diff --git a/experiments/swdt/packer/.gitignore b/experiments/swdt/packer/.gitignore new file mode 100644 index 0000000..a87eea2 --- /dev/null +++ b/experiments/swdt/packer/.gitignore @@ -0,0 +1,2 @@ +output/ +kvm/isos/ diff --git a/experiments/swdt/packer/Makefile b/experiments/swdt/packer/Makefile new file mode 100644 index 0000000..7a03632 --- /dev/null +++ b/experiments/swdt/packer/Makefile @@ -0,0 +1,3 @@ +start: + packer init kvm + PACKER_LOG=1 packer build kvm diff --git a/experiments/swdt/packer/README.md b/experiments/swdt/packer/README.md new file mode 100644 index 0000000..70a632a --- /dev/null +++ b/experiments/swdt/packer/README.md @@ -0,0 +1,32 @@ +## Packer VM image builder + +This folder hosts the plain boot and automatic installation scripts +using packer, the final outcome is the qemu artifact ready to be used +as a VM for swdt with SSH enabled. + +Pre-requisites: + +* Hashicorp Packer >=1.10.2 + +2 ISOs are required, save them on isos folder: + +* **window.iso** - [Windows 2022 Server](https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022) +* **virtio-win.iso** - [Windows Virtio Drivers](https://github.com/virtio-win/virtio-win-pkg-scripts/blob/master/README.md) + +### Running + +```shell +make start +``` + +Behind the scenes it will call Packer in the kvm build + +```shell +packer init kvm +PACKER_LOG=1 packer build kvm +``` + +### Export + +The folder `output` will contain the `win2k22` QEMU QCOW Image. + diff --git a/experiments/swdt/packer/kvm/floppy/autounattend.xml b/experiments/swdt/packer/kvm/floppy/autounattend.xml new file mode 100644 index 0000000..80babd1 --- /dev/null +++ b/experiments/swdt/packer/kvm/floppy/autounattend.xml @@ -0,0 +1,237 @@ + + + + + + + a:\ + + + E:\STORAGE\SERVER_2008\AMD64 + + + E:\NETWORK\SERVER_2008\AMD64 + + + + + + + 0 + true + + + 1 + 350 + Primary + + + 2 + true + Primary + + + + + NTFS + + 1 + 1 + 0x27 + + + 2 + 2 + C + + NTFS + + + + + + + + 0 + 2 + + + + /IMAGE/INDEX + 3 + + + OnError + + + + true + Administrator + Organization + + Never + + + true + + + + en-US + + 0409:00000409 + en-US + en-US + en-US + en-US + + + + + false + + + + + 1 + true + + + + + 0409:00000409 + en-US + en-US + en-US + en-US + + + true + + + 0 + + + win2k22 + + + + + + + S3cr3t0! + true</PlainText> + </Password> + <Enabled>true</Enabled> + <Username>Administrator</Username> + </AutoLogon> + <FirstLogonCommands> + <SynchronousCommand wcm:action="add"> + <Order>1</Order> + <Description>Set Execution Policy 64 Bit</Description> + <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <Order>2</Order> + <Description>Set Execution Policy 32 Bit</Description> + <CommandLine>%SystemDrive%\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine> + <RequiresUserInput>true</RequiresUserInput> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v HideFileExt /t REG_DWORD /d 0 /f</CommandLine> + <Order>3</Order> + <Description>Show file extensions in Explorer</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\Console /v QuickEdit /t REG_DWORD /d 1 /f</CommandLine> + <Order>4</Order> + <Description>Enable QuickEdit mode</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v Start_ShowRun /t REG_DWORD /d 1 /f</CommandLine> + <Order>5</Order> + <Description>Show Run command in Start Menu</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ /v StartMenuAdminTools /t REG_DWORD /d 1 /f</CommandLine> + <Order>6</Order> + <Description>Show Administrative Tools in Start Menu</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateFileSizePercent /t REG_DWORD /d 0 /f</CommandLine> + <Order>7</Order> + <Description>Zero Hibernation File</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>%SystemRoot%\System32\reg.exe ADD HKLM\SYSTEM\CurrentControlSet\Control\Power\ /v HibernateEnabled /t REG_DWORD /d 0 /f</CommandLine> + <Order>8</Order> + <Description>Disable Hibernation Mode</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE</CommandLine> + <Order>9</Order> + <Description>Disable password expiration for Administrator user</Description> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c %SystemDrive%\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Set-SConfig -AutoLaunch $false"</CommandLine> + <Description>Disable SCConfig</Description> + <Order>10</Order> + </SynchronousCommand> + <SynchronousCommand wcm:action="add"> + <CommandLine>cmd.exe /c powershell -File "a:\openssh.ps1"</CommandLine> + <Description>Enable SSH</Description> + <Order>11</Order> + </SynchronousCommand> + </FirstLogonCommands> + <OOBE> + <HideEULAPage>true</HideEULAPage> + <HideLocalAccountScreen>true</HideLocalAccountScreen> + <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen> + <HideOnlineAccountScreens>true</HideOnlineAccountScreens> + <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE> + <NetworkLocation>Work</NetworkLocation> + <ProtectYourPC>1</ProtectYourPC> + <SkipMachineOOBE>true</SkipMachineOOBE> + <SkipUserOOBE>true</SkipUserOOBE> + </OOBE> + <RegisteredOrganization>Organization</RegisteredOrganization> + <RegisteredOwner>Owner</RegisteredOwner> + <DisableAutoDaylightTimeSet>false</DisableAutoDaylightTimeSet> + <TimeZone>Pacific Standard Time</TimeZone> + <UserAccounts> + <AdministratorPassword> + <Value>S3cr3t0!</Value> + <PlainText>true</PlainText> + </AdministratorPassword> + <LocalAccounts> + <LocalAccount wcm:action="add"> + <Description>Administrator</Description> + <DisplayName>Administrator</DisplayName> + <Group>Administrators</Group> + <Name>Administrator</Name> + </LocalAccount> + </LocalAccounts> + </UserAccounts> + </component> + </settings> +</unattend> diff --git a/experiments/swdt/packer/kvm/floppy/openssh.ps1 b/experiments/swdt/packer/kvm/floppy/openssh.ps1 new file mode 100644 index 0000000..6a32ea9 --- /dev/null +++ b/experiments/swdt/packer/kvm/floppy/openssh.ps1 @@ -0,0 +1,4 @@ +echo "starting openssh" >> c:\temp\openssh.log +Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0 +Set-Service -Name sshd -StartupType Automatic +Start-Service sshd diff --git a/experiments/swdt/packer/kvm/win2022.pkr.hcl b/experiments/swdt/packer/kvm/win2022.pkr.hcl new file mode 100644 index 0000000..2204001 --- /dev/null +++ b/experiments/swdt/packer/kvm/win2022.pkr.hcl @@ -0,0 +1,44 @@ +packer { + required_plugins { + qemu = { + version = "~> 1" + source = "github.com/hashicorp/qemu" + } + } +} + +source "qemu" "windows" { + vm_name = "win2k22" + format = "qcow2" + accelerator = "kvm" + + iso_url = "kvm/isos/windows.iso" + iso_checksum = "sha256:3e4fa6d8507b554856fc9ca6079cc402df11a8b79344871669f0251535255325" + + cpus = 4 + memory = 4096 + + efi_boot = false + disk_size = "15G" + disk_interface = "virtio" + + floppy_files = ["kvm/floppy/autounattend.xml", "kvm/floppy/openssh.ps1"] + qemuargs = [["-cdrom", "./kvm/isos/virtio-win.iso"]] + + output_directory = "output" + + communicator = "ssh" + ssh_username = "Administrator" + ssh_password = "S3cr3t0!" + ssh_timeout = "1h" + + boot_wait = "10s" + shutdown_command = "shutdown /s /t 30 /f" + shutdown_timeout = "15m" +} + +build { + name = "win2022" + sources = ["source.qemu.windows"] +} +