Commit cd1f823e authored by Stefan Scherer's avatar Stefan Scherer Committed by GitHub

Chocolatey Fest 2018: Build server 2019 insider for Azure upload (#128)

Build Azure compatible vhd
parent 995d12f8
.DS_Store
/iso/*
!/iso/README.md
/output-hyperv-iso/
/output-vmware/
/output-vmware-iso/
/output-vmware-vmx/
......
./make_unattend_iso.ps1
if (Test-Path ./output-hyperv-iso) {
Remove-Item -Recurse -Force ./output-hyperv-iso
}
packer build --only=hyperv-iso --var iso_url=./local.iso windows_2019_azure.json
Write-Output 'Do not open Server Manager at logon'
New-ItemProperty -Path HKCU:\Software\Microsoft\ServerManager -Name DoNotOpenServerManagerAtLogon -PropertyType DWORD -Value "1" -Force
Write-Output 'Install bginfo'
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
if (!(Test-Path 'c:\Program Files\sysinternals')) {
New-Item -Path 'c:\Program Files\sysinternals' -type directory -Force -ErrorAction SilentlyContinue
}
if (!(Test-Path 'c:\Program Files\sysinternals\bginfo.exe')) {
(New-Object Net.WebClient).DownloadFile('http://live.sysinternals.com/bginfo.exe', 'c:\Program Files\sysinternals\bginfo.exe')
}
if (!(Test-Path 'c:\Program Files\sysinternals\bginfo.bgi')) {
(New-Object Net.WebClient).DownloadFile('https://github.com/StefanScherer/adfs2/raw/master/scripts/bginfo-workshop.bgi', 'c:\Program Files\sysinternals\bginfo.bgi')
}
$vbsScript = @'
WScript.Sleep 2000
Dim objShell
Set objShell = WScript.CreateObject( "WScript.Shell" )
objShell.Run("""c:\Program Files\sysinternals\bginfo.exe"" /accepteula ""c:\Program Files\sysinternals\bginfo.bgi"" /silent /timer:0")
'@
$vbsScript | Out-File 'c:\Program Files\sysinternals\bginfo.vbs'
Set-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -Name bginfo -Value 'wscript "c:\Program Files\sysinternals\bginfo.vbs"'
wscript "c:\Program Files\sysinternals\bginfo.vbs"
Write-Output 'Install Chocolatey'
Invoke-WebRequest 'https://chocolatey.org/install.ps1' -UseBasicParsing | Invoke-Expression
Write-Output 'Install editors'
choco install -y visualstudiocode
Write-Output 'Install Git'
choco install -y git
Write-Output 'Install browsers'
choco install -y googlechrome
choco install -y firefox
Write-Output 'Install Docker Compose'
choco install -y docker-compose
......@@ -21,9 +21,24 @@ function DockerPull {
$results
}
function DockerRun {
Param ([string]$image)
if ($image -eq "") {
return
}
Write-Host Run first container from $image ...
docker run --rm $image cmd
}
$images | foreach {
DockerPull $_
}
$images | foreach {
DockerPull $_
}
$images | foreach {
DockerRun $_
}
# https://docs.microsoft.com/de-de/azure/virtual-machines/windows/prepare-for-upload-vhd-image
netsh winhttp reset proxy
"san policy=onlineall" | Out-File -Encoding Ascii $env:TEMP\diskpart.txt
& diskpart /s $env:TEMP\diskpart.txt
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\TimeZoneInformation' -name "RealTimeIsUniversal" 1 -Type DWord
Set-Service -Name w32time -StartupType Automatic
powercfg /setactive SCHEME_MIN
Set-Service -Name bfe -StartupType Automatic
Set-Service -Name dhcp -StartupType Automatic
Set-Service -Name dnscache -StartupType Automatic
Set-Service -Name IKEEXT -StartupType Automatic
Set-Service -Name iphlpsvc -StartupType Automatic
Set-Service -Name netlogon -StartupType Manual
Set-Service -Name netman -StartupType Manual
Set-Service -Name nsi -StartupType Automatic
Set-Service -Name termService -StartupType Manual
Set-Service -Name MpsSvc -StartupType Automatic
Set-Service -Name RemoteRegistry -StartupType Automatic
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0 -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name "fDenyTSConnections" -Value 0 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp' -name "PortNumber" 3389 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp' -name "LanAdapter" 0 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "SecurityLayer" 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "fAllowSecProtocolNegotiation" 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name "KeepAliveEnable" 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name "KeepAliveInterval" 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp' -name "KeepAliveTimeout" 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -name "fDisableAutoReconnect" 0 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp' -name "fInheritReconnectSame" 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp' -name "fReconnectSame" 0 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp' -name "MaxInstanceCount" 4294967295 -Type DWord
Remove-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "SSLCertificateSHA1Hash"
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile' -name "EnableFirewall" -Value 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile' -name "EnableFirewall" -Value 1 -Type DWord
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Standardprofile' -name "EnableFirewall" -Value 1 -Type DWord
Enable-PSRemoting -force
netsh advfirewall firewall set rule dir=in name="Windows Remote Management (HTTP-In)" new enable=yes
netsh advfirewall firewall set rule dir=in name="Windows Remote Management (HTTP-In)" new enable=yes
netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
netsh advfirewall firewall set rule dir=in name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes
bcdedit /set '{bootmgr}' integrityservices enable
bcdedit /set '{default}' device partition=C:
bcdedit /set '{default}' integrityservices enable
bcdedit /set '{default}' recoveryenabled Off
bcdedit /set '{default}' osdevice partition=C:
bcdedit /set '{default}' bootstatuspolicy IgnoreAllFailures
#Enable Serial Console Feature
bcdedit /set '{bootmgr}' displaybootmenu yes
bcdedit /set '{bootmgr}' timeout 10
bcdedit /set '{bootmgr}' bootems yes
bcdedit /ems '{current}' ON
bcdedit /emssettings EMSPORT:1 EMSBAUDRATE:115200
#Setup the Guest OS to collect a kernel dump on an OS crash event
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\CrashControl" /v DumpFile /t REG_EXPAND_SZ /d "%SystemRoot%\MEMORY.DMP" /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\CrashControl" /v CrashDumpEnabled /t REG_DWORD /d 2 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\CrashControl" /v NMICrashDump /t REG_DWORD /d 1 /f
#Setup the Guest OS to collect user mode dumps on a service crash event
mkdir c:\Crashdumps
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v DumpFolder /t REG_EXPAND_SZ /d "c:\CrashDumps" /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v CrashCount /t REG_DWORD /d 10 /f
REG ADD "HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting" /v DumpType /t REG_DWORD /d 2 /f
sc config WerSvc start= demand
winmgmt /verifyrepository
net stop tiledatamodelsvc
c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:a:\unattend.xml
if exist a:\unattend.xml (
c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /unattend:a:\unattend.xml
) else (
del /F \Windows\System32\Sysprep\unattend.xml
c:\windows\system32\sysprep\sysprep.exe /generalize /oobe /shutdown /quiet
)
# convert-vhd -Path C:\Users\packer\AppData\Local\Temp\packerhv238285888\WindowsServer2019Docker.vhdx -DestinationPath C:\Users\packer\Desktop\Win2019Docker.vhd -VHDType Fixed
# Install-Module -Name AzureRM
Import-Module AzureRM
# Connect to Azure with an interactive dialog for sign-in
# Connect-AzureRmAccount
# Select-AzureRmSubscription -Subscription "Microsoft Azure Sponsorship"
$resourceGroup = 'chocolateyfest-docker-workshop-images'
$location = 'WestUS2'
# New-AzureRmResourceGroup -Name $resourceGroup -Location $location
$storageaccount = 'chocolateyfestsa'
$storageType = 'Standard_LRS'
$containername = 'vhds'
New-AzureRmStorageAccount -ResourceGroupName $resourceGroup -Name $storageAccount -Location $location `
-SkuName $storageType -Kind "Storage"
$vhdName = 'windows_2019_docker_azure.vhd'
$urlOfUploadedImageVhd = ('https://' + $storageaccount + '.blob.core.windows.net/' + $containername + '/' + $vhdName)
Add-AzureRmVhd -ResourceGroupName $resourceGroup -Destination $urlOfUploadedImageVhd `
-LocalFilePath 'D:\work\output-hyperv-iso\Virtual Hard Disks\WindowsServer2019Docker.vhd'
$imageName="windows_2019_docker_17744"
$imageConfig = New-AzureRmImageConfig -Location $location
$imageConfig = Set-AzureRmImageOsDisk -Image $imageConfig -OsType Windows -OsState Generalized `
-BlobUri $urlOfUploadedImageVhd
$image = New-AzureRmImage -ImageName $imageName -ResourceGroupName $resourceGroup -Image $imageConfig
