Version 1.0.7

.gitignore

@@ -7,4 +7,6 @@ packer*
 iso/*
 iso*
 extra/.snippets/*
-extra/.snippets*
+extra/.snippets*
+vbox/*
+*.box

CHANGELOG.md

@@ -1,5 +1,24 @@
 # Changelog
 
+## Version 1.0.7 2019-04-29
+
+* It's the last version before massive changes in packer >= 1.4 branch
+* [Windows] added more variables in Windows templates:
+  * `vm_name`
+  * `disk_size`
+  * `output_directory`
+  * `secondary_iso_image`
+* [Windows] switching secure boot to `false` as it could be source of problems in some cases
+* [Windows] added  `Windows Server 2019 Standard` as `hv_win2019_std_g2`
+* [Windows] added  `Windows Server 2019 Datacenter` as `hv_win2019_dc_g2`
+* [Windows] reworked `phase-1.ps1` script to recognise Windows version and adjust proper config for it
+* [Windows] reworked `phase-1.ps1` removed Spectre/Meltdown mitigations entries
+* [Docs]information `How to adjust autounattended.xml when using different image` now added to all Windows Templates.
+* [CentOS] added `reboot` after provisioning, which fixes neofetch config not being present during its customisation phase
+* [CentOS] added extra templates to make vagrant boxes from created images
+* [Extra] changes in scripts
+* [Vagrant] experimental support for Vagrant images (CentOS 7.6 added)
+
 ## Version 1.0.6 2018-12-11
 
 * [Windows] added `Windows Server 1809` as `hv_win2016_1809_g2.json`
@@ -8,7 +27,7 @@
 * [Windows] set `Disable-WindowsErrorReporting` for Windows based machines
 * [CentOS] added CentOS 7.6 as `hv_centos76_g2.json`
 * [CentOS] remove port 8140 from firewalld configuration
-* [CentOS] change zabbix repository to version 4.x (won't work with Zabbix server below 4.x)
+* [CentOS] change zabbix repository to version 4.x (agents won't work with Zabbix server below 4.x)
 * [CentOS] added log cleaning/rotating after build
 * [CentOS] upgraded SCVMM agent to version 1.0.3.1022. For older SCVMM older agent (1.0.2) is also available
 * [Windows] added `phase5b-docker.ps1` for Windows's based docker. You can choose which version you'll require inside the script. Also, if `$installCompose = $true` is true, docker-compose will also be installed

README.md

@@ -2,12 +2,28 @@
 
 ## Requirements
 
-* packer >= `1.3.2`. Do not use packer 1.3.0/1.3.1 - [https://github.com/hashicorp/packer/issues/6733](https://github.com/hashicorp/packer/issues/6733)
-* Microsoft Hyper-V Server 2016/Microsoft Windows Server 2016
+* packer >= `1.3.2` <=`1.3.5`. Do not use packer 1.3.0/1.3.1 - [https://github.com/hashicorp/packer/issues/6733](https://github.com/hashicorp/packer/issues/6733)
+* [OPTIONAL] Vagrant >= `2.2.3`
+* do not use packer >= `1.4.0` as it introduces changes in syntax (will be fixed in next release)
+* Microsoft Hyper-V Server 2016/2019 or Microsoft Windows Server 2016/2019
 
 ## Usage
 
-To adjust to your Hyper-V, please check variables below:
+### Install packer from Chocolatey
+
+```cmd
+choco install packer --version=1.3.5
+```
+
+### Add firewal exclusions for TCP ports 8000-9000 (default range)
+
+```powershell
+Remove-NetFirewallRule -DisplayName "Packer_http_server" -Verbose
+New-NetFirewallRule -DisplayName "Packer_http_server" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 8000-9000
+
+```
+
+### To adjust to your Hyper-V, please check variables below:
 
 * proper VLAN (possible passing as variable `-var 'vlan_id=0'` )
 * proper Hyper-V Virtual Switch name (access to Internet will be required) (possible passing as variable `-var 'switch_name=vSwitch'` )
@@ -22,48 +38,106 @@ To adjust to your Hyper-V, please check variables below:
 ### Windows Machines
 
