got allinone config building successfully in aws

README.md

@@ -110,8 +110,8 @@ AWS
 
 Work on making this work with AWS EC2 instances is work in progress.
 
-The build-packer-aws.sh builds an AWS AMI, which will launch an EC2 instance.
+The `build-packer-aws.sh` builds an AWS AMI.
 
-The terraform-allinone-aws dir contains the terraform to stand up a t2.micro EC2 instance, but build hasn't been tried at all yet.
+The `terraform-allinone-aws` dir contains the terraform to stand up a t2.micro EC2 instance. Script `build-terraform-allinone-aws.sh` stands up the AMI & builds successfully.
 
 The terraform-aws dir contains the terraform for the full stack. Script build-terraform.aws.sh stands the stack up. It successfully stands up all the EC2 instances, but needs plenty of debugging yet.

packer-aws.json

@@ -51,15 +51,12 @@
         "cmd /c schtasks /CHANGE /TN \"\\Microsoft\\Windows\\Windows Defender\\Windows Defender Verification\" /RL LIMITED",
         "Install-WindowsFeature Net-Framework-Core,Windows-Identity-Foundation  -IncludeAllSubFeature -source d:/sources/sxs",
         "(New-Object System.Net.WebClient).DownloadFile('https://downloads.puppetlabs.com/windows/puppet6/puppet-agent-6.18.0-x64.msi', 'C:/Windows/Temp/puppet.msi')",
-        "cmd /c start /wait msiexec /qn /i C:\\Windows\\Temp\\puppet.msi /log C:\\Windows\\Temp\\puppet.log"
+        "cmd /c start /wait msiexec /qn /i C:\\Windows\\Temp\\puppet.msi /log C:\\Windows\\Temp\\puppet.log",
+        "mkdir c:\\scripts",
+        "cp c:\\programdata\\amazon\\ec2-windows\\launch\\sysprep\\unattend.xml c:\\scripts\\unattend.xml"
       ],
       "type": "powershell"
     },
-    {
-      "destination": "c:\\scripts\\unattend.xml",
-      "source": "answer_files/AutoUnattend.xml",
-      "type": "file"
-    },
     {
       "destination": "c:\\ProgramData\\PuppetLabs\\puppet\\etc\\hiera.yaml",
       "source": "files/hiera.yaml",
@@ -75,6 +72,12 @@
         "./scripts/puppet-apply.ps1"
       ],
       "type": "powershell"
+    },
+    {
+      "inline": [
+        "c:\\windows\\system32\\sysprep\\sysprep /generalize /quiet /oobe /shutdown /unattend:c:\\scripts\\unattend.xml"
+      ],
+      "type": "windows-shell"
     }
   ]
 }

