Skip to content

Commit

Permalink
Fixes #36495 - Extend Windows templates for Puppet and Ansible
Browse files Browse the repository at this point in the history
Co-authored-by: Fabrice Brimioulle <[email protected]>
Co-authored-by: Ewoud Kohl van Wijngaarden <[email protected]>
  • Loading branch information
3 people authored and stejskalleos committed Jul 30, 2024
1 parent c5f72a4 commit 0d70063
Show file tree
Hide file tree
Showing 14 changed files with 559 additions and 151 deletions.
12 changes: 12 additions & 0 deletions app/services/foreman/template_snapshot_service.rb
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,10 @@ def self.rocky9_dhcp
new.rocky9_dhcp
end

def self.windows10_dhcp
new.windows10_dhcp
end

def self.render_template(template, host_name = :host4dhcp)
host_stub = send(host_name.to_sym)
source = Foreman::Renderer::Source::Snapshot.new(template)
Expand Down Expand Up @@ -205,6 +209,14 @@ def rocky9_dhcp
define_host_params(host)
end

def windows10_dhcp
host = FactoryBot.build(:host_for_snapshots_ipv4_dhcp_windows10,
name: 'snapshot-ipv4-dhcp-windows10',
subnet: FactoryBot.build(:subnet_ipv4_dhcp_for_snapshots),
interfaces: [ipv4_interface])
define_host_params(host)
end

private

def files
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ oses:
- Windows Server 2012
- Windows Server 2012 R2
- Windows
test_on:
- windows10_dhcp
description: |
A finish template executed at the end of Windows provisioning. For more information, please
see https://community.theforeman.org/t/windows-provisioning-made-easy/16756
Expand All @@ -31,102 +33,107 @@ description: |
<%
# safemode renderer does not support unary negation
puppet_enabled = !host_param_true?('skip-puppet-setup') && (host_puppet_server.present? || host_param_true?('force-puppet'))
salt_enabled = host_param('salt_master') ? true : false
salt_enabled = host_param('salt_master').present?
chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
network_location = host_param('networklocation', 'Private')
%>

@echo off
<% unless host_param('localAdminAccountDisabled') -%>
echo Activating administrator
net user administrator /active:yes
<% end -%>

<% if @host.pxe_build? %>
set ctr=0
set nettimeout=10

(echo Updating time)
(sc config w32time start= auto)
sc start w32time
::ipconfig /renew

<% if host_param('ntpServer') %>
echo setting time server
w32tm /config /manualpeerlist:<%= host_param('ntpServer') %> /syncfromflags:manual /update
<% end %>

echo sync time
w32tm /resync
w32tm /resync

<% if host_param('computerDomain') -%>
<% if host_param('domainAdminAccount').present? && host_param('domainAdminAccountPasswd').present? -%>
echo performing secure domain join
powershell.exe -OutputFormat text -command Add-Computer -DomainName '<%= host_param('computerDomain') -%>' -Credential (New-Object -TypeName System.Management.Automation.PSCredential '<%= host_param('domainAdminAccount') -%>', (ConvertTo-SecureString -String '<%= host_param('domainAdminAccountPasswd') -%>' -AsPlainText -Force)) <% if host_param('computerOU').present? -%>-OUPath '<%= host_param('computerOU') -%>'<% end -%>
<% else %>
<% if host_param('machinePassword').present? %>
echo performing unsecure domain join
powershell.exe -OutputFormat text -command Add-Computer -Domain '<%= host_param('computerDomain') -%>' -Options UnsecuredJoin,PasswordPass -Credential (New-Object -TypeName System.Management.Automation.PSCredential $null, (ConvertTo-SecureString -String '<%= host_param('machinePassword') -%>' -AsPlainText -Force))
<% end %>
<% end %>
<% end %>

<% if host_param('localAdminAccountDisabled') %>
echo Disabling %tempAdminUser%
net user %tempAdminUser% %tempAdminUser% /active:no
<% end %>

<% if host_param('ansible_port') == 5985 or host_param('ansible_winrm_scheme') == 'http' %>
cmd /c winrm set winrm/config/service @{AllowUnencrypted="true"}
<% end %>

<% if host_param('ansible_winrm_transport') == 'basic' %>
cmd /c winrm set winrm/config/client/auth @{Basic="true"}
cmd /c winrm set winrm/config/service/auth @{Basic="true"}
<% end %>

