Skip to content

Instantly share code, notes, and snippets.

@jamiegs
Forked from mefellows/BundleConfig.ps1
Created July 1, 2016 19:16
Show Gist options
  • Save jamiegs/a0be9125cdb668fd19e56127c113a49d to your computer and use it in GitHub Desktop.
Save jamiegs/a0be9125cdb668fd19e56127c113a49d to your computer and use it in GitHub Desktop.
Sysprepped Windows AMI using Packer
$EC2SettingsFile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Settings\\BundleConfig.xml"
$xml = [xml](get-content $EC2SettingsFile)
$xmlElement = $xml.get_DocumentElement()
foreach ($element in $xmlElement.Property)
{
if ($element.Name -eq "AutoSysprep")
{
$element.Value="Yes"
}
}
$xml.Save($EC2SettingsFile)
<powershell>
write-output "Running User Data Script"
write-host "(host) Running User Data Script"
# TODO: User should replace password here with something random. Even better, implement over SSL: https://github.com/packer-community/packer-windows-plugins/issues/30
# Also note, this user should be removed in Cfn Init
cmd.exe /c net user /add vagrant FooBar@123
cmd.exe /c net localgroup administrators vagrant /add
Set-ExecutionPolicy -ExecutionPolicy bypass -Force
# RDP
cmd.exe /c netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389
cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm quickconfig '-transport:http'
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="512"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTP" '@{Port="5985"}'
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE
</powershell>
$EC2SettingsFile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Settings\\Config.xml"
$xml = [xml](get-content $EC2SettingsFile)
$xmlElement = $xml.get_DocumentElement()
$xmlElementToModify = $xmlElement.Plugins
$enableElements = "Ec2SetPassword", `
"Ec2SetComputerName", `
"Ec2HandleUserData", `
"Ec2DynamicBootVolumeSize"
$xmlElementToModify.Plugin | Where-Object {$enableElements -contains $_.name} | Foreach-Object {$_.State="Enabled"}
$xml.Save($EC2SettingsFile)
{
"variables": {
"build_version": "1.0.1",
"base_ami":"ami-3a3b1d52",
"user":"vagrant",
"password":"FooBar@123",
"instance_type":"t2.small",
"vpc_id":"",
"subnet_id":""
},
"builders": [
{
"type": "amazon-windows-ebs",
"name": "base-ami",
"region": "us-east-1",
"source_ami": "{{user `base_ami`}}",
"instance_type": "{{user `instance_type`}}",
"ami_name": "sysprep-windows-{{user `build_version`}}",
"user_data_file":"./scripts/ec2-bootstrap.ps1",
"associate_public_ip_address":true,
"winrm_username": "{{user `user`}}",
"winrm_password": "{{user `password`}}",
"winrm_wait_timeout": "20m",
"winrm_private_ip": false,
"winrm_port":5985,
"vpc_id": "{{user `vpc_id`}}",
"subnet_id": "{{user `subnet_id`}}"
}
],
"provisioners": [
{
"type":"powershell",
"scripts": [
"./scripts/Ec2Config.ps1",
"./scripts/BundleConfig.ps1"
]
}
]
}
PACKER_LOG=1 PACKER_LOG_PATH=./packer.log packer build --var vpc_id=vpc-12345678 --var subnet_id=subnet-12345678 amazon-sysprep.json
@jamiegs
Copy link
Author

jamiegs commented Jul 1, 2016

Made EC2Config.ps1 more DRY and added Ec2DynamicBootVolumeSize so drives will be resized

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment