• Stars
    star
    165
  • Rank 228,906 (Top 5 %)
  • Language
    PowerShell
  • Created over 7 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Packer templates to create Windows vagrant box images

packer-windoze

This repo contains code that can generate Vagrant boxes. The overall goal is to cover supported Windows Server OS'.

Each image is designed to be;

  • Fully updated at the time of creation
  • As small as can be possible for a Windows image
  • Contain minimal tools useful for Windows development such as the sysinternals suite
  • Enable WinRM (HTTP and HTTPS) and RDP on creation in Vagrant allowing other tools to interact with a new image without manual interaction
  • Incldues pwsh (formally known as PowerShell Core) on all host types except for Server 2012
  • Also include the latest Win32-OpenSSH in the image that starts up automatically
  • Each image contain the maximum amount of time available on a Windows evaluation image (usually 180 days) without prompting for a key

The blog post Using Packer to Create Windows Images contain a more detailed guide on this process and how it all works. The contents there are outdated as Packer is no longer used but the generic concepts still apply here. Feel free to read through it if you want to understand each component and how they fit together more.

Note: This repo used to use Packer to build the Vagrant images (hence the name) but no longer does.

Requirements

To use the scripts in this repo you will need the following;

  • Ansible >= 2.9.0
  • mkisofs to build the bootstrapping iso for Windows
  • pigz to compress the resulting Vagrant box image

The following Python libraries are also used:

One of the following hypervisers as defined by platform:

To install mkisofs and pigz, you can run one of the commands below depending on your distribution;

# for Debian/Ubuntu
sudo apt-get install mkisofs pigz

# for RHEL/CentOS
sudo yum install mkisofs pigz

# for Fedora
sudo dnf install genisoimage pigz

# for MacOS (requires Homebrew)
brew install cdrtools pigz

The Ansible requirements can be installed with

pip install -r requirements.txt
ansible-galaxy role install -r requirements.yml -p roles
ansible-galaxy collection install -r requirements.yml -p collections

How to Run

The imaging process uses Ansible from start to finish and in most cases can be rerun for it to take off where it started. To start the process run the following script:

ansible-playbook main.yml --limit '*2022'

This will build the Windows Server 2022 image for QEMU. You can change *2022 to the Windows version as defined in inventory.yml that you wish to build (the * is important). The following options can also be specified with -e to change the build behaviour:

  • platform: The Hypervisor to build for - can be qemu, virtualbox, or hyperv (default: qemu).
  • headless: Dont't display the VM console during the build process (default: true)
  • output_dir: The base directory to store the output/build files (default: {{ playbook_dir }}/output).
  • setup_username: The name of the user to create on the base image
  • setup_password: The password to apply to the username that is created.
  • iso_src_<host>: The URL or path to use for the install ISO, change <host> to the inventory hostname, e.g. 2022, or 2019.
  • iso_checksum_<host>: The checksum for iso_src, change <host> to the inventory hostname, e.g. 2022, or 2019.
  • iso_wim_label_<host>: The Windows install WIM label to install, change <host> to the inventory hostname, e.g. 2022, or 2019.

It is technically possible to build more than 1 image at a time by specifying multiple hosts with --limit but it is recommended to kick off the runs in parallel to keep better track.

After running the image process will have created a few files in {{ output_dir }}/{{ host }}:

  • description.md: A markdown description of the box created.
  • {{ platform }}.box: The box for the specific platform hypervisor.

Hyper-V and WSL

Because Ansible cannot run natively on Windows the Hyper-V builder must be run on WSL. The current process has been tested on WSL2 and will probably not work for WSL1. Before kicking off the run on WSL you must ensure that you've started the WSL process as an administrator so it has access to manage Hyper-V VMs. You also need to either run this repo from a Windows path or specify -e output_dir=/mnt/c/some/path so that Hyper-V can access the build artifacts.

What It Does

Here is a brief step by step overview of what actually happens with the images

  1. Ansible prepares the unattended install of Windows including the latest available updates and install ISOs
  2. Ansible kicks off the Hypervisor to create and run the VM
  3. Windows starts the install process and configures it according to the Autounattend.xml file generated by Ansible
  4. After the install process is complete, Windows will auto login the vagrant user and run the bootstrap.ps1 script
  5. The bootstrap script will ensure that the base updates are applied and WinRM is set up for Ansible to talk to
  6. Ansible will then run the provisioning steps against that host over the newly set up WinRM connection
  7. Ansible will then install all available updates and reboot accordingly (this step can take hours so be prepared to wait)
  8. Some personalisation tweaks occur such as showing hidden files and folders, file extensions and installing the sysinternals tools
  9. Will try to cleanup as much of the WinSXS folder as possible (older hosts are limited in how much it can do)
  10. Will remove all non enabled Features if Features on Demand is supported (Server 2012 and newer)
  11. Remove pagefile, temp files, log files that are not needed. Defrags the disk and 0's out empty space for the compression to work properly
  12. Setup the sysprep template files
  13. Remove the WinRM listeners and run the sysprep process to shutdown the host

From this point Ansible will create an image of the OS which can be used by Vagrant. When Vagrant first starts up the image, it will automatically log on and, rearm the activation key and recreate the WinRM listeners.