<% if host_param('ansible_winrm_transport') == 'credssp' %>
cmd /c winrm set winrm/config/client/auth @{CredSSP="true"}
cmd /c winrm set winrm/config/service/auth @{CredSSP="true"}
<% end %>

<% if host_param('ansible_winrm_transport') == 'certificate' %>
cmd /c winrm set winrm/config/client/auth @{Certificate="true"}
cmd /c winrm set winrm/config/service/auth @{Certificate="true"}
<% end %>

<%= snippet 'Windows network' %>

<% if foreman_url('user_data') %>
echo execute user data script
IF EXIST c:\deploy\user_data.ps1 powershell.exe -OutputFormat text -command c:\deploy\user_data.ps1
<% end -%>

<% if puppet_enabled %>
echo Installing puppet
start /w "" msiexec /qn /i C:\extras\puppet.msi PUPPET_AGENT_STARTUP_MODE=Manual PUPPET_MASTER_SERVER=<%= host_puppet_server -%> PUPPET_AGENT_ACCOUNT_DOMAIN=<%= @host.domain -%> PUPPET_AGENT_ACCOUNT_USER=administrator PUPPET_AGENT_ACCOUNT_PASSWORD="<%= host_param('domainAdminAccountPasswd') -%>"
echo set puppet to auto start
sc config puppet start= auto
sc query puppet
<% end%>

<% if host_param('foremanDebug') != true %>

echo reboot in 15sec
start /b shutdown /r /t 15

echo Safely remove wimaging files
sdelete.exe -accepteula -p 2 -r c:\wimaging
sdelete.exe -accepteula -p 2 -r c:\minint
sdelete.exe -accepteula -p 2 c:\Windows\Panther\unattend.xml
sdelete.exe -accepteula -p 2 C:\Windows\Setup\Scripts\SetupComplete.cmd

echo Safely remove leftover directories
sdelete.exe -accepteula -p 2 -r c:\drivers
sdelete.exe -accepteula -p 2 -r c:\updates

echo Safely removing c:\deploy
cd /
sdelete.exe -accepteula -p 2 -r c:\deploy
<% end -%>
echo Activating administrator
net user administrator /active:yes
<% end -%>

<% if @host.pxe_build? -%>
set ctr=0
set nettimeout=10
<% end -%>

<%= snippet 'windows_network' %>

<% if host_param('ntpServer') -%>
echo Setting time server
w32tm /config /manualpeerlist:<%= host_param('ntpServer') %> /syncfromflags:manual /update
<% end -%>

echo Syncing time
w32tm /resync

<% if host_param('computerDomain') -%>
<% if host_param('domainAdminAccount').present? && host_param('domainAdminAccountPasswd').present? -%>
echo Performing secure domain join
powershell.exe -OutputFormat text -command Add-Computer -DomainName '<%= host_param('computerDomain') -%>' -Credential (New-Object -TypeName System.Management.Automation.PSCredential '<%= host_param('domainAdminAccount') -%>', (ConvertTo-SecureString -String '<%= host_param('domainAdminAccountPasswd') -%>' -AsPlainText -Force))<% if host_param('computerOU').present? -%> -OUPath '<%= host_param('computerOU') -%>'<% end -%>
<% else -%>
<% if host_param('machinePassword').present? -%>
echo Performing unsecure domain join
powershell.exe -OutputFormat text -command Add-Computer -Domain '<%= host_param('computerDomain') -%>' -Options UnsecuredJoin,PasswordPass -Credential (New-Object -TypeName System.Management.Automation.PSCredential $null, (ConvertTo-SecureString -String '<%= host_param('machinePassword') -%>' -AsPlainText -Force))
<% end -%>
<% end -%>
<% end -%>

<% if host_param('localAdminAccountDisabled') -%>
echo Disabling %tempAdminUser%
net user %tempAdminUser% %tempAdminUser% /active:no
<% end -%>

<% if host_param('http-proxy').present? -%>
cmd /C "netsh winhttp set proxy <%= host_param('http-proxy') %>:<%= host_param('http-proxy-port') %>"
<% end -%>

<% unless host_param('computerDomain') -%>
powershell /c "Get-NetConnectionProfile -InterfaceAlias \"Ethernet0\" | Set-NetConnectionProfile -NetworkCategory <%= network_location %>"
<% end -%>