 * all available updates will be applied (3 passes)
-* latest chocolatey and packages will be installed:
+* latest version of chocolatey
+* packages from a list below:
 
   |Package|Version|
   |-------|-------|
-  |puppet-agent|5.5.8|
+  |puppet-agent|5.5.12|
   |conemu|latest|
   |dotnet4.7.2|latest|
   |sysinternals|latest|
-
-* puppet agent settings will be customized (`server=foreman.spcph.local`). Please adjust it to suit your needs.
+* latest Nuget poweshell module
+* puppet agent settings will be customized (`server=foreman.spcph.local`). Please adjust it (`/extra/scripts/phase-3.ps1`) to suit your needs. Puppet won't be running after generalize phase
 
 ### Linux Machines
 
+* Repositories:
+  * EPEL 7
+  * Zabbix 4.x
+  * Puppet 5.x
+  * Webmin
+  * Neofetch
+* latest System Center Virtual Machine Agent available (with versioning, so you always can go back)
+
+#### Info
+
 * adjust `/files/provision.sh` to modify package's versions/servers
 * `neofetch` packageas default banner during after the login - change required fields you'd like to see in `provision.sh`
-* latest System Center Virtual Machine Agent available (with versioning, so you always can go back)
 
 ## Templates Windows 2016
 
 ### Hyper-V Generation 2 Windows Server 2016 Standard Image
 
 Run `hv_win2016_g2.cmd` (Windows)
 
-#### Generation 2 Prerequisites
+#### 2016 Standard Generation 2 Prerequisites
 
 For Generation 2 prepare `secondary.iso` with folder structure:
 
 * ./extra/files/gen2-2016/Autounattend.xml     => /Autounattend.xml
 * ./extra/scripts/hyper-v/bootstrap.ps1        => /bootstrap.ps1
 
+This template uses this image name in Autounattendes.xml. If youre using different ISO you'll have to adjust that part in proper file and rebuild `secondary.iso` image.
+
+```xml
+<InstallFrom>
+    <MetaData wcm:action="add">
+        <Key>/IMAGE/NAME </Key>
+        <Value>Windows Server 2016 SERVERSTANDARD</Value>
+    </MetaData>
+</InstallFrom>
+```
+
 Run `hv_win2016_g2.cmd` (Windows)
 
-### Hyper-V Generation 2 Windows Server 1709 Standard Image
+### Hyper-V Generation 2 Windows Server 2019 Standard Image
 
-#### 1709 Generation 2 Prerequisites
+Run `hv_win2019_std_g2.cmd` (Windows)
 
-For Generation 2 prepare `secondary1709.iso` with folder structure:
+#### 2019 Standard Generation 2 Prerequisites
 
-* ./extra/files/gen2-1709/Autounattend.xml     => /Autounattend.xml
-* ./extra/scripts/hyper-v/bootstrap.ps1        => /bootstrap.ps1
+For Generation 2 prepare `secondary.iso` with folder structure:
+
+* ./extra/files/gen2-2019/std/Autounattend.xml     => /Autounattend.xml
+* ./extra/scripts/hyper-v/bootstrap.ps1            => /bootstrap.ps1
+
+This template uses this image name in Autounattendes.xml. If youre using different ISO you'll have to adjust that part in proper file and rebuild `secondary.iso` image.
+
+```xml
+<InstallFrom>
+    <MetaData wcm:action="add">
+        <Key>/IMAGE/NAME </Key>
+        <Value>Windows Server 2019 SERVERSTANDARD</Value>
+    </MetaData>
+</InstallFrom>
+```
+
+Run `hv_win2019_std_g2.cmd` (Windows)
+
+### Hyper-V Generation 2 Windows Server 2019 Datacenter Image
 
