github.com/hernad/nomad@v1.6.112/e2e/terraform/packer/windows-2016-amd64/userdata.ps1

github.com/hernad/nomad@v1.6.112/e2e/terraform/packer/windows-2016-amd64/userdata.ps1 (about)

     1  # Copyright (c) HashiCorp, Inc.
     2  # SPDX-License-Identifier: MPL-2.0
     3  
     4  <powershell>
     5  
     6  Set-StrictMode -Version latest
     7  $ErrorActionPreference = "Stop"
     8  
     9  $RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
    10  if (!$RunningAsAdmin) {
    11    Write-Error "Must be executed in Administrator level shell."
    12    exit 1
    13  }
    14  
    15  # Force TLS1.2
    16  [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
    17  
    18  Write-Output "Running User Data Script"
    19  Write-Host "(host) Running User Data Script"
    20  
    21  Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore
    22  
    23  # Don't set this before Set-ExecutionPolicy as it throws an error
    24  $ErrorActionPreference = "stop"
    25  
    26  # -------------------------------------------
    27  # WinRM
    28  
    29  # Remove HTTP listener
    30  Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse
    31  
    32  $Cert = New-SelfSignedCertificate `
    33    -CertstoreLocation Cert:\LocalMachine\My `
    34    -DnsName "packer"
    35  
    36  New-Item `
    37    -Path WSMan:\LocalHost\Listener `
    38    -Transport HTTPS `
    39    -Address * `
    40    -CertificateThumbPrint $Cert.Thumbprint `
    41    -Force
    42  
    43  Write-output "Setting up WinRM"
    44  Write-host "(host) setting up WinRM"
    45  
    46  cmd.exe /c winrm quickconfig -q
    47  cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
    48  cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
    49  cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
    50  cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
    51  cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
    52  cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
    53  cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
    54  cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
    55  cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
    56  cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
    57  cmd.exe /c net stop winrm
    58  cmd.exe /c sc config winrm start= auto
    59  cmd.exe /c net start winrm
    60  
    61  
    62  # -------------------------------------------
    63  # Disks and Directories
    64  
    65  # Bring ebs volume online with read-write access
    66  Get-Disk | Where-Object IsOffline -Eq $True | Set-Disk -IsOffline $False
    67  Get-Disk | Where-Object isReadOnly -Eq $True | Set-Disk -IsReadOnly $False
    68  
    69  New-Item -ItemType Directory -Force -Path C:\opt -ErrorAction Stop
    70  
    71  # -------------------------------------------
    72  # SSH
    73  
    74  Try {
    75  
    76      # install portable SSH instead of the Windows feature because we
    77      # need to target 2016
    78      $repo = "https://github.com/PowerShell/Win32-OpenSSH"
    79      $version = "v8.0.0.0p1-Beta"
    80      $url = "${repo}/releases/download/${version}/OpenSSH-Win64.zip"
    81  
    82      # TODO: check sha!
    83      Write-Output "Downloading OpenSSH from: $url"
    84      Invoke-WebRequest -Uri $url -Outfile "OpenSSH-Win64.zip" -ErrorAction Stop
    85      Expand-Archive ".\OpenSSH-Win64.zip" "C:\Program Files" -ErrorAction Stop
    86      Rename-Item -Path "C:\Program Files\OpenSSH-Win64" -NewName "OpenSSH" -ErrorAction Stop
    87  
    88      & "C:\Program Files\OpenSSH\install-sshd.ps1"
    89  
    90      # Start the service
    91      Start-Service sshd
    92      Set-Service -Name sshd -StartupType 'Automatic' -ErrorAction Stop
    93  
    94      Start-Service ssh-agent
    95      Set-Service -Name ssh-agent -StartupType 'Automatic' -ErrorAction Stop
    96  
    97      # Enable host firewall rule if it doesn't exist
    98      New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (sshd)' `
    99        -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -ErrorAction Stop
   100  
   101      # Note: there appears to be a regression in recent versions of
   102      # Terraform for file provisioning over ssh for Windows with
   103      # powershell as the default shell
   104      # See: https://github.com/hashicorp/terraform/issues/30661
   105      #
   106      # Set powershell as the OpenSSH login shell
   107      # New-ItemProperty -Path "HKLM:\SOFTWARE\OpenSSH" `
   108      #   -Name DefaultShell `
   109      #   -Value "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" `
   110      #   -PropertyType String -Force -ErrorAction Stop
   111  
   112      Write-Output "Installed OpenSSH."
   113  
   114  } Catch {
   115      Write-Output "Failed to install OpenSSH."
   116      Write-Output $_
   117      $host.SetShouldExit(-1)
   118      throw
   119  }
   120  
   121  md "C:\Users\Administrator\.ssh\"
   122  
   123  $myKey = "C:\Users\Administrator\.ssh\authorized_keys"
   124  $adminKey = "C:\ProgramData\ssh\administrators_authorized_keys"
   125  
   126  Invoke-RestMethod `
   127    -Uri "http://169.254.169.254/latest/meta-data/public-keys/0/openssh-key" `
   128    -Outfile $myKey
   129  
   130  cp $myKey $adminKey
   131  
   132  icacls $adminKey /reset
   133  icacls $adminKey /inheritance:r
   134  icacls $adminKey /grant BUILTIN\Administrators:`(F`)
   135  icacls $adminKey /grant SYSTEM:`(F`)
   136  
   137  </powershell>