<% if host_param('ansible_user').present? -%>
<% if host_param_true?('create_ansible_user') -%>
powershell /c "set-localuser -name <%= host_param('ansible_user') %> -passwordneverexpires 1"
<% end -%>
powershell /c "Enable-PSRemoting"
cmd /c "netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow"
cmd /c winrm set winrm/config/service @{AllowUnencrypted="true"}
cmd /c winrm set winrm/config/client/auth @{Basic="true"}
cmd /c winrm set winrm/config/service/auth @{Basic="true"}
<% end -%>

<% if host_param('ping') -%>
cmd /c "netsh advfirewall firewall add rule name=\"Enable IPv4 ICMP\" dir=in protocol=icmpv4 action=allow"
<% end -%>

<% if host_param('remote_desktop') -%>
cmd /c "netsh advfirewall firewall set rule group=\"remote desktop\" new enable=Yes"
cmd /c "netsh advfirewall firewall set rule group=\"remotedesktop\" new enable=Yes"
<% end -%>

<% if puppet_enabled -%>
echo Downloading Puppet installer
wget "<%= host_param('win_puppet_source') %>" -O C:\puppet-agent-latest.msi
echo Installing Puppet
start /w "" msiexec /qn /i C:\puppet-agent-latest.msi PUPPET_AGENT_STARTUP_MODE=Manual PUPPET_SERVER=<%= host_puppet_server -%> PUPPET_CA_SERVER=<%= host_puppet_ca_server -%> PUPPET_AGENT_ACCOUNT_DOMAIN=<%= @host.domain -%> PUPPET_AGENT_ACCOUNT_USER=administrator PUPPET_AGENT_ACCOUNT_PASSWORD="<%= host_param('domainAdminAccountPasswd') -%>"
echo Setting Puppet to auto start
sc config puppet start= auto
sc query puppet
<% end -%>

<% if !host_param_true?('foremanDebug') -%>
echo Rebooting in 60 sec
shutdown /r /t 60

echo Removing wimaging files
rd /s /q c:\wimaging
sdelete.exe -accepteula -p 2 c:\Windows\Panther\unattend.xml
sdelete.exe -accepteula -p 2 C:\Windows\Setup\Scripts\SetupComplete.cmd

echo Removing leftover directories
rd /s /q c:\MININT
rd /s /q c:\drivers
rd /s /q c:\updates

<% if puppet_enabled -%>
echo Removing Puppet installer
sdelete.exe -accepteula -p 2 C:\puppet-agent-latest.msi
<% end -%>

