Last active
December 25, 2023 23:33
-
-
Save mefellows/a7a5ef98a3ec21a2c972 to your computer and use it in GitHub Desktop.
Sysprepped Windows AMI using Packer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $EC2SettingsFile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Settings\\BundleConfig.xml" | |
| $xml = [xml](get-content $EC2SettingsFile) | |
| $xmlElement = $xml.get_DocumentElement() | |
| foreach ($element in $xmlElement.Property) | |
| { | |
| if ($element.Name -eq "AutoSysprep") | |
| { | |
| $element.Value="Yes" | |
| } | |
| } | |
| $xml.Save($EC2SettingsFile) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <powershell> | |
| write-output "Running User Data Script" | |
| write-host "(host) Running User Data Script" | |
| # TODO: User should replace password here with something random. Even better, implement over SSL: https://github.com/packer-community/packer-windows-plugins/issues/30 | |
| # Also note, this user should be removed in Cfn Init | |
| cmd.exe /c net user /add vagrant FooBar@123 | |
| cmd.exe /c net localgroup administrators vagrant /add | |
| Set-ExecutionPolicy -ExecutionPolicy bypass -Force | |
| # RDP | |
| cmd.exe /c netsh advfirewall firewall add rule name="Open Port 3389" dir=in action=allow protocol=TCP localport=3389 | |
| cmd.exe /c reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f | |
| # WinRM | |
| write-output "Setting up WinRM" | |
| write-host "(host) setting up WinRM" | |
| cmd.exe /c winrm quickconfig -q | |
| cmd.exe /c winrm quickconfig '-transport:http' | |
| cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}' | |
| cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="512"}' | |
| cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}' | |
| cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}' | |
| cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}' | |
| cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}' | |
| cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}' | |
| cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTP" '@{Port="5985"}' | |
| cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes | |
| cmd.exe /c netsh firewall add portopening TCP 5985 "Port 5985" | |
| cmd.exe /c net stop winrm | |
| cmd.exe /c sc config winrm start= auto | |
| cmd.exe /c net start winrm | |
| cmd.exe /c wmic useraccount where "name='vagrant'" set PasswordExpires=FALSE | |
| </powershell> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $EC2SettingsFile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Settings\\Config.xml" | |
| $xml = [xml](get-content $EC2SettingsFile) | |
| $xmlElement = $xml.get_DocumentElement() | |
| $xmlElementToModify = $xmlElement.Plugins | |
| foreach ($element in $xmlElementToModify.Plugin) | |
| { | |
| if ($element.name -eq "Ec2SetPassword") | |
| { | |
| $element.State="Enabled" | |
| } | |
| elseif ($element.name -eq "Ec2SetComputerName") | |
| { | |
| $element.State="Enabled" | |
| } | |
| elseif ($element.name -eq "Ec2HandleUserData") | |
| { | |
| $element.State="Enabled" | |
| } | |
| } | |
| $xml.Save($EC2SettingsFile) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "variables": { | |
| "build_version": "1.0.1", | |
| "base_ami":"ami-3a3b1d52", | |
| "user":"vagrant", | |
| "password":"FooBar@123", | |
| "instance_type":"t2.small", | |
| "vpc_id":"", | |
| "subnet_id":"" | |
| }, | |
| "builders": [ | |
| { | |
| "type": "amazon-windows-ebs", | |
| "name": "base-ami", | |
| "region": "us-east-1", | |
| "source_ami": "{{user `base_ami`}}", | |
| "instance_type": "{{user `instance_type`}}", | |
| "ami_name": "sysprep-windows-{{user `build_version`}}", | |
| "user_data_file":"./scripts/ec2-bootstrap.ps1", | |
| "associate_public_ip_address":true, | |
| "winrm_username": "{{user `user`}}", | |
| "winrm_password": "{{user `password`}}", | |
| "winrm_wait_timeout": "20m", | |
| "winrm_private_ip": false, | |
| "winrm_port":5985, | |
| "vpc_id": "{{user `vpc_id`}}", | |
| "subnet_id": "{{user `subnet_id`}}" | |
| } | |
| ], | |
| "provisioners": [ | |
| { | |
| "type":"powershell", | |
| "scripts": [ | |
| "./scripts/Ec2Config.ps1", | |
| "./scripts/BundleConfig.ps1" | |
| ] | |
| } | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PACKER_LOG=1 PACKER_LOG_PATH=./packer.log packer build --var vpc_id=vpc-12345678 --var subnet_id=subnet-12345678 amazon-sysprep.json |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have a fork where I made EC2Config.ps1 more DRY and added Ec2DynamicBootVolumeSize so drives will be expanded if using a different drive size.
https://gist.github.com/jamiegs/a0be9125cdb668fd19e56127c113a49d