diff --git a/.github/ISSUE_TEMPLATE/bug.yml b/.github/ISSUE_TEMPLATE/bug.yml index e2273cdce..e371eb13e 100644 --- a/.github/ISSUE_TEMPLATE/bug.yml +++ b/.github/ISSUE_TEMPLATE/bug.yml @@ -58,7 +58,7 @@ body: attributes: label: HashiCorp Packer description: Please provide the HashiCorp Packer version. - placeholder: 1.7.9 + placeholder: 1.7.10 validations: required: true - type: input diff --git a/.github/workflows/code-quality.yml b/.github/workflows/code-quality.yml index d298cd5cf..3e49c7fe7 100644 --- a/.github/workflows/code-quality.yml +++ b/.github/workflows/code-quality.yml @@ -22,4 +22,5 @@ jobs: VALIDATE_ALL_CODEBASE: true DEFAULT_BRANCH: "main" DISABLE_ERRORS: false + VALIDATE_ANSIBLE: false VALIDATE_TERRAGRUNT: false diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index b442e1339..7dc05d100 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -2,10 +2,8 @@ ## Our Pledge -We as members, contributors, and leaders pledge to make participation in the project and our community a harassment-free -experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, -gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, -race, religion, or sexual identity and orientation. +We as members, contributors, and leaders pledge to make participation in the project and our community a harassment-free experience for everyone, +regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation. We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community. @@ -81,4 +79,4 @@ Community Impact Guidelines were inspired by [Mozilla's code of conduct enforcem [contributor-covenant-faq]: https://www.contributor-covenant.org/faq [contributor-covenant-translations]: https://www.contributor-covenant.org/translations -For answers to common questions about this code of conduct, see the [FAQ][contributor-covenant-faq] and its [translations][contributor-covenant-translations]. +For answers to common questions about this code of conduct, see the [FAQ][contributor-covenant-faq] and its [translations][contributor-covenant-translations]. \ No newline at end of file diff --git a/LICENSE b/LICENSE index 97ae57af3..8ddd47dd3 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright 2020-2021 VMware, Inc. All Rights Reserved. +Copyright 2020-2022 VMware, Inc. All Rights Reserved. The BSD-2 license (the "License") set forth below applies to all parts of the project. You may not use this file except in compliance with the License. diff --git a/NOTICE b/NOTICE index 6a13d9992..f17842168 100644 --- a/NOTICE +++ b/NOTICE @@ -1,4 +1,4 @@ -Copyright 2020-2021 VMware, Inc. All Rights Reserved. +Copyright 2020-2022 VMware, Inc. All Rights Reserved. This product is licensed to you under the BSD-2 license (the "License"). You may not use this product except in compliance with the BSD-2 License. diff --git a/README.md b/README.md index d127b3946..9045f2468 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ Last Commit [The Changelog](CHANGELOG.md) [Open in Visual Studio Code](https://open.vscode.dev/vmware-samples/packer-examples-for-vsphere)
VMware vSphere 7.0 Update 2+ -Packer 1.7.9+ +Packer 1.7.10+ Ansible 2.9+ ## Table of Contents @@ -53,7 +53,7 @@ The following builds are available: ## Requirements **Packer**: -* HashiCorp [Packer][packer-install] 1.7.9 or higher. +* HashiCorp [Packer][packer-install] 1.7.10 or higher. * HashiCorp [Packer Plugin for VMware vSphere][packer-plugin-vsphere] (`vsphere-iso`) 1.0.3 or higher. * [Packer Plugin for Windows Updates][packer-plugin-windows-update] 0.14.0 or higher - a community plugin for HashiCorp Packer. @@ -84,7 +84,7 @@ The following software packages must be installed on the Packer host: - macOS: `brew install --cask docker` * Coreutils - macOS: `brew install coreutils` -* HashiCorp [Terraform][terraform-install] 1.1.3 or higher. +* HashiCorp [Terraform][terraform-install] 1.1.5 or higher. - Ubuntu: - `sudo apt-get update && sudo apt-get install -y gnupg software-properties-common curl` - `curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -` @@ -164,8 +164,6 @@ The directory structure of the repository. │ └── root-ca.cer.example ├── manifests ├── scripts -│ ├── linux -│ │ └── *.sh │ └── windows │ └── *.ps1 └── terraform @@ -174,14 +172,14 @@ The directory structure of the repository. ``` The files are distributed in the following directories. -* **`ansible`** - contains the Ansible roles to initialize and prepare the machine image build. +* **`ansible`** - contains the Ansible roles to prepare a Linux machine image build. * **`builds`** - contains the templates, variables, and configuration files for the machine image build. -* **`scripts`** - contains the scripts to initialize and prepare the machine image build. -* **`certificates`** - contains the Trusted Root Authority certificates for Windows build. +* **`scripts`** - contains the scripts to initialize and prepare a Windows machine image build. +* **`certificates`** - contains the Trusted Root Authority certificates for a Windows machine image build. * **`manifests`** - manifests created after the completion of the machine image build. -* **`manifests`** - contains example Terraform plans to test machine image builds. +* **`terraform`** - contains example Terraform plans to test machine image builds. -> **NOTE**: The project is transitioning to use Ansible instead of scripts, where possible. +> **NOTE**: The project is transitioning to use Ansible role instead of scripts, where possible. ### Step 2 - Download the Guest Operating Systems ISOs @@ -405,7 +403,7 @@ Your public key has been saved in /Users/rainpole/.ssh/id_ecdsa.pub. The content of the public key, `build_key`, is added the key to the `.ssh/authorized_keys` file of the `build_username` on the guest operating system. >**WARNING**: Replace the default public keys and passwords. ->By default, both Public Key Authentication and Password Authentication are enabled for Linux distributions. If you wish to disable Password Authentication and only use Public Key Authentication, comment or remove the portion of the associated script in the `scripts` directory. +>By default, both Public Key Authentication and Password Authentication are enabled for Linux distributions. If you wish to disable Password Authentication and only use Public Key Authentication, comment or remove the portion of the associated Ansible `configure` role. ##### Ansible Variables @@ -560,17 +558,17 @@ Edit the `*.auto.pkvars.hcl` file in each `builds//` folder to conf >**Note**: All `variables.auto.pkvars.hcl` default to using the [VMware Paravirtual SCSI controller][vmware-pvscsi] and the [VMXNET 3][vmware-vmxnet3] network card device types. -### Step 5 - Modify the Configurations and Scripts (Optional) +### Step 5 - Modify the Configurations (Optional) -If required, modify the configuration and scripts files, for the Linux distributions and Microsoft Windows. +If required, modify the configuration files for the Linux distributions and Microsoft Windows. -#### Linux Distribution Kickstart and Scripts +#### Linux Distribution Kickstart and Ansible Roles -Username and password variables are passed into the kickstart or cloud-init files for each Linux distribution as Packer template files (`.pkrtpl.hcl`) to generate these on-demand. +Username and password variables are passed into the kickstart or cloud-init files for each Linux distribution as Packer template files (`.pkrtpl.hcl`) to generate these on-demand. Ansible roles are then used to configure the Linux machine image builds. #### Microsoft Windows Unattended amd Scripts -Variables are passed into the [Microsoft Windows][microsoft-windows-unattend] unattend files (`autounattend.xml`) as Packer template files (`autounattend.pkrtpl.hcl`) to generate these on-demand. +Variables are passed into the [Microsoft Windows][microsoft-windows-unattend] unattend files (`autounattend.xml`) as Packer template files (`autounattend.pkrtpl.hcl`) to generate these on-demand. A PowerShell script is then used to configure the Linux machine image builds. By default, each unattended file is set to use the [KMS client setup keys][microsoft-kms] as the **Product Key**. @@ -645,10 +643,6 @@ Happy building!!! * Read [Debugging Packer Builds][packer-debug]. ## Credits -* Maher AlAsfar [@vmwarelab][credits-maher-alasfar-twitter] - - [Linux][credits-maher-alasfar-github] Bash scripting hints. - * Owen Reynolds [@OVDamn][credits-owen-reynolds-twitter] [VMware Tools for Windows][credits-owen-reynolds-github] installation PowerShell script. @@ -657,8 +651,6 @@ Happy building!!! [ansible-docs]: https://docs.ansible.com [cloud-init]: https://cloudinit.readthedocs.io/en/latest/ -[credits-maher-alasfar-twitter]: https://twitter.com/vmwarelab -[credits-maher-alasfar-github]: https://github.com/vmwarelab/cloud-init-scripts [credits-owen-reynolds-twitter]: https://twitter.com/OVDamn [credits-owen-reynolds-github]: https://github.com/getvpro/Build-Packer/blob/master/Scripts/Install-VMTools.ps1 [download-git]: https://git-scm.com/downloads @@ -671,7 +663,7 @@ Happy building!!! [download-linux-redhat-server-7]: https://access.redhat.com/downloads/content/69/ [download-linux-rocky-server-8]: https://download.rockylinux.org/pub/rocky/8/isos/x86_64/ [download-linux-ubuntu-server-18-04-lts]: http://cdimage.ubuntu.com/ubuntu/releases/18.04.5/release/ -[download-linux-ubuntu-server-20-04-lts]: https://releases.ubuntu.com/20.04.1/ +[download-linux-ubuntu-server-20-04-lts]: https://releases.ubuntu.com/20.04/ [hashicorp]: https://www.hashicorp.com/ [iso]: https://en.wikipedia.org/wiki/ISO_image [microsoft-kms]: https://docs.microsoft.com/en-us/windows-server/get-started/kmsclientkeys diff --git a/ansible/main.yml b/ansible/main.yml index e931be864..a98688acc 100644 --- a/ansible/main.yml +++ b/ansible/main.yml @@ -7,3 +7,6 @@ hosts: all roles: - base + - users + - configure + - clean diff --git a/ansible/roles/base/tasks/main.yml b/ansible/roles/base/tasks/main.yml index ec5798de6..0e04a6aad 100644 --- a/ansible/roles/base/tasks/main.yml +++ b/ansible/roles/base/tasks/main.yml @@ -1,10 +1,10 @@ --- -- name: "Prepare {{ ansible_facts['distribution'] }} distribution." +- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml" when: "ansible_facts['distribution'] == 'Ubuntu'" -- name: "Prepare {{ ansible_facts['distribution'] }} distribution." +- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." include_tasks: redhat.yml when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']" -- name: "Prepare {{ ansible_facts['os_family'] }} distribution." +- name: "Prepare {{ ansible_facts['os_family'] }} guest operating system." include_tasks: "{{ ansible_facts['lsb']['codename'] | lower }}.yml" when: "ansible_facts['os_family'] == 'VMware Photon OS'" diff --git a/ansible/roles/base/tasks/redhat.yml b/ansible/roles/base/tasks/redhat.yml index 4ed65a858..d61984e19 100644 --- a/ansible/roles/base/tasks/redhat.yml +++ b/ansible/roles/base/tasks/redhat.yml @@ -1,5 +1,5 @@ --- -- name: "Red Hat Subscription Manager Status" +- name: "Checking Red Hat Subscription Manager status." shell: "subscription-manager refresh" when: "ansible_facts['distribution'] == 'RedHat'" - name: "Updating the guest operating system." diff --git a/ansible/roles/clean/tasks/main.yml b/ansible/roles/clean/tasks/main.yml new file mode 100644 index 000000000..0e04a6aad --- /dev/null +++ b/ansible/roles/clean/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." + include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml" + when: "ansible_facts['distribution'] == 'Ubuntu'" +- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." + include_tasks: redhat.yml + when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']" +- name: "Prepare {{ ansible_facts['os_family'] }} guest operating system." + include_tasks: "{{ ansible_facts['lsb']['codename'] | lower }}.yml" + when: "ansible_facts['os_family'] == 'VMware Photon OS'" diff --git a/ansible/roles/clean/tasks/photon.yml b/ansible/roles/clean/tasks/photon.yml new file mode 100644 index 000000000..f892f7b28 --- /dev/null +++ b/ansible/roles/clean/tasks/photon.yml @@ -0,0 +1,29 @@ +--- +- name: "Cleaning tdnf cache." + shell: | + tdnf clean all + args: + warn: false +- name: "Cleaning log files." + shell: | + find /var/log -type f -delete + rm -rf /var/log/journal/* + args: + warn: false +- name: "Cleaning SSH host keys." + shell: | + rm -f /etc/ssh/ssh_host_* + args: + warn: false +- name: "Cleaning the machine-id." + shell: | + truncate -s 0 /etc/machine-id + rm /var/lib/dbus/machine-id + ln -s /etc/machine-id /var/lib/dbus/machine-id + args: + warn: false +- name: "Cleaning the shell history." + shell: | + history -c + args: + warn: false diff --git a/ansible/roles/clean/tasks/redhat.yml b/ansible/roles/clean/tasks/redhat.yml new file mode 100644 index 000000000..b21a0efd0 --- /dev/null +++ b/ansible/roles/clean/tasks/redhat.yml @@ -0,0 +1,59 @@ +--- +- name: "Cleaning all audit logs." + shell: | + if [ -f /var/log/audit/audit.log ]; then + cat /dev/null > /var/log/audit/audit.log + fi + if [ -f /var/log/wtmp ]; then + cat /dev/null > /var/log/wtmp + fi + if [ -f /var/log/lastlog ]; then + cat /dev/null > /var/log/lastlog + fi + args: + warn: false +- name: "Cleaning persistent udev rules." + shell: | + if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then + rm /etc/udev/rules.d/70-persistent-net.rules + fi + args: + warn: false +- name: "Cleaning the /tmp directories" + shell: | + rm -rf /tmp/* + rm -rf /var/tmp/* + rm -rf /var/cache/dnf/* + args: + warn: false +- name: "Cleaning the Red Hat Subscription Manager logs." + shell: | + rm -rf /var/log/rhsm/* + when: "ansible_facts['distribution'] == 'RedHat'" + args: + warn: false +- name: "Cleaning the SSH host keys." + shell: | + rm -f /etc/ssh/ssh_host_* + args: + warn: false +- name: "Cleaning the machine-id." + shell: | + truncate -s 0 /etc/machine-id + rm /var/lib/dbus/machine-id + ln -s /etc/machine-id /var/lib/dbus/machine-id + args: + warn: false +- name: "Cleaning the shell history." + shell: | + unset HISTFILE + history -cw + echo > ~/.bash_history + rm -fr /root/.bash_history + args: + warn: false +- name: "Running a sync." + shell: | + sync && sync + args: + warn: false diff --git a/ansible/roles/clean/tasks/ubuntu.yml b/ansible/roles/clean/tasks/ubuntu.yml new file mode 100644 index 000000000..9b51c2632 --- /dev/null +++ b/ansible/roles/clean/tasks/ubuntu.yml @@ -0,0 +1,47 @@ +--- +- name: "Cleaning all audit logs." + shell: | + if [ -f /var/log/audit/audit.log ]; then + cat /dev/null > /var/log/audit/audit.log + fi + if [ -f /var/log/wtmp ]; then + cat /dev/null > /var/log/wtmp + fi + if [ -f /var/log/lastlog ]; then + cat /dev/null > /var/log/lastlog + fi + args: + warn: false +- name: "Cleaning persistent udev rules." + shell: | + if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then + rm /etc/udev/rules.d/70-persistent-net.rules + fi + args: + warn: false +- name: "Cleaning the /tmp directories" + shell: | + rm -rf /tmp/* + rm -rf /var/tmp/* + args: + warn: false +- name: "Cleaning the SSH host keys." + shell: | + rm -f /etc/ssh/ssh_host_* + args: + warn: false +- name: "Cleaning the machine-id." + shell: | + truncate -s 0 /etc/machine-id + rm /var/lib/dbus/machine-id + ln -s /etc/machine-id /var/lib/dbus/machine-id + args: + warn: false +- name: "Cleaning the shell history." + shell: | + unset HISTFILE + history -cw + echo > ~/.bash_history + rm -fr /root/.bash_history + args: + warn: false diff --git a/ansible/roles/configure/tasks/main.yml b/ansible/roles/configure/tasks/main.yml new file mode 100644 index 000000000..ee5cc162b --- /dev/null +++ b/ansible/roles/configure/tasks/main.yml @@ -0,0 +1,11 @@ +--- +- name: "Prepare {{ ansible_facts['distribution'] }} guest operating system." + include_tasks: "{{ ansible_facts['distribution'] | lower }}.yml" + when: "ansible_facts['distribution'] == 'Ubuntu'" +- name: "Prepare {{ ansible_facts['distribution'] }} ansible_facts['os_family']." + include_tasks: redhat.yml + when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']" +- name: "Prepare {{ ansible_facts['os_family'] }} guest operating system." + include_tasks: "{{ ansible_facts['lsb']['codename'] | lower }}.yml" + when: "ansible_facts['os_family'] == 'VMware Photon OS'" + \ No newline at end of file diff --git a/ansible/roles/configure/tasks/photon.yml b/ansible/roles/configure/tasks/photon.yml new file mode 100644 index 000000000..1b77ed824 --- /dev/null +++ b/ansible/roles/configure/tasks/photon.yml @@ -0,0 +1,17 @@ +--- +- name: "Configure SSH for Public Key Authentication." + shell: | + sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config + sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config + args: + warn: false +- name: "Setting hostname to localhost." + shell: | + hostnamectl set-hostname localhost + args: + warn: false +- name: "Disable IPv6." + shell: | + sudo echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf + args: + warn: false diff --git a/ansible/roles/configure/tasks/redhat.yml b/ansible/roles/configure/tasks/redhat.yml new file mode 100644 index 000000000..9fdbd4a0f --- /dev/null +++ b/ansible/roles/configure/tasks/redhat.yml @@ -0,0 +1,31 @@ +--- +- name: "Configure SSH for Public Key Authentication." + shell: | + sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config + sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config + args: + warn: false +- name: "Setting hostname to localhost." + shell: | + cat /dev/null > /etc/hostname + hostnamectl set-hostname localhost + args: + warn: false +- name: "Disabling SELinux." + shell: | + sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config + args: + warn: false +- name: "Restarting the SSH daemon." + shell: | + sudo systemctl restart sshd + args: + warn: false +- name: "Unregistering from Red Hat Subscription Manager." + shell: | + subscription-manager unsubscribe --all + subscription-manager unregister + subscription-manager clean + when: "ansible_facts['distribution'] == 'RedHat'" + args: + warn: false diff --git a/ansible/roles/configure/tasks/ubuntu.yml b/ansible/roles/configure/tasks/ubuntu.yml new file mode 100644 index 000000000..72f23b72a --- /dev/null +++ b/ansible/roles/configure/tasks/ubuntu.yml @@ -0,0 +1,49 @@ +--- +- name: "Configure SSH for Public Key Authentication." + shell: | + sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config + args: + warn: false +- name: "Setting hostname to localhost." + shell: | + cat /dev/null > /etc/hostname + hostnamectl set-hostname localhost + args: + warn: false +- name: "Restarting the SSH daemon." + shell: | + sudo systemctl restart sshd + args: + warn: false +- name: "Disabling and clean tmp." + shell: | + sudo sed -i 's/D/#&/' /usr/lib/tmpfiles.d/tmp.conf + args: + warn: false +- name: "Preparing cloud-init." + shell: | + rm -rf /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg + rm -rf /etc/cloud/cloud.cfg.d/99-installer.cfg + rm -rf /etc/netplan/00-installer-config.yaml + echo "disable_vmware_customization: false" >> /etc/cloud/cloud.cfg + echo "datasource_list: [ VMware, OVF, None ]" > /etc/cloud/cloud.cfg.d/90_dpkg.cfg + when: ansible_distribution_version == "20.04" + args: + warn: false +- name: "Modifying GRUB." + shell: | + sed -i -e "s/GRUB_CMDLINE_LINUX_DEFAULT=\"\(.*\)\"/GRUB_CMDLINE_LINUX_DEFAULT=\"\"/" /etc/default/grub + update-grub + when: ansible_distribution_version == "20.04" + args: + warn: false +- name: "Setting SSH keys to regenerate on reboot, if neccessary." + shell: | + sudo tee /etc/rc.local << EOF + #!/bin/bash + test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server + exit 0 + EOF + sudo chmod +x /etc/rc.local + args: + warn: false diff --git a/ansible/roles/users/tasks/linux.yml b/ansible/roles/users/tasks/linux.yml new file mode 100644 index 000000000..b7cabbd0a --- /dev/null +++ b/ansible/roles/users/tasks/linux.yml @@ -0,0 +1,41 @@ +--- +- name: "Adding authorized_keys for the default local user." + shell: | + sudo mkdir -p /home/{{BUILD_USERNAME}}/.ssh + sudo tee /home/{{BUILD_USERNAME}}/.ssh/authorized_keys << EOF + {{BUILD_SECRET}} + EOF + sudo chown -R {{BUILD_USERNAME}} /home/{{BUILD_USERNAME}}/.ssh + sudo chmod 700 /home/{{BUILD_USERNAME}}/.ssh + sudo chmod 644 /home/{{BUILD_USERNAME}}/.ssh/authorized_keys + args: + warn: false +- name: "Adding the default local user to passwordless sudoers." + shell: | + sudo bash -c "echo \"""{{BUILD_USERNAME}}"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" + args: + warn: false +- name: "Creating a local user for Ansible." + shell: | + sudo groupadd {{ANSIBLE_USERNAME}} + sudo useradd -g {{ANSIBLE_USERNAME}} -m -s /bin/bash {{ANSIBLE_USERNAME}} + sudo usermod -aG sudo {{ANSIBLE_USERNAME}} + echo {{ANSIBLE_USERNAME}}:"$(openssl rand -base64 14)" | sudo chpasswd + args: + warn: false +- name: "Adding authorized_keys to the local user for Ansible." + shell: | + sudo mkdir -p /home/{{ANSIBLE_USERNAME}}/.ssh + sudo tee /home/{{ANSIBLE_USERNAME}}/.ssh/authorized_keys << EOF + {{ANSIBLE_SECRET}} + EOF + sudo chown -R {{ANSIBLE_USERNAME}} /home/{{ANSIBLE_USERNAME}}/.ssh + sudo chmod 700 /home/{{ANSIBLE_USERNAME}}/.ssh + sudo chmod 644 /home/{{ANSIBLE_USERNAME}}/.ssh/authorized_keys + args: + warn: false +- name: "Adding the local user for Ansible to passwordless sudoers." + shell: | + sudo bash -c "echo \"""{{ANSIBLE_USERNAME}}"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" + args: + warn: false diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml new file mode 100644 index 000000000..2d85eecca --- /dev/null +++ b/ansible/roles/users/tasks/main.yml @@ -0,0 +1,10 @@ +--- +- name: "Configure users on {{ ansible_facts['distribution'] }} guest operating system." + include_tasks: linux.yml + when: "ansible_facts['distribution'] == 'Ubuntu'" +- name: "Configure users on {{ ansible_facts['distribution'] }} guest operating system." + include_tasks: linux.yml + when: "ansible_facts['distribution'] in ['RedHat', 'CentOS', 'Rocky', 'AlmaLinux']" +- name: "Configure users on {{ ansible_facts['os_family'] }} guest operating system." + include_tasks: linux.yml + when: "ansible_facts['os_family'] == 'VMware Photon OS'" diff --git a/ansible/roles/users/tasks/photon.yml b/ansible/roles/users/tasks/photon.yml new file mode 100644 index 000000000..b3d4c4986 --- /dev/null +++ b/ansible/roles/users/tasks/photon.yml @@ -0,0 +1,18 @@ +--- +- name: "Adding authorized_keys for the default local user." + shell: | + sudo mkdir -p /home/{{BUILD_USERNAME}}/.ssh + sudo tee /home/{{BUILD_USERNAME}}/.ssh/authorized_keys << EOF + {{BUILD_KEY}} + EOF + sudo chown -R {{BUILD_USERNAME}} /home/{{BUILD_USERNAME}}/.ssh + sudo chmod 700 /home/{{BUILD_USERNAME}}/.ssh + sudo chmod 644 /home/{{BUILD_USERNAME}}/.ssh/authorized_keys + args: + warn: false + +- name: "Adding the default local user to passwordless sudoers." + shell: | + sudo bash -c "echo \"""{{BUILD_USERNAME}}"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" + args: + warn: false diff --git a/build.sh b/build.sh index dd47634fe..afca98f5f 100755 --- a/build.sh +++ b/build.sh @@ -36,8 +36,8 @@ menu_option_1() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -67,8 +67,8 @@ menu_option_2() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -98,8 +98,8 @@ menu_option_3() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -129,8 +129,8 @@ menu_option_4() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -161,8 +161,8 @@ menu_option_5() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -193,8 +193,8 @@ menu_option_6() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -224,8 +224,8 @@ menu_option_7() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -255,8 +255,8 @@ menu_option_8() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -286,8 +286,8 @@ menu_option_9() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -317,8 +317,8 @@ menu_option_10() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -348,8 +348,8 @@ menu_option_11() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -377,8 +377,8 @@ menu_option_12() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ --only vsphere-iso.windows-server-standard-dexp,vsphere-iso.windows-server-standard-core \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ @@ -407,8 +407,8 @@ menu_option_13() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ --only vsphere-iso.windows-server-datacenter-dexp,vsphere-iso.windows-server-datacenter-core \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ @@ -437,8 +437,8 @@ menu_option_14() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -466,8 +466,8 @@ menu_option_15() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ --only vsphere-iso.windows-server-standard-dexp,vsphere-iso.windows-server-standard-core \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ @@ -496,8 +496,8 @@ menu_option_16() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ --only vsphere-iso.windows-server-datacenter-dexp,vsphere-iso.windows-server-datacenter-core \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ @@ -526,8 +526,8 @@ menu_option_17() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -555,8 +555,8 @@ menu_option_18() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ --only vsphere-iso.windows-server-standard-dexp,vsphere-iso.windows-server-standard-core \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ @@ -585,8 +585,8 @@ menu_option_19() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ --only vsphere-iso.windows-server-datacenter-dexp,vsphere-iso.windows-server-datacenter-core \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ @@ -615,8 +615,8 @@ menu_option_20() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ @@ -644,8 +644,8 @@ menu_option_21() { echo "Initializing HashiCorp Packer and required plugins..." packer init "$INPUT_PATH" - ### Start the HashiCorp Packer Build ### - echo "Starting the HashiCorp Packer build..." + ### Start the Build. ### + echo "Starting the build...." packer build -force \ -var-file="$CONFIG_PATH/vsphere.pkrvars.hcl" \ -var-file="$CONFIG_PATH/build.pkrvars.hcl" \ diff --git a/builds/linux/almalinux/8/linux-almalinux.auto.pkrvars.hcl b/builds/linux/almalinux/8/linux-almalinux.auto.pkrvars.hcl index f9c9b592c..b04886baa 100644 --- a/builds/linux/almalinux/8/linux-almalinux.auto.pkrvars.hcl +++ b/builds/linux/almalinux/8/linux-almalinux.auto.pkrvars.hcl @@ -39,8 +39,4 @@ vm_boot_wait = "2s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/rhel8-derivative.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/almalinux/8/linux-almalinux.pkr.hcl b/builds/linux/almalinux/8/linux-almalinux.pkr.hcl index dc4802965..516773fba 100644 --- a/builds/linux/almalinux/8/linux-almalinux.pkr.hcl +++ b/builds/linux/almalinux/8/linux-almalinux.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -140,21 +140,14 @@ build { "ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/almalinux/8/variables.pkr.hcl b/builds/linux/almalinux/8/variables.pkr.hcl index 90b523a22..38cd4c688 100644 --- a/builds/linux/almalinux/8/variables.pkr.hcl +++ b/builds/linux/almalinux/8/variables.pkr.hcl @@ -353,18 +353,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/linux/centos/7/linux-centos.auto.pkrvars.hcl b/builds/linux/centos/7/linux-centos.auto.pkrvars.hcl index 39b981cb9..2bb4fbbeb 100644 --- a/builds/linux/centos/7/linux-centos.auto.pkrvars.hcl +++ b/builds/linux/centos/7/linux-centos.auto.pkrvars.hcl @@ -39,8 +39,4 @@ vm_boot_wait = "2s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/rhel7-derivative.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/centos/7/linux-centos.pkr.hcl b/builds/linux/centos/7/linux-centos.pkr.hcl index 29932567f..d7fbe6a0c 100644 --- a/builds/linux/centos/7/linux-centos.pkr.hcl +++ b/builds/linux/centos/7/linux-centos.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -139,21 +139,14 @@ build { "ANSIBLE_CONFIG=${path.cwd}/ansible/ansible.cfg" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/centos/7/variables.pkr.hcl b/builds/linux/centos/7/variables.pkr.hcl index 176040da3..44d51f7b5 100644 --- a/builds/linux/centos/7/variables.pkr.hcl +++ b/builds/linux/centos/7/variables.pkr.hcl @@ -353,18 +353,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/linux/centos/8-stream/linux-centos-stream.auto.pkrvars.hcl b/builds/linux/centos/8-stream/linux-centos-stream.auto.pkrvars.hcl index 8d61fde9d..1d03a3fe3 100644 --- a/builds/linux/centos/8-stream/linux-centos-stream.auto.pkrvars.hcl +++ b/builds/linux/centos/8-stream/linux-centos-stream.auto.pkrvars.hcl @@ -39,8 +39,4 @@ vm_boot_wait = "2s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/rhel8-derivative.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/centos/8-stream/linux-centos-stream.pkr.hcl b/builds/linux/centos/8-stream/linux-centos-stream.pkr.hcl index 30d789d15..1480e596f 100644 --- a/builds/linux/centos/8-stream/linux-centos-stream.pkr.hcl +++ b/builds/linux/centos/8-stream/linux-centos-stream.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -139,21 +139,14 @@ build { "ANSIBLE_CONFIG=${path.cwd}/ansible/ansible.cfg" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/centos/8-stream/variables.pkr.hcl b/builds/linux/centos/8-stream/variables.pkr.hcl index 912f5d8df..371d1091e 100644 --- a/builds/linux/centos/8-stream/variables.pkr.hcl +++ b/builds/linux/centos/8-stream/variables.pkr.hcl @@ -353,18 +353,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/linux/centos/8/linux-centos.auto.pkrvars.hcl b/builds/linux/centos/8/linux-centos.auto.pkrvars.hcl index efa4bce8a..b539be6e4 100644 --- a/builds/linux/centos/8/linux-centos.auto.pkrvars.hcl +++ b/builds/linux/centos/8/linux-centos.auto.pkrvars.hcl @@ -39,8 +39,4 @@ vm_boot_wait = "2s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/rhel8-derivative.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/centos/8/linux-centos.pkr.hcl b/builds/linux/centos/8/linux-centos.pkr.hcl index ab4785876..50ddac907 100644 --- a/builds/linux/centos/8/linux-centos.pkr.hcl +++ b/builds/linux/centos/8/linux-centos.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -139,21 +139,14 @@ build { "ANSIBLE_CONFIG=${path.cwd}/ansible/ansible.cfg" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/centos/8/variables.pkr.hcl b/builds/linux/centos/8/variables.pkr.hcl index 59637f008..fc2a4f1b3 100644 --- a/builds/linux/centos/8/variables.pkr.hcl +++ b/builds/linux/centos/8/variables.pkr.hcl @@ -353,18 +353,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/linux/photon/4/linux-photon.auto.pkrvars.hcl b/builds/linux/photon/4/linux-photon.auto.pkrvars.hcl index 4d22032e7..815f3c979 100644 --- a/builds/linux/photon/4/linux-photon.auto.pkrvars.hcl +++ b/builds/linux/photon/4/linux-photon.auto.pkrvars.hcl @@ -36,8 +36,4 @@ vm_boot_wait = "2s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/photon.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/photon/4/linux-photon.pkr.hcl b/builds/linux/photon/4/linux-photon.pkr.hcl index 55dc2ac75..d9564e87a 100644 --- a/builds/linux/photon/4/linux-photon.pkr.hcl +++ b/builds/linux/photon/4/linux-photon.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -138,21 +138,14 @@ build { "ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/photon/4/variables.pkr.hcl b/builds/linux/photon/4/variables.pkr.hcl index 94e10a9d4..a84e39953 100644 --- a/builds/linux/photon/4/variables.pkr.hcl +++ b/builds/linux/photon/4/variables.pkr.hcl @@ -335,18 +335,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/linux/rhel/7/linux-rhel.auto.pkrvars.hcl b/builds/linux/rhel/7/linux-rhel.auto.pkrvars.hcl index a8537303d..dc80e3cff 100644 --- a/builds/linux/rhel/7/linux-rhel.auto.pkrvars.hcl +++ b/builds/linux/rhel/7/linux-rhel.auto.pkrvars.hcl @@ -39,8 +39,4 @@ vm_boot_wait = "2s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/rhel7.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/rhel/7/linux-rhel.pkr.hcl b/builds/linux/rhel/7/linux-rhel.pkr.hcl index bfe065114..6a8093449 100644 --- a/builds/linux/rhel/7/linux-rhel.pkr.hcl +++ b/builds/linux/rhel/7/linux-rhel.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -141,21 +141,14 @@ build { "ANSIBLE_CONFIG=${path.cwd}/ansible/ansible.cfg" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/rhel/7/variables.pkr.hcl b/builds/linux/rhel/7/variables.pkr.hcl index 7364cbd4b..9b939b9a5 100644 --- a/builds/linux/rhel/7/variables.pkr.hcl +++ b/builds/linux/rhel/7/variables.pkr.hcl @@ -367,18 +367,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/linux/rhel/8/linux-rhel.auto.pkrvars.hcl b/builds/linux/rhel/8/linux-rhel.auto.pkrvars.hcl index d57b6dfd4..29476dd2f 100644 --- a/builds/linux/rhel/8/linux-rhel.auto.pkrvars.hcl +++ b/builds/linux/rhel/8/linux-rhel.auto.pkrvars.hcl @@ -39,8 +39,4 @@ vm_boot_wait = "2s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/rhel8.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/rhel/8/linux-rhel.pkr.hcl b/builds/linux/rhel/8/linux-rhel.pkr.hcl index bd6d0494d..c634e77d7 100644 --- a/builds/linux/rhel/8/linux-rhel.pkr.hcl +++ b/builds/linux/rhel/8/linux-rhel.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -141,21 +141,14 @@ build { "ANSIBLE_CONFIG=${path.cwd}/ansible/ansible.cfg" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/rhel/8/variables.pkr.hcl b/builds/linux/rhel/8/variables.pkr.hcl index 631bd3076..2a80b017d 100644 --- a/builds/linux/rhel/8/variables.pkr.hcl +++ b/builds/linux/rhel/8/variables.pkr.hcl @@ -367,18 +367,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/linux/rocky/8/linux-rocky.auto.pkrvars.hcl b/builds/linux/rocky/8/linux-rocky.auto.pkrvars.hcl index 937b44f44..747b4f7d0 100644 --- a/builds/linux/rocky/8/linux-rocky.auto.pkrvars.hcl +++ b/builds/linux/rocky/8/linux-rocky.auto.pkrvars.hcl @@ -39,8 +39,4 @@ vm_boot_wait = "2s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/rhel8-derivative.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/rocky/8/linux-rocky.pkr.hcl b/builds/linux/rocky/8/linux-rocky.pkr.hcl index 6e65ee4f8..7983710fe 100644 --- a/builds/linux/rocky/8/linux-rocky.pkr.hcl +++ b/builds/linux/rocky/8/linux-rocky.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -139,21 +139,14 @@ build { "ANSIBLE_CONFIG=${path.cwd}/ansible/ansible.cfg" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/rocky/8/variables.pkr.hcl b/builds/linux/rocky/8/variables.pkr.hcl index a475da160..9c76f0e95 100644 --- a/builds/linux/rocky/8/variables.pkr.hcl +++ b/builds/linux/rocky/8/variables.pkr.hcl @@ -353,18 +353,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/linux/ubuntu/18-04-lts/linux-ubuntu.auto.pkrvars.hcl b/builds/linux/ubuntu/18-04-lts/linux-ubuntu.auto.pkrvars.hcl index 59d1a9a8f..193af0151 100644 --- a/builds/linux/ubuntu/18-04-lts/linux-ubuntu.auto.pkrvars.hcl +++ b/builds/linux/ubuntu/18-04-lts/linux-ubuntu.auto.pkrvars.hcl @@ -39,8 +39,4 @@ vm_boot_wait = "3s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/ubuntu-18.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/ubuntu/18-04-lts/linux-ubuntu.pkr.hcl b/builds/linux/ubuntu/18-04-lts/linux-ubuntu.pkr.hcl index 51a56ec52..93de08eea 100644 --- a/builds/linux/ubuntu/18-04-lts/linux-ubuntu.pkr.hcl +++ b/builds/linux/ubuntu/18-04-lts/linux-ubuntu.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -147,21 +147,14 @@ build { "ANSIBLE_PYTHON_INTERPRETER=/usr/bin/python3" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/ubuntu/18-04-lts/variables.pkr.hcl b/builds/linux/ubuntu/18-04-lts/variables.pkr.hcl index 235889814..4a0d7159f 100644 --- a/builds/linux/ubuntu/18-04-lts/variables.pkr.hcl +++ b/builds/linux/ubuntu/18-04-lts/variables.pkr.hcl @@ -353,18 +353,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/linux/ubuntu/20-04-lts/linux-ubuntu.auto.pkrvars.hcl b/builds/linux/ubuntu/20-04-lts/linux-ubuntu.auto.pkrvars.hcl index 0b4edb446..07a8d35a9 100644 --- a/builds/linux/ubuntu/20-04-lts/linux-ubuntu.auto.pkrvars.hcl +++ b/builds/linux/ubuntu/20-04-lts/linux-ubuntu.auto.pkrvars.hcl @@ -39,8 +39,4 @@ vm_boot_wait = "5s" // Communicator Settings communicator_port = 22 -communicator_timeout = "30m" - -// Provisioner Settings -scripts = ["scripts/linux/ubuntu-2x.sh"] -inline = [] \ No newline at end of file +communicator_timeout = "30m" \ No newline at end of file diff --git a/builds/linux/ubuntu/20-04-lts/linux-ubuntu.pkr.hcl b/builds/linux/ubuntu/20-04-lts/linux-ubuntu.pkr.hcl index b648eafc7..0568ad8e6 100644 --- a/builds/linux/ubuntu/20-04-lts/linux-ubuntu.pkr.hcl +++ b/builds/linux/ubuntu/20-04-lts/linux-ubuntu.