Skip to content

Instantly share code, notes, and snippets.

@grenade

grenade/build-azure-images.ps1

Last active April 14, 2024 12:26
Show Gist options
  • Save grenade/3f2fbc64e7210de136e7eb69aae63f81 to your computer and use it in GitHub Desktop.
Save grenade/3f2fbc64e7210de136e7eb69aae63f81 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
build-azure-images.ps1
# usage:
# Invoke-Expression (New-Object Net.WebClient).DownloadString(('https://gist.githubusercontent.com/grenade/3f2fbc64e7210de136e7eb69aae63f81/raw/build-azure-images.ps1?{0}' -f [Guid]::NewGuid()));
# job settings. change these for the tasks at hand.
$targetCloudPlatform = 'azure';
$workFolder = ('{0}{1}{2}-ci' -f 'D:', ([IO.Path]::DirectorySeparatorChar), $targetCloudPlatform);
$imagesToBuild = @(
('win7-32-{0}' -f $targetCloudPlatform),
('win7-32-gpu-{0}' -f $targetCloudPlatform)
);
$instanceNameMap = @{};
# constants and script config. these are probably ok as they are.
$revision = (Invoke-WebRequest -Uri 'https://api.github.com/gists/3f2fbc64e7210de136e7eb69aae63f81' -UseBasicParsing | ConvertFrom-Json).history[0].version;
foreach ($rm in @(
@{ 'module' = 'posh-minions-managed'; 'version' = '0.0.36' },
@{ 'module' = 'powershell-yaml'; 'version' = '0.4.1' }
)) {
$module = (Get-Module -Name $rm.module -ErrorAction SilentlyContinue);
if ($module) {
if ($module.Version -lt $rm.version) {
Update-Module $rm.module -RequiredVersion $rm.version
}
} else {
Install-Module $rm.module -RequiredVersion $rm.version
}
Import-Module $rm.module -RequiredVersion $rm.version -ErrorAction SilentlyContinue
}
foreach ($imageKey in $imagesToBuild) {
# computed target specific settings. these are probably ok as they are.
$config = (Invoke-WebRequest -Uri ('https://gist.githubusercontent.com/grenade/3f2fbc64e7210de136e7eb69aae63f81/raw/{0}/config.yaml' -f $revision) -UseBasicParsing | ConvertFrom-Yaml)."$imageKey";
$exportImageName = ('{0}-{1}-{2}-{3}{4}-{5}.{6}' -f $config.image.os.ToLower().Replace(' ', ''),
$config.image.edition.ToLower(),
$config.image.language.ToLower(),
$config.image.architecture,
$(if ($config.image.gpu) { '-gpu' } else { '' }),
$config.image.type.ToLower(),
$config.image.format.ToLower());
$vhdLocalPath = ('{0}{1}{2}-{3}-{4}' -f $workFolder, ([IO.Path]::DirectorySeparatorChar), $revision.Substring(0, 7), $targetCloudPlatform, $exportImageName);
if (Test-Path -Path $vhdLocalPath -ErrorAction SilentlyContinue) {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('detected existing vhd: {0}, skipping image creation for {1}' -f $vhdLocalPath, $imageKey) -severity 'info';
} else {
$isoLocalPath = ('{0}{1}{2}' -f $workFolder, ([IO.Path]::DirectorySeparatorChar), $config.iso.source.key);
$unattendLocalPath = ('{0}{1}{2}-unattend-{3}-{4}.xml' -f $workFolder, ([IO.Path]::DirectorySeparatorChar), $revision.Substring(0, 7), $targetCloudPlatform, $exportImageName.Replace('.', '-'));
$driversLocalPath = ('{0}{1}{2}-drivers-{3}-{4}' -f $workFolder, ([IO.Path]::DirectorySeparatorChar), $revision.Substring(0, 7), $targetCloudPlatform, $exportImageName.Replace('.', '-'));
$packagesLocalPath = ('{0}{1}{2}-packages-{3}-{4}' -f $workFolder, ([IO.Path]::DirectorySeparatorChar), $revision.Substring(0, 7), $targetCloudPlatform, $exportImageName.Replace('.', '-'));
# https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys
$productKey = (Invoke-WebRequest -Uri ('https://gist.githubusercontent.com/grenade/3f2fbc64e7210de136e7eb69aae63f81/raw/{0}/product-keys.yaml' -f $revision) -UseBasicParsing | ConvertFrom-Yaml)."$($config.image.os)"."$($config.image.edition)";
$drivers = @((Invoke-WebRequest -Uri ('https://gist.githubusercontent.com/grenade/3f2fbc64e7210de136e7eb69aae63f81/raw/{0}/drivers.yaml' -f $revision) -UseBasicParsing | ConvertFrom-Yaml) | ? {
$_.target.os.Contains($config.image.os) -and
$_.target.architecture.Contains($config.image.architecture) -and
$_.target.cloud.Contains($targetCloudPlatform) -and
$_.target.gpu.Contains($config.image.gpu)
});
$unattendCommands = @((Invoke-WebRequest -Uri ('https://gist.githubusercontent.com/grenade/3f2fbc64e7210de136e7eb69aae63f81/raw/{0}/unattend-commands.yaml' -f $revision) -UseBasicParsing | ConvertFrom-Yaml) | ? {
$_.target.os.Contains($config.image.os) -and
$_.target.architecture.Contains($config.image.architecture) -and
$_.target.cloud.Contains($targetCloudPlatform) -and
$_.target.gpu.Contains($config.image.gpu)
});
$packages = @((Invoke-WebRequest -Uri ('https://gist.githubusercontent.com/grenade/3f2fbc64e7210de136e7eb69aae63f81/raw/{0}/packages.yaml' -f $revision) -UseBasicParsing | ConvertFrom-Yaml) | ? {
$_.target.os.Contains($config.image.os) -and
$_.target.architecture.Contains($config.image.architecture) -and
$_.target.cloud.Contains($targetCloudPlatform) -and
$_.target.gpu.Contains($config.image.gpu)
});
$disableWindowsService = @((Invoke-WebRequest -Uri ('https://gist.githubusercontent.com/grenade/3f2fbc64e7210de136e7eb69aae63f81/raw/{0}/disable-windows-service.yaml' -f $revision) -UseBasicParsing | ConvertFrom-Yaml) | ? {
$_.target.os.Contains($config.image.os) -and
$_.target.architecture.Contains($config.image.architecture) -and
$_.target.cloud.Contains($targetCloudPlatform)
} | % { $_.name });
if (-not (Test-Path -Path $isoLocalPath -ErrorAction SilentlyContinue)) {
Get-CloudBucketResource `
-platform $config.iso.source.platform `
-bucket $config.iso.source.bucket `
-key $config.iso.source.key `
-destination $isoLocalPath `
-force;
}
do {
$commands = @($unattendCommands | % { $_.unattend } | % { @{ 'Description' = $_.description; 'CommandLine' = $_.command } }) + @($packages | % { $_.unattend } | % { @{ 'Description' = $_.description; 'CommandLine' = $_.command } });
try {
# todo: set processorArchitecture, computerName, administratorPassword
#-processorArchitecture $(if ($config.image.architecture -eq 'x86-64') { 'amd64' } else { $config.image.architecture }) `
#-computerName '*' `
#-administratorPassword (New-Password) `
New-UnattendFile `
-destinationPath $unattendLocalPath `
-uiLanguage $config.image.language `