packer-azure.json

@@ -0,0 +1,87 @@
+{
+  "builders": [
+      {
+          "type": "azure-arm",
+          "client_id": "{{user `azure_client_id`}}",
+          "client_secret": "{{user `azure_client_secret`}}",
+          "tenant_id": "{{user `azure_tenant_id`}}",
+          "subscription_id": "{{user `azure_subscription_id`}}",
+          "os_type": "Windows",
+          "image_publisher": "MicrosoftWindowsServer",
+          "image_offer": "WindowsServer",
+          "image_sku": "2016-Datacenter",
+          "disk_caching_type": "ReadWrite",
+          "communicator": "winrm",
+          "winrm_username": "vagrant",
+          "winrm_use_ssl": true,
+          "winrm_insecure": true,
+          "winrm_timeout": "60m",
+          "vm_size": "Standard_A2_v2",
+          "location": "UK South",
+          "azure_tags": {
+              "dept": "dynamics"
+          },
+          "managed_image_name": "dynamics",
+          "managed_image_resource_group_name": "allinone"
+      }
+  ],
+  "provisioners": [
+    {
+      "inline": [
+        "winrm quickconfig -q",
+        "winrm set winrm/config/service/Auth @{Basic=\"true\"}",
+        "winrm set winrm/config/service @{AllowUnencrypted=\"true\"}",
+        "winrm set winrm/config/winrs @{MaxMemoryPerShellMB=\"1024\"}",
+        "netsh advfirewall set allprofiles state off"
+      ],
+      "type": "windows-shell"
+    },
+    {
+      "inline": [
+        "powercfg /SetActive SCHEME_MIN",
+        "cmd /c schtasks /CHANGE /TN \"\\Microsoft\\Windows\\Windows Defender\\Windows Defender Cache Maintenance\" /RL LIMITED",
+        "cmd /c schtasks /CHANGE /TN \"\\Microsoft\\Windows\\Windows Defender\\Windows Defender Cleanup\" /RL LIMITED",
+        "cmd /c schtasks /CHANGE /TN \"\\Microsoft\\Windows\\Windows Defender\\Windows Defender Scheduled Scan\" /RL LIMITED",
+        "cmd /c schtasks /CHANGE /TN \"\\Microsoft\\Windows\\Windows Defender\\Windows Defender Verification\" /RL LIMITED",
+        "Install-WindowsFeature Net-Framework-Core,Windows-Identity-Foundation  -IncludeAllSubFeature -source d:/sources/sxs",
+        "(New-Object System.Net.WebClient).DownloadFile('https://downloads.puppetlabs.com/windows/puppet6/puppet-agent-6.18.0-x64.msi', 'C:/Windows/Temp/puppet.msi')",
+        "cmd /c start /wait msiexec /qn /i C:\\Windows\\Temp\\puppet.msi /log C:\\Windows\\Temp\\puppet.log"
+      ],
+      "type": "powershell"
+    },
+    {
+      "destination": "c:\\scripts\\unattend.xml",
+      "source": "answer_files/AutoUnattend.xml",
+      "type": "file"
+    },
+    {
+      "destination": "c:\\ProgramData\\PuppetLabs\\puppet\\etc\\hiera.yaml",
+      "source": "files/hiera.yaml",
+      "type": "file"
+    },
+    {
+      "destination": "c:\\windows\\temp\\puppet.zip",
+      "source": "puppet.zip",
+      "type": "file"
+    },
+    {
+      "scripts": [
+        "./scripts/puppet-apply.ps1"
+      ],
+      "type": "powershell"
+    },
+    {
+      "inline": [
+        "c:\\windows\\system32\\sysprep\\sysprep /generalize /quiet /oobe /shutdown /unattend:c:\\scripts\\unattend.xml"
+      ],
+      "type": "windows-shell"
+    }
+  ],
+  "variables": {
+    "azure_client_id": "{{env `AZURE_CLIENT_ID`}}",
+    "azure_client_secret": "{{env `AZURE_CLIENT_SECRET`}}",
+    "azure_tenant_id": "{{env `AZURE_TENANT_ID`}}",
+    "azure_subscription_id": "{{env `AZURE_SUBSCRIPTION_ID`}}"
+  }
+}
+

puppet/hieradata/account/account.yaml

@@ -2,7 +2,7 @@
 version: 5
 
 admin_username: vagrant
-admin_password: vagrant
+admin_password: V8gr^nt123456789
 
 service_users:
   app:

puppet/manifests/choco-config.pp

@@ -1,10 +1,10 @@
-node default {
-
-  class { 'chocolatey':
-    choco_install_timeout_seconds => 14400
-  }
-  exec { 'cmd.exe /c c:\ProgramData\chocolatey\bin\choco.exe config set commandExecutionTimeoutSeconds 14400':
-    path => $::path
-  }
-
-}
+node default {
+
+  class { 'chocolatey':
+    choco_install_timeout_seconds => 14400
+  }
+  exec { 'cmd.exe /c c:\ProgramData\chocolatey\bin\choco.exe config set commandExecutionTimeoutSeconds 14400':
+    path => $::path
+  }
+
+}