# $diskSizeGB = '128'
# $subnetName = 'mySubnet'
# $vnetName = 'myVnet'
# $ipName = 'myPip'
# $nicName = 'myNic'
# $nsgName = 'myNsg'
# $ruleName = 'myRdpRule'
# $computerName = 'myComputerName'
# $vmName = 'myVM'
# $vmSize = 'Standard_D4_v3'
# $cred = Get-Credential
# $singleSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name $subnetName -AddressPrefix 10.0.0.0/24
# $vnet = New-AzureRmVirtualNetwork -Name $vnetName -ResourceGroupName $resourceGroup -Location $location `
# -AddressPrefix 10.0.0.0/16 -Subnet $singleSubnet
# $pip = New-AzureRmPublicIpAddress -Name $ipName -ResourceGroupName $resourceGroup -Location $location `
# -AllocationMethod Dynamic
# $rdpRule = New-AzureRmNetworkSecurityRuleConfig -Name $ruleName -Description 'Allow RDP' -Access Allow `
# -Protocol Tcp -Direction Inbound -Priority 110 -SourceAddressPrefix Internet -SourcePortRange * `
# -DestinationAddressPrefix * -DestinationPortRange 3389
# $nsg = New-AzureRmNetworkSecurityGroup -ResourceGroupName $resourceGroup -Location $location `
# -Name $nsgName -SecurityRules $rdpRule
# $nic = New-AzureRmNetworkInterface -Name $nicName -ResourceGroupName $resourceGroup -Location $location `
# -SubnetId $vnet.Subnets[0].Id -PublicIpAddressId $pip.Id -NetworkSecurityGroupId $nsg.Id
# $vnet = Get-AzureRmVirtualNetwork -ResourceGroupName $resourceGroup -Name $vnetName
# $vm = New-AzureRmVMConfig -VMName $vmName -VMSize $vmSize
# Set the VM image as source image for the new VM
# $vm = Set-AzureRmVMSourceImage -VM $vm -Id $image.Id
# Finish the VM configuration and add the NIC.
# $vm = Set-AzureRmVMOSDisk -VM $vm -DiskSizeInGB $diskSizeGB -CreateOption FromImage -Caching ReadWrite
# $vm = Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $computerName -Credential $cred `
# -ProvisionVMAgent -EnableAutoUpdate
# $vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id
# Create the VM
# New-AzureRmVM -VM $vm -ResourceGroupName $resourceGroup -Location $location
# $vm = Set-AzureRmVMOperatingSystem -VM $vm -Windows -ComputerName $computerName -Credential $cred `
# -ProvisionVMAgent -EnableAutoUpdate
# $vm = Add-AzureRmVMNetworkInterface -VM $vm -Id $nic.Id
# Create the VM
# New-AzureRmVM -VM $vm -ResourceGroupName $resourceGroup -Location $location
{
"builders": [
{
"boot_wait": "0s",
"communicator": "winrm",
"cpu": 2,
"differencing_disk": false,
"disk_size": "{{user `disk_size`}}",
"enable_secure_boot": true,
"enable_virtualization_extensions": true,
"floppy_files": [
"{{user `autounattend`}}",
"./scripts/disable-screensaver.ps1",
"./scripts/disable-winrm.ps1",
"./scripts/docker/enable-winrm.ps1",
"./scripts/docker/2016/install-containers-feature.ps1",
"./scripts/microsoft-updates.bat",