-productKey $productKey `
-registeredOwner $config.image.owner `
-registeredOrganization $config.image.organization `
-commands $commands;
} catch {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('exception creating unattend: {0}. retrying... {1}' -f $unattendLocalPath, $_.Exception.Message) -severity 'warn';
}
} until (Test-Path -Path $unattendLocalPath -ErrorAction SilentlyContinue)
Remove-Item -Path $driversLocalPath -Force -Recurse -ErrorAction SilentlyContinue;
foreach ($driver in $drivers) {
$driverLocalPath = ('{0}{1}{2}{3}' -f $driversLocalPath, ([IO.Path]::DirectorySeparatorChar), $driver.name, $(if ($driver.extract) { '.zip' } else { '' }));
try {
$sourceIndex = [int]$driver.sources.Length;
} catch {
$sourceIndex = 1;
}
do {
$source = $driver.sources[(--$sourceIndex)];
if ($source.platform -eq 'url') {
try {
(New-Object Net.WebClient).DownloadFile($source.url, $driverLocalPath);
} catch {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('exception in driver download with Net.WebClient.DownloadFile from url: {0}, to: {1}. {2}' -f $source.url, $driverLocalPath, $_.Exception.Message) -severity 'error';
try {
Invoke-WebRequest -Uri $source.url -OutFile $driverLocalPath -UserAgent [Microsoft.PowerShell.Commands.PSUserAgent]::FireFox
} catch {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('exception in driver download with Invoke-WebRequest from url: {0}, to: {1}. {2}' -f $source.url, $driverLocalPath, $_.Exception.Message) -severity 'error';
}
}
} else {
try {
Get-CloudBucketResource `
-platform $source.platform `
-bucket $source.bucket `
-key $source.key `
-destination $driverLocalPath `
-force;
} catch {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('exception in driver download with Get-CloudBucketResource from bucket: {0}/{1}/{2}, to: {3}. {4}' -f $source.platform, $source.bucket, $source.key, $driverLocalPath, $_.Exception.Message) -severity 'error';
}
}
} until ((Test-Path -Path $driverLocalPath -ErrorAction SilentlyContinue) -or ($sourceIndex -lt 0));
if ($driver.extract) {
Expand-Archive -Path $driverLocalPath -DestinationPath ('{0}{1}{2}' -f $driversLocalPath, ([IO.Path]::DirectorySeparatorChar), $driver.name)
}
}
Convert-WindowsImage `
-verbose:$true `
-SourcePath $isoLocalPath `
-VhdPath $vhdLocalPath `
-VhdFormat $config.image.format `
-VhdType $config.image.type `
-VhdPartitionStyle $config.image.partition `
-Edition $(if ($config.iso.wimindex) { $config.iso.wimindex } else { $config.image.edition }) -UnattendPath $unattendLocalPath `
-Driver @($drivers | % { '{0}{1}{2}' -f $driversLocalPath, ([IO.Path]::DirectorySeparatorChar), $_.infpath }) `
-RemoteDesktopEnable:$true `
-DisableWindowsService $disableWindowsService `
-DisableNotificationCenter:($config.image.os -eq 'Windows 10');
$vhdMountPoint = (Join-Path -Path $workFolder -ChildPath ([System.Guid]::NewGuid().Guid.Substring(24)));
New-Item -Path $vhdMountPoint -ItemType directory -force;
try {
Mount-WindowsImage -ImagePath $vhdLocalPath -Path $vhdMountPoint -Index 1
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('mounted: {0} at mount point: {1}' -f $vhdLocalPath, $vhdMountPoint) -severity 'trace';
} catch {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('failed to mount: {0} at mount point: {1}. {2}' -f $vhdLocalPath, $vhdMountPoint, $_.Exception.Message) -severity 'error';
Dismount-WindowsImage -Path $vhdMountPoint -Save -ErrorAction SilentlyContinue
throw
}
foreach ($package in $packages) {
$packageLocalTempPath = ('{0}{1}{2}{3}' -f $packagesLocalPath, ([IO.Path]::DirectorySeparatorChar), $package.name, $(if (($package.extract) -and (-not $package.savepath.ToLower().EndsWith('.zip'))) { '.zip' } else { '' }));
try {
$sourceIndex = [int]$package.sources.Length;
} catch {
$sourceIndex = 1;
}
do {
$source = $package.sources[(--$sourceIndex)];
if ($source.platform -eq 'url') {
try {
(New-Object Net.WebClient).DownloadFile($source.url, $packageLocalTempPath);
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('downloaded: {0} to: {1} with Net.WebClient.DownloadFile' -f $source.url, $packageLocalTempPath) -severity 'trace';
} catch {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('exception in package download with Net.WebClient.DownloadFile from url: {0}, to: {1}. {2}' -f $source.url, $packageLocalTempPath, $_.Exception.Message) -severity 'error';
try {
Invoke-WebRequest -Uri $source.url -OutFile $packageLocalTempPath -UserAgent [Microsoft.PowerShell.Commands.PSUserAgent]::FireFox
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('downloaded: {0} to: {1} with Invoke-WebRequest' -f $source.url, $packageLocalTempPath) -severity 'trace';
} catch {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('exception in package download with Invoke-WebRequest from url: {0}, to: {1}. {2}' -f $source.url, $packageLocalTempPath, $_.Exception.Message) -severity 'error';
}
}
} else {
try {
Get-CloudBucketResource `
-platform $source.platform `
-bucket $source.bucket `
-key $source.key `
-destination $packageLocalTempPath `
-force;
} catch {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('exception in package download with Get-CloudBucketResource from bucket: {0}/{1}/{2}, to: {3}. {4}' -f $source.platform, $source.bucket, $source.key, $packageLocalTempPath, $_.Exception.Message) -severity 'error';
}
}
} until ((Test-Path -Path $packageLocalTempPath -ErrorAction SilentlyContinue) -or ($sourceIndex -lt 0));
if (Test-Path -Path $packageLocalTempPath -ErrorAction SilentlyContinue) {
$packageLocalMountPath = (Join-Path -Path $vhdMountPoint -ChildPath $package.savepath);
if ($package.extract) {
Expand-Archive -Path $packageLocalTempPath -DestinationPath $packageLocalMountPath;
} else {
Copy-Item -Path $packageLocalTempPath -Destination $packageLocalMountPath
}
} else {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('failed to load image: {0} with package: {1}' -f $exportImageName, $package.savepath) -severity 'warn';
}
}
# dismount the vhd, save it and remove the mount point
try {
Dismount-WindowsImage -Path $vhdMountPoint -Save
