "a:\openssh.ps1 -AutoStart" + Invoke-Expression "a:\enable-winrm.ps1" } else { LogWrite "Done Installing Windows Updates" - Invoke-Expression "a:\openssh.ps1 -AutoStart" + Invoke-Expression "a:\enable-winrm.ps1" } } 1 { @@ -230,4 +230,3 @@ if ($global:MoreUpdates -eq 1) { } else { Check-ContinueRestartOrEnd } - diff --git a/windows_2012_r2.json b/windows_2012_r2.json index 1a47719f..4513f583 100644 --- a/windows_2012_r2.json +++ b/windows_2012_r2.json @@ -2,25 +2,28 @@ "builders": [ { "type": "vmware-iso", + "communicator": "winrm", "iso_url": "{{user `iso_url`}}", "iso_checksum_type": "{{user `iso_checksum_type`}}", "iso_checksum": "{{user `iso_checksum`}}", - "headless": true, + "headless": false, "boot_wait": "2m", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "ssh_wait_timeout": "6h", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "6h", "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", "guest_os_type": "windows8srv-64", "tools_upload_flavor": "windows", "disk_size": 61440, "vnc_port_min": 5900, "vnc_port_max": 5980, + "skip_compaction": true, "floppy_files": [ "{{user `autounattend`}}", + "./scripts/disable-winrm.ps1", + "./scripts/enable-winrm.ps1", "./scripts/microsoft-updates.bat", - "./scripts/win-updates.ps1", - "./scripts/openssh.ps1" + "./scripts/win-updates.ps1" ], "vmx_data": { "RemoteDisplay.vnc.enabled": "false", @@ -32,22 +35,24 @@ }, { "type": "virtualbox-iso", + "communicator": "winrm", "iso_url": "{{user `iso_url`}}", "iso_checksum_type": "{{user `iso_checksum_type`}}", "iso_checksum": "{{user `iso_checksum`}}", - "headless": true, + "headless": false, "boot_wait": "2m", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "ssh_wait_timeout": "6h", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "6h", "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", "guest_os_type": "Windows2012_64", "disk_size": 61440, "floppy_files": [ "{{user `autounattend`}}", + "./scripts/disable-winrm.ps1", + "./scripts/enable-winrm.ps1", "./scripts/microsoft-updates.bat", "./scripts/win-updates.ps1", - "./scripts/openssh.ps1", "./scripts/oracle-cert.cer" ], "vboxmanage": [ @@ -68,12 +73,13 @@ ], "provisioners": [ { - "type": "shell", - "remote_path": "/tmp/script.bat", - "execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat", + "type": "windows-restart" + }, + { + "type": "windows-shell", + "execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"", "scripts": [ "./scripts/vm-guest-tools.bat", - "./scripts/vagrant-ssh.bat", "./scripts/enable-rdp.bat", "./scripts/compile-dotnet-assemblies.bat", "./scripts/disable-auto-logon.bat", @@ -83,10 +89,9 @@ ], "post-processors": [ { - "type": "vagrant", - "keep_input_artifact": false, - "output": "windows_2012_r2_{{.Provider}}.box", - "vagrantfile_template": "vagrantfile-windows_2012_r2.template" + "type": "compress", + "keep_input_artifact": true, + "output": "{{.BuildName}}.zip" } ], "variables": { From bf7ade5c06527a171bf392056f058242e4dce4d1 Mon Sep 17 00:00:00 2001 From: Joe Fitzgerald Date: Thu, 15 Oct 2015 21:14:13 -0600 Subject: [PATCH 02/11] Disable Tool Upload - Download Tools Instead; Tool Upload Is Flakey With WinRM - Re-enable Windows Updates By Default - Re-enable Headless By Default --- answer_files/2012_r2/Autounattend.xml | 4 ++-- scripts/vm-guest-tools.bat | 12 ++++++++++-- windows_2012_r2.json | 6 +++--- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/answer_files/2012_r2/Autounattend.xml b/answer_files/2012_r2/Autounattend.xml index d68e28b9..8a72f6b4 100644 --- a/answer_files/2012_r2/Autounattend.xml +++ b/answer_files/2012_r2/Autounattend.xml @@ -181,14 +181,15 @@ Disable password expiration for vagrant user + - diff --git a/scripts/vm-guest-tools.bat b/scripts/vm-guest-tools.bat index 0be67823..120224f0 100644 --- a/scripts/vm-guest-tools.bat +++ b/scripts/vm-guest-tools.bat @@ -32,9 +32,17 @@ goto :done :: to prevent user intervention popups which will undermine a silent installation. cmd /c certutil -addstore -f "TrustedPublisher" A:\oracle-cert.cer -move /Y C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp +if exist "C:\Users\vagrant\VBoxGuestAdditions.iso" ( + move /Y C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp +) + +if not exist "C:\Windows\Temp\VBoxGuestAdditions.iso" ( + powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://download.virtualbox.org/virtualbox/5.0.6/VBoxGuestAdditions_5.0.6.