Packer.Images/README.md

# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/ADDS)](https://ci.spamasaurus.com/djpbessems/Packer.Images)

This OVA appliance allows deploying an Active Directory Domain Controller fully automated:  

The included `.ovf` file has the following XML contents (simplified for clarity) to facilitate the different `DeploymentOption`s:  
```xml
<Envelope [...]>
  [...]
  <DeploymentOptionSection>
    <Info>Deployment Type</Info>
    <Configuration ovf:id="primary">
      <Label>Primary (redundant deployment)</Label>
      <Description>Initial Domain Controller with 'PDC Emulator'-role</Description>
    </Configuration>
    <Configuration ovf:id="secondary">
      <Label>Secondary (redundant deployment)</Label>
      <Description>Additional Domain Controller</Description>
    </Configuration>
    <Configuration ovf:id="standalone">
      <Label>Stand-alone (non-redundant deployment)</Label>
      <Description>Single Domain Controller</Description>
    </Configuration>
  </DeploymentOptionSection>
  <VirtualSystem ovf:id="[...]">
    [...]
    <ProductSection>
      [...]
      <Category>1) Operating System</Category>
      <Property ovf:configuration="primary secondary standalone" ovf:key="guestinfo.hostname" [...]>
        <Label>Hostname*</Label>
      </Property>
      [...]
      <Category>2) Networking</Category>
      <Property ovf:configuration="secondary" ovf:key="guestinfo.dnsserver" [...]>
        <Label>DNS server*</Label>
      </Property>
      [...]
      <Category>3) Active Directory Domain Services</Category>
      <Property ovf:configuration="primary standalone" ovf:key="addsconfig.ntpserver" [...]>
        <Label>NTP Server*</Label>
      [...]
      </Property>
    </ProductSection>
  </VirtualSystem>
</Envelope>
```

When **provisioning** the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible *Infrastructure as code* tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.  

<table>
<tr>
<td><em>vSphere 'Deploy OVF template...' wizard</em></td> <td> <a href="https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine#deploying-vm-from-an-ovfova-template">HashiCorp Terraform vSphere provider</a> </td>
</tr>
<tr>
<td><img src=".assets/vAppConfigurations-ADDS-example.png" alt="vApp properties" width="400" /><br/><img src=".assets/vAppProperties-ADDS-example.png" alt="vApp properties" width="400" /></td>
<td>

```hcl
  vapp {
    properties = {
      # "deployment.typ"             = "primary"
      
      "guestinfo.hostname"         = "DC01"
      "guestinfo.ipaddress"        = "10.0.0.21"
      "guestinfo.prefixlength"     = "24"
      # "guestinfo.dnsserver"        = "0.0.0.0"
      "guestinfo.gateway"          = "10.0.0.1"

      "addsconfig.domainname"      = "contoso.com"
      "addsconfig.netbiosname"     = "CONTOSO"
      "addsconfig.administratorpw" = var.adds_adminpassword
      "addsconfig.safemodepw"      = var.adds_safemodepassword
      # "addsconfig.ntpserver"       = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org"

      "vault.api"                   = "https://vault.example.org/v1"
      "vault.token"                 = "s.R2E1anlOcTZrTmZSTVZRazJM"
      "vault.pwpolicy"              = "complex"
      "vault.secret"                = "contoso-project42"

      # "dhcpconfig.startip"         = "10.0.0.50"
      # "dhcpconfig.endip"           = "10.0.0.250"
      # "dhcpconfig.subnetmask"      = "255.255.255.0"
      # "dhcpconfig.gateway"         = "10.0.0.1"
      # "dhcpconfig.leaseduration"   = "01:00:00.00"
    }
  }
```