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('dismount success for: {0} at mount point: {1}' -f $vhdLocalPath, $vhdMountPoint) -severity 'trace';
} catch {
Write-Log -source ('build-{0}-images' -f $targetCloudPlatform) -message ('failed to dismount: {0} at mount point: {1}. {2}' -f $vhdLocalPath, $vhdMountPoint, $_.Exception.Message) -severity 'error';
throw
} finally {
Remove-Item -Path $vhdMountPoint -Force
}
}
foreach ($target in $config.target) {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('begin image export: {0} to: {1} cloud platform' -f $exportImageName, $target.platform) -severity 'info';
switch ($target.hostname.slug.type) {
'uuid' {
$resourceId = (([Guid]::NewGuid()).ToString().Substring((36 - $target.hostname.slug.length)));
$instanceName = ($target.hostname.format -f $resourceId);
break;
}
default {
$resourceId = (([Guid]::NewGuid()).ToString().Substring(24));
$instanceName = ('vm-{0}' -f $resourceId);
break;
}
}
$osDiskConfig = (@($target.disk | ? { $_.os })[0]);
$tags = @{
'buildRevision' = $revision;
'imageKey' = $imageKey;
'resourceId' = $resourceId;
'sourceIso' = ([System.IO.Path]::GetFileName($config.iso.source.key))
};
foreach ($tag in $target.tag) {
$tags[$tag.name] = $tag.value;
}
New-CloudInstanceFromImageExport `
-platform $target.platform `
-localImagePath $vhdLocalPath `
-targetResourceId $resourceId `
-targetResourceGroupName $target.group `
-targetResourceRegion $target.region `
-targetInstanceCpuCount $target.machine.cpu `
-targetInstanceRamGb $target.machine.ram `
-targetInstanceName $instanceName `
-targetInstanceDiskVariant $osDiskConfig.variant `
-targetInstanceDiskSizeGb $osDiskConfig.size `
-targetInstanceTags $tags `
-targetVirtualNetworkName $target.network.name `
-targetVirtualNetworkAddressPrefix $target.network.prefix `
-targetVirtualNetworkDnsServers $target.network.dns `
-targetSubnetName $target.network.subnet.name `
-targetSubnetAddressPrefix $target.network.subnet.prefix
do {
$azVm = (Get-AzVm -ResourceGroupName $target.group -Name $instanceName -ErrorAction SilentlyContinue);
if ($azVm) {
if (@('Succeeded', 'Failed') -contains $azVm.ProvisioningState) {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('provisioning of vm: {0}, {1}' -f $instanceName, $azVm.ProvisioningState.ToLower()) -severity $(if ($azVm.ProvisioningState -eq 'Succeeded') { 'info' } else { 'error' });
} else {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('provisioning of vm: {0}, in progress with state: {1}' -f $instanceName, $azVm.ProvisioningState.ToLower()) -severity 'trsace';
Start-Sleep -Seconds 60
}
} else {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('provisioning of vm: {0}, failed before it started' -f $instanceName) -severity 'error';
}
} until ((-not $azVm) -or (@('Succeeded', 'Failed') -contains $azVm.ProvisioningState))
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('end image export: {0} to: {1} cloud platform' -f $exportImageName, $target.platform) -severity 'info';
if ($azVm) {
$importImageName = ('{0}-{1}' -f $target.group, $imageKey.Replace(('-{0}' -f $targetCloudPlatform), ''));
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('begin image import: {0} in region: {1}, cloud platform: {2}' -f $importImageName, $target.region, $target.platform) -severity 'info';
(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/azure/userdata/rundsc.ps1', ('{0}\rundsc.ps1' -f $env:Temp));
# the first time occ runs, it renames the instance and reboots
$firstOccTriggerCommandResult = (Invoke-AzVMRunCommand `
-ResourceGroupName $target.group `
-VMName $instanceName `
-CommandId 'RunPowerShellScript' `
-ScriptPath ('{0}\rundsc.ps1' -f $env:Temp)); #-Parameter @{"arg1" = "var1";"arg2" = "var2"}
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('first occ trigger {0} on instance: {1} in region: {2}, cloud platform: {3}' -f $firstOccTriggerCommandResult.Status.ToLower(), $instanceName, $target.region, $target.platform) -severity $(if ($firstOccTriggerCommandResult.Status -eq 'Succeeded') { 'info' } else { 'error' });
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('first occ trigger std out: {0}' -f $firstOccTriggerCommandResult.Value[0].Message) -severity 'debug';
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('first occ trigger std err: {0}' -f $firstOccTriggerCommandResult.Value[1].Message) -severity 'debug';
if ($firstOccTriggerCommandResult.Status -eq 'Succeeded') {
Set-Content -Path ('{0}\computername.ps1' -f $env:Temp) -Value '$env:ComputerName';
$echoHostnameCommandOutput = '';
do {
$echoHostnameResult = (Invoke-AzVMRunCommand `
-ResourceGroupName $target.group `
-VMName $instanceName `
-CommandId 'RunPowerShellScript' `
-ScriptPath ('{0}\computername.ps1' -f $env:Temp) `
-ErrorAction SilentlyContinue);
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('echo hostname {0} on instance: {1} in region: {2}, cloud platform: {3}' -f $echoHostnameResult.Status.ToLower(), $instanceName, $target.region, $target.platform) -severity $(if ($echoHostnameResult.Status -eq 'Succeeded') { 'info' } else { 'error' });
if ($echoHostnameResult.Value) {
$echoHostnameCommandOutput = $echoHostnameResult.Value[0].Message;
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('echo hostname std out: {0}' -f $echoHostnameResult.Value[0].Message) -severity 'debug';
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('echo hostname std err: {0}' -f $echoHostnameResult.Value[1].Message) -severity 'debug';
} else {
Write-Log -source ('build-{0}-images' -f $target.platform) -message 'echo hostname command did not return a value' -severity 'debug';
}
if ($echoHostnameCommandOutput -match $instanceName) {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('host rename to: {0}, detected' -f $instanceName) -severity 'debug';
} else {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('awaiting host rename to: {0}' -f $instanceName) -severity 'debug';
Start-Sleep -Seconds 30;
}
} until ($echoHostnameCommandOutput -match $instanceName)
Remove-Item -Path ('{0}\computername.ps1' -f $env:Temp);