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')" Date: Thu, 15 Oct 2015 21:33:46 -0600 Subject: [PATCH 03/11] Remove rsync Docs --- README-rsync.md | 68 ------------------------------------------------- 1 file changed, 68 deletions(-) delete mode 100644 README-rsync.md diff --git a/README-rsync.md b/README-rsync.md deleted file mode 100644 index b019ab79..00000000 --- a/README-rsync.md +++ /dev/null @@ -1,68 +0,0 @@ -# How to enable RSync for Windows Templates - -## Introduction - -This document explains how to install RSync into the Windows boxes to be able to use Vagrant's synced folder type `rsync`. Read the [Vagrant Docs](https://docs.vagrantup.com/v2/synced-folders/rsync.html) for more details and the additional vagrant commands. - -## Prerequisites - -### SSH - -To use `rsync` in the Windows boxes you also will need that SSH is installed and enabled. At the time of writing OpenSSH will always be installed to make the packer build work. This is part of the `Autounattend.xml` answer files. - -In the future SSH might disappear from default installation as packer will be able to communicate through WinRM with the Windows box. For rsync you then have to add the `scripts/openssh.ps1` again to have OpenSSH up and running. - -## Installation - -To install `rsync` in the Windows boxes you have to add the `./scripts/rsync.bat` script to the packer template's shell provisioner scripts as shown in this example: - -```json - "provisioners": [ - { - "type": "shell", - "remote_path": "/tmp/script.bat", - "execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat", - "scripts": [ - "./scripts/vm-guest-tools.bat", - "./scripts/chef.bat", - "./scripts/vagrant-ssh.bat", - "./scripts/compile-dotnet-assemblies.bat", - "./scripts/rsync.bat", - "./scripts/compact.bat" - ] - }, -``` - -The script also creates a symlink so that the folder `/vagrant` could be used in the Vagrantfile to sync files to `C:\vagrant`. So the example from the Vagrant documentation works without any changes. - -## Enable RSync in a Vagrantfile - -The following is an example of using RSync to sync a folder into a Windows box. Please notice that we have to forward the SSH port as it will not be forwarded automatically at the moment. -```ruby -# -*- mode: ruby -*- -# vi: set ft=ruby : - -VAGRANTFILE_API_VERSION = "2" - -Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| - config.vm.box = "windows_2012_r2" - - config.vm.synced_folder ".", "/vagrant", type: "rsync", rsync__exclude: ".git/" - - config.vm.network :forwarded_port, guest: 22, host: 2222, id: "ssh", auto_correct: true - - config.vm.provider "virtualbox" do |vb| - vb.gui = true - end -end -``` - -If you want to sync into another directory of the Windows box, use the Cygwin path prefix `/cygdrive/c` as shown in this example: - -```ruby - config.vm.synced_folder '.', "/cygdrive/c/vagrant-rsync", - type: "rsync", - rsync__auto: "true", - rsync__exclude: [".git/",".vagrant/"], - id: "vagrant" -``` From f32c15b109c85f0080235be7e12587ffbc9e7051 Mon Sep 17 00:00:00 2001 From: Joe Fitzgerald Date: Thu, 15 Oct 2015 21:34:14 -0600 Subject: [PATCH 04/11] :abc: Update README --- README.md | 54 +++++++++++++++++++++--------------------------------- 1 file changed, 21 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index ff7a45a1..4a287d15 100644 --- a/README.md +++ b/README.md @@ -2,17 +2,15 @@ ### Introduction -This repository contains Windows templates that can be used to create boxes for Vagrant using Packer ([Website](http://www.packer.io)) ([Github](http://github.com/mitchellh/packer)). - -This repo began by borrowing bits from the VeeWee Windows templates (https://github.com/jedi4ever/veewee/tree/master/templates). Modifications were made to work with Packer and the VMware Fusion / VirtualBox providers for Packer and Vagrant. +This repository contains Windows templates that can be used to create machine images with Packer ([Website](http://www.packer.io)) ([Github](http://github.com/mitchellh/packer)). ### Packer Version -[Packer](https://github.com/mitchellh/packer/blob/master/CHANGELOG.md) `0.5.1` or greater is required. +[Packer](https://github.com/mitchellh/packer) `0.8.6` or greater is required. ### Windows Versions -The following Windows versions are known to work (built with VMware Fusion 6.0.4 and VirtualBox 4.3.12): +The following Windows versions are known to work (built with VMware Fusion 8.0.1 and VirtualBox 5.0.6): * Windows 2012 R2 * Windows 2012 R2 Core @@ -43,10 +41,9 @@ The scripts in this repo will install all Windows updates – by default – dur ```xml - cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\openssh.ps1 -AutoStart - Install OpenSSH + cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\enable-winrm.ps1 + Enable WinRM 99 - true @@ -56,12 +53,6 @@ The scripts in this repo will install all Windows updates – by default – dur 98 Enable Microsoft Updates - - cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\openssh.ps1 - Install OpenSSH - 99 - true - cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1 Install Windows Updates @@ -74,19 +65,22 @@ The scripts in this repo will install all Windows updates – by default – dur Doing so will give you hours back in your day, which is a good thing. -### OpenSSH / WinRM - -Currently, [Packer](http://packer.io) has a single communicator that uses SSH. This means we need an SSH server installed on Windows - which is not optimal as we could use WinRM to communicate with the Windows VM. In the short term, everything works well with SSH; in the medium term, work is underway on a WinRM communicator for Packer. +### Post Processors -If you have serious objections to OpenSSH being installed, you can always add another stage to your build pipeline: +By default, the compress post-processor is used to create an archive of your VM. You can then use this with the [virtualbox-ovf](https://www.packer.io/docs/builders/virtualbox-ovf.html) or [vmware-vmx](https://www.packer.io/docs/builders/vmware-vmx.html) builders to further iterate on your image. This approach is recommended, particularly if you apply all Windows updates in your initial image. It will save you tens or hundreds of hours as you iterate on your project. -* Build a base box using Packer -* Create a Vagrantfile, use the base box from Packer, connect to the VM via WinRM (using the [vagrant-windows](https://github.com/WinRb/vagrant-windows) plugin) and disable the 'sshd' service or uninstall OpenSSH completely -* Perform a Vagrant run and output a .box file +If you would like to switch back to the old approach of generating .box files for use with Vagrant, just replace the provisioners section with: -It's worth mentioning that many Chef cookbooks will not work properly through Cygwin's SSH environment on Windows. Specifically, packages that need access to environment-specific configurations such as the `PATH` variable, will fail. This includes packages that use the Windows installer, `msiexec.exe`. - -It's currently recommended that you add a second step to your pipeline and use Vagrant to install your packages through Chef. +```json +"post-processors": [ + { + "type": "vagrant", + "keep_input_artifact": false, + "output": "windows_2012_r2_{{.Provider}}.box", + "vagrantfile_template": "vagrantfile-windows_2012_r2.template" + } +] +``` ### Using .box Files With Vagrant @@ -96,7 +90,7 @@ WinRM to communicate with the