echo Removing deploy directory
rd /s /q c:\deploy

<% end -%>
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ name: Windows default provision
model: ProvisioningTemplate
oses:
- Windows
test_on:
- windows10_dhcp
description: |
A templated answers.xml file for windows installations. This provides all answers to the questions an interactive installation would ask.
It supports the following parameters:
Expand All @@ -12,13 +14,15 @@ description: |
- systemLocale: en-US
- systemUILanguage: en-US
- systemTimeZone: GMT Standard Time #see https://msdn.microsoft.com/en-us/library/ms912391(v=winembedded.11).aspx
- wimImageName = Windows 8.1 Pro # Image name seems only necessary if the WIM contains more than one image
- wimImageName = Windows 10 Pro # Image name seems only necessary if the WIM contains more than one image
-%>
<%
system_locale = host_param('systemLocale') ? host_param('systemLocale') : 'en-US'
system_ui_lang = host_param('systemUILanguage') ? host_param('systemUILanguage') : 'en-US'
system_locale = host_param('systemLocale', 'en-US')
system_ui_lang = host_param('systemUILanguage', 'en-US')
setup_ui_lang = 'en-US'
system_timezone = host_param('systemTimeZone') ? host_param('systemTimeZone') : 'GMT Standard Time'
input_locale = host_param('inputLocale', 'en-US')
system_timezone = host_param('systemTimeZone', 'GMT Standard Time')
network_location = host_param('networklocation', 'private')
-%>
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
Expand All @@ -30,14 +34,14 @@ description: |
</settings>
<settings pass="windowsPE">
<component name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<EnableFirewall><%= host_param('EnableFirewall') || 'true' %></EnableFirewall>
<EnableFirewall><%= host_param('EnableFirewall', 'true') %></EnableFirewall>
<EnableNetwork>true</EnableNetwork>
<Restart>Restart</Restart>
<ImageInstall>
<OSImage>
<InstallFrom>
<MetaData wcm:action="add">
<Value><%= host_param('wimImageName') -%></Value>
<Value><%= host_param('wimImageName') -%></Value>
</MetaData>
</InstallFrom>
<InstallToAvailablePartition>true</InstallToAvailablePartition>
Expand All @@ -52,7 +56,7 @@ description: |
<SetupUILanguage>
<UILanguage><%= setup_ui_lang %></UILanguage>
</SetupUILanguage>
<InputLocale><%= system_locale %></InputLocale>
<InputLocale><%= input_locale %></InputLocale>
<SystemLocale><%= system_locale %></SystemLocale>
<UILanguageFallback><%= setup_ui_lang %></UILanguageFallback>
<UILanguage><%= system_ui_lang %></UILanguage>
Expand All @@ -61,7 +65,7 @@ description: |
</settings>
<settings pass="oobeSystem">
<component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<InputLocale><%= system_locale %></InputLocale>
<InputLocale><%= input_locale %></InputLocale>
<SystemLocale><%= system_locale %></SystemLocale>
<UILanguageFallback><%= setup_ui_lang %></UILanguageFallback>
<UILanguage><%= system_ui_lang %></UILanguage>
Expand All @@ -70,9 +74,23 @@ description: |
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<UserAccounts>
<AdministratorPassword>
<PlainText>false</PlainText>
<Value><%= root_pass %></Value>
<PlainText>false</PlainText>
</AdministratorPassword>
<% if host_param('ansible_user') && host_param('create_ansible_user') -%>
<LocalAccounts>
<LocalAccount wcm:action="add">
<Password>
<Value>![CDATA[<%= host_param('ansible_ssh_pass') %>]]</Value>
<PlainText>true</PlainText>
</Password>
<Description>Ansible login service user</Description>
<DisplayName><%= host_param('ansible_user') %></DisplayName>
<Group>Administrators</Group>
<Name><%= host_param('ansible_user') %></Name>
</LocalAccount>
</LocalAccounts>
<% end -%>
</UserAccounts>
<TimeZone><%= system_timezone -%></TimeZone>
<% if host_param('windowsLicenseOwner') -%>
Expand All @@ -81,7 +99,7 @@ description: |
<% end -%>
<OOBE>
<HideEULAPage>true</HideEULAPage>
<NetworkLocation>Work</NetworkLocation>
<NetworkLocation>Home</NetworkLocation>
<ProtectYourPC>1</ProtectYourPC>
<SkipUserOOBE>true</SkipUserOOBE>
<SkipMachineOOBE>true</SkipMachineOOBE>
Expand Down Expand Up @@ -113,16 +131,26 @@ description: |
<RegisteredOrganization><%= host_param('windowsLicenseOwner') -%></RegisteredOrganization>
<RegisteredOwner><%= host_param('windowsLicenseOwner') -%></RegisteredOwner>
<% end -%>
<TimeZone><%= system_timezone -%></TimeZone>
<TimeZone><%= system_timezone -%></TimeZone>
</component>
<component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DomainProfile_EnableFirewall><%= host_param('EnableFirewall') || 'true' %></DomainProfile_EnableFirewall>
<PrivateProfile_EnableFirewall><%= host_param('EnableFirewall') || 'true' %></PrivateProfile_EnableFirewall>
<PublicProfile_EnableFirewall><%= host_param('EnableFirewall') || 'true' %></PublicProfile_EnableFirewall>
<DomainProfile_EnableFirewall><%= host_param('EnableFirewall', 'true') %></DomainProfile_EnableFirewall>
<PrivateProfile_EnableFirewall><%= host_param('EnableFirewall', 'true') %></PrivateProfile_EnableFirewall>
<PublicProfile_EnableFirewall><%= host_param('EnableFirewall', 'true') %></PublicProfile_EnableFirewall>
</component>
<component name="Microsoft-Windows-DNS-Client" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<% if @host.provision_interface.subnet && !@host.provision_interface.subnet.dhcp_boot_mode? -%>
<DNSSuffixSearchOrder>
<DomainName wcm:action="add" wcm:keyValue="1"><%= @host.domain %></DomainName>
</DNSSuffixSearchOrder>
<% end -%>
<DNSDomain><%= @host.domain %></DNSDomain>
</component>
<% if host_param('hide_server_manager') -%>
<component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
</component>
<% end -%>
<component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<fDenyTSConnections>false</fDenyTSConnections>
</component>
Expand Down
Loading

0 comments on commit 0d70063

Please sign in to comment.