# todo: validate that the instance rebooted after the host rename.
# the second time occ runs, it invokes dsc
$secondOccTriggerCommandResult = (Invoke-AzVMRunCommand `
-ResourceGroupName $target.group `
-VMName $instanceName `
-CommandId 'RunPowerShellScript' `
-ScriptPath ('{0}\rundsc.ps1' -f $env:Temp));
Remove-Item -Path ('{0}\rundsc.ps1' -f $env:Temp);
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('seccond occ trigger {0} on instance: {1} in region: {2}, cloud platform: {3}' -f $secondOccTriggerCommandResult.Status.ToLower(), $instanceName, $target.region, $target.platform) -severity $(if ($secondOccTriggerCommandResult.Status -eq 'Succeeded') { 'info' } else { 'error' });
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('seccond occ trigger std out: {0}' -f $secondOccTriggerCommandResult.Value[0].Message) -severity 'debug';
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('seccond occ trigger std err: {0}' -f $secondOccTriggerCommandResult.Value[1].Message) -severity 'debug';
if ($secondOccTriggerCommandResult.Status -eq 'Succeeded') {
Set-Content -Path ('{0}\dirdsc.ps1' -f $env:Temp) -Value 'Get-ChildItem -Path "C:\dsc"';
$dirDscCommandOutput = '';
do {
$dirDscResult = (Invoke-AzVMRunCommand `
-ResourceGroupName $target.group `
-VMName $instanceName `
-CommandId 'RunPowerShellScript' `
-ScriptPath ('{0}\dirdsc.ps1' -f $env:Temp) `
-ErrorAction SilentlyContinue);
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('dir dsc {0} on instance: {1} in region: {2}, cloud platform: {3}' -f $dirDscResult.Status.ToLower(), $instanceName, $target.region, $target.platform) -severity $(if ($dirDscResult.Status -eq 'Succeeded') { 'info' } else { 'error' });
if ($dirDscResult.Value) {
$dirDscCommandOutput = $dirDscResult.Value[0].Message;
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('dir dsc std out: {0}' -f $dirDscResult.Value[0].Message) -severity 'debug';
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('dir dsc std err: {0}' -f $dirDscResult.Value[1].Message) -severity 'debug';
} else {
Write-Log -source ('build-{0}-images' -f $target.platform) -message 'dir dsc command did not return a value' -severity 'debug';
}
if ($dirDscCommandOutput -match 'task-claim-state.valid') {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('occ completion on: {0}, detected' -f $instanceName) -severity 'debug';
} else {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('awaiting occ completion on: {0}' -f $instanceName) -severity 'debug';
Start-Sleep -Seconds 30;
}
} until ($dirDscCommandOutput -match 'task-claim-state.valid')
Remove-Item -Path ('{0}\dirdsc.ps1' -f $env:Temp);
New-CloudImageFromInstance `
-platform $target.platform `
-resourceGroupName $target.group `
-region $target.region `
-instanceName $instanceName `
-imageName $importImageName;
$azVm = (Get-AzVm `
-ResourceGroupName $target.group `
-Name $instanceName `
-Status `
-ErrorAction SilentlyContinue);
$azImage = (Get-AzImage `
-ResourceGroupName $target.group `
-ImageName $importImageName `
-ErrorAction SilentlyContinue);
if ($azImage) {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('image: {0}, creation appears successful in region: {1}, cloud platform: {2}' -f $importImageName, $target.region, $target.platform) -severity 'info';
if (($azVm) -and (@($azVm.Statuses | ? { ($_.Code -eq 'OSState/generalized') -or ($_.Code -eq 'PowerState/deallocated') }).Length -eq 2)) {
Remove-AzVm `
-ResourceGroupName $target.group `
-Name $instanceName `
-Force;
}
} else {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('image: {0}, creation appears unsuccessful in region: {1}, cloud platform: {2}' -f $importImageName, $target.region, $target.platform) -severity 'info';
}
}
}
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('end image import: {0} in region: {1}, cloud platform: {2}' -f $importImageName, $target.region, $target.platform) -severity 'info';
} else {
Write-Log -source ('build-{0}-images' -f $target.platform) -message ('skipped image import: {0} in region: {1}, cloud platform: {2}' -f $importImageName, $target.region, $target.platform) -severity 'info';
}
Invoke-Expression (New-Object Net.WebClient).DownloadString(('https://gist.githubusercontent.com/grenade/3f2fbc64e7210de136e7eb69aae63f81/raw/purge-orphaned-resources.ps1?{0}' -f [Guid]::NewGuid()));
}
}
Raw
config.yaml
---
win7-32-azure:
image:
os: Windows 7
edition: Professional
language: en-US
architecture: x86
gpu: false
owner: Mozilla RelOps
organization: Mozilla Corporation
partition: MBR
format: VHD
type: Fixed
iso:
source:
platform: amazon
bucket: windows-ami-builder
key: iso/en_windows_7_professional_with_sp1_x86_dvd_u_677056.iso
wimindex: 5
target:
- platform: azure
group: rg-west-us-gecko-t
region: West US
hostname:
format: vm-{0}
slug:
type: uuid
length: 12
machine:
cpu: 2
ram: 8
disk:
- os: true
source: windows7-professional-en-us-x86
variant: ssd
size: 64
network:
name: vn-west-us-gecko-t
prefix: '10.0.0.0/16'
dns:
- '1.1.1.1'
- '1.0.0.1'
subnet:
name: sn-west-us-gecko-t
prefix: '10.0.4.0/24'
flow:
name: nsg-west-us-gecko-t
rules:
- name: allow-rdp
description: 'allow: inbound tcp connections, for: rdp, from: whitelist, to: any host, on port: 3389'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 110
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 3389
- name: allow-ssh
description: 'allow: inbound tcp connections, for: ssh, from: whitelist, to: any host, on port: 22'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 111
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 22
tag:
- name: workerType
value: gecko-t-win7-32-azure