puppet/manifests/choco.pp

@@ -1,5 +1,5 @@
-node default {
-
-  include chocolatey
-
-}
+node default {
+
+  include chocolatey
+
+}

puppet/modules/base/manifests/init.pp

@@ -162,8 +162,8 @@
                       <PlainText>true</PlainText>
                   </Password>
                   <Description>Admin user</Description>
-                  <DisplayName>${admin_pass}</DisplayName>
-                  <Name>${admin_pass}</Name>
+                  <DisplayName>${admin_user}</DisplayName>
+                  <Name>${admin_user}</Name>
                   <Group>Administrators</Group>
               </LocalAccount>
           </LocalAccounts>
@@ -174,18 +174,12 @@
               <PlainText>true</PlainText>
           </Password>
           <Enabled>true</Enabled>
-          <Username>${admin_pass}</Username>
+          <Username>${admin_user}</Username>
       </AutoLogon>",
     match              => '<RegisteredOwner>EC2</RegisteredOwner>',
     append_on_no_match => false
   }
 
-  # set admin user password to never expire
-  -> exec { 'set admin password to never expire':
-    command => 'powershell -command "Set-LocalUser -PasswordNeverExpires 1 -Name Administrator"',
-    path    => $::path
-  }
-
   # enable windows search service
   -> exec { 'set windows search service to auto':
     command => 'c:\windows\system32\cmd.exe /c powershell -Command Set-Service WSearch -StartupType Automatic',
@@ -218,10 +212,20 @@
     })
   }
 
+  -> file { 'script to get redis prefix':
+    ensure  => present,
+    path    => 'c:\scripts\get_prefix.ps1',
+    content => epp('profile/get_prefix.epp',{
+      redis_ip      => $redis_ip,
+      redis_pass    => $redis_pass
+    })
+  }
+
   -> file { 'script to run script to run apply_puppet script':
     ensure  => present,
     path    => 'c:\programdata\microsoft\windows\startm~1\programs\startup\apply_puppet.cmd',
-    content => epp('profile/cmd_apply_puppet.epp',{ })
+    content => epp('profile/cmd_apply_puppet.epp',{
+    })
   }
 
   -> file { 'script to run apply_puppet script':

puppet/modules/profile/manifests/allinone.pp

@@ -228,6 +228,8 @@
       path    => 'c:\scripts\addsqladminuser.ps1',
       content => epp('profile/addsqladminuser.epp',{
         sql_server => $sql_server,
+        ad_domain  => $ad_domain,
+        ad_suffix  => $ad_suffix,
         admin_user => $admin_user,
         admin_pass => $admin_pass
       })

puppet/modules/profile/manifests/dynsql.pp

@@ -64,6 +64,8 @@
     path    => 'c:\scripts\addsqladminuser.ps1',
     content => epp('profile/addsqladminuser.epp',{
       sql_server => $sql_server,
+      ad_domain  => $ad_domain,
+      ad_suffix  => $ad_suffix,
       admin_user => $admin_user,
       admin_pass => $admin_pass
     })

puppet/modules/profile/templates/addsqladminuser.epp

@@ -1,4 +1,6 @@
 <%- | String $sql_server,
+      String $ad_domain,
+      String $ad_suffix,
       String $admin_user,
       String $admin_pass
 | -%>
@@ -10,7 +12,7 @@ Import-Module SQLPS -DisableNameChecking
 
 $instanceName = "<%= $sql_server %>"
 
-$loginName = "DYNADIRDEV\Administrator"
+$loginName = "<%= $ad_domain %><%= $ad_suffix %>\Administrator"
 $dbUserName = $Username
 $sqlPassword = (ConvertTo-SecureString $Password -AsPlainText -Force)
 $roleName = "db_owner"

puppet/modules/profile/templates/apply_puppet.epp

@@ -14,19 +14,6 @@ if (Test-Path c:\programdata\amazon\ec2-windows\launch\sysprep\unattend.xml) {
 