</td>
</tr>
</table>

On first boot, the appliance will start **configuring** itself without any further user-input, by performing the following steps:  
- Change hostname
- Configure network
- Set password for local administrator
- Promote to Domain Controller
- Iterate through all payload scripts:
  - Create Active Directory Organizational Units
  - Create Active Directory security groups
  - Create Active Directory user accounts
  - Set up Delegation of Control
  - Configure Active Directory Group Policy Objects with Windows Firewall settings
  - Configure DHCP (scopes, options and Failover relationship)
  - Create DNS records
  - Define Active Directory Group Policy WMI Filters
  - Define and link Active Directory Group Policy Objects and Preferences
  - Set Active Directory Default domain Password policy
Update badge in README 2021-01-27 20:31:30 +00:00			`# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/ADDS)](https://ci.spamasaurus.com/djpbessems/Packer.Images)`
Delete commit history (containing proprietary code) 2021-01-23 15:04:42 +00:00
Remove deprecated ToastNotifications;Update README 2021-01-28 13:31:51 +00:00			`This OVA appliance allows deploying an Active Directory Domain Controller fully automated:`
Update documentation 2021-01-28 15:17:08 +00:00
Housekeeping; Adding to documentation 2021-02-11 15:56:19 +00:00			The included `.ovf` file has the following XML contents (simplified for clarity) to facilitate the different `DeploymentOption`s:
			```xml
			`<Envelope [...]>`
			`[...]`
			`<DeploymentOptionSection>`
			`<Info>Deployment Type</Info>`
			`<Configuration ovf:id="primary">`
			`<Label>Primary (redundant deployment)</Label>`
			`<Description>Initial Domain Controller with 'PDC Emulator'-role</Description>`
			`</Configuration>`
			`<Configuration ovf:id="secondary">`
			`<Label>Secondary (redundant deployment)</Label>`
			`<Description>Additional Domain Controller</Description>`
			`</Configuration>`
			`<Configuration ovf:id="standalone">`
			`<Label>Stand-alone (non-redundant deployment)</Label>`
			`<Description>Single Domain Controller</Description>`
			`</Configuration>`
			`</DeploymentOptionSection>`
			`<VirtualSystem ovf:id="[...]">`
			`[...]`
			`<ProductSection>`
			`[...]`
			`<Category>1) Operating System</Category>`
			`<Property ovf:configuration="primary secondary standalone" ovf:key="guestinfo.hostname" [...]>`
			`<Label>Hostname*</Label>`
			`</Property>`
			`[...]`
			`<Category>2) Networking</Category>`
			`<Property ovf:configuration="secondary" ovf:key="guestinfo.dnsserver" [...]>`
			`<Label>DNS server*</Label>`
			`</Property>`
			`[...]`
			`<Category>3) Active Directory Domain Services</Category>`
			`<Property ovf:configuration="primary standalone" ovf:key="addsconfig.ntpserver" [...]>`
			`<Label>NTP Server*</Label>`
			`[...]`
			`</Property>`
			`</ProductSection>`
			`</VirtualSystem>`
			`</Envelope>`
			```

Update documentation 2021-01-28 15:17:08 +00:00			`When provisioning the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible Infrastructure as code tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.`

			`<table>`
			`<tr>`
			`<td><em>vSphere 'Deploy OVF template...' wizard</em></td> <td> <a href="https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine#deploying-vm-from-an-ovfova-template">HashiCorp Terraform vSphere provider</a> </td>`
			`</tr>`
			`<tr>`
Housekeeping; Adding to documentation 2021-02-11 15:56:19 +00:00			`<td><img src=".assets/vAppConfigurations-ADDS-example.png" alt="vApp properties" width="400" /><br/><img src=".assets/vAppProperties-ADDS-example.png" alt="vApp properties" width="400" /></td>`
Update documentation 2021-01-28 15:17:08 +00:00			`<td>`

			```hcl
			`vapp {`
			`properties = {`
Housekeeping; Adding to documentation 2021-02-11 15:56:19 +00:00			`# "deployment.typ" = "primary"`

Update documentation 2021-01-28 15:17:08 +00:00			`"guestinfo.hostname" = "DC01"`
			`"guestinfo.ipaddress" = "10.0.0.21"`
			`"guestinfo.prefixlength" = "24"`
Housekeeping; Adding to documentation 2021-02-11 15:56:19 +00:00			`# "guestinfo.dnsserver" = "0.0.0.0"`
Update documentation 2021-01-28 15:17:08 +00:00			`"guestinfo.gateway" = "10.0.0.1"`

			`"addsconfig.domainname" = "contoso.com"`
			`"addsconfig.netbiosname" = "CONTOSO"`
Fix variable syntax in documentation 2021-02-04 09:56:32 +00:00			`"addsconfig.administratorpw" = var.adds_adminpassword`
			`"addsconfig.safemodepw" = var.adds_safemodepassword`
Housekeeping; Adding to documentation 2021-02-11 15:56:19 +00:00			`# "addsconfig.ntpserver" = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org"`
Update documentation 2021-01-28 15:17:08 +00:00
Merge key/value pairs in vault secret 2021-03-10 10:32:53 +00:00			`"vault.api" = "https://vault.example.org/v1"`
			`"vault.token" = "s.R2E1anlOcTZrTmZSTVZRazJM"`
			`"vault.pwpolicy" = "complex"`
			`"vault.secret" = "contoso-project42"`

Housekeeping; Adding to documentation 2021-02-11 15:56:19 +00:00			`# "dhcpconfig.startip" = "10.0.0.50"`
			`# "dhcpconfig.endip" = "10.0.0.250"`
			`# "dhcpconfig.subnetmask" = "255.255.255.0"`
			`# "dhcpconfig.gateway" = "10.0.0.1"`
			`# "dhcpconfig.leaseduration" = "01:00:00.00"`
Update documentation 2021-01-28 15:17:08 +00:00			`}`
			`}`
			```

			`</td>`
			`</tr>`
			`</table>`

			`On first boot, the appliance will start configuring itself without any further user-input, by performing the following steps:`
			`- Change hostname`
			`- Configure network`
			`- Set password for local administrator`
			`- Promote to Domain Controller`
			`- Iterate through all payload scripts:`
			`- Create Active Directory Organizational Units`
			`- Create Active Directory security groups`
			`- Create Active Directory user accounts`
			`- Set up Delegation of Control`
			`- Configure Active Directory Group Policy Objects with Windows Firewall settings`
			`- Configure DHCP (scopes, options and Failover relationship)`
			`- Create DNS records`
			`- Define Active Directory Group Policy WMI Filters`
			`- Define and link Active Directory Group Policy Objects and Preferences`
			`- Set Active Directory Default domain Password policy`