- name: sourceOrganisation
value: mozilla-releng
- name: sourceRepository
value: OpenCloudConfig
- name: sourceRevision
value: azure
win7-32-gpu-azure:
image:
os: Windows 7
edition: Professional
language: en-US
architecture: x86
gpu: true
owner: Mozilla RelOps
organization: Mozilla Corporation
partition: MBR
format: VHD
type: Fixed
iso:
source:
platform: amazon
bucket: windows-ami-builder
key: iso/en_windows_7_professional_with_sp1_x86_dvd_u_677056.iso
wimindex: 5
target:
- platform: azure
group: rg-west-us-gecko-t
region: West US
hostname:
format: vm-{0}
slug:
type: uuid
length: 12
machine:
cpu: 2
ram: 8
disk:
- os: true
source: windows7-professional-en-us-x86
variant: ssd
size: 64
network:
name: vn-west-us-gecko-t
prefix: '10.0.0.0/16'
dns:
- '1.1.1.1'
- '1.0.0.1'
subnet:
name: sn-west-us-gecko-t
prefix: '10.0.4.0/24'
flow:
name: nsg-west-us-gecko-t
rules:
- name: allow-rdp
description: 'allow: inbound tcp connections, for: rdp, from: whitelist, to: any host, on port: 3389'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 110
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 3389
- name: allow-ssh
description: 'allow: inbound tcp connections, for: ssh, from: whitelist, to: any host, on port: 22'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 111
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 22
tag:
- name: workerType
value: gecko-t-win7-32-azure
- name: sourceOrganisation
value: mozilla-releng
- name: sourceRepository
value: OpenCloudConfig
- name: sourceRevision
value: azure
win10-64-azure:
image:
os: Windows 10
edition: Professional
language: en-US
architecture: x86-64
gpu: false
owner: Mozilla RelOps
organization: Mozilla Corporation
partition: MBR
format: VHD
type: Fixed
iso:
source:
platform: amazon
bucket: windows-ami-builder
key: iso/en_windows_10_business_editions_version_1903_updated_sept_2019_x64_dvd_a10b235d.iso
wimindex: 5
target:
- platform: azure
group: rg-west-us-gecko-t
region: West US
hostname:
format: vm-{0}
slug:
type: uuid
length: 12
machine:
cpu: 2
ram: 8
disk:
- os: true
source: windows10-professional-en-us-x86-64
variant: ssd
size: 64
network:
name: vn-west-us-gecko-t
prefix: '10.0.0.0/16'
dns:
- '1.1.1.1'
- '1.0.0.1'
subnet:
name: sn-west-us-gecko-t
prefix: '10.0.4.0/24'
flow:
name: nsg-west-us-gecko-t
rules:
- name: allow-rdp
description: 'allow: inbound tcp connections, for: rdp, from: whitelist, to: any host, on port: 3389'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 110
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 3389
- name: allow-ssh
description: 'allow: inbound tcp connections, for: ssh, from: whitelist, to: any host, on port: 22'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 111
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 22
tag:
- name: workerType
value: gecko-t-win10-64-azure
- name: sourceOrganisation
value: mozilla-releng
- name: sourceRepository
value: OpenCloudConfig
- name: sourceRevision
value: azure
win10-64-gpu-azure:
image:
os: Windows 10
edition: Professional
language: en-US
architecture: x86-64
gpu: true
owner: Mozilla RelOps
organization: Mozilla Corporation
partition: MBR
format: VHD
type: Fixed
iso:
source:
platform: amazon
bucket: windows-ami-builder
key: iso/en_windows_10_business_editions_version_1903_updated_sept_2019_x64_dvd_a10b235d.iso
wimindex: 5
target:
- platform: azure
group: rg-west-us-gecko-t
region: West US
hostname:
format: vm-{0}
slug:
type: uuid
length: 12
machine:
cpu: 2
ram: 8
disk:
- os: true
source: windows10-professional-en-us-x86-64-gpu
variant: ssd
size: 64
network:
name: vn-west-us-gecko-t
prefix: '10.0.0.0/16'
dns:
- '1.1.1.1'
- '1.0.0.1'
subnet:
name: sn-west-us-gecko-t
prefix: '10.0.4.0/24'
flow:
name: nsg-west-us-gecko-t
rules:
- name: allow-rdp
description: 'allow: inbound tcp connections, for: rdp, from: whitelist, to: any host, on port: 3389'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 110
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 3389
- name: allow-ssh
description: 'allow: inbound tcp connections, for: ssh, from: whitelist, to: any host, on port: 22'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 111
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 22
tag:
- name: workerType
value: gecko-t-win10-64-gpu-azure
- name: sourceOrganisation
value: mozilla-releng
- name: sourceRepository
value: OpenCloudConfig
- name: sourceRevision
value: azure
win2012-azure:
image:
os: Windows Server 2012 R2
edition: Datacenter
language: en-US
architecture: x86-64
gpu: false
owner: Mozilla RelOps
organization: Mozilla Corporation
partition: MBR
format: VHD
type: Fixed
iso:
source:
platform: amazon
bucket: windows-ami-builder
key: iso/en_windows_server_2012_r2_with_update_x64_dvd_6052708.iso
wimindex: 4
target:
- platform: azure
group: rg-west-us-gecko-1
region: West US
hostname:
format: vm-{0}
slug:
type: uuid
length: 12
machine:
cpu: 2
ram: 8
disk:
- os: true
source: windowsserver2012r2-datacenter-en-us-x86-64
variant: ssd
size: 64
network:
name: vn-west-us-gecko-1
prefix: '10.0.0.0/16'
dns:
- '1.1.1.1'
- '1.0.0.1'
subnet:
name: sn-west-us-gecko-1
prefix: '10.0.1.0/24'
flow:
name: nsg-west-us-gecko-1
rules:
- name: allow-rdp
description: 'allow: inbound tcp connections, for: rdp, from: whitelist, to: any host, on port: 3389'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 110
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 3389
- name: allow-ssh
description: 'allow: inbound tcp connections, for: ssh, from: whitelist, to: any host, on port: 22'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 111
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 22