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -143,21 +143,14 @@ build { "ANSIBLE_CONFIG=${path.cwd}/ansible/ansible.cfg" ] extra_arguments = [ - "-e", "display_skipped_hosts = false" + "--extra-vars", "display_skipped_hosts=false", + "--extra-vars", "BUILD_USERNAME=${var.build_username}", + "--extra-vars", "BUILD_SECRET='${var.build_key}'", + "--extra-vars", "ANSIBLE_USERNAME=${var.ansible_username}", + "--extra-vars", "ANSIBLE_SECRET='${var.ansible_key}'", ] } - provisioner "shell" { - execute_command = "echo '${var.build_password}' | {{.Vars}} sudo -E -S sh -eux '{{.Path}}'" - environment_vars = [ - "BUILD_USERNAME=${var.build_username}", - "BUILD_KEY=${var.build_key}", - "ANSIBLE_USERNAME=${var.ansible_username}", - "ANSIBLE_KEY=${var.ansible_key}" - ] - scripts = formatlist("${path.cwd}/%s", var.scripts) - } - post-processor "manifest" { output = "${local.manifest_path}${local.manifest_date}.json" strip_path = true diff --git a/builds/linux/ubuntu/20-04-lts/variables.pkr.hcl b/builds/linux/ubuntu/20-04-lts/variables.pkr.hcl index 6c740d439..ff6b82323 100644 --- a/builds/linux/ubuntu/20-04-lts/variables.pkr.hcl +++ b/builds/linux/ubuntu/20-04-lts/variables.pkr.hcl @@ -353,18 +353,4 @@ variable "ansible_key" { type = string description = "The public key for Ansible to login to the guest operating system." sensitive = true -} - -// Provisioner Settings - -variable "scripts" { - type = list(string) - description = "A list of scripts and their relative paths to transfer and run." - default = [] -} - -variable "inline" { - type = list(string) - description = "A list of commands to run." - default = [] } \ No newline at end of file diff --git a/builds/windows/desktop/10/data/autounattend.pkrtpl.hcl b/builds/windows/desktop/10/data/autounattend.pkrtpl.hcl index e4ffdd6e9..8c21d24dc 100644 --- a/builds/windows/desktop/10/data/autounattend.pkrtpl.hcl +++ b/builds/windows/desktop/10/data/autounattend.pkrtpl.hcl @@ -200,7 +200,7 @@ %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File F:\windows-init.ps1 4 - Enable Windows Remote Management + Initial Configuration diff --git a/builds/windows/desktop/10/windows.pkr.hcl b/builds/windows/desktop/10/windows.pkr.hcl index f5d9d6071..7cf85ae5a 100644 --- a/builds/windows/desktop/10/windows.pkr.hcl +++ b/builds/windows/desktop/10/windows.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" diff --git a/builds/windows/desktop/11/data/autounattend.pkrtpl.hcl b/builds/windows/desktop/11/data/autounattend.pkrtpl.hcl index 2cbbd7663..5777123e0 100644 --- a/builds/windows/desktop/11/data/autounattend.pkrtpl.hcl +++ b/builds/windows/desktop/11/data/autounattend.pkrtpl.hcl @@ -207,7 +207,7 @@ %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File F:\windows-init.ps1 4 - Enable Windows Remote Management + Initial Configuration diff --git a/builds/windows/desktop/11/windows.pkr.hcl b/builds/windows/desktop/11/windows.pkr.hcl index b65a5aade..830ffc177 100644 --- a/builds/windows/desktop/11/windows.pkr.hcl +++ b/builds/windows/desktop/11/windows.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" @@ -187,6 +187,7 @@ build { vm_guest_os_type = var.vm_guest_os_type vm_mem_size = var.vm_mem_size vm_network_card = var.vm_network_card + vm_vtpm = var.vm_vtpm vsphere_cluster = var.vsphere_cluster vsphere_datacenter = var.vsphere_datacenter vsphere_datastore = var.vsphere_datastore diff --git a/builds/windows/server/2016/data/autounattend.pkrtpl.hcl b/builds/windows/server/2016/data/autounattend.pkrtpl.hcl index 23d0db728..d40be9a4b 100644 --- a/builds/windows/server/2016/data/autounattend.pkrtpl.hcl +++ b/builds/windows/server/2016/data/autounattend.pkrtpl.hcl @@ -191,9 +191,9 @@ Install VMware Tools - %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File F:\windows-server-init.ps1 + %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File F:\windows-init.ps1 4 - Enable Windows Remote Management + Initial Configuration diff --git a/builds/windows/server/2016/windows-server.auto.pkrvars.hcl b/builds/windows/server/2016/windows-server.auto.pkrvars.hcl index 371e34989..ce1cf1232 100644 --- a/builds/windows/server/2016/windows-server.auto.pkrvars.hcl +++ b/builds/windows/server/2016/windows-server.auto.pkrvars.hcl @@ -58,7 +58,7 @@ communicator_port = 5985 communicator_timeout = "12h" // Provisioner Settings -scripts = ["scripts/windows/windows-server-prepare.ps1"] +scripts = ["scripts/windows/windows-prepare.ps1"] inline = [ "Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))", "choco feature enable -n allowGlobalConfirmation", diff --git a/builds/windows/server/2016/windows-server.pkr.hcl b/builds/windows/server/2016/windows-server.pkr.hcl index 0c3a59618..9803d5a01 100644 --- a/builds/windows/server/2016/windows-server.pkr.hcl +++ b/builds/windows/server/2016/windows-server.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" diff --git a/builds/windows/server/2019/data/autounattend.pkrtpl.hcl b/builds/windows/server/2019/data/autounattend.pkrtpl.hcl index 23d0db728..d40be9a4b 100644 --- a/builds/windows/server/2019/data/autounattend.pkrtpl.hcl +++ b/builds/windows/server/2019/data/autounattend.pkrtpl.hcl @@ -191,9 +191,9 @@ Install VMware Tools - %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File F:\windows-server-init.ps1 + %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File F:\windows-init.ps1 4 - Enable Windows Remote Management + Initial Configuration diff --git a/builds/windows/server/2019/windows-server.auto.pkrvars.hcl b/builds/windows/server/2019/windows-server.auto.pkrvars.hcl index f8d97a4dd..02adfc161 100644 --- a/builds/windows/server/2019/windows-server.auto.pkrvars.hcl +++ b/builds/windows/server/2019/windows-server.auto.pkrvars.hcl @@ -58,7 +58,7 @@ communicator_port = 5985 communicator_timeout = "12h" // Provisioner Settings -scripts = ["scripts/windows/windows-server-prepare.ps1"] +scripts = ["scripts/windows/windows-prepare.ps1"] inline = [ "Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))", "choco feature enable -n allowGlobalConfirmation", diff --git a/builds/windows/server/2019/windows-server.pkr.hcl b/builds/windows/server/2019/windows-server.pkr.hcl index ba523cdf7..db8fe4ce0 100644 --- a/builds/windows/server/2019/windows-server.pkr.hcl +++ b/builds/windows/server/2019/windows-server.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" diff --git a/builds/windows/server/2022/data/autounattend.pkrtpl.hcl b/builds/windows/server/2022/data/autounattend.pkrtpl.hcl index 23d0db728..d40be9a4b 100644 --- a/builds/windows/server/2022/data/autounattend.pkrtpl.hcl +++ b/builds/windows/server/2022/data/autounattend.pkrtpl.hcl @@ -191,9 +191,9 @@ Install VMware Tools - %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File F:\windows-server-init.ps1 + %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe -File F:\windows-init.ps1 4 - Enable Windows Remote Management + Initial Configuration diff --git a/builds/windows/server/2022/windows-server.auto.pkrvars.hcl b/builds/windows/server/2022/windows-server.auto.pkrvars.hcl index 57fb7d40f..046160638 100644 --- a/builds/windows/server/2022/windows-server.auto.pkrvars.hcl +++ b/builds/windows/server/2022/windows-server.auto.pkrvars.hcl @@ -58,7 +58,7 @@ communicator_port = 5985 communicator_timeout = "12h" // Provisioner Settings -scripts = ["scripts/windows/windows-server-prepare.ps1"] +scripts = ["scripts/windows/windows-prepare.ps1"] inline = [ "Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))", "choco feature enable -n allowGlobalConfirmation", diff --git a/builds/windows/server/2022/windows-server.pkr.hcl b/builds/windows/server/2022/windows-server.pkr.hcl index 6a7c7d284..648ab2d3c 100644 --- a/builds/windows/server/2022/windows-server.pkr.hcl +++ b/builds/windows/server/2022/windows-server.pkr.hcl @@ -7,7 +7,7 @@ // The Packer configuration. packer { - required_version = ">= 1.7.9" + required_version = ">= 1.7.10" required_plugins { vsphere = { version = ">= v1.0.3" diff --git a/config.sh b/config.sh index 86767b7e2..0ec25da0d 100755 --- a/config.sh +++ b/config.sh @@ -22,12 +22,12 @@ CONFIG_PATH=${1:-${SCRIPT_PATH}/config} mkdir -p "$CONFIG_PATH" ### Copy the example input variables. echo -echo "> Copying the example input variables ..." +echo "> Copying the example input variables..." cp -av "$SCRIPT_PATH"/builds/*.pkrvars.hcl.example "$CONFIG_PATH" ### Rename the example input variables. echo -echo "> Renaming the example input variables ..." +echo "> Renaming the example input variables..." srcext=".pkrvars.hcl.example" dstext=".pkrvars.hcl" diff --git a/scripts/linux/.gitkeep b/scripts/linux/.gitkeep new file mode 100644 index 000000000..e69de29bb diff --git a/scripts/linux/photon.sh b/scripts/linux/photon.sh deleted file mode 100755 index 67a89c646..000000000 --- a/scripts/linux/photon.sh +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -eux - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -# Prepares a VMware Photon OS guest operating system. - -### Set the environmental variables. ### -export BUILD_USERNAME -export BUILD_KEY -export ANSIBLE_USERNAME -export ANSIBLE_KEY - -### Disable IPv6. ### -echo '> Disabling IPv6' -echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf - -### Update the default local user. ### -echo '> Updating the default local user ...' -echo '> Adding authorized_keys for the default local user ...' -sudo mkdir -p /home/"$BUILD_USERNAME"/.ssh -sudo tee /home/"$BUILD_USERNAME"/.ssh/authorized_keys << EOF -$BUILD_KEY -EOF -sudo chown -R "$BUILD_USERNAME" /home/"$BUILD_USERNAME"/.ssh -sudo chmod 700 /home/"$BUILD_USERNAME"/.ssh -sudo chmod 644 /home/"$BUILD_USERNAME"/.ssh/authorized_keys -echo '> Adding the default local user to passwordless sudoers...' -sudo bash -c "echo \"""$BUILD_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Create a local user for Ansible. ### -echo '> Creating a local user for Ansible ...' -sudo groupadd "$ANSIBLE_USERNAME" -sudo useradd -g "$ANSIBLE_USERNAME" -m -s /bin/bash "$ANSIBLE_USERNAME" -sudo usermod -aG sudo "$ANSIBLE_USERNAME" -echo "$ANSIBLE_USERNAME":"$(openssl rand -base64 14)" | sudo chpasswd -echo '> Adding authorized_keys for local Ansible user ...' -sudo mkdir /home/"$ANSIBLE_USERNAME"/.ssh -sudo tee /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys << EOF -$ANSIBLE_KEY -EOF -sudo chown -R "$ANSIBLE_USERNAME":"$ANSIBLE_USERNAME" /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 700 /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 600 /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys -echo '> Adding local Ansible user to passwordless sudoers...' -sudo bash -c "echo \"""$ANSIBLE_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Configure SSH for Public Key Authentication. ### -echo '> Configuring SSH for Public Key Authentication ...' -sudo sed -i '/^PermitRootLogin/s/yes/no/' /etc/ssh/sshd_config -sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/g' /etc/ssh/sshd_config - -### Disable and clean tmp. ### -echo '> Disabling and clean tmp ...' -sudo sed -i 's/D/#&/' /usr/lib/tmpfiles.d/tmp.conf - -### Add After=dbus.service to VMware Tools daemon. ### -echo '> Adding After=dbus.service to VMware Tools daemon ...' -sudo sed -i '/^After=vgauthd.service/a\After=dbus.service' /usr/lib/systemd/system/vmtoolsd.service - -### Create a cleanup script. ### -echo '> Creating cleanup script ...' -sudo tee /home/"$BUILD_USERNAME"/clean.sh << EOF -#!/bin/bash - -# Cleans all audit logs. -echo '> Cleaning all audit logs ...' -if [ -f /var/log/audit/audit.log ]; then -cat /dev/null > /var/log/audit/audit.log -fi -if [ -f /var/log/wtmp ]; then -cat /dev/null > /var/log/wtmp -fi -if [ -f /var/log/lastlog ]; then -cat /dev/null > /var/log/lastlog -fi - -# Cleans persistent udev rules. -echo '> Cleaning persistent udev rules ...' -if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then -rm /etc/udev/rules.d/70-persistent-net.rules -fi - -# Cleans /tmp directories. -echo '> Cleaning /tmp directories ...' -rm -rf /tmp/* -rm -rf /var/tmp/* - -# Cleans SSH keys. -echo '> Cleaning SSH keys ...' -rm -f /etc/ssh/ssh_host_* - -# Sets hostname to localhost. -echo '> Setting hostname to localhost ...' -cat /dev/null > /etc/hostname -hostnamectl set-hostname localhost - -# Cleans tdnf. -echo '> Cleaning tdnf ...' -tdnf clean all - -# Cleans the machine-id. -echo '> Cleaning the machine-id ...' -truncate -s 0 /etc/machine-id -rm /var/lib/dbus/machine-id -ln -s /etc/machine-id /var/lib/dbus/machine-id - -# Cleans shell history. -echo '> Cleaning shell history ...' -unset HISTFILE -history -cw -echo > ~/.bash_history -rm -fr /root/.bash_history -EOF - -### Change script permissions for execution. ### -echo '> Changeing script permissions for execution ...' -sudo chmod +x /home/"$BUILD_USERNAME"/clean.sh - -### Runs the cleauup script. ### -echo '> Running the cleanup script ...' -sudo /home/"$BUILD_USERNAME"/clean.sh - -### Generate host keys using ssh-keygen ### -echo '> Generating host keys ...' -sudo ssh-keygen -A - -### All done. ### -echo '> Done.' diff --git a/scripts/linux/rhel7-derivative.sh b/scripts/linux/rhel7-derivative.sh deleted file mode 100755 index d82794f7b..000000000 --- a/scripts/linux/rhel7-derivative.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -# Prepares a Red Hat Enterprise Linux 7 derivative guest operating system. - -export BUILD_USERNAME -export BUILD_KEY -export ANSIBLE_USERNAME -export ANSIBLE_KEY - -### Update the default local user. ### -echo '> Updating the default local user ...' -echo '> Adding authorized_keys for the default local user ...' -sudo mkdir -p /home/"$BUILD_USERNAME"/.ssh -sudo tee /home/"$BUILD_USERNAME"/.ssh/authorized_keys << EOF -$BUILD_KEY -EOF -sudo chown -R "$BUILD_USERNAME" /home/"$BUILD_USERNAME"/.ssh -sudo chmod 700 /home/"$BUILD_USERNAME"/.ssh -sudo chmod 644 /home/"$BUILD_USERNAME"/.ssh/authorized_keys -echo '> Adding the default local user to passwordless sudoers...' -sudo bash -c "echo \"""$BUILD_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Create a local user for Ansible. ### -echo '> Creating a local user for Ansible ...' -sudo groupadd "$ANSIBLE_USERNAME" -sudo useradd -g "$ANSIBLE_USERNAME" -G wheel -m -s /bin/bash "$ANSIBLE_USERNAME" -echo "$ANSIBLE_USERNAME":"$(openssl rand -base64 14)" | sudo chpasswd -echo '> Adding authorized_keys for local Ansible user ...' -sudo mkdir /home/"$ANSIBLE_USERNAME"/.ssh -sudo tee /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys << EOF -$ANSIBLE_KEY -EOF -sudo chown -R "$ANSIBLE_USERNAME":"$ANSIBLE_USERNAME" /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 700 /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 600 /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys -echo '> Adding local Ansible user to passwordless sudoers...' -sudo bash -c "echo \"""$ANSIBLE_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Configure SSH for Public Key Authentication. ### -echo '> Configuring SSH for Public Key Authentication ...' -sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config -### Comment the line below to to disable Public Key Authentication allow _only_ Password Authentication. ### -sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config -### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ### -### sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config - -### Disable SELinux. ### -echo '> Disabling SELinux ...' -sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config - -### Restart the SSH daemon. ### -echo '> Restarting the SSH daemon. ...' -sudo systemctl restart sshd - -### Create the clean script. ### -echo '> Creating the clean script ...' -sudo tee /home/"$BUILD_USERNAME"/clean.sh << EOF -#!/bin/bash - -### Cleans all audit logs. ### -echo '> Cleaning all audit logs ...' -if [ -f /var/log/audit/audit.log ]; then -cat /dev/null > /var/log/audit/audit.log -fi -if [ -f /var/log/wtmp ]; then -cat /dev/null > /var/log/wtmp -fi -if [ -f /var/log/lastlog ]; then -cat /dev/null > /var/log/lastlog -fi - -### Cleans persistent udev rules. ### -echo '> Cleaning persistent udev rules ...' -if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then -rm /etc/udev/rules.d/70-persistent-net.rules -fi - -### Clean the /tmp directories. ### -echo '> Cleaning /tmp directories ...' -rm -rf /tmp/* -rm -rf /var/tmp/* -rm -rf /var/cache/dnf/* - -### Clean the SSH keys. ### -echo '> Cleaning the SSH keys ...' -rm -f /etc/ssh/ssh_host_* - -### Set the hostname to localhost. ### -echo '> Setting the hostname to localhost ...' -cat /dev/null > /etc/hostname -hostnamectl set-hostname localhost - -### Clean yum cache. ### -echo '> Cleaning yum cache ...' -yum clean all - -### Clean the machine-id. ### -echo '> Cleaning the machine-id ...' -truncate -s 0 /etc/machine-id -rm /var/lib/dbus/machine-id -ln -s /etc/machine-id /var/lib/dbus/machine-id - -### Clean the shell history. ### -echo '> Cleaning the shell history ...' -unset HISTFILE -history -cw -echo > ~/.bash_history -rm -fr /root/.bash_history -EOF - -### Change the permissions on /tmp/clean.sh. ### -echo '> Changing the permissions on /tmp/clean.sh ...' -sudo chmod +x /home/"$BUILD_USERNAME"/clean.sh - -### Run the cleau script. ### -echo '> Running the clean script ...' -sudo /home/"$BUILD_USERNAME"/clean.sh - -### Done. ### -echo '> Done.' \ No newline at end of file diff --git a/scripts/linux/rhel7.sh b/scripts/linux/rhel7.sh deleted file mode 100755 index 45b292052..000000000 --- a/scripts/linux/rhel7.sh +++ /dev/null @@ -1,132 +0,0 @@ -#!/bin/bash - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -# Prepares a Red Hat Enterprise Linux 7 guest operating system. - -export BUILD_USERNAME -export BUILD_KEY -export ANSIBLE_USERNAME -export ANSIBLE_KEY - -### Update the default local user. ### -echo '> Updating the default local user ...' -sudo mkdir -p /home/"$BUILD_USERNAME"/.ssh -sudo tee /home/"$BUILD_USERNAME"/.ssh/authorized_keys << EOF -$BUILD_KEY -EOF -sudo chown -R "$BUILD_USERNAME" /home/"$BUILD_USERNAME"/.ssh -sudo chmod 700 /home/"$BUILD_USERNAME"/.ssh -sudo chmod 644 /home/"$BUILD_USERNAME"/.ssh/authorized_keys - -### Create a local user for Ansible. ### -echo '> Creating a local user for Ansible ...' -sudo groupadd "$ANSIBLE_USERNAME" -sudo useradd -g "$ANSIBLE_USERNAME" -G wheel -m -s /bin/bash "$ANSIBLE_USERNAME" -echo "$ANSIBLE_USERNAME":"$(openssl rand -base64 14)" | sudo chpasswd -sudo mkdir /home/"$ANSIBLE_USERNAME"/.ssh -sudo tee /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys << EOF -$ANSIBLE_KEY -EOF -sudo chown -R "$ANSIBLE_USERNAME":"$ANSIBLE_USERNAME" /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 700 /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 600 /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys - -### Configure SSH for Public Key Authentication. ### -echo '> Configuring SSH for Public Key Authentication ...' -sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config -### Comment the line below to to disable Public Key Authentication allow _only_ Password Authentication. ### -sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config -### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ### -### sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config - -### Disable SELinux. ### -echo '> Disabling SELinux ...' -sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config - -### Restart the SSH daemon. ### -echo '> Restarting the SSH daemon. ...' -sudo systemctl restart sshd - -#### Unregister from Red Hat Subscription Manager. ### -echo '> Unregistering from Red Hat Subscription Manager ...' -subscription-manager unsubscribe --all -subscription-manager unregister -subscription-manager clean - -### Create a clean script. ### -echo '> Creating clean script ...' -sudo tee /home/"$BUILD_USERNAME"/clean.sh << EOF -#!/bin/bash - -### Cleans the audit logs. ### -echo '> Cleaning the audit logs ...' -if [ -f /var/log/audit/audit.log ]; then -cat /dev/null > /var/log/audit/audit.log -fi -if [ -f /var/log/wtmp ]; then -cat /dev/null > /var/log/wtmp -fi -if [ -f /var/log/lastlog ]; then -cat /dev/null > /var/log/lastlog -fi - -### Cleans the persistent udev rules. ### -echo '> Cleaning persistent udev rules ...' -if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then -rm /etc/udev/rules.d/70-persistent-net.rules -fi - -### Clean the /tmp directories. ### -echo '> Cleaning the /tmp directories ...' -rm -rf /tmp/* -rm -rf /var/tmp/* -rm -rf /var/log/rhsm/* -rm -rf /var/cache/dnf/* - -### Clean the SSH keys. ### -echo '> Cleaning the SSH keys ...' -rm -f /etc/ssh/ssh_host_* - -### Sets the hostname to localhost. ### -echo '> Setting the hostname to localhost ...' -cat /dev/null > /etc/hostname -hostnamectl set-hostname localhost - -### Clean the yum cache. ### -echo '> Cleaning the cache ...' -yum clean all - -### Clean the machine-id. ### -echo '> Cleaning the machine-id ...' -truncate -s 0 /etc/machine-id -rm /var/lib/dbus/machine-id -ln -s /etc/machine-id /var/lib/dbus/machine-id - -### Clean the shell history. ### -echo '> Cleaning the shell history ...' -unset HISTFILE -history -cw -echo > ~/.bash_history -rm -fr /root/.bash_history - -### Run a sync. ### -echo '> Running a sync ...' -sync && sync - -EOF - -### Change script permissions on /tmp/clean.sh. ### -echo '> Changing script permissions on /tmp/clean.sh ...' -sudo chmod +x /home/"$BUILD_USERNAME"/clean.sh - -### Run the cleau script. ### -echo '> Running the clean script ...' -sudo /home/"$BUILD_USERNAME"/clean.sh -### END: Clean the guest operating system. ### - -### Done. ### -echo '> Done.' \ No newline at end of file diff --git a/scripts/linux/rhel8-derivative.sh b/scripts/linux/rhel8-derivative.sh deleted file mode 100755 index 7b93e0e13..000000000 --- a/scripts/linux/rhel8-derivative.sh +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/bash - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -# Prepares a Red Hat Enterprise Linux 8 derivative guest operating system. - -export BUILD_USERNAME -export BUILD_KEY -export ANSIBLE_USERNAME -export ANSIBLE_KEY - -### Update the default local user. ### -echo '> Updating the default local user ...' -echo '> Adding authorized_keys for the default local user ...' -sudo mkdir -p /home/"$BUILD_USERNAME"/.ssh -sudo tee /home/"$BUILD_USERNAME"/.ssh/authorized_keys << EOF -$BUILD_KEY -EOF -sudo chown -R "$BUILD_USERNAME" /home/"$BUILD_USERNAME"/.ssh -sudo chmod 700 /home/"$BUILD_USERNAME"/.ssh -sudo chmod 644 /home/"$BUILD_USERNAME"/.ssh/authorized_keys -echo '> Adding the default local user to passwordless sudoers...' -sudo bash -c "echo \"""$BUILD_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Create a local user for Ansible. ### -echo '> Creating a local user for Ansible ...' -sudo groupadd "$ANSIBLE_USERNAME" -sudo useradd -g "$ANSIBLE_USERNAME" -G wheel -m -s /bin/bash "$ANSIBLE_USERNAME" -echo "$ANSIBLE_USERNAME":"$(openssl rand -base64 14)" | sudo chpasswd -echo '> Adding authorized_keys for local Ansible user ...' -sudo mkdir /home/"$ANSIBLE_USERNAME"/.ssh -sudo tee /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys << EOF -$ANSIBLE_KEY -EOF -sudo chown -R "$ANSIBLE_USERNAME":"$ANSIBLE_USERNAME" /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 700 /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 600 /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys -echo '> Adding local Ansible user to passwordless sudoers...' -sudo bash -c "echo \"""$ANSIBLE_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Configure SSH for Public Key Authentication. ### -echo '> Configuring SSH for Public Key Authentication ...' -sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config -### Comment the line below to to disable Public Key Authentication allow _only_ Password Authentication. ### -sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config -### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ### -### sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config - -### Disable SELinux. ### -echo '> Disabling SELinux ...' -sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config - -### Restart the SSH daemon. ### -echo '> Restarting the SSH daemon. ...' -sudo systemctl restart sshd - -### Create the clean script. ### -echo '> Creating the clean script ...' -sudo tee /home/"$BUILD_USERNAME"/clean.sh << EOF -#!