From 1cfc6d352faa8c7ecb828359e18230cb860e862f Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Tue, 3 Oct 2023 16:55:48 -0400 Subject: [PATCH 1/2] Remove temp. workarounds Signed-off-by: Chris Evich --- cache_images/fedora_packaging.sh | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/cache_images/fedora_packaging.sh b/cache_images/fedora_packaging.sh index c91aa409..682c13cf 100644 --- a/cache_images/fedora_packaging.sh +++ b/cache_images/fedora_packaging.sh @@ -206,29 +206,6 @@ DOWNLOAD_PACKAGES=(\ msg "Installing general build/test dependencies" bigto $SUDO dnf install -y $EXARG "${INSTALL_PACKAGES[@]}" -# FIXME: 2023-09-26: emergency upgrade to fix chmod-symlink bug -if [[ $(date +%Y%m) -gt 202309 ]]; then - echo "" - echo "FATAL FATAL FATAL: REMOVE THIS TEMPORARY WORKAROUND" - echo - exit 1 -fi -source /etc/os-release -# shellcheck disable=SC2154 -if [[ $VERSION_ID -ge 38 ]]; then - arch=$(uname -m) - crunrpm=https://kojipkgs.fedoraproject.org//packages/crun/1.9.2/1.fc${VERSION_ID}/${arch}/crun-1.9.2-1.fc${VERSION_ID}.${arch}.rpm - msg "FIXME-2023-09-26: installing $crunrpm" - bigto $SUDO dnf -y install $crunrpm ${crunrpm/crun-/crun-wasm-} -fi -# FIXME FIXME FIXME: https://bugzilla.redhat.com/show_bug.cgi?id=2238149 -# shellcheck disable=SC2154 -if [[ $VERSION_ID -eq 39 ]] && [[ $(uname -m) == "x86_64" ]]; then - msg "FIXME-2023-09-27: installing pandoc-3.1.3-25" - bigto $SUDO dnf -y install https://kojipkgs.fedoraproject.org//work/tasks/7301/106797301/pandoc-3.1.3-25.fc40.x86_64.rpm \ - https://kojipkgs.fedoraproject.org//work/tasks/7301/106797301/pandoc-common-3.1.3-25.fc40.noarch.rpm -fi - msg "Downloading packages for optional installation at runtime, as needed." $SUDO mkdir -p "$PACKAGE_DOWNLOAD_DIR" cd "$PACKAGE_DOWNLOAD_DIR" From 2ee0d8838420bb1f4a8c5c1d658b9009199bef61 Mon Sep 17 00:00:00 2001 From: Chris Evich Date: Thu, 28 Sep 2023 10:53:11 -0400 Subject: [PATCH 2/2] Update windows CI VMs for hyper-v machine testing In addition to updating mingw and golang, this moves the installation of .Net and wixtoolset here instead of at CI runtime. The windows packer-configuration was updated to operate more consistently with how things are done in Linux WRT calling scripts. Along with some file renames and other cosmetic changes, the windows build timeout was increased since the extra packages seem to place it right on the edge of the former value. Signed-off-by: Chris Evich --- .cirrus.yml | 1 - IMG_SFX | 2 +- win_images/win-lib.ps1 | 46 +++++++++++++++++++ win_images/win-server-wsl.yml | 29 ++++++------ .../{auto_logon.ps1 => win_finalization.ps1} | 19 +++++--- win_images/win_packaging.ps1 | 43 ++++++++--------- 6 files changed, 94 insertions(+), 46 deletions(-) create mode 100644 win_images/win-lib.ps1 rename win_images/{auto_logon.ps1 => win_finalization.ps1} (71%) diff --git a/.cirrus.yml b/.cirrus.yml index f2ecd998..3cecf877 100644 --- a/.cirrus.yml +++ b/.cirrus.yml @@ -272,7 +272,6 @@ win_images_task: # Packer needs time to clean up partially created VM images auto_cancellation: $CI != "true" stateful: true - timeout_in: 45m # Packer WinRM communicator is not reliable on container tasks gce_instance: <<: *ibi_vm diff --git a/IMG_SFX b/IMG_SFX index 95b4b769..9f940a6a 100644 --- a/IMG_SFX +++ b/IMG_SFX @@ -1 +1 @@ -20230928t004553z-f39f38d13 +20231004t194547z-f39f38d13 diff --git a/win_images/win-lib.ps1 b/win_images/win-lib.ps1 new file mode 100644 index 00000000..9fc903fa --- /dev/null +++ b/win_images/win-lib.ps1 @@ -0,0 +1,46 @@ + +$ErrorActionPreference = "stop" + +Set-ExecutionPolicy Bypass -Scope Process -Force + +function Check-Exit { + param( + [parameter(ValueFromRemainingArguments = $true)] + [string[]] $codes = @(0) + ) + if ($LASTEXITCODE -eq $null) { + return + } + + foreach ($code in $codes) { + if ($LASTEXITCODE -eq $code) { + return + } + } + + Exit $LASTEXITCODE +} + +# Retry installation on failure or 5-minute timeout (for all packages) +function retryInstall { + param([Parameter(ValueFromRemainingArguments)] [string[]] $pkgs) + + foreach ($pkg in $pkgs) { + for ($retries = 0; ; $retries++) { + if ($retries -gt 5) { + throw "Could not install package $pkg" + } + + if ($pkg -match '(.[^\@]+)@(.+)') { + $pkg = @("--version", $Matches.2, $Matches.1) + } + + choco install -y --allow-downgrade --execution-timeout=300 $pkg + if ($LASTEXITCODE -eq 0) { + break + } + Write-Host "Error installing, waiting before retry..." + Start-Sleep -Seconds 6 + } + } +} diff --git a/win_images/win-server-wsl.yml b/win_images/win-server-wsl.yml index bf0fcca6..38a47100 100644 --- a/win_images/win-server-wsl.yml +++ b/win_images/win-server-wsl.yml @@ -17,19 +17,19 @@ builders: most_recent: true owners: - amazon - # While this image should run on metal, we can build it on smaller/cheaper systems + # While this image should run on metal, we can build it on smaller/cheaper systems instance_type: t3.large force_deregister: true # Remove AMI with same name if exists force_delete_snapshot: true # Also remove snapshots of force-removed AMI # Note that we do not set shutdown_behavior to terminate, as a clean shutdown is required # for windows provisioning to complete successfully. communicator: winrm - winrm_username: Administrator # AWS provisions Administrator, unlike GCE + winrm_username: Administrator # AWS provisions Administrator, unlike GCE winrm_insecure: true winrm_use_ssl: true winrm_timeout: 25m # Script that runs on server start, needed to prep and enable winrm - user_data_file: '{{template_dir}}/bootstrap.ps1' + user_data_file: '{{template_dir}}/bootstrap.ps1' # Required for network access, must be the 'default' group used by Cirrus-CI security_group_id: "sg-042c75677872ef81c" ami_name: &ami_name '{{build_name}}-c{{user `IMG_SFX`}}' @@ -53,18 +53,22 @@ builders: provisioners: - type: powershell - script: '{{template_dir}}/win_packaging.ps1' - - type: windows-restart + inline: + - '$ErrorActionPreference = "stop"' + - 'New-Item -Path "c:\" -Name "temp" -ItemType "directory" -Force' + - 'New-Item -Path "c:\temp" -Name "automation_images" -ItemType "directory" -Force' + - type: 'file' + source: '{{ pwd }}/' + destination: "c:\\temp\\automation_images\\" - type: powershell inline: - # Disable WinRM as a security precuation (cirrus launches an agent from user-data, so we don't need it) - - Set-Service winrm -StartupType Disabled - # Also disable RDP (can be enabled via user-data manually) - - Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 1 - - Disable-NetFirewallRule -DisplayGroup "Remote Desktop" - # Setup Autologon and reset, must be last, due to pw change + - 'c:\temp\automation_images\win_images\win_packaging.ps1' + # Several installed items require a reboot, do that now in case it would + # cause a problem with final image preperations. + - type: windows-restart - type: powershell - script: '{{template_dir}}/auto_logon.ps1' + inline: + - 'c:\temp\automation_images\win_images\win_finalization.ps1' post-processors: @@ -75,4 +79,3 @@ post-processors: IMG_SFX: '{{ user `IMG_SFX` }}' STAGE: cache TASK: '{{user `CIRRUS_TASK_ID`}}' - diff --git a/win_images/auto_logon.ps1 b/win_images/win_finalization.ps1 similarity index 71% rename from win_images/auto_logon.ps1 rename to win_images/win_finalization.ps1 index 64ec1c30..aec9388e 100644 --- a/win_images/auto_logon.ps1 +++ b/win_images/win_finalization.ps1 @@ -1,6 +1,13 @@ -$ErrorActionPreference = "stop" -$username = "Administrator" +. $PSScriptRoot\win-lib.ps1 + +# Disable WinRM as a security precuation (cirrus launches an agent from user-data, so we don't need it) +Set-Service winrm -StartupType Disabled +# Also disable RDP (can be enabled via user-data manually) +Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 1 +Disable-NetFirewallRule -DisplayGroup "Remote Desktop" + +$username = "Administrator" # Temporary random password to allow autologon that will be replaced # before the instance is put into service. $syms = [char[]]([char]'a'..[char]'z' ` @@ -15,8 +22,8 @@ $encPass = ConvertTo-SecureString $password -AsPlainText -Force Set-LocalUser -Name $username -Password $encPass $winLogon= "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Set-ItemProperty $winLogon "AutoAdminLogon" -Value "1" -type String -Set-ItemProperty $winLogon "DefaultUsername" -Value $username -type String +Set-ItemProperty $winLogon "AutoAdminLogon" -Value "1" -type String +Set-ItemProperty $winLogon "DefaultUsername" -Value $username -type String Set-ItemProperty $winLogon "DefaultPassword" -Value $password -type String # Lock the screen immediately, even though it's unattended, just in case @@ -28,6 +35,6 @@ Set-ItemProperty ` # NOTE: For now, we do not run sysprep, since initialization with reboots # are exceptionally slow on metal nodes, which these target to run. This # will lead to a duplicate machine id, which is not ideal, but allows -# instances to start instantly. So, instead of sysprep, trigger a reset so -# that the admin password reset, and activation rerun on boot +# instances to start quickly. So, instead of sysprep, trigger a reset so +# that the admin password reset, and activation rerun on boot. & 'C:\Program Files\Amazon\EC2Launch\ec2launch' reset --block diff --git a/win_images/win_packaging.ps1 b/win_images/win_packaging.ps1 index 540cbef7..8f236a4f 100644 --- a/win_images/win_packaging.ps1 +++ b/win_images/win_packaging.ps1 @@ -1,39 +1,32 @@ -function CheckExit { - param( - [parameter(ValueFromRemainingArguments = $true)] - [string[]] $codes = @(0) - ) - if ($LASTEXITCODE -eq $null) { - return - } - - foreach ($code in $codes) { - if ($LASTEXITCODE -eq $code) { - return - } - } - - Exit $LASTEXITCODE -} +. $PSScriptRoot\win-lib.ps1 # Disables runtime process virus scanning, which is not necessary Set-MpPreference -DisableRealtimeMonitoring 1 -$ErrorActionPreference = "stop" -Set-ExecutionPolicy Bypass -Scope Process -Force [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072 iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')) -# Install Git, BZ2 archive support, Go, and the MingW (GCC for Win) compiler for CGO support -# Add pstools to workaorund sess 0 WSL bug -choco install -y git mingw archiver psexec; CheckExit -choco install golang --version 1.19.2 -y; CheckExit +# Install basic required tooling. +# psexec needed to workaround session 0 WSL bug +retryInstall git archiver psexec golang mingw; Check-Exit + +# Update service is required for dotnet +Set-Service -Name wuauserv -StartupType "Manual"; Check-Exit + +# dotnet is required for wixtoolset +# Allowing chocolaty to install dotnet breaks in an entirely +# non-debuggable way. Workaround this by installing it as +# a server-feature first. +Install-WindowsFeature -Name Net-Framework-Core; Check-Exit + +# Install wixtoolset for installer build & test. +retryInstall wixtoolset; Check-Exit # Install Hyper-V Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All -NoRestart # Install WSL, and capture text output which is not normally visible -$x = wsl --install; CheckExit 0 1 # wsl returns 1 on reboot required -Write-Output $x +$x = wsl --install; Check-Exit 0 1 # wsl returns 1 on reboot required +Write-Host $x Exit 0