github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/e2e/terraform/packer/windows-2016-amd64/userdata.ps1

github.com/Ilhicas/nomad@v1.0.4-0.20210304152020-e86851182bc3/e2e/terraform/packer/windows-2016-amd64/userdata.ps1 (about)

     1  <powershell>
     2  
     3  Set-StrictMode -Version latest
     4  $ErrorActionPreference = "Stop"
     5  
     6  $RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
     7  if (!$RunningAsAdmin) {
     8    Write-Error "Must be executed in Administrator level shell."
     9    exit 1
    10  }
    11  
    12  # Force TLS1.2
    13  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    14  
    15  Write-Output "Running User Data Script"
    16  Write-Host "(host) Running User Data Script"
    17  
    18  Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
    19  
    20  # Don't set this before Set-ExecutionPolicy as it throws an error
    21  $ErrorActionPreference = "stop"
    22  
    23  # -------------------------------------------
    24  # WinRM
    25  
    26  # Remove HTTP listener
    27  Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
    28  
    29  $Cert = New-SelfSignedCertificate `
    30    -CertstoreLocation Cert:\LocalMachine\My `
    31    -DnsName "packer"
    32  
    33  New-Item `
    34    -Path WSMan:\LocalHost\Listener `
    35    -Transport HTTPS `
    36    -Address * `
    37    -CertificateThumbPrint $Cert.Thumbprint `
    38    -Force
    39  
    40  Write-output "Setting up WinRM"
    41  Write-host "(host) setting up WinRM"
    42  
    43  cmd.exe /c winrm quickconfig -q
    44  cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
    45  cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
    46  cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
    47  cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
    48  cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
    49  cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
    50  cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
    51  cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
    52  cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
    53  cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
    54  cmd.exe /c net stop winrm
    55  cmd.exe /c sc config winrm start= auto
    56  cmd.exe /c net start winrm
    57  
    58  
    59  # -------------------------------------------
    60  # Disks and Directories
    61  
    62  # Bring ebs volume online with read-write access
    63  Get-Disk | Where-Object IsOffline -Eq $True | Set-Disk -IsOffline $False
    64  Get-Disk | Where-Object isReadOnly -Eq $True | Set-Disk -IsReadOnly $False
    65  
    66  New-Item -ItemType Directory -Force -Path C:\opt -ErrorAction Stop
    67  
    68  # -------------------------------------------
    69  # SSH
    70  
    71  Try {
    72  
    73      # install portable SSH instead of the Windows feature because we
    74      # need to target 2016
    75      $repo = "https://github.com/PowerShell/Win32-OpenSSH"
    76      $version = "v8.0.0.0p1-Beta"
    77      $url = "${repo}/releases/download/${version}/OpenSSH-Win64.zip"
    78  
    79      # TODO: check sha!
    80      Write-Output "Downloading OpenSSH from: $url"
    81      Invoke-WebRequest -Uri $url -Outfile "OpenSSH-Win64.zip" -ErrorAction Stop
    82      Expand-Archive ".\OpenSSH-Win64.zip" "C:\Program Files" -ErrorAction Stop
    83      Rename-Item -Path "C:\Program Files\OpenSSH-Win64" -NewName "OpenSSH" -ErrorAction Stop
    84  
    85      & "C:\Program Files\OpenSSH\install-sshd.ps1"
    86  
    87      # Start the service
    88      Start-Service sshd
    89      Set-Service -Name sshd -StartupType 'Automatic' -ErrorAction Stop
    90  
    91      Start-Service ssh-agent
    92      Set-Service -Name ssh-agent -StartupType 'Automatic' -ErrorAction Stop
    93  
    94      # Enable host firewall rule if it doesn't exist
    95      New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' `
    96        -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -ErrorAction Stop
    97  
    98      # Set powershell as the OpenSSH login shell
    99      New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" `
   100        -Name DefaultShell `
   101        -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" `
   102        -PropertyType String -Force -ErrorAction Stop
   103  
   104      Write-Output "Installed OpenSSH."
   105  
   106  } Catch {
   107      Write-Output "Failed to install OpenSSH."
   108      Write-Output $_
   109      $host.SetShouldExit(-1)
   110      throw
   111  }
   112  
   113  md "C:\Users\Administrator\.ssh\"
   114  
   115  $myKey = "C:\Users\Administrator\.ssh\authorized_keys"
   116  $adminKey = "C:\ProgramData\ssh\administrators_authorized_keys"
   117  
   118  Invoke-RestMethod `
   119    -Uri "http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key" `
   120    -Outfile $myKey
   121  
   122  cp $myKey $adminKey
   123  
   124  icacls $adminKey /reset
   125  icacls $adminKey /inheritance:r
   126  icacls $adminKey /grant BUILTIN\Administrators:`(F`)
   127  icacls $adminKey /grant SYSTEM:`(F`)
   128  
   129  </powershell>