Skip to content

Instantly share code, notes, and snippets.

@lantrix

lantrix/dsc-test-environment-AWS.ps1

Last active September 24, 2015 08:50
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save lantrix/f1989b17f95eee771325 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save lantrix/f1989b17f95eee771325 to your computer and use it in GitHub Desktop.
Download ZIP
Create an empty Windows Server in existing AWS VPC/Subnet - for Sample environment http://www.systemcentercentral.com/day-1-intro-to-powershell-dsc-and-configuring-your-first-pull-server/
Raw
dsc-test-environment-AWS.ps1
#PEM Key for password decrypt
$PEM = "$HOME\MyKey.pem"
$KeyName = "MyKey"
#EC2 Bootstrap
$EC2UserData = Get-Content "$HOME\ec2-user-data.ps1"
#Userdata has to be base64 encoded
$EC2UserDataBase64Encoded = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($EC2UserData))
#Get Existing EC2 resources
$VPC = (Get-EC2Vpc -Filters @{Name = 'tag:Name'; Values = 'Direct Connect VPC'}).VpcId
$Subnet = (Get-EC2Subnet -Filters @{Name = 'tag:Name'; Values = 'InfrastructureAZa'}).SubnetId
$AMI = (Get-EC2Image -Filters @{Name = 'name'; Values = 'Windows_Server-2012-R2_RTM-English-64Bit-Base*'})[0].ImageId
#Create Security Group
$secgrp = New-EC2SecurityGroup -Description "DSC Testing" -GroupName "DSC Testing" -VpcId $VPC
Grant-EC2SecurityGroupIngress -GroupId $secgrp -IpPermission @( @{ IpProtocol="-1"; FromPort="0"; ToPort="0"; IpRanges="172.16.0.0/12" } )
#DSC Pull Server
#$pullserverIP = New-EC2Address -Domain "vpc"
$pullserver = New-EC2Instance `
-ImageId $AMI `
-SecurityGroupId $secgrp `
-AssociatePublicIp $false `
-KeyName $KeyName `
-InstanceType t2.small `
-SubnetId $Subnet `
-UserData $EC2UserDataBase64Encoded
Sleep -Seconds 5
#Register-EC2Address -InstanceId $pullserver.Instances.InstanceId -PublicIp $pullserverIP.IPAddress
New-EC2Tag -Resource $pullserver.Instances.InstanceId -Tag @( `
@{ Key="Name"; Value="DSC Testing Pull Server" },
@{ Key="AutoStopTime"; Value="17:30" } )
#DSC Pull Server
$node = New-EC2Instance `
-ImageId $AMI `
-SecurityGroupId $secgrp `
-AssociatePublicIp $false `
-KeyName $KeyName `
-InstanceType t2.small `
-SubnetId $Subnet `
-UserData $EC2UserDataBase64Encoded
Sleep -Seconds 5
New-EC2Tag -Resource $node.Instances.InstanceId -Tag @( `
@{ Key="Name"; Value="DSC Testing Node" },
@{ Key="AutoStopTime"; Value="17:30" } )
$pullserverPassword = $null
while ($pullserverPassword -eq $null) {
try { $pullserverPassword = Get-EC2PasswordData -InstanceId $pullserver.Instances.InstanceId -PemFile $PEM -Decrypt }
catch {
"$(Get-Date) Waiting for Pull Server PasswordData to be available"
Sleep -Seconds 5
}
}
$nodePassword = $null
while ($nodePassword -eq $null) {
try { $nodePassword = Get-EC2PasswordData -InstanceId $node.Instances.InstanceId -PemFile $PEM -Decrypt }
catch {
"$(Get-Date) Waiting for Node PasswordData to be available"
Sleep -Seconds 10
}
}
Write-Output "Pull Server ${pullserver.Instances.PrivateIpAddress}"
Write-Output "Pull Server Password $pullserverPassword"
Write-Output "Node ${node.Instances.PrivateIpAddress}"
Write-Output "Node Password $nodePassword"
$username = "machine\administrator"
$pullserverSecPassword = convertto-securestring $pullserverPassword -asplaintext -force
$pullserverCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $pullserverSecPassword
$nodeSecPassword = convertto-securestring $nodePassword -asplaintext -force
$nodeCred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $nodeSecPassword
#New-PSSession -ComputerName $pullserver.Instances.PrivateIpAddress -Credential $pullserverCred
#New-PSSession -ComputerName $node.Instances.PrivateIpAddress -Credential $nodeCred
Raw
ec2-user-data.ps1
#requires -Version 2
<powershell>
Write-Output -InputObject 'Running User Data Script'
Set-ExecutionPolicy -ExecutionPolicy bypass -Force
# RDP
cmd.exe /c netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389
cmd.exe /c reg add 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server' /v fDenyTSConnections /t REG_DWORD /d 0 /f
# WinRM
Write-Output -InputObject 'Setting up WinRM'
# Set-Item WSMan:\localhost\Client\TrustedHosts -Value * -Force
# Restart-Service WinRM
# winrm quickconfig -q
#
# # Need to run this on client and server
# Enable-WSManCredSSP -role client -delegatecomputer * -force
# Enable-WSManCredSSP -role client -delegatecomputer *.localdomain -force
# Enable-WSManCredSSP -role server -force
# Restart-Service WinRM
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm quickconfig '-transport:http'
cmd.exe /c winrm set 'winrm/config' '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set 'winrm/config' '@{MaxEnvelopeSizekb="8192"}'
cmd.exe /c winrm set 'winrm/config/winrs' '@{MaxMemoryPerShellMB="512"}'
cmd.exe /c winrm set 'winrm/config/service' '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set 'winrm/config/client' '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set 'winrm/config/service/auth' '@{Basic="true"}'
cmd.exe /c winrm set 'winrm/config/client/auth' '@{Basic="true"}'
cmd.exe /c winrm set 'winrm/config/service/auth' '@{CredSSP="true"}'
cmd.exe /c winrm set 'winrm/config/listener?Address=*+Transport=HTTP' '@{Port="5985"}'
cmd.exe /c netsh advfirewall firewall add rule name="Open Port 5985" dir=in action=allow protocol=TCP localport=5985
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm
#Kill UAC so Workflows can run
Set-ItemProperty -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\system -Name EnableLUA -Value 0
</powershell>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment