changes for 0.6.0 release

.gitignore

@@ -11,13 +11,17 @@ Vagrantfile
 hosts-*
 *.retry
 
+# Galaxy files
+roles/jborean.*
+
 # Temp Packer files
 2008-x86/
 2008-x64/
 2008r2/
 2012
 2012r2/
 2016/
+2019/
 1709/
 1803/
 10-x86/

CHANGELOG.md

@@ -6,6 +6,16 @@ changelog entries to `roles/packer-setup/vars/main.yml` to modify this file_
 This is the changelog of each image version uploaded to the Vagrant Cloud. It
 contains a list of changes that each incorporate.
 
+### v0.6.0 - TBD
+
+* Fix logic when setting the `LocalAccountTokenFilterPolicy` value when setting up the WinRM listener
+* Added ability to override the base Chocolatey packages that are installed with the image, use the `opt_package_setup_packages` variable with `-e` when generating the template to configure
+* Moved away from custom role to install the Win32-OpenSSH components, now using the [jborean93.win_openssh](https://galaxy.ansible.com/jborean93/win_openssh) role
+* Updated OpenSSH version [7.9.0.0p1-Beta](https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v7.9.0.0p1-Beta)
+* Installed the [virtio-network](https://stg.fedoraproject.org/wiki/Windows_Virtio_Drivers) driver on VirtualBox images
+* 2016
+    * Changed the default Windows Explorer window to show `This PC` instead of `Quick access`
+
 ### v0.5.0 - 2018-08-08
 
 * Disabled automatic Windows Update to eliminate post-startup thrash on older images - https://github.com/jborean93/packer-windoze/issues/10

README.md

@@ -82,6 +82,9 @@ ansible-playbook packer-setup.yml -e man_packer_setup_host_type=<host type>
 # see below what can be used for <host type> but to create the Packer files for a Server 2012 R2 image run
 ansible-playbook packer-setup.yml -e man_packer_setup_host_type=2012r2
 
