Packer Windows

Packer Windows

vars.json

{
    "aws_ami_name": "Windows 2012R2 Base Image
    "aws_profile": "aws-dev",
    "aws_region": "ap-southeast-2",
    "aws_tag_environment": "DEV",
    "aws_tag_name": "Windows 2012R2 Base Image-Test"
    
}

 

packer-windows.json

 

{
    "builders": [
        {
            "ami_name": "{{user `aws_ami_name`}} - {{timestamp}}",
            "communicator": "winrm",
            "instance_type": "t2.medium",
            "profile": "aws-dev",
            "region": "ap-southeast-2",
            "type": "amazon-ebs",
            "user_data_file":"./files/userdata.ps1",
            "winrm_insecure": true,
            "winrm_use_ssl": true,
            "winrm_username": "Administrator",

            "source_ami_filter": {
                "filters": {
                  "virtualization-type": "hvm",
                  "name": "*Windows_Server-2012-R2*English-64Bit-Base*",
                  "root-device-type": "ebs"
                },
                "most_recent": true,
                "owners": "amazon"
            },
            "tags": {
               
                "Environment": "{{user `aws_tag_environment`}}",
                "Name": "{{user `aws_tag_name`}}",
               
                },
            
            "launch_block_device_mappings": [
                {
                    "delete_on_termination": true,
                    "device_name": "/dev/sda1",
                    "volume_size": 30,
                    "volume_type": "gp2"
                },
                {
                    "delete_on_termination": true,
                    "device_name": "/dev/xvdg",
                    "encrypted": true,
                    "volume_size": 10,
                    "volume_type": "gp2"
                },
                {
                    "delete_on_termination": true,
                    "device_name": "/dev/xvdf",
                    "encrypted": true,
                    "volume_size": 10,
                    "volume_type": "gp2"
                }
            ]
        }
    ],
    "provisioners": [
        {
            "type": "powershell",
            "elevated_user": "Administrator",
            "elevated_password": "{{.WinRMPassword}}",
            "inline": "Write-Output(\"HELLO I AM POWERSHELL \")"        
        },
        {
            "type": "windows-restart"
        },
        {
            "type": "powershell",
            "elevated_user": "Administrator",
            "elevated_password": "{{.WinRMPassword}}",
            "scripts": [
                "./files/setDrives.ps1",
                "./files/ec2config.ps1",
                ./files/BundleConfig.ps1"
            ]
        }
        ]
}

BundleConfig.ps1

$EC2SettingsFile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Settings\\BundleConfig.xml"
$xml = [xml](get-content $EC2SettingsFile)
$xmlElement = $xml.get_DocumentElement()

foreach ($element in $xmlElement.Property)
{
    if ($element.Name -eq "AutoSysprep")
    {
        $element.Value="Yes"
    }
}
$xml.Save($EC2SettingsFile)

 

ec2config.ps1

$EC2SettingsFile="C:\\Program Files\\Amazon\\Ec2ConfigService\\Settings\\Config.xml"
$xml = [xml](get-content $EC2SettingsFile)
$xmlElement = $xml.get_DocumentElement()
$xmlElementToModify = $xmlElement.Plugins

$enableElements = "Ec2SetPassword", `
                  "Ec2SetComputerName", `
                  "Ec2HandleUserData", `
                  "Ec2DynamicBootVolumeSize"

$xmlElementToModify.Plugin | Where-Object {$enableElements -contains $_.name} | Foreach-Object {$_.State="Enabled"}

$xml.Save($EC2SettingsFile)

 

setDrives.ps1

get-disk -Number 1 | get-partition | Set-Partition -NewDriveLetter D
get-disk -Number 1 | get-partition | Get-Volume | Set-Volume -NewFileSystemLabel "Applications"

get-disk -Number 2 | get-partition | Set-Partition -NewDriveLetter L
get-disk -Number 2 | get-partition | Get-Volume | Set-Volume -NewFileSystemLabel "Logs"

[Environment]::SetEnvironmentVariable('ApplicationDrive', 'D:', 'Machine');
[Environment]::SetEnvironmentVariable('LogDrive', 'L:', 'Machine');

 

userdata.ps1

 



write-output "Running User Data Script"
write-host "(host) Running User Data Script"

Set-ExecutionPolicy Unrestricted -Scope LocalMachine -Force -ErrorAction Ignore

# Don't set this before Set-ExecutionPolicy as it throws an error
$ErrorActionPreference = "stop"

# Remove HTTP listener
Remove-Item -Path WSMan:\Localhost\listener\listener* -Recurse

$Cert = New-SelfSignedCertificate -CertstoreLocation Cert:\LocalMachine\My -DnsName "packer"
New-Item -Path WSMan:\LocalHost\Listener -Transport HTTPS -Address * -CertificateThumbPrint $Cert.Thumbprint -Force

# WinRM
write-output "Setting up WinRM"
write-host "(host) setting up WinRM"

cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set "winrm/config" '@{MaxTimeoutms="1800000"}'
cmd.exe /c winrm set "winrm/config/winrs" '@{MaxMemoryPerShellMB="1024"}'
cmd.exe /c winrm set "winrm/config/service" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/client" '@{AllowUnencrypted="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/client/auth" '@{Basic="true"}'
cmd.exe /c winrm set "winrm/config/service/auth" '@{CredSSP="true"}'
cmd.exe /c winrm set "winrm/config/listener?Address=*+Transport=HTTPS" "@{Port=`"5986`";Hostname=`"packer`";CertificateThumbprint=`"$($Cert.Thumbprint)`"}"
cmd.exe /c netsh advfirewall firewall set rule group="remote administration" new enable=yes
cmd.exe /c netsh firewall add portopening TCP 5986 "Port 5986"
cmd.exe /c net stop winrm
cmd.exe /c sc config winrm start= auto
cmd.exe /c net start winrm