More Repositories

1

pypsrp

PowerShell Remoting Protocol for Python
Python
327
star
2

smbprotocol

Python SMBv2 and v3 Client
Python
293
star
3

ansible-windows

Scripts that are useful for using Ansible with Windows - not affiliated with Ansible in any way
PowerShell
196
star
4

pypsexec

Remote Windows execution like PsExec on Python
Python
113
star
5

PSOpenAD

Cross-platform PowerShell module alternative to Microsoft's Active Directory module
C#
101
star
6

PSDetour

Windows Detour Hooking in PowerShell
C#
71
star
7

dpapi-ng

Python DPAPI NG Decryptor for non-Windows Platforms
Python
55
star
8

PowerShell-AnsibleVault

Ansible Vault cmdlets for use in PowerShell
PowerShell
52
star
9

pyspnego

Python SPNEGO authentication library
Python
52
star
10

ntlm-auth

Calculates NTLM Authentication codes
Python
51
star
11

PSToml

PowerShell TOML Parser and Writer
PowerShell
44
star
12

PSPrivilege

Manage process privileges and adjust Windows rights/privileges in PowerShell
C#
39
star
13

LocalKdc

Info on how to use Kerberos KDC on a non-domain joined host
C#
37
star
14

ProcessEx

Exposes the Windows Process creation Win32 functions in PowerShell
C#
33
star
15

PowerShell-Yayaml

A YAML parser and writer that uses an Assembly Load Context on PowerShell 7+
PowerShell
30
star
16

PowerShell-OpenAuthenticode

Cross platform PowerShell implementation of Authenticode signing and verification
C#
28
star
17

ansible-role-win_openssh

Ansible Role to install Win32-OpenSSH on Windows - https://github.com/PowerShell/Win32-OpenSSH
PowerShell
28
star
18

ansibug

Debug Adapter Protocol for Ansible
Python
27
star
19

PSEtw

PowerShell ETW consumer module
C#
27
star
20

exchange-test-environment

A Vagrantfile and Ansible playbook that can be used to setup test environment with an Exchange server host
PowerShell
26
star
21

requests-credssp

An authentication handler for using CredSSP with Python Requests.
Python
21
star
22

PowerShell-ctypes

PowerShell module for ctypes/PInvoke calls
PowerShell
21
star
23

PowerShell-ALC

Example ALC structures to use with in a PowerShell module
PowerShell
20
star
24

SecretManagement.DpapiNG

PowerShell SecretManagement module for DPAPI-NG
PowerShell
18
star
25

pykrb5

Python krb5 API interface
C
16
star
26

PSWSMan

C#
16
star
27

winrm-cert-auth

Details around how to setup WinRM Certificate Authentication for use in Ansible
PowerShell
16
star
28

PSAccessToken

PowerShell Module that can query, edit, and create Windows Access Tokens
PowerShell
13
star
29

ansible-role-win_laps

Ansible Role to install LAPS on Windows - https://technet.microsoft.com/en-us/mt227395.aspx
PowerShell
12
star
30

PSDetour-Hooks

Auditing Hooks for https://github.com/jborean93/PSDetour
PowerShell
12
star
31

RemoteForge

PowerShell Custom PSRemoting Transport Manager
C#
11
star
32

PSGhost

PowerShell Host Methods using Spectre.Console
PowerShell
9
star
33

ansible-win-demos

Collection of demo scripts for Ansible and Windows
PowerShell
8
star
34

psrpcore

Core Library for the PowerShell Remoting Protocol
Python
8
star
35

PSCSharpInvoker

PowerShell module that can invoke C# code without polluting the Type namespace
PowerShell
8
star
36

PSSPI

PowerShell Module for SSPI
C#
7
star
37

PWSExecConn

PowerShell
7
star
38

ansible-role-win_chocolatey_server

Ansible Role to install Chocolatey Server on Windows - https://chocolatey.org/packages/chocolatey.server
PowerShell
7
star
39

sansldap

Python Sans I/O LDAP Library
Python
6
star
40

AdvReg

PowerShell Module for Advanced Registry Functionality
C#
4
star
41

vscode-ansibug

VSCode Extension for Debugging Ansible Playbooks
TypeScript
4
star
42

krb5-fast

Testing of Kerberos FAST on Linux
PowerShell
3
star
43

wsus-environment

Code to set up a WSUS environment
3
star
44

PSIntegrity

Manage the Windows integrity label policies on an object through PowerShell
PowerShell
3
star
45

SudoForge

PowerShell Remote Forge for Sudo
PowerShell
3
star
46

PInvokeHelper

Helper functions for PInvoking in PowerShell
PowerShell
3
star
47

TestBin

Test binary module for PowerShell
PowerShell
2
star
48

ansible-lookup-laps_password

Repo that contains tests for the laps_password Ansible lookup plugin
2
star
49

ansible-jborean93.vscode

POC for VSCode Ansible Debugger
Python
2
star
50

travis-ci-win-ansible

Testing repo for Travis-CI on Windows and Ansible
2
star
51

pyxca

Python Library for MS-XCA Xpress Compression Algorithm
C
2
star
52

brispug-repo

A repo for random things to do with the Brisbane PowerShell User Group
PowerShell
2
star
53

wsman-environment

Code to set up a WSMan environment
PowerShell
2
star
54

python-hyperv

Python API for Hyper-V
2
star
55

sspilib

Python bindings for Windows SSPI
Python
2
star
56

SSHForge

Hyper-V implementaiton for PowerShell RemoteForge
PowerShell
2
star
57

PowerShell-GistHub

GitHub Gist Provider for PowerShell
C#
1
star
58

CoverletTesting

Testing for Code Coverage in CI
PowerShell
1
star
59

PSConfEU-2024

Demos for PSConfEU talk
PowerShell
1
star
60

ProcessVirtualChannel

POC for a Process spawning RDP virtual channel
C#
1
star
61

ansible-content

Repo storing blog posts about Ansible
1
star