+# specify custom Chocolatey packages to install instead of vim and sysinternals on the image
+ansible-playbook packer-setup.yml -e opt_packer_setup_packages='["pstools", "notepadplusplus"]'
+
 # when running on Windows, you can run this from PowerShell like
 bash.exe -ic "ansible-playbook packer-setup.yml -e man_packer_setup_host_type=2012r2 -e opt_packer_setup_builder=hyperv"
 ```
@@ -127,7 +130,14 @@ You can set the host type to the following values
 * `2012`: Windows Server 2012 Standard
 * `2012r2`: Windows Server 2012 R2 Standard
 * `2016`: Windows Server 2016 Standard
-* `1709`: Windows Server Build 1709 Standard (Requires ISO to be manually downloaded)
+
+The following host types can also be used but it requires the ISO to be
+manually downloaded and set with `opt_packager_setup_iso_path`. Microsoft does
+not offer evaluation ISOs for these builds so it won't be part of the public
+facing images
+
+* `1709`: Windows Server Build 1709 Standard
+* `1803`: Windows Server Build 1803 Standard
 
 #### Optional Variables
 
@@ -141,6 +151,7 @@ change the way Packer builds the images in the next step;
 * `opt_packer_setup_password`: (Default: `vagrant`) The password for `opt_packer_setup_username`, this password is also set for the builtin Administrator account even though it is disabled in the image.
 * `opt_packer_setup_product_key`: The product key to use when installing Windows, do not set this unless you know what you are doing.
 * `opt_packer_setup_hyperv_switch`: (Default: `packer-windoze`) The name of the Hyper-V switch to create. There shouldn't be a need to change this unless you know what you're doing.
+* `opt_packer_setup_packages`: (Default: `vim`, `sysinternals`) Override the default Chocolatey packages that are installed on each image. This should be a list of valid Chocolatey package names that are packes to the `win_chocolatey` module, see the examples for more details.
 
 To add a post-processor to upload to Vagrant Cloud, add in the following 3
 variables;

main.yml

@@ -15,6 +15,7 @@
       - man_is_longhorn is defined
       - man_packer_windoze_version is defined
       - man_skip_feature_removal is defined
+      - man_personalize_choco_packages is defined
 
   - name: make sure the WinRM service is set to auto
     win_service:
@@ -24,8 +25,11 @@
   roles:
   - update
   - personalise
-  - openssh
-  #- cleanup-win10
+  - role: jborean93.win_openssh
+    opt_openssh_firewall_profiles: domain,private,public
+    opt_openssh_skip_start: True
+    opt_openssh_version: v7.9.0.0p1-Beta
+    when: not man_is_longhorn
   - cleanup-winsxs
   - cleanup-features
   - cleanup

requirements.yml

@@ -0,0 +1 @@
+- src: jborean93.win_openssh

roles/cleanup-winsxs/tasks/main.yml

@@ -48,7 +48,7 @@
 
 - name: setup and run cleanmgr if DISM reset base wasn't supported or cleanmgr is available
   include_tasks: cleanmgr.yml
-  when: pri_cleanup_winsxs_dism_supported.stdout_lines[0] == "false" or pri_cleanup_winsxs_cleanmgr_available.stat.exists == True
+  when: pri_cleanup_winsxs_dism_supported.stdout_lines[0] == "false" and pri_cleanup_winsxs_cleanmgr_available.stat.exists == True
 
 - name: check if the SoftwareDistribution folder exists
   win_stat:

roles/cleanup/tasks/main.yml

@@ -45,26 +45,3 @@
 - name: defrag C with legacy exe
   win_command: 'Defrag.exe C:'
   when: pri_cleanup_defrag_cmdlet.rc != 0
-
-- name: 0 out empty space for later compression
-  win_shell: |
-    $path = "C:\zero"
-    $volume = Get-WmiObject -Class Win32_LogicalDisk -Filter "DeviceID='C:'"
-    $block_size = 64kb
-    $leftover_size = $volume.Size * 0.05
-    $file_size = $volume.FreeSpace - $leftover_size
-    $data_array = New-Object -TypeName byte[]($block_size)
-
-    $stream = [System.IO.File]::OpenWrite($path)
-    try {
-        $current_file_size = 0
-        while ($current_file_size -lt $file_size) {
-            $stream.Write($data_array, 0, $data_array.Length)
-            $current_file_size += $data_array.Length
-        }
-    } finally {
-        if ($stream) {
-            $stream.Close()
-        }
-    }
-    Remove-Item -Path $path -Force | Out-Null

roles/packer-setup/tasks/main.yml

@@ -4,12 +4,17 @@
     that:
     - man_packer_setup_host_type is defined
 
+- name: ensure Galaxy requirements have been downloaded
+  command: ansible-galaxy install -r requirements.yml -p roles
+  args:
+    chdir: '{{ playbook_dir }}'
+
 - name: check that the host type specified is valid
   fail:
     msg: man_packer_setup_host_type {{man_packer_setup_host_type}} is not a valid host type, expecting {{pri_packer_setup_host_config.keys()}}
   when: pri_packer_setup_host_config[man_packer_setup_host_type] is not defined
 
-- name: verify that a non support Hyper-V configuration isn't set
+- name: verify that a non supported Hyper-V configuration isn't set
   fail:
     msg: man_packer_setup_host_type {{man_packer_setup_host_type}} is not supported with the Hyper-V builder
   when: opt_packer_setup_builder == 'hyperv' and man_packer_setup_host_type in ["2008-x86", "2008-x64"]
@@ -29,6 +34,12 @@
   include_tasks: download_extract_iso.yml
   when: pri_packer_setup_config.iso_url.endswith('.exe') and opt_packer_setup_iso_path is not defined
 
+- name: download Virtio ISO for VirtualBox build
+  get_url:
+    url: https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso
+    dest: '{{man_packer_setup_host_type}}/virtio.iso'
+  when: opt_packer_setup_builder == 'virtualbox'
+
 - name: create Hyper-V External Network switch
   block:
   - name: check if the swtch already exists

roles/packer-setup/templates/bootstrap.ps1.j2

@@ -35,7 +35,7 @@ Function Run-Process($executable, $arguments) {
     $psi.Arguments = $arguments
     Write-Log -message "starting new process '$executable $arguments'"
     $process.Start() | Out-Null