tag:
- name: workerType
value: gecko-1-b-win2012-azure
- name: sourceOrganisation
value: mozilla-releng
- name: sourceRepository
value: OpenCloudConfig
- name: sourceRevision
value: azure
win2019-azure:
image:
os: Windows Server 2019
edition: Datacenter
language: en-US
architecture: x86-64
gpu: false
owner: Mozilla RelOps
organization: Mozilla Corporation
partition: MBR
format: VHD
type: Fixed
iso:
source:
platform: amazon
bucket: windows-ami-builder
key: iso/en_windows_server_2019_updated_sept_2019_x64_dvd_199664ce.iso
wimindex: 4
target:
- platform: azure
group: rg-west-us-relops
region: West US
hostname:
format: vm-{0}
slug:
type: uuid
length: 12
machine:
cpu: 2
ram: 8
disk:
- os: true
source: windowsserver2019-datacenter-en-us-x86-64
variant: ssd
size: 64
network:
name: vn-west-us-relops
prefix: '10.0.0.0/16'
dns:
- '1.1.1.1'
- '1.0.0.1'
subnet:
name: sn-west-us-relops
prefix: '10.0.6.0/24'
flow:
name: nsg-west-us-relops
rules:
- name: allow-rdp
description: 'allow: inbound tcp connections, for: rdp, from: whitelist, to: any host, on port: 3389'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 110
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 3389
- name: allow-ssh
description: 'allow: inbound tcp connections, for: ssh, from: whitelist, to: any host, on port: 22'
access: Allow
Protocol: Tcp
Direction: Inbound
Priority: 111
SourceAddressPrefix:
- 185.189.196.216
SourcePortRange: '*'
DestinationAddressPrefix: '*'
DestinationPortRange: 22
tag:
- name: workerType
value: relops-win2019-azure
- name: sourceOrganisation
value: mozilla-releng
- name: sourceRepository
value: OpenCloudConfig
- name: sourceRevision
value: azure
Raw
disable-windows-service.yaml
---
- name: SecurityHealthService
target:
cloud:
- amazon
- azure
- google
os:
- Windows 10
architecture:
- x86
- x86-64
- name: Sense
target:
cloud:
- amazon
- azure
- google
os:
- Windows 10
architecture:
- x86
- x86-64
- name: WdBoot
target:
cloud:
- amazon
- azure
- google
os:
- Windows 10
architecture:
- x86
- x86-64
- name: WdFilter
target:
cloud:
- amazon
- azure
- google
os:
- Windows 10
architecture:
- x86
- x86-64
- name: WdNisDrv
target:
cloud:
- amazon
- azure
- google
os:
- Windows 10
architecture:
- x86
- x86-64
- name: WdNisSvc
target:
cloud:
- amazon
- azure
- google
os:
- Windows 10
architecture:
- x86
- x86-64
- name: WinDefend
target:
cloud:
- amazon
- azure
- google
os:
- Windows 10
architecture:
- x86
- x86-64
- name: wscsvc
target:
cloud:
- amazon
- azure
- google
os:
- Windows 10
architecture:
- x86
- x86-64
Raw
drivers.yaml
---
- name: xenbus
infpath: xenbus
extract: true
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: driver/aws-pv/xenbus.zip
- name: xeniface
infpath: xeniface
extract: true
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: driver/aws-pv/xeniface.zip
- name: xennet
infpath: xennet
extract: true
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: driver/aws-pv/xennet.zip
- name: xenvbd
infpath: xenvbd
extract: true
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: driver/aws-pv/xenvbd.zip
- name: xenvif
infpath: xenvif
extract: true
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: driver/aws-pv/xenvif.zip
- name: AwsEnaNetworkDriver
infpath: "AwsEnaNetworkDriver\bin.10.0"
extract: true
target:
cloud:
- amazon
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: driver/AwsEnaNetworkDriver.zip
- name: 391.81_grid_win10_server2016_64bit_international
infpath: 391.81_grid_win10_server2016_64bit_international
extract: true
target:
cloud:
- amazon
- google
os:
- Windows 10
- Windows Server 2016
architecture:
- x86-64
gpu:
- true
sources:
- platform: amazon
bucket: windows-ami-builder
key: driver/391.81_grid_win10_server2016_64bit_international.zip
Raw
packages.yaml
---
- name: StackdriverLogging-v1-9.exe
savepath: Windows\Temp\StackdriverLogging-v1-9.exe
unattend:
- description: install stackdriver
command: cmd /c start /wait C:\Windows\Temp\StackdriverLogging-v1-9.exe /S
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: package/StackdriverLogging-v1-9.exe
- name: nxlog-ce.msi
savepath: Windows\Temp\nxlog-ce.msi
unattend:
- description: install nxlog
command: cmd /c start /wait msiexec /i C:\Windows\Temp\nxlog-ce.msi /quiet
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: package/nxlog-ce-2.10.2150.msi
- platform: google
bucket: windows-ami-builder
key: package/nxlog-ce-2.10.2150.msi
- platform: azure
bucket: windows-ami-builder
key: package/nxlog-ce-2.10.2150.msi
- platform: url
url: https://nxlog.co/system/files/products/files/348/nxlog-ce-2.10.2150.msi
- platform: url
url: https://mmimagebuilder.blob.core.windows.net/windows-ami-builder/package/nxlog-ce-2.10.2150.msi
- name: papertrail-bundle.pem
savepath: Windows\Temp\papertrail-bundle.pem
unattend:
- description: install papertrail certificate
command: cmd /c move /y C:\Windows\Temp\papertrail-bundle.pem "C:\Program Files\nxlog\cert\papertrail-bundle.pem"
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
architecture:
- x86
gpu:
- true
- false
sources:
- platform: url
url: https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/master/userdata/Configuration/nxlog/papertrail-bundle.pem
- name: papertrail-bundle.pem
savepath: Windows\Temp\papertrail-bundle.pem
unattend:
- description: install papertrail certificate
command: cmd /c move /y C:\Windows\Temp\papertrail-bundle.pem "C:\Program Files (x86)\nxlog\cert\papertrail-bundle.pem"
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: url
url: https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/master/userdata/Configuration/nxlog/papertrail-bundle.pem