-Run `hv_win2016_1709_g2.cmd` (Windows)
+Run `hv_win2019_std_g2.cmd` (Windows)
+
+#### 2019 Datacenter Generation 2 Prerequisites
+
+For Generation 2 prepare `secondary.iso` with folder structure:
+
+* ./extra/files/gen2-2019/dc/Autounattend.xml     => /Autounattend.xml
+* ./extra/scripts/hyper-v/bootstrap.ps1            => /bootstrap.ps1
+
+This template uses this image name in Autounattendes.xml. If youre using different ISO you'll have to adjust that part in proper file and rebuild `secondary.iso` image.
+
+```xml
+<InstallFrom>
+    <MetaData wcm:action="add">
+        <Key>/IMAGE/NAME </Key>
+        <Value>Windows Server 2019 SERVERDATACENTER</Value>
+    </MetaData>
+</InstallFrom>
+```
+
+Run `hv_win2019_dc_g2.cmd` (Windows)
 
 ### Hyper-V Generation 2 Windows Server 1803 Standard Image
 
@@ -76,30 +150,51 @@ For Generation 2 prepare `secondary1803.iso` with folder structure:
 
 Run `hv_win2016_1803_g2.cmd` (Windows)
 
+### Hyper-V Generation 2 Windows Server 1809 Standard Image
+
+#### 1809 Generation 2 Prerequisites
+
+For Generation 2 prepare `secondary1809.iso` with folder structure:
+
+* ./extra/files/gen2-1809/Autounattend.xml     => /Autounattend.xml
+* ./extra/scripts/hyper-v/bootstrap.ps1        => /bootstrap.ps1
+
+Run `hv_win2016_1809_g2.cmd` (Windows)
+
 ## Templates CentOS 7.x
 
-### Hyper-V Generation 2 CentOS 7.5 Image
+### Hyper-V Generation 2 CentOS 7.6 Image
 
-Run `hv_centos75_g2.cmd` (Windows)
+Run `hv_centos76_g2.cmd` (Windows)
 
 ### Warnings
 
 * if required change `switch_name` parameter to switch's name you're using. In most situations packer manages it fine but there were a cases when it created new 'internal' switches without access to Internet. By design this setup will fail to download and apply updates.
 * folder `./iso` should contain iso image of your Windows 2016 Server Standard (any version will be fine)
 * if needed - change `iso_url` variable to a proper iso name
-* packer generates v8 machine configuration files (Windows 2016/Hyper-V 2016 as host)
+* packer generates v8 machine configuration files (Windows 2016/Hyper-V 2016 as host) and v9 for Windows Server 2019/Windows 10 1809
 * credentials for Windows machines: Administrator/password (removed after sysprep)
 * credentials for Linux machines: root/password
 * for Windows based machines adjust your settings in ./scripts/phase-2.ps1
 * for Linux based machines adjust your settings in ./files/gen2-centos/provision.sh and ./files/gen2-centos/puppet.conf
 
+### Vagrant support
+
+Experimental support for vagrant machines `vagrant_hv_centos76_g2.cmd`
+
 ## Known issues
 
 ### Infamous UEFI/Secure boot WIndows implementation
 
 During the deployment secure keys are stored in *.vmcx file and are separated from *.vhdx file. To countermeasure it - there is added extra step in a form of (`/usr/local/bin/uefi.sh`) script that will check for existence of CentOS folder in EFI and will add extra entry in UEFI.
 In manual setup you can run it as a part of your deploy. In SCVMM deployment I'd recommend using `RunOnce` feature.
 