"./scripts/sysprep.bat",
"./scripts/win-updates.ps1"
],
"generation": 1,
"guest_additions_mode": "disable",
"iso_checksum": "{{user `iso_checksum`}}",
"iso_checksum_type": "{{user `iso_checksum_type`}}",
"iso_url": "{{user `iso_url`}}",
"ram_size": 2048,
"shutdown_command": "a:/sysprep.bat",
"skip_compaction": true,
"skip_export": true,
"switch_name": "{{user `hyperv_switchname`}}",
"type": "hyperv-iso",
"use_fixed_vhd_format": true,
"vm_name": "WindowsServer2019Docker",
"winrm_password": "vagrant",
"winrm_timeout": "{{user `winrm_timeout`}}",
"winrm_username": "vagrant"
}
],
"post-processors": [],
"provisioners": [
{
"execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"",
"scripts": [
"./scripts/enable-rdp.bat"
],
"type": "windows-shell"
},
{
"scripts": [
"./scripts/debloat-windows.ps1",
"./scripts/docker/set-winrm-automatic.ps1"
],
"type": "powershell"
},
{
"restart_timeout": "{{user `restart_timeout`}}",
"type": "windows-restart"
},
{
"environment_vars": [
"docker_images={{user `docker_images`}}",
"docker_provider={{user `docker_provider`}}",
"docker_version={{user `docker_version`}}"
],
"scripts": [
"./scripts/docker/add-docker-group.ps1",
"./scripts/docker/install-docker.ps1",
"./scripts/docker/docker-pull.ps1",
"./scripts/wait-for-tiworker.ps1",
"./scripts/docker/open-docker-swarm-ports.ps1",
"./scripts/docker/remove-docker-key-json.ps1",
"./scripts/docker/disable-windows-defender.ps1"
],
"type": "powershell"
},
{
"execute_command": "{{ .Vars }} cmd /c \"{{ .Path }}\"",
"scripts": [
"./scripts/pin-powershell.bat",
"./scripts/set-winrm-automatic.bat",
"./scripts/uac-enable.bat",
"./scripts/compile-dotnet-assemblies.bat",
"./scripts/dis-updates.bat"
],
"type": "windows-shell"
},
{
"scripts": [
"./scripts/docker/chocolatey-and-tools.ps1",
"./scripts/prepare-for-upload-vhd-image.ps1"
],
"type": "powershell"
}
],
"variables": {
"autounattend": "./answer_files/2019/Autounattend.xml",
"disk_size": "40960",
"disk_type_id": "1",
"docker_images": "mcr.microsoft.com/nanoserver-insider:10.0.17744.1001 mcr.microsoft.com/windowsservercore-insider:10.0.17744.1001 mcr.microsoft.com/windows-insider:10.0.17744.1001",
"docker_provider": "ee",
"docker_version": "18-03-1-ee-3",
"headless": "false",
"hyperv_switchname": "{{env `hyperv_switchname`}}",
"iso_checksum": "4dae6fed7bbb9a30a4e1453020bbaa39e88f37a2962bdf7bb81705cd9318f695",
"iso_checksum_type": "sha256",
"iso_url": "https://software-download.microsoft.com/db/Windows_InsiderPreview_Server_vNext_en-us_17744.iso",
"manually_download_iso_from": "https://www.microsoft.com/en-us/software-download/windowsinsiderpreviewserver",
"restart_timeout": "5m",
"winrm_timeout": "2h"
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment