-
Notifications
You must be signed in to change notification settings - Fork 11
/
Copy pathpacker_windows.yml
236 lines (214 loc) · 7.81 KB
/
packer_windows.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
---
- name: Build Windows image with Packer
hosts: all
vars:
#
# Base configuration
#
packer_binary: packer.io
packer_builder: qemu
packer_target: win_2k25
image_name: w2k25_image.qcow2
vm_type: uefi-secure
vm_tpm: true
vm_cpus: 8
vm_memory: 16384
disk_size: 30720
# Windows OS edition to install from the ISO
# Interactive installation will show editions
# The index reference should be either INDEX or NAME
win_os_index: INDEX
win_os_edition: 1
# Full path for additional drivers for the target Windows version
# For QEMU/KVM example, see the virtio-win-drivers-prepare script
# https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso
win_drivers_path: /tmp/drivers
# Build options
do_cleanup: true
use_force: false
#
# OS configuration
#
# Password for Windows Administrator and remote management
# account that will be created during installation, see below.
# NB! This variable is used to determine whether to build RHEL
# or Windows ISOs/VMs and for building RHEL must be unset.
win_admin_password: "{{ image_password }}"
# Either bios, uefi, or custom
# See below for custom example
win_partitioning: uefi
win_timezone: FLE Standard Time
# System locale setting
win_locale_system: en-US
# UI locale setting
win_locale_ui: en-US
# User locale setting
win_locale_user: en-US
# Input locale (language and keyboard) setting, see
# https://learn.microsoft.com/en-us/windows-hardware/manufacture/desktop/default-input-locales-for-windows-language-packs
win_locale_input: 0409:0000040B
#win_product_key:
win_registered_owner: Ansible Packer
win_registered_organization: Test Department
#win_admin_ssh_key: ssh-ed25519 ... id_ed25519.pub
# Customization script, runs before enabling remote access
#win_customize_script: |
# Set system location
# https://docs.microsoft.com/windows/win32/intl/table-of-geographical-locations
#Set-WinHomeLocation -GeoId 77
# List of tasks or roles to run on the VM
# See https://github.com/myllynen/windows-ansible-roles
win_provisioner_role_path: /src/roles.git/roles
win_provisioner_playbook: |2
gather_facts: false
vars:
accounts_local_administrator_enable: true
accounts_local_ansible_user_password_expires: false
accounts_local_ansible_user_show_on_welcome: false
dns_client_adapter_names: '*'
dns_client_dns_servers:
- 1.1.1.1
- 8.8.8.8
network_configuration_ipv6_enable: false
network_configuration_netbios_enable: false
network_configuration_reboot: false
ntfs_last_access_time_update: false
power_scheme: high_performance
sshd_configuration_enable: true
sshd_configuration_install: true
sshd_configuration_start_mode: auto
sshd_configuration_shell: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
sshd_configuration_admins_keys:
present:
- ssh-ed25519 ... id_ed25519.pub
sshd_configuration_firewall_profiles:
- domain
- private
- public
# Not possible before initial sshd start
sshd_configuration_config_validate: false
sshd_configuration_config_file: files/default_config
system_init_file: C:\Windows\init_info_image.txt
system_init_msg_file: "This image was created on {{ '%Y-%m-%d %H:%M:%S %Z' | strftime }}.\r\n"
system_time_ntp_servers:
- time.windows.com
system_time_timezone: FLE Standard Time
system_update_retry_count: 3
system_update_retry_delay: 30
system_update_categories: '*'
system_update_skip_optional: true
system_update_state: installed
system_update_display_results: true
system_update_reboot: true
system_update_reboot_timeout: 1200
system_update_compile_assemblies: true
system_update_compile_filter: '.*'
user_experience_server_manager_at_logon: false
user_experience_network_location_wizard: false
user_experience_show_last_user_name: false
windows_recovery_enable: false
winrm_configuration_enable: true
winrm_configuration_start_mode: auto
winrm_configuration_https_enable: true
winrm_configuration_http_block: false
winrm_configuration_service_config:
AllowUnencrypted: false
Auth:
Basic: true
Kerberos: true
Negotiate: true
Certificate: false
CredSSP: true
CbtHardeningLevel: Strict
IPv4Filter: '*'
IPv6Filter: '*'
winrm_configuration_firewall_profiles:
- domain
- private
- public
winrm_configuration_display_config: false
#tasks:
# - ansible.windows.win_ping:
roles:
- dotnet_optimize
- etc_hosts
- dns_client
- system_time
- system_update
- accounts_local
- boot_configuration
- network_configuration
- winrm_configuration
- sshd_configuration
- rdp_configuration
- windows_recovery
- performance_tuning
- service_enablement
- service_recovery
- user_experience
- system_reboot
- system_init
post_tasks:
- name: Remove all SSH host keys
ansible.windows.win_powershell:
script: |
Remove-Item -Path C:\ProgramData\ssh\ssh_host_* -Force
when: ansible_connection != 'ssh'
#win_custom_partitioning_create: |
# <CreatePartition wcm:action="add">
# <Order>1</Order>
# <Type>Primary</Type>
# <Extend>true</Extend>
# </CreatePartition>
#win_custom_partitioning_modify: |
# <ModifyPartition wcm:action="modify">
# <Order>1</Order>
# <PartitionID>1</PartitionID>
# <Label>Windows</Label>
# <Format>NTFS</Format>
# <Letter>C</Letter>
# </ModifyPartition>
#win_custom_partitioning_install_to: 1
#
# Builder configurations
#
# Builder: qemu
# https://www.packer.io/docs/builders/qemu
qemu_binary: /usr/libexec/qemu-kvm
output_directory: /tmp/packer_images
# Builder: vmware
# https://www.packer.io/docs/builders/vsphere/vsphere-iso
# These should come from vault
#vcenter_credentials:
# vcenter_server: vcenter.example.com
# vcenter_username: vcuser
# vcenter_password: vcpass
vcenter_insecure_connection: true
vcenter_datacenter: DC1
vcenter_folder: Windows/templates
# https://www.packer.io/docs/builders/vsphere/vsphere-iso#working-with-clusters-and-hosts
#vcenter_host: vcenter-host1.example.com
vcenter_cluster: DC1-C1
#vcenter_resource_pool: DC1-RP1
vcenter_datastore: DC1-C1-LUN-1
vcenter_network: DC1-C1-VLAN-123
#vm_guest_os_type: windows9Server64Guest
# https://www.packer.io/plugins/builders/vsphere/vsphere-iso#content-library-import-configuration
vcenter_convert_to_template: true
#vcenter_content_library:
# library: DC1-CL
# #name: cl-template
# ovf: false
# destroy: true
#
# OS installer configuration
#
iso:
win_2k25:
url: file:///VirtualMachines/boot/SERVER_EVAL_x64FRE_en-us-26100.iso
checksum: "none"
win_boot_wait: 2s
# Must be set when using UEFI, use '<enter>' on BIOS
win_boot_command: <enter>FS1:<enter>EFI\\BOOT\\bootx64.efi<enter>
roles:
- myllynen.ansible_packer.ansible_packer