-    
+
     $process.WaitForExit() | Out-Null
     $exit_code = $process.ExitCode
     Write-Log -message "process completed with exit code '$exit_code'"
@@ -72,6 +72,15 @@ Function Extract-Zip($zip, $dest) {
     }
 }
 
+Function Get-NetKVMDriverPath {
+    $drive = (Get-PSDrive -PSProvider FileSystem).Name | Where-Object { Test-Path -LiteralPath "$($_):\NetKVM" }
+
+    $host_key = "{{ pri_packer_setup_config.driver_host_string }}"
+    $architecture = $env:PROCESSOR_ARCHITECTURE
+    $inf_path = "$($drive):\NetKVM\$host_key\$architecture\netkvm.inf"
+    return $inf_path
+}
+
 $action = $args[0]
 if (-not (Test-Path -Path $tmp_dir)) {
     New-Item -Path $tmp_dir -ItemType Directory | Out-Null
@@ -89,6 +98,13 @@ $bootstrap_actions = @(
         arguments = "{{action.arguments|default("/quiet /norestart")}}"
     },
 {% endfor %}
+{% if opt_packer_setup_builder == 'virtualbox' %}
+    @{
+        name = "Red Hat Virtio Network Driver"
+        path = Get-NetKVMDriverPath
+        action = "driver"
+    },
+{% endif %}
     @{
         name = "Configure WinRM"
         action = "winrm"
@@ -161,6 +177,60 @@ for ($i = 0; $i -lt $actions.Count; $i++) {
                 throw $error_message
             }
         }
+        "driver" {
+            Write-Log -message "Installing driver $($current_action.name)"
+            Add-Type -TypeDefinition @'
+using System;
+using System.Runtime.InteropServices;
+
+namespace PackerWindoze
+{
+    public class NativeMethods
+    {
+        [DllImport("Newdev.dll", SetLastError = true, CharSet = CharSet.Unicode)]
+        public static extern bool DiInstallDriverW(
+            IntPtr hwndParent,
+            string InfPath,
+            UInt32 Flags,
+            out bool NeedReboot);
+    }
+}
+'@
+
+            $sys_path = Get-ChildItem -Path (Split-Path -Path $current_action.path -Parent) -Filter "*.sys" -File
+            $driver_cert = (Get-AuthenticodeSignature -LiteralPath $sys_path.FullName).SignerCertificate
+
+            $trusted_certs = (Get-ChildItem -Path Cert:\LocalMachine\TrustedPublisher).Thumbprint
+            if ($driver_cert.Thumbprint -notin $trusted_certs) {
+                Write-Log -message "Certificate $($driver_cert.Thumbprint) not in TrustedPublisher store"
+                $store_name = [System.Security.Cryptography.X509Certificates.StoreName]::TrustedPublisher
+                $store_location = [System.Security.Cryptography.X509Certificates.Storelocation]::LocalMachine
+
+                $store = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Store -ArgumentList $store_name, $store_location
+                $store.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
+                try {
+                    $store.Add($driver_cert)
+                } finally {
+                    $store.Dispose()
+                }
+            }
+
+            $needs_reboot = $false
+            $res = [PackerWindoze.NativeMethods]::DiInstallDriverW([IntPtr]::Zero, $current_action.path, 0, [ref]$needs_reboot)
+            if (-not $res) {
+                $err = [System.Runtime.InteropServices.Marshal]::GetLastWin32Error()
+                try {
+                    throw [System.ComponentModel.Win32Exception]$err
+                } catch [System.ComponentModel.Win32Exception] {
+                    $error_msg = "failed to install driver $($current_action.name) - {0} (Win32 Error Code {1} - 0x{1:X8})" -f $_.Exception.Message, $err
+                }
+                Write-Log -message $error_message -level "ERROR"
+                throw $error_message
+            }
+            if ($needs_reboot) {
+                Reboot-AndResume -action $next_action.name
+            }
+        }
         "winrm" {
             Write-Log -message "configuring WinRM listener to work over 5985 with Basic auth"
             &winrm.cmd quickconfig -q
@@ -176,7 +246,7 @@ for ($i = 0; $i -lt $actions.Count; $i++) {
                     throw $error_message
                 }
             }
-    
+
             Write-Log -message "enabling RDP"
             $rdp_wmi = Get-CimInstance -ClassName Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices
             $rdp_enable = $rdp_wmi | Invoke-CimMethod -MethodName SetAllowTSConnections -Arguments @{ AllowTSConnections = 1; ModifyFirewallException = 1 }
@@ -185,7 +255,7 @@ for ($i = 0; $i -lt $actions.Count; $i++) {
                 Write-Log -message $error_message -level "ERROR"
                 throw $error_message
             }
-    
+
             Write-Log -message "enabling NLA authentication for RDP"
             $nla_wmi = Get-CimInstance -ClassName Win32_TSGeneralSetting -Namespace root\CIMV2\TerminalServices
             $nla_wmi | Invoke-CimMethod -MethodName SetUserAuthenticationRequired -Arguments @{ UserAuthenticationRequired = 1 } | Out-Null
@@ -199,4 +269,4 @@ for ($i = 0; $i -lt $actions.Count; $i++) {
     }
 }
 
-Write-Log -message "bootstrap.ps1 complete"
+Write-Log -message "bootstrap.ps1 complete"

roles/packer-setup/templates/hosts.ini.j2

@@ -16,3 +16,4 @@ man_host_architecture={{pri_packer_setup_config.architecture}}
 man_is_longhorn={{pri_packer_setup_config.answer_longhorn}}
 man_packer_windoze_version={{opt_packer_setup_version|default(pri_packer_setup_changelog[0].version)}}
 man_skip_feature_removal={{pri_packer_setup_config.skip_feature_removal|default(False)}}
+man_personalize_choco_packages={{opt_packer_setup_packages|default('["vim", "sysinternals"]')}}

roles/packer-setup/templates/vagrantfile.template.j2

@@ -11,6 +11,7 @@ Vagrant.configure(2) do |config|
   config.vm.network :forwarded_port, guest: 22, host: 2222, id: 'ssh', auto_correct: true
 
   config.vm.provider "virtualbox" do |vb|
+    vb.default_nic_type = "virtio"
     vb.gui = false
     vb.memory = 2048
     vb.cpus = 2