+### On Windows Server 2019/Windows 10 1809 image boots to fast for packer to react.
+
+[https://github.com/hashicorp/packer/issues/7278#issuecomment-468492880](https://github.com/hashicorp/packer/issues/7278#issuecomment-468492880)
+
+No fixes yes.
+
 ### When Hyper-V host has more than one interface Packer sets {{ .HTTPIP }} variable to inproper interface
 
 No resolution so far, template needs to be changed to pass real IP address, or there should be connection between these addresses. Limiting these, end with timeout errors.
@@ -108,6 +203,32 @@ No resolution so far, template needs to be changed to pass real IP address, or t
 
 [https://github.com/hashicorp/packer/issues/6733](https://github.com/hashicorp/packer/issues/6733)
 
+### Packer won't run until VirtualSwitch is created as shared
+
+[https://github.com/hashicorp/packer/issues/5023](https://github.com/hashicorp/packer/issues/5023)
+Will be fixed in 1.4.x revision
+
+### I have problem how to find a proper WIM  name in Windows ISO to pick proper version.
+
+You can use number. If you have 4 images on the list of choice - use `ImageIndex` with proper `Value`
+
+```xml
+<ImageInstall>
+    <OSImage>
+        <InstallFrom>
+            <MetaData wcm:action="add">
+                <Key>/IMAGE/INDEX </Key>
+                <Value>2</Value>
+            </MetaData>
+        </InstallFrom>
+        <InstallTo>
+            <DiskID>0</DiskID>
+            <PartitionID>2</PartitionID>
+        </InstallTo>
+    </OSImage>
+</ImageInstall>
+```
+
 ## About
 
 * Marcin Bojko - marcin(at)bojko.com.pl

extra/README.md

@@ -1,5 +1,14 @@
 # Set of various shared scripts and files for packer templates
 
+## 2019-03-04
+
+* disabled `Install-WindowsFeature NET-Framework-Core,NET-Framework-Features,PowerShell-V2 -IncludeManagementTools` in phase-1.ps1 script.
+
+## 2018-12-29
+
+* [Windows] reworked `phase-1.ps1` script to recognise Windows version to adjust proper config for it
+* [Windows] reworked `phase-1.ps1` removed Spectre/Meltdown migitation entries
+
 ## 2018-12-03
 
 * [CentOS] remove port 8140 from firewalld configuration

extra/files/gen1-vb/10-1809/unattend.xml

@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="utf-8"?>
+<unattend xmlns="urn:schemas-microsoft-com:unattend">
+    <settings pass="generalize">
+        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <SkipRearm>1</SkipRearm>
+        </component>
+        <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <PersistAllDeviceInstalls>false</PersistAllDeviceInstalls>
+            <DoNotCleanUpNonPresentDevices>false</DoNotCleanUpNonPresentDevices>
+        </component>
+    </settings>
+    <settings pass="oobeSystem">
+        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <InputLocale>en-US</InputLocale>
+            <SystemLocale>en-US</SystemLocale>
+            <UILanguage>en-US</UILanguage>
+            <UserLocale>en-US</UserLocale>
+        </component>
+        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <OOBE>
+                <HideEULAPage>true</HideEULAPage>
+                <ProtectYourPC>1</ProtectYourPC>
+                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
+                <HideLocalAccountScreen>true</HideLocalAccountScreen>
+                <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
+                <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
+            </OOBE>
+            <TimeZone>UTC</TimeZone>
+            <UserAccounts>
+                <AdministratorPassword>
+                    <Value>vagrant</Value>
+                    <PlainText>true</PlainText>
+                </AdministratorPassword>
+                <LocalAccounts>
+                    <LocalAccount wcm:action="add">
+                        <Password>
+                            <Value>vagrant</Value>
+                            <PlainText>true</PlainText>
+                        </Password>
+                        <Group>administrators</Group>
+                        <DisplayName>Vagrant</DisplayName>
+                        <Name>vagrant</Name>
+                        <Description>Vagrant User</Description>
+                    </LocalAccount>
+                </LocalAccounts>
+            </UserAccounts>
+        </component>
+    </settings>
+    <settings pass="specialize">
+        <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <ExtendOSPartition>
+                <Extend>true</Extend>
+            </ExtendOSPartition>
+        </component>
+        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <ComputerName>vagrant-10</ComputerName>
+        </component>
+    </settings>
+    <cpi:offlineImage cpi:source="wim:c:/users/administrator/desktop/install.wim#Windows 10 Enterprise Evaluation" xmlns:cpi="urn:schemas-microsoft-com:cpi" />
+</unattend>