box. ### Getting Started -Trial versions of Windows 2008 R2 / 2012 / 2012 R2 are used by default. These images can be used for 180 days without activation. +Trial versions of Windows 2008 R2 / 2012 / 2012 R2 / 7 / 8.1 / 10 are used by default. These images can be used for 180 days without activation. Alternatively – if you have access to [MSDN](http://msdn.microsoft.com) or [TechNet](http://technet.microsoft.com/) – you can download retail or volume license ISO images and place them in the `iso` directory. If you do, you should supply appropriate values for `iso_url` (e.g. `./iso/.iso`) and `iso_checksum` (e.g. ``) to the Packer command. For example, to use the Windows 2008 R2 (With SP1) retail ISO: @@ -105,7 +99,7 @@ Alternatively – if you have access to [MSDN](http://msdn.microsoft.com) or [Te 3. Clone this repo to a local directory 4. Move `en_windows_server_2008_r2_with_sp1_x64_dvd_617601.iso` to the `iso` directory 5. Run: - + ``` packer build \ -var iso_url=./iso/en_windows_server_2008_r2_with_sp1_x64_dvd_617601.iso \ @@ -117,7 +111,7 @@ Alternatively – if you have access to [MSDN](http://msdn.microsoft.com) or [Te The Packer templates support the following variables: | Name | Description | -| --------------------|------------------------------------------------------------------| +|:--------------------|:-----------------------------------------------------------------| | `iso_url` | Path or URL to ISO file | | `iso_checksum` | Checksum (see also `iso_checksum_type`) of the ISO file | | `iso_checksum_type` | The checksum algorithm to use (out of those supported by Packer) | @@ -126,9 +120,3 @@ The Packer templates support the following variables: ### Contributing Pull requests welcomed. - -### Acknowledgements - -[CloudBees](http://www.cloudbees.com) is providing a hosted [Jenkins](http://jenkins-ci.org/) master through their CloudBees FOSS program. We also use their [On-Premise Executor](https://developer.cloudbees.com/bin/view/DEV/On-Premise+Executors) feature to connect a physical [Mac Mini Server](http://www.apple.com/mac-mini/server/) running VMware Fusion. - -![Powered By CloudBees](http://www.cloudbees.com/sites/default/files/Button-Powered-by-CB.png "Powered By CloudBees")![Built On DEV@Cloud](http://www.cloudbees.com/sites/default/files/Button-Built-on-CB-1.png "Built On DEV@Cloud") From 926442169a4487ec465aa70cef57797aa02e0552 Mon Sep 17 00:00:00 2001 From: Stefan Scherer Date: Fri, 16 Oct 2015 21:33:30 +0200 Subject: [PATCH 05/11] Update windows_10.json to WinRM --- answer_files/10/Autounattend.xml | 101 +++++-------------------------- windows_10.json | 41 +++++++------ 2 files changed, 37 insertions(+), 105 deletions(-) diff --git a/answer_files/10/Autounattend.xml b/answer_files/10/Autounattend.xml index 318f3ff9..3239187f 100644 --- a/answer_files/10/Autounattend.xml +++ b/answer_files/10/Autounattend.xml @@ -29,8 +29,8 @@ true - Vagrant Administrator - Vagrant Inc. + Vagrant + Vagrant - NPPR9-FWDCX-D2C8J-H872K-2YT43 + Never @@ -143,125 +143,52 @@ true - cmd.exe /c winrm quickconfig -q - winrm quickconfig -q + C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1 + Disable WinRM 5 true - - cmd.exe /c winrm quickconfig -transport:http - winrm quickconfig -transport:http - 6 - true - - - cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"} - Win RM MaxTimoutms - 7 - true - - - cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"} - Win RM MaxMemoryPerShellMB - 8 - true - - - cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"} - Win RM AllowUnencrypted - 9 - true - - - cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"} - Win RM auth Basic - 10 - true - - - cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"} - Win RM client auth Basic - 11 - true - - - cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} - Win RM listener Address/Port - 12 - true - - - cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes - Win