/bin/bash - -### Cleans all audit logs. ### -echo '> Cleaning all audit logs ...' -if [ -f /var/log/audit/audit.log ]; then -cat /dev/null > /var/log/audit/audit.log -fi -if [ -f /var/log/wtmp ]; then -cat /dev/null > /var/log/wtmp -fi -if [ -f /var/log/lastlog ]; then -cat /dev/null > /var/log/lastlog -fi - -### Cleans persistent udev rules. ### -echo '> Cleaning persistent udev rules ...' -if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then -rm /etc/udev/rules.d/70-persistent-net.rules -fi - -### Clean the /tmp directories. ### -echo '> Cleaning /tmp directories ...' -rm -rf /tmp/* -rm -rf /var/tmp/* -rm -rf /var/cache/dnf/* - -### Clean the SSH keys. ### -echo '> Cleaning the SSH keys ...' -rm -f /etc/ssh/ssh_host_* - -### Set the hostname to localhost. ### -echo '> Setting the hostname to localhost ...' -cat /dev/null > /etc/hostname -hostnamectl set-hostname localhost - -### Clean dnf cache. ### -echo '> Cleaning dnf cache ...' -dnf clean all - -### Clean the machine-id. ### -echo '> Cleaning the machine-id ...' -truncate -s 0 /etc/machine-id -rm /var/lib/dbus/machine-id -ln -s /etc/machine-id /var/lib/dbus/machine-id - -### Clean the shell history. ### -echo '> Cleaning the shell history ...' -unset HISTFILE -history -cw -echo > ~/.bash_history -rm -fr /root/.bash_history -EOF - -### Change the permissions on /tmp/clean.sh. ### -echo '> Changing the permissions on /tmp/clean.sh ...' -sudo chmod +x /home/"$BUILD_USERNAME"/clean.sh - -### Run the cleau script. ### -echo '> Running the clean script ...' -sudo /home/"$BUILD_USERNAME"/clean.sh - -### Done. ### -echo '> Done.' \ No newline at end of file diff --git a/scripts/linux/rhel8.sh b/scripts/linux/rhel8.sh deleted file mode 100755 index 003f34c4e..000000000 --- a/scripts/linux/rhel8.sh +++ /dev/null @@ -1,132 +0,0 @@ -#!/bin/bash - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -# Prepares a Red Hat Enterprise Linux 8 guest operating system. - -export BUILD_USERNAME -export BUILD_KEY -export ANSIBLE_USERNAME -export ANSIBLE_KEY - -### Update the default local user. ### -echo '> Updating the default local user ...' -sudo mkdir -p /home/"$BUILD_USERNAME"/.ssh -sudo tee /home/"$BUILD_USERNAME"/.ssh/authorized_keys << EOF -$BUILD_KEY -EOF -sudo chown -R "$BUILD_USERNAME" /home/"$BUILD_USERNAME"/.ssh -sudo chmod 700 /home/"$BUILD_USERNAME"/.ssh -sudo chmod 644 /home/"$BUILD_USERNAME"/.ssh/authorized_keys - -### Create a local user for Ansible. ### -echo '> Creating a local user for Ansible ...' -sudo groupadd "$ANSIBLE_USERNAME" -sudo useradd -g "$ANSIBLE_USERNAME" -G wheel -m -s /bin/bash "$ANSIBLE_USERNAME" -echo "$ANSIBLE_USERNAME":"$(openssl rand -base64 14)" | sudo chpasswd -sudo mkdir /home/"$ANSIBLE_USERNAME"/.ssh -sudo tee /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys << EOF -$ANSIBLE_KEY -EOF -sudo chown -R "$ANSIBLE_USERNAME":"$ANSIBLE_USERNAME" /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 700 /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 600 /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys - -### Configure SSH for Public Key Authentication. ### -echo '> Configuring SSH for Public Key Authentication ...' -sudo sed -i 's/.*PermitRootLogin.*/PermitRootLogin no/' /etc/ssh/sshd_config -### Comment the line below to to disable Public Key Authentication allow _only_ Password Authentication. ### -sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config -### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ### -### sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config - -### Disable SELinux. ### -echo '> Disabling SELinux ...' -sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config - -### Restart the SSH daemon. ### -echo '> Restarting the SSH daemon. ...' -sudo systemctl restart sshd - -#### Unregister from Red Hat Subscription Manager. ### -echo '> Unregistering from Red Hat Subscription Manager ...' -subscription-manager unsubscribe --all -subscription-manager unregister -subscription-manager clean - -### Create a clean script. ### -echo '> Creating clean script ...' -sudo tee /home/"$BUILD_USERNAME"/clean.sh << EOF -#!/bin/bash - -### Cleans the audit logs. ### -echo '> Cleaning the audit logs ...' -if [ -f /var/log/audit/audit.log ]; then -cat /dev/null > /var/log/audit/audit.log -fi -if [ -f /var/log/wtmp ]; then -cat /dev/null > /var/log/wtmp -fi -if [ -f /var/log/lastlog ]; then -cat /dev/null > /var/log/lastlog -fi - -### Cleans the persistent udev rules. ### -echo '> Cleaning persistent udev rules ...' -if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then -rm /etc/udev/rules.d/70-persistent-net.rules -fi - -### Clean the /tmp directories. ### -echo '> Cleaning the /tmp directories ...' -rm -rf /tmp/* -rm -rf /var/tmp/* -rm -rf /var/log/rhsm/* -rm -rf /var/cache/dnf/* - -### Clean the SSH keys. ### -echo '> Cleaning the SSH keys ...' -rm -f /etc/ssh/ssh_host_* - -### Sets the hostname to localhost. ### -echo '> Setting the hostname to localhost ...' -cat /dev/null > /etc/hostname -hostnamectl set-hostname localhost - -### Clean the dnf cache. ### -echo '> Cleaning the cache ...' -dnf clean all - -### Clean the machine-id. ### -echo '> Cleaning the machine-id ...' -truncate -s 0 /etc/machine-id -rm /var/lib/dbus/machine-id -ln -s /etc/machine-id /var/lib/dbus/machine-id - -### Clean the shell history. ### -echo '> Cleaning the shell history ...' -unset HISTFILE -history -cw -echo > ~/.bash_history -rm -fr /root/.bash_history - -### Run a sync. ### -echo '> Running a sync ...' -sync && sync - -EOF - -### Change script permissions on /tmp/clean.sh. ### -echo '> Changing script permissions on /tmp/clean.sh ...' -sudo chmod +x /home/"$BUILD_USERNAME"/clean.sh - -### Run the cleau script. ### -echo '> Running the clean script ...' -sudo /home/"$BUILD_USERNAME"/clean.sh -### END: Clean the guest operating system. ### - -### Done. ### -echo '> Done.' \ No newline at end of file diff --git a/scripts/linux/ubuntu-18.sh b/scripts/linux/ubuntu-18.sh deleted file mode 100755 index 5b51aa548..000000000 --- a/scripts/linux/ubuntu-18.sh +++ /dev/null @@ -1,130 +0,0 @@ -#!/bin/bash - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -# Prepares a Ubuntu Server 18.xx guest operating system. - -### Set the environmental variables. ### -export BUILD_USERNAME -export BUILD_KEY -export ANSIBLE_USERNAME -export ANSIBLE_KEY - -### Update the default local user. ### -echo '> Updating the default local user ...' -echo '> Adding authorized_keys for the default local user ...' -sudo mkdir -p /home/"$BUILD_USERNAME"/.ssh -sudo tee /home/"$BUILD_USERNAME"/.ssh/authorized_keys << EOF -$BUILD_KEY -EOF -sudo chown -R "$BUILD_USERNAME" /home/"$BUILD_USERNAME"/.ssh -sudo chmod 700 /home/"$BUILD_USERNAME"/.ssh -sudo chmod 644 /home/"$BUILD_USERNAME"/.ssh/authorized_keys -echo '> Adding the default local user to passwordless sudoers...' -sudo bash -c "echo \"""$BUILD_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Create a local user for Ansible. ### -echo '> Creating a local user for Ansible ...' -sudo groupadd "$ANSIBLE_USERNAME" -sudo useradd -g "$ANSIBLE_USERNAME" -m -s /bin/bash "$ANSIBLE_USERNAME" -sudo usermod -aG sudo "$ANSIBLE_USERNAME" -echo "$ANSIBLE_USERNAME":"$(openssl rand -base64 14)" | sudo chpasswd -echo '> Adding authorized_keys for local Ansible user ...' -sudo mkdir /home/"$ANSIBLE_USERNAME"/.ssh -sudo tee /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys << EOF -$ANSIBLE_KEY -EOF -sudo chown -R "$ANSIBLE_USERNAME":"$ANSIBLE_USERNAME" /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 700 /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 600 /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys -echo '> Adding local Ansible user to passwordless sudoers...' -sudo bash -c "echo \"""$ANSIBLE_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Configure SSH for Public Key Authentication. ### -echo '> Configuring SSH for Public Key Authentication ...' -sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config -### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ### -### sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config - -### Restart the SSH daemon. ### -echo '> Restarting the SSH daemon. ...' -sudo systemctl restart sshd - -### Create the clean script. ### -echo '> Creating the clean script ...' -sudo tee /home/"$BUILD_USERNAME"/clean.sh << EOF -#!/bin/bash - -### Cleans all audit logs. ### -echo '> Cleaning all audit logs ...' -if [ -f /var/log/audit/audit.log ]; then -cat /dev/null > /var/log/audit/audit.log -fi -if [ -f /var/log/wtmp ]; then -cat /dev/null > /var/log/wtmp -fi -if [ -f /var/log/lastlog ]; then -cat /dev/null > /var/log/lastlog -fi - -### Cleans persistent udev rules. ### -echo '> Cleaning persistent udev rules ...' -if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then -rm /etc/udev/rules.d/70-persistent-net.rules -fi - -### Clean the /tmp directories. ### -echo '> Cleaning /tmp directories ...' -rm -rf /tmp/* -rm -rf /var/tmp/* - -### Clean the SSH keys. ### -echo '> Cleaning the SSH keys ...' -rm -f /etc/ssh/ssh_host_* - -### Set the hostname to localhost. ### -echo '> Setting the hostname to localhost ...' -cat /dev/null > /etc/hostname -hostnamectl set-hostname localhost - -### Clean apt cache. ### -echo '> Cleaning apt cache ...' -apt-get autoremove -apt-get clean - -### Clean the machine-id. ### -echo '> Cleaning the machine-id ...' -truncate -s 0 /etc/machine-id -rm /var/lib/dbus/machine-id -ln -s /etc/machine-id /var/lib/dbus/machine-id - -### Clean the shell history. ### -echo '> Cleaning the shell history ...' -unset HISTFILE -history -cw -echo > ~/.bash_history -rm -fr /root/.bash_history -EOF - -### Change the permissions on /home/"$BUILD_USERNAME"/clean.sh. ### -echo "> Changing the permissions on /home/""$BUILD_USERNAME""/clean.sh ..." -sudo chmod +x /home/"$BUILD_USERNAME"/clean.sh - -### Run the clean script. ### -echo '> Running the clean script ...' -sudo /home/"$BUILD_USERNAME"/clean.sh - -### Set check for ssh keys on reboot; regenerate on reboot if neccessary. ### -echo '> Setting check for ssh keys on reboot; will regenerate on reboot if neccessary. ...' -sudo tee /etc/rc.local << EOF -#!/bin/bash -test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server -exit 0 -EOF -sudo chmod +x /etc/rc.local - -### Done. ### -echo '> Done.' \ No newline at end of file diff --git a/scripts/linux/ubuntu-2x.sh b/scripts/linux/ubuntu-2x.sh deleted file mode 100755 index 1dd949ae5..000000000 --- a/scripts/linux/ubuntu-2x.sh +++ /dev/null @@ -1,150 +0,0 @@ -#!/bin/bash - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -# Prepares a Ubuntu Server 2x.xx guest operating system. - -### Set the environmental variables. ### -export BUILD_USERNAME -export BUILD_KEY -export ANSIBLE_USERNAME -export ANSIBLE_KEY - -### Update the default local user. ### -echo '> Updating the default local user ...' -echo '> Adding authorized_keys for the default local user ...' -sudo mkdir -p /home/"$BUILD_USERNAME"/.ssh -sudo tee /home/"$BUILD_USERNAME"/.ssh/authorized_keys << EOF -$BUILD_KEY -EOF -sudo chown -R "$BUILD_USERNAME" /home/"$BUILD_USERNAME"/.ssh -sudo chmod 700 /home/"$BUILD_USERNAME"/.ssh -sudo chmod 644 /home/"$BUILD_USERNAME"/.ssh/authorized_keys -echo '> Adding the default local user to passwordless sudoers...' -sudo bash -c "echo \"""$BUILD_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Create a local user for Ansible. ### -echo '> Creating a local user for Ansible ...' -sudo groupadd "$ANSIBLE_USERNAME" -sudo useradd -g "$ANSIBLE_USERNAME" -m -s /bin/bash "$ANSIBLE_USERNAME" -sudo usermod -aG sudo "$ANSIBLE_USERNAME" -echo "$ANSIBLE_USERNAME":"$(openssl rand -base64 14)" | sudo chpasswd -echo '> Adding authorized_keys for local Ansible user ...' -sudo mkdir /home/"$ANSIBLE_USERNAME"/.ssh -sudo tee /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys << EOF -$ANSIBLE_KEY -EOF -sudo chown -R "$ANSIBLE_USERNAME":"$ANSIBLE_USERNAME" /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 700 /home/"$ANSIBLE_USERNAME"/.ssh -sudo chmod 600 /home/"$ANSIBLE_USERNAME"/.ssh/authorized_keys -echo '> Adding local Ansible user to passwordless sudoers...' -sudo bash -c "echo \"""$ANSIBLE_USERNAME"" ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers" - -### Configure SSH for Public Key Authentication. ### -echo '> Configuring SSH for Public Key Authentication ...' -sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config -### Uncomment the line below to to disable Password Authentication and enforce _only_ Public Key Authentication. ### -### sudo sed -i 's/#PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config - -### Restart the SSH daemon. ### -echo '> Restarting the SSH daemon. ...' -sudo systemctl restart sshd - -### Disable and clean tmp. ### -echo '> Disabling and clean tmp ...' -sudo sed -i 's/D/#&/' /usr/lib/tmpfiles.d/tmp.conf - -### Create the clean script. ### -echo '> Creating the clean script ...' -sudo tee /home/"$BUILD_USERNAME"/clean.sh << EOF -#!