 [Environment]::SetEnvironmentVariable("FACTERLIB","c:\programdata\puppetlabs\code\environments\production\facter","Machine")
 
-if (!(Test-Path c:\scripts\prefix)) {
-  $prefix=''
-  while (!($prefix -match "^[\d\.]+$")) {
-    $prefix=(echo "AUTH <%= $redis_pass %>" ` "GET prefix" | nc -w 1 <%= $redis_ip %> 6379)
-    $prefix = ($prefix -match "^[\d]+$" )
-    if (!( "$prefix" -match "^[\d]+$" )) {
-      $prefix=''
-    } else {
-      echo $prefix > c:\scripts\prefix
-    }
-  }
-}
-
 if (!(Test-Path c:\users\<%= $admin_user %>.<%= $ad_domain %><%= $ad_suffix %>\.puppetlabs\etc\code\environments)) {
   if (([System.Security.Principal.WindowsIdentity]::GetCurrent()).Name -eq "<%= $ad_domain %><%= $ad_suffix %>\<%= $admin_user %>") {
     mkdir c:\users\<%= $admin_user %>.<%= $ad_domain %><%= $ad_suffix %>\.puppetlabs\etc\code\environments\production
@@ -51,9 +38,6 @@ if (!(Test-Path c:\users\<%= $admin_user %>.<%= $ad_domain %><%= $ad_suffix %>\.
 
 $machine_name = hostname
 if (($machine_name -Like "WIN*") -Or ($machine_name -Like "EC2*")) {
-  # Make sure flagman in place and prefix set
-  puppet apply -e "include flagman"
-
   Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord 
   Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
   Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force
@@ -100,17 +84,11 @@ Set-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\" -Na
 
 # if this is the active directory machine set its IP in redis for the other machines
 if ($machine_name -Like "ALLINONE") {
-  # This might have already been done, but no harm doing it again
-  puppet apply -e "include flagman"
-
-  $ad_ip=(Get-NetIPAddress -InterfaceAlias "Ethernet 2").IPAddress
+  $ad_ip=(Get-NetIPAddress -InterfaceAlias "Ethernet*").IPAddress
   c:\scripts\flagmanset.ps1 -Name ad_ip -Value $ad_ip
 }
 if ($machine_name -Like "DYNADIR") {
-  # This might have already been done, but no harm doing it again
-  puppet apply -e "include flagman"
-
-  $ad_ip=(Get-NetIPAddress -InterfaceAlias "Ethernet 2").IPAddress
+  $ad_ip=(Get-NetIPAddress -InterfaceAlias "Ethernet*").IPAddress
   c:\scripts\flagmanset.ps1 -Name ad_ip -Value $ad_ip
 }
 

puppet/modules/profile/templates/cmd_apply_puppet.epp

@@ -1,3 +1,5 @@
 cmd /c if not exist c:\programdata\puppetlabs\code move c:\programdata\puppetlabs\code.build c:\programdata\puppetlabs\code 
+powershell -file "c:\scripts\get_prefix.ps1"
+call puppet apply --verbose --logdest eventlog -e 'include flagman'
 call puppet apply --verbose --logdest eventlog -e 'include base'
 powershell -file "c:\scripts\cmd_apply_puppet.ps1"

puppet/modules/profile/templates/cmd_apply_puppet_ps1.epp

@@ -7,7 +7,7 @@
       String $reboot_timeout
 | -%>
 $machine_name = hostname
-if (($machine_name -Like "WIN-*") -Or ($machine_name -Like "ALLINONE*") -Or ($machine_name -Like "<%= $ad_domain %>*")) {
+if (($machine_name -Like "WIN*") -Or ($machine_name -Like "EC2*") -Or ($machine_name -Like "ALLINONE*") -Or ($machine_name -Like "<%= $ad_domain %>*")) {
   Write-EventLog -LogName "Application" -Source "Puppet" -EventID 1 -EntryType Information -Message "Machine ${hostname} does not need to join domain"
 } else {
   if ( $Env:USERDOMAIN -eq "<%= $ad_domain %><%= $ad_suffix %>" ) {

puppet/modules/profile/templates/get_prefix.epp

@@ -0,0 +1,16 @@
+<%- | String $redis_ip,
+      String $redis_pass
+| -%>
+if (!(Test-Path c:\scripts\prefix)) {
+  $prefix=''
+  while (!($prefix -match "^[\d\.]+$")) {
+    $prefix=(echo "AUTH <%= $redis_pass %>" ` "GET prefix" | nc -w 1 <%= $redis_ip %> 6379)
+    $prefix = ($prefix -match "^[\d]+$" )
+    if (!( "$prefix" -match "^[\d]+$" )) {
+      $prefix=''
+    } else {
+      echo $prefix > c:\scripts\prefix
+    }
+  }
+}
+

puppet/modules/profile/templates/install_dynamics_multi.epp

@@ -7,10 +7,15 @@
       String $download_url,
       String $dynamics_iso,
       String $kb4046795_exe,
-      Optional[String] $quiet_install = '/q'
+      Optional[String] $quiet_install = ''
 | -%>
 Write-EventLog -LogName "Application" -Source "Puppet" -EventID 1 -EntryType Information -Message "install_dynamics started."
 
+if (Test-Path 'C:\Program Files\Microsoft Dynamics CRM\tools\Microsoft.Crm.DeploymentManager.exe') {
+  # set flag to say dynamics installed on this machine now
+  c:\scripts\flagmanset.ps1 -Name "$(hostname)_ready" -Value "true"
+}
+
 # Check if Dynamics already installed
 Write-EventLog -LogName "Application" -Source "Puppet" -EventID 1 -EntryType Information -Message "install_dynamics check crm_ready tag for this node"
 $dynamicsReady=(c:\scripts\flagmanget.ps1 -Name <%= $hostname %>_ready)

scripts/build-packer-azure.sh

@@ -0,0 +1,27 @@
+if [ "${OS}" == "Windows_NT" ]
+then
+  PATH=$PATH:/c/tools/ruby27/bin:"/c/Program Files/Oracle/VirtualBox"
+fi
+
+export WINRM_USERNAME=administrator
+export WINRM_PASSWORD=$(grep admin_password ./puppet/hieradata/account/account.yaml |cut -d: -f2|sed 's/ //g')
+
+echo "admin_password: ${WINRM_PASSWORD}" > answer_files/AutoUnattend.data.yml
+
+source scripts/boxname.sh
+
+# Populate AutoUnattend.xml answer file with correct details for build
+mustache answer_files/AutoUnattend.data.yml answer_files/AutoUnattend.xml.template > answer_files/AutoUnattend.xml
+
+if [[ -z "$BRANCH_NAME" ]]
+then
+  BRANCH_NAME=local
+fi
+
+echo "Removing puppet.zip and dynamics-windows-virtualbox.box"
+rm -vf puppet.zip dynamics-windows-virtualbox.box
+cd puppet
+zip -qr ../puppet.zip hieradata manifests modules facter
+cd ..
+packer build -force packer-azure.json
+

scripts/build-terraform-allinone-aws.sh

@@ -13,7 +13,7 @@ function createMachine {
   resp=1
   while [ $resp -ne 0 ]
   do
-    echo -e "AUTH ${4}\r\nSET ${2}_${aws_id:1} ${1}\r\n" | nc -w1 ${3} 6379
+    echo -e "AUTH ${4}\r\nSET ${2}_${aws_id} ${1}\r\n" | nc -w1 ${3} 6379
     resp=$?
   done