- name: nxlog.conf
savepath: Windows\Temp\nxlog.conf
unattend:
- description: stop nxlog service
command: cmd /c net stop nxlog
- description: install nxlog configuration
command: cmd /c set COPYCMD=/Y && move /y C:\Windows\Temp\nxlog.conf "C:\Program Files\nxlog\conf\nxlog.conf"
- description: start nxlog service
command: cmd /c net start nxlog
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
architecture:
- x86
gpu:
- true
- false
sources:
- platform: url
url: https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/azure/userdata/Configuration/nxlog/win7.conf
- name: nxlog.conf
savepath: Windows\Temp\nxlog.conf
unattend:
- description: stop nxlog service
command: cmd /c net stop nxlog
- description: install nxlog configuration
command: cmd /c set COPYCMD=/Y && move /y C:\Windows\Temp\nxlog.conf "C:\Program Files (x86)\nxlog\conf\nxlog.conf"
- description: start nxlog service
command: cmd /c net start nxlog
target:
cloud:
- amazon
- azure
- google
os:
- Windows 10
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: url
url: https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/azure/userdata/Configuration/nxlog/win10.conf
- name: nxlog.conf
savepath: Windows\Temp\nxlog.conf
unattend:
- description: stop nxlog service
command: cmd /c net stop nxlog
- description: install nxlog configuration
command: cmd /c set COPYCMD=/Y && move /y C:\Windows\Temp\nxlog.conf "C:\Program Files (x86)\nxlog\conf\nxlog.conf"
- description: start nxlog service
command: cmd /c net start nxlog
target:
cloud:
- amazon
- azure
- google
os:
- Windows Server 2012 R2
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: url
url: https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/azure/userdata/Configuration/nxlog/win2012.conf
- name: nxlog.conf
savepath: Windows\Temp\nxlog.conf
unattend:
- description: stop nxlog service
command: cmd /c net stop nxlog
- description: install nxlog configuration
command: cmd /c set COPYCMD=/Y && move /y C:\Windows\Temp\nxlog.conf "C:\Program Files (x86)\nxlog\conf\nxlog.conf"
- description: start nxlog service
command: cmd /c net start nxlog
target:
cloud:
- amazon
- azure
- google
os:
- Windows Server 2016
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: url
url: https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/azure/userdata/Configuration/nxlog/win2016.conf
- name: nxlog.conf
savepath: Windows\Temp\nxlog.conf
unattend:
- description: stop nxlog service
command: cmd /c net stop nxlog
- description: install nxlog configuration
command: cmd /c set COPYCMD=/Y && move /y C:\Windows\Temp\nxlog.conf "C:\Program Files (x86)\nxlog\conf\nxlog.conf"
- description: start nxlog service
command: cmd /c net start nxlog
target:
cloud:
- amazon
- azure
- google
os:
- Windows Server 2019
architecture:
- x86-64
gpu:
- true
- false
sources:
- platform: url
url: https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/azure/userdata/Configuration/nxlog/win2019.conf
- name: EC2Install.zip
savepath: Windows\Temp
unattend:
- description: install ec2config
command: cmd /c start /wait C:\Windows\Temp\Ec2Install.exe /quiet
extract: true
target:
cloud:
- amazon
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: package/EC2Install.zip
- name: Ec2ConfigurationSettings.xml
savepath: Windows\Temp\Ec2ConfigurationSettings.xml
unattend:
- description: install ec2config configuration
command: cmd /c move /y C:\Windows\Temp\Ec2ConfigurationSettings.xml "C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml"
target:
cloud:
- amazon
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: config/Ec2ConfigurationSettings.xml
- name: WallpaperSettings.xml
savepath: Windows\Temp\WallpaperSettings.xml
unattend:
- description: install ec2 wallpaper configuration
command: cmd /c move /y C:\Windows\Temp\Ec2ConfigurationSettings.xml "C:\Program Files\Amazon\Ec2ConfigService\Settings\WallpaperSettings.xml"
target:
cloud:
- amazon
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: config/WallpaperSettings.xml
- name: WindowsAzureVmAgent.msi
savepath: Windows\Temp\WindowsAzureVmAgent.msi
unattend:
- description: install azure agent
command: cmd /c start /wait msiexec /i C:\Windows\Temp\WindowsAzureVmAgent.msi /quiet
target:
cloud:
- azure
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: package/WindowsAzureVmAgent.2.7.41491.949_191001-1418.fre.msi
- platform: google
bucket: windows-ami-builder
key: package/WindowsAzureVmAgent.2.7.41491.949_191001-1418.fre.msi
- platform: azure
bucket: windows-ami-builder
key: package/WindowsAzureVmAgent.2.7.41491.949_191001-1418.fre.msi
- platform: url
url: https://mmimagebuilder.blob.core.windows.net/windows-ami-builder/package/WindowsAzureVmAgent.2.7.41491.949_191001-1418.fre.msi
- platform: url
url: https://go.microsoft.com/fwlink/?LinkID=394789
- platform: url
url: https://download.microsoft.com/download/3/4/3/3437907D-745F-46EF-8116-7FC025BBEBDB/WindowsAzureVmAgent.2.7.41491.949_191001-1418.fre.msi
- name: psget-modules.zip
savepath: Windows\System32\WindowsPowerShell\v1.0\Modules
unattend: []
extract: true
target:
cloud:
- amazon
- azure
- google
os:
- Windows Server 2012 R2
architecture:
- x86
- x86-64
gpu:
- true
- false
sources:
- platform: amazon
bucket: windows-ami-builder
key: package/psget-modules.zip
- name: OpenCloudConfig
savepath: Windows\Temp\rundsc.ps1
unattend:
- description: create log folder
command: cmd /c mkdir C:\log
- description: create dsc folder
command: cmd /c mkdir C:\dsc
- description: install occ trigger script
command: cmd /c move /y C:\Windows\Temp\rundsc.ps1 C:\dsc\rundsc.ps1