/bin/bash - -### Cleans all audit logs. ### -echo '> Cleaning all audit logs ...' -if [ -f /var/log/audit/audit.log ]; then -cat /dev/null > /var/log/audit/audit.log -fi -if [ -f /var/log/wtmp ]; then -cat /dev/null > /var/log/wtmp -fi -if [ -f /var/log/lastlog ]; then -cat /dev/null > /var/log/lastlog -fi - -### Cleans persistent udev rules. ### -echo '> Cleaning persistent udev rules ...' -if [ -f /etc/udev/rules.d/70-persistent-net.rules ]; then -rm /etc/udev/rules.d/70-persistent-net.rules -fi - -### Clean the /tmp directories. ### -echo '> Cleaning /tmp directories ...' -rm -rf /tmp/* -rm -rf /var/tmp/* - -### Clean the SSH keys. ### -echo '> Cleaning the SSH keys ...' -rm -f /etc/ssh/ssh_host_* - -### Set the hostname to localhost. ### -echo '> Setting the hostname to localhost ...' -cat /dev/null > /etc/hostname -hostnamectl set-hostname localhost - -### Clean apt cache. ### -echo '> Cleaning apt cache ...' -apt-get autoremove -apt-get clean - -### Clean the machine-id. ### -echo '> Cleaning the machine-id ...' -truncate -s 0 /etc/machine-id -rm /var/lib/dbus/machine-id -ln -s /etc/machine-id /var/lib/dbus/machine-id - -### Clean the shell history. ### -echo '> Cleaning the shell history ...' -unset HISTFILE -history -cw -echo > ~/.bash_history -rm -fr /root/.bash_history - -### Prepare cloud-init ### -echo '> Preparing cloud-init ...' -rm -rf /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg -rm -rf /etc/cloud/cloud.cfg.d/99-installer.cfg -rm -rf /etc/netplan/00-installer-config.yaml -echo "disable_vmware_customization: false" >> /etc/cloud/cloud.cfg -echo "datasource_list: [ VMware, OVF, None ]" > /etc/cloud/cloud.cfg.d/90_dpkg.cfg -# Uncomment below if guest customization will be performed by VMware Tools. -# touch /etc/cloud/cloud.cfg.d/99.disable-network-config.cfg -# echo "network: {config: disabled}" >> /etc/cloud/cloud.cfg.d/99.disable-network-config.cfg - -### Modify GRUB ### -echo '> Modifying GRUB ...' -sed -i -e "s/GRUB_CMDLINE_LINUX_DEFAULT=\"\(.*\)\"/GRUB_CMDLINE_LINUX_DEFAULT=\"\"/" /etc/default/grub -update-grub -EOF - -### Change the permissions on /home/"$BUILD_USERNAME"/clean.sh . ### -echo "> Changing the permissions on /home/""$BUILD_USERNAME""/clean.sh ..." -sudo chmod +x /home/"$BUILD_USERNAME"/clean.sh - -### Run the clean script. ### -echo '> Running the clean script ...' -sudo /home/"$BUILD_USERNAME"/clean.sh - -### Set check for ssh keys on reboot; regenerate on reboot if neccessary. ### -echo '> Setting check for ssh keys on reboot; will regenerate on reboot if neccessary. ...' -sudo tee /etc/rc.local << EOF -#!/bin/bash -test -f /etc/ssh/ssh_host_dsa_key || dpkg-reconfigure openssh-server -exit 0 -EOF -sudo chmod +x /etc/rc.local - -### Done. ### -echo '> Done.' diff --git a/scripts/windows/windows-init.ps1 b/scripts/windows/windows-init.ps1 index 3159f773d..2f8b05eda 100644 --- a/scripts/windows/windows-init.ps1 +++ b/scripts/windows/windows-init.ps1 @@ -11,13 +11,13 @@ $ErrorActionPreference = "Stop" # Enable Windows Remote Management in the Windows Firewall. -Write-Output "Enabling Windows Remote Management in the Windows Firewall ..." +Write-Output "Enabling Windows Remote Management in the Windows Firewall..." $NetworkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}")) $Connections = $NetworkListManager.GetNetworkConnections() $Connections | ForEach-Object { $_.GetNetwork().SetCategory(1) } # Set the Windows Remote Management configuration. -Write-Output "Setting the Windows Remote Management configuration ..." +Write-Output "Setting the Windows Remote Management configuration..." Enable-PSRemoting -Force winrm quickconfig -q winrm quickconfig -transport:http @@ -29,7 +29,7 @@ winrm set winrm/config/client/auth '@{Basic="true"}' winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}' # Allow Windows Remote Management in the Windows Firewall. -Write-Output "Allowing Windows Remote Management in the Windows Firewall ..." +Write-Output "Allowing Windows Remote Management in the Windows Firewall..." netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow diff --git a/scripts/windows/windows-prepare.ps1 b/scripts/windows/windows-prepare.ps1 index 2917aaadd..b5471059c 100644 --- a/scripts/windows/windows-prepare.ps1 +++ b/scripts/windows/windows-prepare.ps1 @@ -15,45 +15,29 @@ param( $ErrorActionPreference = "Stop" # Import the Root CA certificate to the Trusted Root Certification Authorities. -Write-Output "Importing the Root CA certificate to the Trusted Root Certification Authorities ..." +Write-Output "Importing the Root CA certificate to the Trusted Root Certification Authorities..." Import-Certificate -FilePath C:\windows\temp\root-ca.cer -CertStoreLocation 'Cert:\LocalMachine\Root' | Out-Null Remove-Item C:\windows\temp\root-ca.cer -Confirm:$false # Import the Issuing CA certificate to the Trusted Root Certification Authoriries. -### Write-Output "Importing the Issuing CA certificate to the Trusted Root Certification Authoriries ..." +### Write-Output "Importing the Issuing CA certificate to the Trusted Root Certification Authoriries..." ### Import-Certificate -FilePath C:\windows\temp\issuing-ca.cer -CertStoreLocation 'Cert:\LocalMachine\CA' | Out-Null ### Remove-Item C:\windows\temp\issuing-ca.cer -Confirm:$false # Set the Windows Explorer options. -Write-Output "Setting the Windows Explorer options ..." +Write-Output "Setting the Windows Explorer options..." Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Value 1 | Out-Null Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Value 0 | Out-Null Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideDrivesWithNoMedia" -Value 0 | Out-Null Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowSyncProviderNotifications" -Value 0 | Out-Null -# Set Net Network Window = Off. -Write-Output "Setting Net Network Window = Off ..." -New-Item "HKLM:\System\CurrentControlSet\Control\Network\" -Name "NewNetworkWindowOff" | Out-Null - -# Enable QuickEdit mode. -Write-Output "Enabling QuickEdit mode ..." -Set-ItemProperty "HKCU:\Console" -Name "QuickEdit" -Value 1 -Type DWord | Out-Null - -# Show Run Command in Start Menu. -Write-Output "Showing Run Command in Start Menu ..." -Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\" -Name "Start_ShowRun" -Value 1 -Type DWord | Out-Null - -# Show Administrative Tools in Start Menu. -Write-Output "Showing Administrative Tools in Start Menu ..." -Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\" -Name "StartMenuAdminTools" -Value 1 -Type DWord | Out-Null - # Disable system hibernation. -Write-Output "Disabling system hibernation ..." +Write-Output "Disabling system hibernation..." Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Power\" -Name "HiberFileSizePercent" -Value 0 | Out-Null Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Power\" -Name "HibernateEnabled" -Value 0 | Out-Null -# Disable TLS 1.0. -Write-Output "Disabling TLS 1.0 ..." +# Disable TLS 1.0.s +Write-Output "Disabling TLS 1.0..." New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" -Name "TLS 1.0" | Out-Null New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0" -Name "Server" | Out-Null New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0" -Name "Client" | Out-Null @@ -63,7 +47,7 @@ New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" -Name "DisabledByDefault" -Value 1 | Out-Null # Disable TLS 1.1. -Write-Output "Disabling TLS 1.1 ..." +Write-Output "Disabling TLS 1.1..." New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" -Name "TLS 1.1" | Out-Null New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1" -Name "Server" | Out-Null New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1" -Name "Client" | Out-Null @@ -72,24 +56,13 @@ New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Name "Enabled" -Value 0 | Out-Null New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Name "DisabledByDefault" -Value 1 | Out-Null -# Disable Password Expiration for the Administrator Accounts - (Administration and Rainpole) -Write-Output "Disabling password expiration for the local Administrator accounts ..." +# Disable Password Expiration for the Administrator Accounts - (Administrator and Build) +Write-Output "Disabling password expiration for the local Administrator accounts..." Set-LocalUser Administrator -PasswordNeverExpires $true Set-LocalUser $BUILD_USERNAME -PasswordNeverExpires $true # Enable Remote Desktop. -Write-Output "Enabling Remote Desktop ..." +Write-Output "Enabling Remote Desktop..." Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 | Out-Null Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 0 -Enable-NetFirewallRule -DisplayGroup "Remote Desktop" - -# Disable Auto Login. -Write-Output "Disabling Auto Login ..." -Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "AutoAdminLogon" -Value 0 | Out-Null -Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "AutoLogonCount" -Value 0 | Out-Null - -# Disable the screensaver. -Write-Output "Disabling the screensaver ..." -Set-ItemProperty "HKCU:\Control Panel\Desktop" -Name "ScreenSaveActive" -Value 0 -Type DWord | Out-Null -& powercfg -x -monitor-timeout-ac 0 -& powercfg -x -monitor-timeout-dc 0 \ No newline at end of file +Enable-NetFirewallRule -DisplayGroup "Remote Desktop" \ No newline at end of file diff --git a/scripts/windows/windows-server-init.ps1 b/scripts/windows/windows-server-init.ps1 deleted file mode 100644 index 25d90212c..000000000 --- a/scripts/windows/windows-server-init.ps1 +++ /dev/null @@ -1,39 +0,0 @@ -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -<# - .DESCRIPTION - Enables Windows Remote Management on Windows Server builds. -#> - -$ErrorActionPreference = "Stop" - -# Enable Windows Remote Management in the Windows Firewall. -Write-Output "Enabling Windows Remote Management in the Windows Firewall ..." -$NetworkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}")) -$Connections = $NetworkListManager.GetNetworkConnections() -$Connections | ForEach-Object { $_.GetNetwork().SetCategory(1) } - -# Set the Windows Remote Management configuration. -Write-Output "Setting the Windows Remote Management configuration ..." -Enable-PSRemoting -Force -winrm quickconfig -q -winrm quickconfig -transport:http -winrm set winrm/config '@{MaxTimeoutms="1800000"}' -winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="800"}' -winrm set winrm/config/service '@{AllowUnencrypted="true"}' -winrm set winrm/config/service/auth '@{Basic="true"}' -winrm set winrm/config/client/auth '@{Basic="true"}' -winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}' - -# Allow Windows Remote Management in the Windows Firewall. -Write-Output "Allowing Windows Remote Management in the Windows Firewall ..." -netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes -netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow - -# Restart Windows Remote Management service. -Write-Output "Restarting Windows Remote Management service..." -Set-Service winrm -startuptype "auto" -Restart-Service winrm \ No newline at end of file diff --git a/scripts/windows/windows-server-prepare.ps1 b/scripts/windows/windows-server-prepare.ps1 deleted file mode 100644 index f41391c8a..000000000 --- a/scripts/windows/windows-server-prepare.ps1 +++ /dev/null @@ -1,95 +0,0 @@ -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE -# WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR -# COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR -# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -<# - .DESCRIPTION - Prepares a Windows Server guest operating system. -#> - -param( - [string] $BUILD_USERNAME = $env:BUILD_USERNAME -) - -$ErrorActionPreference = "Stop" - -# Import the Root CA certificate to the Trusted Root Certification Authorities. -Write-Output "Importing the Root CA certificate to the Trusted Root Certification Authorities ..." -Import-Certificate -FilePath C:\windows\temp\root-ca.cer -CertStoreLocation 'Cert:\LocalMachine\Root' | Out-Null -Remove-Item C:\windows\temp\root-ca.cer -Confirm:$false - -# Import the Issuing CA certificate to the Trusted Root Certification Authoriries. -### Write-Output "Importing the Issuing CA certificate to the Trusted Root Certification Authoriries ..." -### Import-Certificate -FilePath C:\windows\temp\issuing-ca.cer -CertStoreLocation 'Cert:\LocalMachine\CA' | Out-Null -### Remove-Item C:\windows\temp\issuing-ca.cer -Confirm:$false - -# Set the Windows Explorer options. -Write-Output "Setting the Windows Explorer options ..." -Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "Hidden" -Value 1 | Out-Null -Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideFileExt" -Value 0 | Out-Null -Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "HideDrivesWithNoMedia" -Value 0 | Out-Null -Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced" -Name "ShowSyncProviderNotifications" -Value 0 | Out-Null - -# Set Net Network Window = Off. -Write-Output "Setting Net Network Window = Off ..." -New-Item "HKLM:\System\CurrentControlSet\Control\Network\" -Name "NewNetworkWindowOff" | Out-Null - -# Enable QuickEdit mode. -Write-Output "Enabling QuickEdit mode ..." -Set-ItemProperty "HKCU:\Console" -Name "QuickEdit" -Value 1 -Type DWord | Out-Null - -# Show Run Command in Start Menu. -Write-Output "Showing Run Command in Start Menu ..." -Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\" -Name "Start_ShowRun" -Value 1 -Type DWord | Out-Null - -# Show Administrative Tools in Start Menu. -Write-Output "Showing Administrative Tools in Start Menu ..." -Set-ItemProperty "HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\" -Name "StartMenuAdminTools" -Value 1 -Type DWord | Out-Null - -# Disable system hibernation. -Write-Output "Disabling system hibernation ..." -Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Power\" -Name "HiberFileSizePercent" -Value 0 | Out-Null -Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Power\" -Name "HibernateEnabled" -Value 0 | Out-Null - -# Disable TLS 1.0. -Write-Output "Disabling TLS 1.0 ..." -New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" -Name "TLS 1.0" | Out-Null -New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0" -Name "Server" | Out-Null -New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0" -Name "Client" | Out-Null -New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" -Name "Enabled" -Value 0 | Out-Null -New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client" -Name "DisabledByDefault" -Value 1 | Out-Null -New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" -Name "Enabled" -Value 0 | Out-Null -New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server" -Name "DisabledByDefault" -Value 1 | Out-Null - -# Disable TLS 1.1. -Write-Output "Disabling TLS 1.1 ..." -New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols" -Name "TLS 1.1" | Out-Null -New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1" -Name "Server" | Out-Null -New-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1" -Name "Client" | Out-Null -New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -Name "Enabled" -Value 0 | Out-Null -New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client" -Name "DisabledByDefault" -Value 1 | Out-Null -New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Name "Enabled" -Value 0 | Out-Null -New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server" -Name "DisabledByDefault" -Value 1 | Out-Null - -# Disable Password Expiration for the Administrator Accounts - (Administration and Rainpole) -Write-Output "Disabling password expiration for the local Administrator accounts ..." -Set-LocalUser Administrator -PasswordNeverExpires $true -Set-LocalUser $BUILD_USERNAME -PasswordNeverExpires $true - -# Enable Remote Desktop. -Write-Output "Enabling Remote Desktop ..." -Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" -Value 0 | Out-Null -Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 0 -Enable-NetFirewallRule -DisplayGroup "Remote Desktop" - -# Disable Auto Login. -Write-Output "Disabling Auto Login ..." -Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "AutoAdminLogon" -Value 0 | Out-Null -Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" -Name "AutoLogonCount" -Value 0 | Out-Null - -# Disable the screensaver. -Write-Output "Disabling the screensaver ..." -Set-ItemProperty "HKCU:\Control Panel\Desktop" -Name "ScreenSaveActive" -Value 0 -Type DWord | Out-Null -& powercfg -x -monitor-timeout-ac 0 -& powercfg -x -monitor-timeout-dc 0 \ No newline at end of file diff --git a/scripts/windows/windows-vmtools.ps1 b/scripts/windows/windows-vmtools.ps1 index 6817123d5..785a30ab5 100644 --- a/scripts/windows/windows-vmtools.ps1 +++ b/scripts/windows/windows-vmtools.ps1 @@ -36,7 +36,7 @@ Set-Location E: # Installation Attempt -Write-Output "Starting VMware Tools first pass installation..." +Write-Output "Installing VMware Tools..." Start-Process "setup64.exe" -ArgumentList '/s /v "/qb REBOOT=R"' -Wait # Check to see if the 'VMTools' service is in a 'Running' state. @@ -44,19 +44,19 @@ Start-Process "setup64.exe" -ArgumentList '/s /v "/qb REBOOT=R"' -Wait $Running = $false $iRepeat = 0 -while (-not$Running -and $iRepeat -lt 5) { +while (-not $Running -and $iRepeat -lt 5) { - Write-Output "Pausing for 2s to check the status VMware Tools..." Start-Sleep -s 2 + Write-Output 'Checking VMware Tools service status...' $Service = Get-Service "VMTools" -ErrorAction SilentlyContinue $Servicestatus = $Service.Status - if ($ServiceStatus -notlike "Running") { + if ($ServiceStatus -ne "Running") { $iRepeat++ } else { $Running = $true - Write-Output "VMware Tools is in a running state." + Write-Output "VMware Tools service is in a running state." } } @@ -64,7 +64,7 @@ while (-not$Running -and $iRepeat -lt 5) { if (-not $Running) { #Uninstall VMWare Tools - Write-Output "Running an uninstall on first attempt of the VMware Tools installation..." + Write-Output "Uninstalling VMware Tools..." if (Get-VMToolsInstalled -eq "32") { $GUID = (Get-ItemProperty HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall\* | Where-Object { $_.DisplayName -Like '*VMWARE Tools*' }).PSChildName } @@ -75,15 +75,15 @@ if (-not $Running) { # Uninstall VMware Tools based on 32-bit/64-bit install GUIDs captured via Get-VMToolsIsInstalled Start-Process -FilePath msiexec.exe -ArgumentList "/X $GUID /quiet /norestart" -Wait - Write-Output "Running a reinstall of VMware Tools..." # Installation Attempt + Write-Output "Reintalling VMware Tools..." Start-Process "setup64.exe" -ArgumentList '/s /v "/qb REBOOT=R"' -Wait # Check to see if the 'VMTools' service is in a 'Running' state. -Write-Output "Checking on the status of VMware Tools..." +Write-Output "Checking VMware Tools service status..." $iRepeat = 0 while (-not $Running -and $iRepeat -lt 5) { @@ -91,19 +91,19 @@ while (-not $Running -and $iRepeat -lt 5) { $Service = Get-Service "VMTools" -ErrorAction SilentlyContinue $ServiceStatus = $Service.Status - if ($ServiceStatus -notlike "Running") { + if ($ServiceStatus -ne "Running") { $iRepeat++ } else { $Running = $true - Write-Output "VMware Tools is in a running state." + Write-Output "VMware Tools service is in a running state." } } - # If after the reinstall, the service is still not running, this is a failed deployment. + # If after the reinstall, the service is still not running, the installation is unsuccessful. if (-not $Running) { - Write-Error "VMware Tools deployment was unsuccesful." + Write-Error "VMware Tools installation was unsuccessful." Pause } diff --git a/set-envvars.sh b/set-envvars.sh index 4009a2b6c..3e617db6d 100755 --- a/set-envvars.sh +++ b/set-envvars.sh @@ -136,20 +136,20 @@ export PKR_VAR_vsphere_folder="${vsphere_folder}" export PKR_VAR_common_content_library_name="${common_content_library_name}" export PKR_VAR_common_iso_datastore="${common_iso_datastore}" -echo '> Setting the common virtual machine settings.' +echo '> Setting the common virtual machine settings...' # Virtual Machine Settings export PKR_VAR_common_vm_version="${common_vm_version}" export PKR_VAR_common_tools_upgrade_policy="${common_tools_upgrade_policy}" export PKR_VAR_common_remove_cdrom="${common_remove_cdrom}" -echo '> Setting the common template and content library settings.' +echo '> Setting the common template and content library settings...' # Template and Content Library Settings export PKR_VAR_common_template_conversion="${common_template_conversion}" export PKR_VAR_common_content_library_ovf="${common_content_library_ovf}" export PKR_VAR_common_content_library_destroy="${common_content_library_destroy}" export PKR_VAR_common_content_library_skip_export="${common_content_library_skip_export}" -echo '> Setting the common boot and provisioning settings.' +echo '> Setting the common boot and provisioning settings...' # Boot and Provisioning Settings export PKR_VAR_common_data_source="${common_data_source}" export PKR_VAR_common_http_ip="${common_http_ip}" diff --git a/terraform/vsphere-role/versions.tf b/terraform/vsphere-role/versions.tf index cc62e9ef5..0b30fa89e 100644 --- a/terraform/vsphere-role/versions.tf +++ b/terraform/vsphere-role/versions.tf @@ -9,5 +9,5 @@ terraform { version = ">= 2.0.2" } } - required_version = ">= 1.1.4" + required_version = ">= 1.1.5" } \ No newline at end of file diff --git a/terraform/vsphere-virtual-machine/content-library-ovf-linux-cloud-init/versions.tf b/terraform/vsphere-virtual-machine/content-library-ovf-linux-cloud-init/versions.tf index cc62e9ef5..0b30fa89e 100644 --- a/terraform/vsphere-virtual-machine/content-library-ovf-linux-cloud-init/versions.tf +++ b/terraform/vsphere-virtual-machine/content-library-ovf-linux-cloud-init/versions.tf @@ -9,5 +9,5 @@ terraform { version = ">= 2.0.2" } } - required_version = ">= 1.1.4" + required_version = ">= 1.1.5" } \ No newline at end of file diff --git a/terraform/vsphere-virtual-machine/content-library-ovf-linux-guest-customization/versions.tf b/terraform/vsphere-virtual-machine/content-library-ovf-linux-guest-customization/versions.tf index cc62e9ef5..0b30fa89e 100644 --- a/terraform/vsphere-virtual-machine/content-library-ovf-linux-guest-customization/versions.tf +++ b/terraform/vsphere-virtual-machine/content-library-ovf-linux-guest-customization/versions.tf @@ -9,5 +9,5 @@ terraform { version = ">= 2.0.2" } } - required_version = ">= 1.1.4" + required_version = ">= 1.1.5" } \ No newline at end of file diff --git a/terraform/vsphere-virtual-machine/content-library-ovf-windows-guest-customization/versions.tf b/terraform/vsphere-virtual-machine/content-library-ovf-windows-guest-customization/versions.tf index cc62e9ef5..0b30fa89e 100644 --- a/terraform/vsphere-virtual-machine/content-library-ovf-windows-guest-customization/versions.tf +++ b/terraform/vsphere-virtual-machine/content-library-ovf-windows-guest-customization/versions.tf @@ -9,5 +9,5 @@ terraform { version = ">= 2.0.2" } } - required_version = ">= 1.1.4" + required_version = ">= 1.1.5" } \ No newline at end of file diff --git a/terraform/vsphere-virtual-machine/template-linux-cloud-init/versions.tf b/terraform/vsphere-virtual-machine/template-linux-cloud-init/versions.tf index cc62e9ef5..0b30fa89e 100644 --- a/terraform/vsphere-virtual-machine/template-linux-cloud-init/versions.tf +++ b/terraform/vsphere-virtual-machine/template-linux-cloud-init/versions.tf @@ -9,5 +9,5 @@ terraform { version = ">= 2.0.2" } } - required_version = ">= 1.1.4" + required_version = ">= 1.1.5" } \ No newline at end of file diff --git a/terraform/vsphere-virtual-machine/template-linux-guest-customization/versions.tf b/terraform/vsphere-virtual-machine/template-linux-guest-customization/versions.tf index cc62e9ef5..0b30fa89e 100644 --- a/terraform/vsphere-virtual-machine/template-linux-guest-customization/versions.tf +++ b/terraform/vsphere-virtual-machine/template-linux-guest-customization/versions.tf @@ -9,5 +9,5 @@ terraform { version = ">= 2.0.2" } } - required_version = ">= 1.1.4" + required_version = ">= 1.1.5" } \ No newline at end of file diff --git a/terraform/vsphere-virtual-machine/template-windows-guest-customization/versions.tf b/terraform/vsphere-virtual-machine/template-windows-guest-customization/versions.tf index cc62e9ef5..0b30fa89e 100644 --- a/terraform/vsphere-virtual-machine/template-windows-guest-customization/versions.tf +++ b/terraform/vsphere-virtual-machine/template-windows-guest-customization/versions.tf @@ -9,5 +9,5 @@ terraform { version = ">= 2.0.2" } } - required_version = ">= 1.1.4" + required_version = ">= 1.1.5" } \ No newline at end of file