RM adv firewall enable - 13 - true - - - cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" - Win RM port open - 14 - true - - - cmd.exe /c net stop winrm - Stop Win RM Service - 15 - true - - - cmd.exe /c sc config winrm start= auto - Win RM Autostart - 16 - true - - - cmd.exe /c net start winrm - Start Win RM Service - 17 - true - %SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f - 18 + 6 Show file extensions in Explorer %SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f - 19 + 7 Enable QuickEdit mode %SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f - 20 + 8 Show Run command in Start Menu %SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f - 21 + 9 Show Administrative Tools in Start Menu %SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f - 22 + 10 Zero Hibernation File %SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f - 23 + 11 Disable Hibernation Mode cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE - 24 + 12 Disable password expiration for vagrant user diff --git a/windows_10.json b/windows_10.json index 31e8213f..1051f0da 100644 --- a/windows_10.json +++ b/windows_10.json @@ -2,26 +2,27 @@ "builders": [ { "type": "vmware-iso", + "communicator": "winrm", "iso_url": "{{user `iso_url`}}", "iso_checksum_type": "{{user `iso_checksum_type`}}", "iso_checksum": "{{user `iso_checksum`}}", "headless": false, "boot_wait": "2m", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "ssh_wait_timeout": "2h", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "2h", "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", "guest_os_type": "windows8srv-64", - "tools_upload_flavor": "windows", "disk_size": 61440, "vnc_port_min": 5900, "vnc_port_max": 5980, "floppy_files": [ "{{user `autounattend`}}", "./scripts/fixnetwork.ps1", + "./scripts/disable-winrm.ps1", + "./scripts/enable-winrm.ps1", "./scripts/microsoft-updates.bat", - "./scripts/win-updates.ps1", - "./scripts/openssh.ps1" + "./scripts/win-updates.ps1" ], "vmx_data": { "RemoteDisplay.vnc.enabled": "false", @@ -33,23 +34,26 @@ }, { "type": "virtualbox-iso", + "communicator": "winrm", "iso_url": "{{user `iso_url`}}", "iso_checksum_type": "{{user `iso_checksum_type`}}", "iso_checksum": "{{user `iso_checksum`}}", "headless": false, "boot_wait": "2m", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "ssh_wait_timeout": "2h", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "2h", "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", "guest_os_type": "Windows81_64", + "guest_additions_mode": "disable", "disk_size": 61440, "floppy_files": [ "{{user `autounattend`}}", "./scripts/fixnetwork.ps1", + "./scripts/disable-winrm.ps1", + "./scripts/enable-winrm.ps1", "./scripts/microsoft-updates.bat", "./scripts/win-updates.ps1", - "./scripts/openssh.ps1", "./scripts/oracle-cert.cer" ], "vboxmanage": [ @@ -70,25 +74,26 @@ ], "provisioners": [ { - "type": "shell", + "type": "windows-restart" + }, + { + "type": "windows-shell", "remote_path": "/tmp/script.bat", - "execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat", + "execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"", "scripts": [ "./scripts/vm-guest-tools.bat", - "./scripts/vagrant-ssh.bat", - "./scripts/disable-auto-logon.bat", "./scripts/enable-rdp.bat", "./scripts/compile-dotnet-assemblies.bat", + "./scripts/disable-auto-logon.bat", "./scripts/compact.bat" ] } ], "post-processors": [ { - "type": "vagrant", - "keep_input_artifact": false, - "output": "windows_10_{{.Provider}}.box", - "vagrantfile_template": "vagrantfile-windows_10.template" + "type": "compress", + "keep_input_artifact": true, + "output": "{{.BuildName}}.zip" } ], "variables": { From f1b9e6e27487f3188a14716aa8a7f72b39499a14 Mon Sep 17 00:00:00 2001 From: Joe Fitzgerald Date: Fri, 16 Oct 2015 21:44:09 -0600 Subject: [PATCH 06/11] Format Filename, Add Example Of VMX/OVF > .box --- .gitignore | 4 +- windows_2012_r2.json | 4 +- windows_2012_r2_postprocess_to_box.json | 59 +++++++++++++++++++++++++ 3 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 windows_2012_r2_postprocess_to_box.json diff --git a/.gitignore b/.gitignore index 8c585593..e1e4d1ed 100644 --- a/.gitignore +++ b/.gitignore @@ -8,5 +8,7 @@ /output-virtualbox-iso/ /output-virtualbox-ovf/ /*.box +/*.zip +/ovf +/vmx /packer_cache/ - diff --git a/windows_2012_r2.json b/windows_2012_r2.json index e479db69..11a33573 100644 --- a/windows_2012_r2.json +++ b/windows_2012_r2.json @@ -90,8 +90,8 @@ "post-processors": [ { "type": "compress", - "keep_input_artifact": true, - "output": "{{.BuildName}}.zip" + "keep_input_artifact": false, + "output": "windows_2012_r2_{{.Provider}}.zip" } ], "variables": { diff --git a/windows_2012_r2_postprocess_to_box.json b/windows_2012_r2_postprocess_to_box.json new file mode 100644 index 00000000..459815d0 --- /dev/null +++ b/windows_2012_r2_postprocess_to_box.json @@ -0,0 +1,59 @@ +{ + "builders": [ + { + "type": "vmware-vmx", + "communicator": "winrm", + "source_path": "./vmx/packer-vmware-iso.vmx", + "headless": false, + "boot_wait": "10s", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "6h", + "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", + "vnc_port_min": 5900, + "vnc_port_max": 5980, + "skip_compaction": true, + "vmx_data": { + "RemoteDisplay.vnc.enabled": "false", + "RemoteDisplay.vnc.port": "5900", + "memsize": "2048", + "numvcpus": "2", + "scsi0.virtualDev": "lsisas1068" + } + }, + { + "type": "virtualbox-ovf", + "communicator": "winrm", + "source_path": "./ovf/packer-virtualbox-iso-1444968257.ovf", + "headless": false, + "boot_wait": "10s", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "6h", + "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", + "guest_additions_mode": "disable", + "vboxmanage": [ + [ + "modifyvm", + "{{.Name}}", + "--memory", + "2048" + ], + [ + "modifyvm", + "{{.Name}}", + "--cpus", + "2" + ] + ] + } + ], + "post-processors": [ + { + "type": "vagrant", + "keep_input_artifact": false, + "output": "windows_2012_r2_{{.Provider}}.box", + "vagrantfile_template": "vagrantfile-windows_2012_r2.template" + } + ] +} From 098e763e5b301f186caf1e0ccbd3f25f9bc11153 Mon Sep 17 00:00:00 2001 From: Joe Fitzgerald Date: Fri, 16 Oct 2015 22:01:06 -0600 Subject: [PATCH 07/11] :abc: Fix Typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4a287d15..41359377 100644 --- a/README.md +++ b/README.md @@ -69,7 +69,7 @@ Doing so will give you hours back in your day, which is a good thing. By default, the compress post-processor is used to create an archive of your VM. You can then use this with the [virtualbox-ovf](https://www.packer.io/docs/builders/virtualbox-ovf.html) or [vmware-vmx](https://www.packer.io/docs/builders/vmware-vmx.html) builders to further iterate on your image. This approach is recommended, particularly if you apply all Windows updates in your initial image. It will save you tens or hundreds of hours as you iterate on your project. -If you would like to switch back to the old approach of generating .box files for use with Vagrant, just replace the provisioners section with: +If you would like to switch back to the old approach of generating .box files for use with Vagrant, just replace the post-processors section with: ```json "post-processors": [ From 19e328668c9dc020a497d34d14a51b734e790f91 Mon Sep 17 00:00:00 2001 From: Stefan Scherer Date: Mon, 19 Oct 2015 13:43:03 +0200 Subject: [PATCH 08/11] Update windows_2012_r2_core.json to WinRM --- answer_files/2012_r2_core/Autounattend.xml | 138 +++++++-------------- windows_2012_r2_core.json | 45 ++++--- 2 files changed, 67 insertions(+), 116 deletions(-) diff --git a/answer_files/2012_r2_core/Autounattend.xml b/answer_files/2012_r2_core/Autounattend.xml index bc2ec7cd..fc580d0b 100644 --- a/answer_files/2012_r2_core/Autounattend.xml +++ b/answer_files/2012_r2_core/Autounattend.xml @@ -1,7 +1,7 @@ - + en-US @@ -11,7 +11,7 @@ en-US en-US - + @@ -75,30 +75,49 @@ - + false vagrant-2012-r2 Pacific Standard Time - + - + true - + false false - + true - + true + + + + 1 + Set Execution Policy 64 Bit + cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force" + + + 2 + Set Execution Policy 32 Bit + cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force" + + + 3 + Disable WinRM + C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1 + + + - + vagrant @@ -121,125 +140,52 @@ true - cmd.exe /c winrm quickconfig -q - winrm quickconfig -q + C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-winrm.ps1 + Disable WinRM 3 true - - cmd.exe /c winrm quickconfig -transport:http - winrm quickconfig -transport:http - 4 - true - - - cmd.exe /c winrm set winrm/config @{MaxTimeoutms="1800000"} - Win RM MaxTimoutms - 5 - true - - - cmd.exe /c winrm set winrm/config/winrs @{MaxMemoryPerShellMB="800"} - Win RM MaxMemoryPerShellMB - 6 - true - - - cmd.exe /c winrm set winrm/config/service @{AllowUnencrypted="true"} - Win RM AllowUnencrypted - 7 - true - - - cmd.exe /c winrm set winrm/config/service/auth @{Basic="true"} - Win RM auth Basic - 8 - true - - - cmd.exe /c winrm set winrm/config/client/auth @{Basic="true"} - Win RM client auth Basic - 9 - true - - - cmd.exe /c winrm set winrm/config/listener?Address=*+Transport=HTTP @{Port="5985"} - Win RM listener Address/Port - 10 - true - - - cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes - Win RM adv firewall enable - 11 - true - - - cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" - Win RM port open - 12 - true - - - cmd.exe /c net stop winrm - Stop Win RM Service - 13 - true - - - cmd.exe /c sc config winrm start= auto - Win RM Autostart - 14 - true - - - cmd.exe /c net start winrm - Start Win RM Service - 15 - true - %SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f - 16 + 4 Show file extensions in Explorer %SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f - 17 + 5 Enable QuickEdit mode %SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f - 18 + 6 Show Run command in Start Menu %SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f - 19 + 7 Show Administrative Tools in Start Menu %SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f - 20 + 8 Zero Hibernation File %SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f - 21 + 9 Disable Hibernation Mode cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE - 22 + 10 Disable password expiration for vagrant user @@ -284,13 +230,13 @@ - + - + false - + diff --git a/windows_2012_r2_core.json b/windows_2012_r2_core.json index 4c79c40e..99412639 100644 --- a/windows_2012_r2_core.json +++ b/windows_2012_r2_core.json @@ -2,25 +2,27 @@ "builders": [ { "type": "vmware-iso", + "communicator": "winrm", "iso_url": "{{user `iso_url`}}", "iso_checksum_type": "{{user `iso_checksum_type`}}", "iso_checksum": "{{user `iso_checksum`}}", "headless": true, "boot_wait": "2m", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "ssh_wait_timeout": "6h", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "6h", "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", "guest_os_type": "windows8srv-64", - "tools_upload_flavor": "windows", "disk_size": 61440, "vnc_port_min": 5900, "vnc_port_max": 5980, + "skip_compaction": true, "floppy_files": [ "{{user `autounattend`}}", + "./scripts/disable-winrm.ps1", + "./scripts/enable-winrm.ps1", "./scripts/microsoft-updates.bat", - "./scripts/win-updates.ps1", - "./scripts/openssh.ps1" + "./scripts/win-updates.ps1" ], "vmx_data": { "RemoteDisplay.vnc.enabled": "false", @@ -32,22 +34,25 @@ }, { "type": "virtualbox-iso", + "communicator": "winrm", "iso_url": "{{user `iso_url`}}", "iso_checksum_type": "{{user `iso_checksum_type`}}", "iso_checksum": "{{user `iso_checksum`}}", "headless": true, "boot_wait": "2m", - "ssh_username": "vagrant", - "ssh_password": "vagrant", - "ssh_wait_timeout": "6h", + "winrm_username": "vagrant", + "winrm_password": "vagrant", + "winrm_timeout": "6h", "shutdown_command": "shutdown /s /t 10 /f /d p:4:1 /c \"Packer Shutdown\"", "guest_os_type": "Windows2012_64", + "guest_additions_mode": "disable", "disk_size": 61440, "floppy_files": [ "{{user `autounattend`}}", + "./scripts/disable-winrm.ps1", + "./scripts/enable-winrm.ps1", "./scripts/microsoft-updates.bat", "./scripts/win-updates.ps1", - "./scripts/openssh.ps1", "./scripts/oracle-cert.cer" ], "vboxmanage": [ @@ -68,31 +73,31 @@ ], "provisioners": [ { - "type": "shell", - "remote_path": "/tmp/script.bat", - "execute_command": "{{.Vars}} cmd /c C:/Windows/Temp/script.bat", + "type": "windows-restart" + }, + { + "type": "windows-shell", + "execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"", "scripts": [ "./scripts/vm-guest-tools.bat", - "./scripts/vagrant-ssh.bat", - "./scripts/disable-auto-logon.bat", "./scripts/enable-rdp.bat", "./scripts/compile-dotnet-assemblies.bat", + "./scripts/disable-auto-logon.bat", "./scripts/compact.bat" ] } ], "post-processors": [ { - "type": "vagrant", + "type": "compress", "keep_input_artifact": false, - "output": "windows_2012_r2_core_{{.Provider}}.box", - "vagrantfile_template": "vagrantfile-windows_2012_r2.template" + "output": "windows_2012_r2_{{.Provider}}.zip" } ], "variables": { - "iso_url": "http://download.microsoft.com/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.16384.WINBLUE_RTM.130821-1623_X64FRE_SERVER_EVAL_EN-US-IRM_SSS_X64FREE_EN-US_DV5.ISO", + "iso_url": "http://care.dlservice.microsoft.com/dl/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO", "iso_checksum_type": "md5", - "iso_checksum": "458ff91f8abc21b75cb544744bf92e6a", + "iso_checksum": "5b5e08c490ad16b59b1d9fab0def883a", "autounattend": "./answer_files/2012_r2_core/Autounattend.xml" } } From e3486b85a7ca520de662c335c8716140265354ad Mon Sep 17 00:00:00 2001 From: Stefan Scherer Date: Mon, 19 Oct 2015 13:47:32 +0200 Subject: [PATCH 09/11] Use better name for zip --- windows_2012_r2_core.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows_2012_r2_core.json b/windows_2012_r2_core.json index 99412639..c9672d10 100644 --- a/windows_2012_r2_core.json +++ b/windows_2012_r2_core.json @@ -91,7 +91,7 @@ { "type": "compress", "keep_input_artifact": false, - "output": "windows_2012_r2_{{.Provider}}.zip" + "output": "windows_2012_r2_core_{{.Provider}}.zip" } ], "variables": { From a380bde07761cb7f050298500840b9faa6fe08c4 Mon Sep 17 00:00:00 2001 From: Joe Fitzgerald Date: Wed, 21 Oct 2015 16:03:44 -0600 Subject: [PATCH 10/11] Update ISO To Use Refresh Image --- windows_2012_r2.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows_2012_r2.json b/windows_2012_r2.json index 11a33573..e78667e7 100644 --- a/windows_2012_r2.json +++ b/windows_2012_r2.json @@ -95,7 +95,7 @@ } ], "variables": { - "iso_url": "http://download.microsoft.com/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.16384.WINBLUE_RTM.130821-1623_X64FRE_SERVER_EVAL_EN-US-IRM_SSS_X64FREE_EN-US_DV5.ISO", + "iso_url": "http://download.microsoft.com/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO", "iso_checksum_type": "md5", "iso_checksum": "458ff91f8abc21b75cb544744bf92e6a", "autounattend": "./answer_files/2012_r2/Autounattend.xml" From c6b7f11b4e398fbd91a00ed15a2a1353289424fd Mon Sep 17 00:00:00 2001 From: Joe Fitzgerald Date: Wed, 21 Oct 2015 17:24:39 -0600 Subject: [PATCH 11/11] Update Checksum --- windows_2012_r2.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows_2012_r2.json b/windows_2012_r2.json index e78667e7..daea2602 100644 --- a/windows_2012_r2.json +++ b/windows_2012_r2.json @@ -97,7 +97,7 @@ "variables": { "iso_url": "http://download.microsoft.com/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO", "iso_checksum_type": "md5", - "iso_checksum": "458ff91f8abc21b75cb544744bf92e6a", + "iso_checksum": "5b5e08c490ad16b59b1d9fab0def883a", "autounattend": "./answer_files/2012_r2/Autounattend.xml" } }