- description: create occ scheduled task
command: cmd /c start /wait schtasks /create /tn RunDesiredStateConfigurationAtStartup /sc onstart /ru SYSTEM /rl HIGHEST /tr "powershell -NoLogo -NoProfile -WindowStyle Hidden -File C:\dsc\rundsc.ps1 -ExecutionPolicy RemoteSigned -ConsoleOutputFile C:\dsc\rundsc-run.log" /f
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86
- x86-64
gpu:
- true
- false
sources:
- platform: url
url: https://raw.githubusercontent.com/mozilla-releng/OpenCloudConfig/azure/userdata/rundsc.ps1
Raw
product-keys.yaml
---
Windows 7:
Enterprise: 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
Professional: FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
Windows 8.1:
Enterprise: MHF9N-XY6XB-WVXMC-BTDCT-MKKG7
Professional: GCRJD-8NW9H-F2CDX-CCM8D-9D6T9
Windows 10:
Enterprise: NPPR9-FWDCX-D2C8J-H872K-2YT43
Professional: W269N-WFGWX-YVC9B-4J6C9-T83GX
Windows Server 2012 R2:
Datacenter: W3GGN-FT8W3-Y4M27-J84CP-Q3VJ9
Standard: D2N9P-3P6X9-2R39C-7RTCD-MDVJX
Windows Server 2016:
Datacenter: CB7KF-BWN84-R7R2Y-793K2-8XDDG
Standard: WC2BQ-8NRM3-FDDYY-2BFGV-KHKQY
Windows Server 2019:
Datacenter: WMDGN-G9PQG-XVVXX-R3X43-63DFG
Standard: N69G4-B89J2-4G8F4-WWYCC-J464C
Windows Server:
Datacenter: 6NMRW-2C8FM-D24W7-TQWMY-CWH2D
Standard: N2KJX-J94YW-TQVFB-DG9YT-724CC
Raw
purge-orphaned-resources.ps1
# usage:
# Invoke-Expression (New-Object Net.WebClient).DownloadString(('https://gist.githubusercontent.com/grenade/3f2fbc64e7210de136e7eb69aae63f81/raw/purge-orphaned-resources.ps1?{0}' -f [Guid]::NewGuid()))
$deallocatedAzVms = @(Get-AzVm -Status | ? { $_.PowerState -eq 'Provisioning succeeded' } | % { (Get-AzVm -Name $_.Name -ResourceGroupName $_.ResourceGroupName -Status) | ? { $_.Statuses -and $_.Statuses[2].Code -match 'deallocated' } });
Write-Output -InputObject ('removing {0} deallocated AzVm objects' -f $deallocatedAzVms.Length);
foreach ($deallocatedAzVm in $deallocatedAzVms) {
Write-Output -InputObject ('removing deallocated AzVm {0} / {1}' -f $deallocatedAzVm.ResourceGroupName, $deallocatedAzVm.Name);
$deallocatedAzVm | Remove-AzVm -Force;
}
$orphanedAzNetworkInterfaces = @(Get-AzNetworkInterface | ? { $_.VirtualMachine -eq $null });
Write-Output -InputObject ('removing {0} orphaned AzNetworkInterface objects' -f $orphanedAzNetworkInterfaces.Length);
foreach ($orphanedAzNetworkInterface in $orphanedAzNetworkInterfaces) {
Write-Output -InputObject ('removing orphaned AzNetworkInterface {0} / {1} / {2}' -f $orphanedAzNetworkInterface.Location, $orphanedAzNetworkInterface.ResourceGroupName, $orphanedAzNetworkInterface.Name);
$orphanedAzNetworkInterface | Remove-AzNetworkInterface -Force;
}
$orphanedAzPublicIpAddresses = @(Get-AzPublicIpAddress | ? { $_.IpAddress -eq 'Not Assigned' });
Write-Output -InputObject ('removing {0} orphaned AzPublicIpAddress objects' -f $orphanedAzPublicIpAddresses.Length);
foreach ($orphanedAzPublicIpAddress in $orphanedAzPublicIpAddresses) {
Write-Output -InputObject ('removing orphaned AzPublicIpAddress {0} / {1} / {2}' -f $orphanedAzPublicIpAddress.Location, $orphanedAzPublicIpAddress.ResourceGroupName, $orphanedAzPublicIpAddress.Name);
$orphanedAzPublicIpAddress | Remove-AzPublicIpAddress -Force;
}
$orphanedAzNetworkSecurityGroups = @(Get-AzNetworkSecurityGroup | ? { -not $_.NetworkInterFaces });
Write-Output -InputObject ('removing {0} orphaned AzNetworkSecurityGroup objects' -f $orphanedAzNetworkSecurityGroups.Length);
foreach ($orphanedAzNetworkSecurityGroup in $orphanedAzNetworkSecurityGroups) {
Write-Output -InputObject ('removing orphaned AzNetworkSecurityGroup {0} / {1} / {2}' -f $orphanedAzNetworkSecurityGroup.Location, $orphanedAzNetworkSecurityGroup.ResourceGroupName, $orphanedAzNetworkSecurityGroup.Name);
$orphanedAzNetworkSecurityGroup | Remove-AzNetworkSecurityGroup -Force;
}
$orphanedAzVirtualNetworks = @(Get-AzVirtualNetwork | ? { (-not $_.Subnets) -or (-not $_.Subnets[0].IpConfigurations) });
Write-Output -InputObject ('removing {0} orphaned AzVirtualNetwork objects' -f $orphanedAzVirtualNetworks.Length);
foreach ($orphanedAzVirtualNetwork in $orphanedAzVirtualNetworks) {
Write-Output -InputObject ('removing orphaned AzVirtualNetwork {0} / {1} / {2}' -f $orphanedAzVirtualNetwork.Location, $orphanedAzVirtualNetwork.ResourceGroupName, $orphanedAzVirtualNetwork.Name);
foreach ($orphanedAzVirtualNetworkSubnetConfig in $orphanedAzVirtualNetwork.Subnets) {
Write-Output -InputObject ('skipped removing orphaned AzVirtualNetworkSubnetConfig {0}' -f $orphanedAzVirtualNetworkSubnetConfig.Name);
#Remove-AzVirtualNetworkSubnetConfig -Name $orphanedAzVirtualNetworkSubnetConfig.Name -VirtualNetwork $orphanedAzVirtualNetwork;
}
$orphanedAzVirtualNetwork | Remove-AzVirtualNetwork -Force;
}
$orphanedAzDisks = @(Get-AzDisk | ? { $_.DiskState -eq 'Unattached' });
Write-Output -InputObject ('removing {0} orphaned AzDisk objects' -f $orphanedAzDisks.Length);
foreach ($orphanedAzDisk in $orphanedAzDisks) {
Write-Output -InputObject ('removing orphaned AzDisk {0} / {1} / {2}' -f $orphanedAzDisk.Location, $orphanedAzDisk.ResourceGroupName, $orphanedAzDisk.Name);
$orphanedAzDisk | Remove-AzDisk -Force;
}
Raw
unattend-commands.yaml
---
- unattend:
- description: enable remote desktop firewall exception
command: cmd /c start /wait C:\Windows\System32\netsh.exe advfirewall firewall set rule group="remote desktop" new enable=yes
target:
cloud:
- amazon
- azure
- google
os:
- Windows 7
- Windows 8.1
- Windows 10
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server
architecture:
- x86
- x86-64
gpu:
- true
- false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment