djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename FirstBoot;Various fixes wrt pw provisioning
Some checks reported errors
continuous-integration/drone/push Build was killed
Details

Browse Source
This commit is contained in:
Danny Bessems 2021-03-12 10:34:45 +01:00
parent 9cee2e8f3d
commit a1b63ef568
4 changed files with 53 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/ADDS/Register-ScheduledTask.ps1
View File

@ -4,4 +4,4 @@ Param(
) )
# Create scheduled task # Create scheduled task
& schtasks.exe /Create /TN 'OVF-Properties' /SC ONSTART /RU SYSTEM /TR "powershell.exe -file C:\Payload\Apply-OVFProperties.ps1" & schtasks.exe /Create /TN 'FirstBoot' /SC ONSTART /RU SYSTEM /TR "powershell.exe -file C:\Payload\Apply-FirstBootConfig.ps1"

50
scripts/ADDS/payload/Apply-OVFProperties.ps1 → scripts/ADDS/payload/Apply-FirstBootConfig.ps1
View File

@ -4,18 +4,23 @@ Param(
# No parameters # No parameters
) )
$SetLocationSplat = @{
Path = $PSScriptRoot
}
Set-Location @SetLocationSplat
$NewEventLogSplat = @{ $NewEventLogSplat = @{
LogName = 'Application' LogName = 'Application'
Source = 'OVF-Properties' Source = 'FirstBoot'
ErrorAction = 'SilentlyContinue' ErrorAction = 'SilentlyContinue'
} }
New-EventLog @NewEventLogSplat New-EventLog @NewEventLogSplat
$WriteEventLogSplat = @{ $WriteEventLogSplat = @{
LogName = 'Application' LogName = 'Application'
Source = 'OVF-Properties' Source = 'FirstBoot'
EntryType = 'Information' EntryType = 'Information'
EventID = 1 EventID = 1
Message = 'OVF-Properties sequence initiated' Message = "FirstBoot sequence initiated [working directory: '$PWD']"
} }
Write-EventLog @WriteEventLogSplat Write-EventLog @WriteEventLogSplat
@ -44,13 +49,13 @@ Switch ($ovfPropertyValues['deployment.type']) {
# Mandatory values missing, cannot provision. # Mandatory values missing, cannot provision.
$WriteEventLogSplat = @{ $WriteEventLogSplat = @{
LogName = 'Application' LogName = 'Application'
Source = 'OVF-Properties' Source = 'FirstBoot'
EntryType = 'Error' EntryType = 'Error'
EventID = 66 EventID = 66
Message = "Unexpected or no value set for property 'deployment.type', cannot provision." Message = "Unexpected or no value set for property 'deployment.type', cannot provision."
} }
Write-EventLog @WriteEventLogSplat Write-EventLog @WriteEventLogSplat
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE & schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force Stop-Computer -Force
Exit Exit
} }
@ -64,13 +69,13 @@ If ($MissingProperties.Length -gt 0) {
# Mandatory values missing, cannot provision. # Mandatory values missing, cannot provision.
$WriteEventLogSplat = @{ $WriteEventLogSplat = @{
LogName = 'Application' LogName = 'Application'
Source = 'OVF-Properties' Source = 'FirstBoot'
EntryType = 'Error' EntryType = 'Error'
EventID = 66 EventID = 66
Message = "Missing values for mandatory properties $(($MissingProperties | ForEach-Object {'{0}' -f $_}) -join ', '), cannot provision." Message = "Missing values for mandatory properties $(($MissingProperties | ForEach-Object {"'{0}'" -f $_}) -join ', '), cannot provision."
} }
Write-EventLog @WriteEventLogSplat Write-EventLog @WriteEventLogSplat
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE & schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force Stop-Computer -Force
Exit Exit
} }
@ -113,7 +118,7 @@ If ((Get-WmiObject -Class 'Win32_NetworkAdapterConfiguration').IPAddress -NotCon
If ($Timestamp.AddMinutes($TimeoutMinutes) -lt (Get-Date)) { If ($Timestamp.AddMinutes($TimeoutMinutes) -lt (Get-Date)) {
$WriteEventLogSplat = @{ $WriteEventLogSplat = @{
LogName = 'Application' LogName = 'Application'
Source = 'OVF-Properties' Source = 'FirstBoot'
EntryType = 'Warning' EntryType = 'Warning'
EventID = 13 EventID = 13
Message = "Timeout after $($TimeoutMinutes) minutes waiting for network connection to become available." Message = "Timeout after $($TimeoutMinutes) minutes waiting for network connection to become available."
@ -197,7 +202,7 @@ If ((4,5) -NotContains (Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole)
# Exit # Exit
} }
Catch { Catch {
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE & schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force Stop-Computer -Force
Exit Exit
} }
@ -221,7 +226,7 @@ If ((4,5) -NotContains (Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole)
# Exit # Exit
} }
Catch { Catch {
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE & schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force Stop-Computer -Force
Exit Exit
} }
@ -234,7 +239,7 @@ Do {
If ($Timestamp.AddMinutes($TimeoutMinutes) -lt (Get-Date)) { If ($Timestamp.AddMinutes($TimeoutMinutes) -lt (Get-Date)) {
$WriteEventLogSplat = @{ $WriteEventLogSplat = @{
LogName = 'Application' LogName = 'Application'
Source = 'OVF-Properties' Source = 'FirstBoot'
EntryType = 'Warning' EntryType = 'Warning'
EventID = 13 EventID = 13
Message = "Timeout after $($TimeoutMinutes) minutes waiting for Active Directory to become available." Message = "Timeout after $($TimeoutMinutes) minutes waiting for Active Directory to become available."
@ -257,25 +262,28 @@ Do {
$GetItemSplat = @{ $GetItemSplat = @{
Path = "$($PSScriptRoot)\Scripts\*.ps1" Path = "$($PSScriptRoot)\Scripts\*.ps1"
} }
Get-Item @GetItemSplat | ForEach-Object { ForEach ($Script in (Get-Item @GetItemSplat)) {
Try { Try {
$WriteEventLogSplat = @{ $WriteEventLogSplat = @{
LogName = 'Application' LogName = 'Application'
Source = 'OVF-Properties' Source = 'FirstBoot'
EntryType = 'Information' EntryType = 'Information'
EventID = 4 EventID = 4
Message = "Running script: '$($_.FullName)'" Message = "Running script: '$($Script.FullName)'"
} }
Write-EventLog @WriteEventLogSplat Write-EventLog @WriteEventLogSplat
& $_.FullName -Parameter $ovfPropertyValues & $Script.FullName -Parameter $ovfPropertyValues
} }
Catch { Catch {
$WriteEventLogSplat = @{ $WriteEventLogSplat = @{
LogName = 'Application' LogName = 'Application'
Source = 'OVF-Properties' Source = 'FirstBoot'
EntryType = 'Error' EntryType = 'Error'
EventID = 66 EventID = 66
Message = $_.Exception.Message Message = @"
Error occurred while executing script '$($Script.Name)':
$($_.Exception.Message)
"@
} }
Write-EventLog @WriteEventLogSplat Write-EventLog @WriteEventLogSplat
} }
@ -283,10 +291,10 @@ Get-Item @GetItemSplat | ForEach-Object {
$WriteEventLogSplat = @{ $WriteEventLogSplat = @{
LogName = 'Application' LogName = 'Application'
Source = 'OVF-Properties' Source = 'FirstBoot'
EntryType = 'Information' EntryType = 'Information'
EventID = 42 EventID = 42
Message = 'OVF-Properties sequence applied and finished' Message = 'FirstBoot sequence applied and finished'
} }
Write-EventLog @WriteEventLogSplat Write-EventLog @WriteEventLogSplat
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE & schtasks.exe /Change /TN 'FirstBoot' /DISABLE

21
scripts/ADDS/payload/Provision-VaultPassword.ps1
View File

@ -7,15 +7,16 @@ Param(
[Parameter()] [Parameter()]
[string]$VaultPwPolicy, [string]$VaultPwPolicy,
[Parameter(Mandatory)] [Parameter(Mandatory)]
[string]$VaulSecret, [string]$VaultSecret,
[Parameter(Mandatory)] [Parameter(Mandatory)]
[string]$Username [string]$Username
) )
# Generate new password # Generate new password
$InvokeWebRequestSplat = @{ $InvokeWebRequestSplat = @{
Uri = "$($VaultAPIAddress)/sys/policies/password/$($VaultPasswordPolicy)/generate" Uri = "$($VaultAPIAddress)/sys/policies/password/$($VaultPwPolicy)/generate"
Headers = @{'X-Vault-Token'="$VaultToken"} Headers = @{'X-Vault-Token'="$VaultToken"}
UseBasicParsing = $True
} }
$NewPassword = (Invoke-WebRequest @InvokeWebRequestSplat | ConvertFrom-Json).data.password $NewPassword = (Invoke-WebRequest @InvokeWebRequestSplat | ConvertFrom-Json).data.password
@ -23,13 +24,13 @@ $NewPassword = (Invoke-WebRequest @InvokeWebRequestSplat | ConvertFrom-Json).dat
$Response, $ErrResponse = $Null, $Null $Response, $ErrResponse = $Null, $Null
Try { Try {
$InvokeWebRequestSplat = @{ $InvokeWebRequestSplat = @{
Uri = "$(VaultAPIAddress)/secret/metadata/$($VaultSecret)" Uri = "$($VaultAPIAddress)/secret/metadata/$($VaultSecret)"
Headers = @{'X-Vault-Token' = "$VaultToken"} Headers = @{'X-Vault-Token' = "$VaultToken"}
UseBasicParsing = $True UseBasicParsing = $True
} }
$Response = Invoke-WebRequest @InvokeWebRequestSplat $Response = Invoke-WebRequest @InvokeWebRequestSplat
} }
Catch { Catch [System.Net.WebException] {
$StreamReader = [System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream()) $StreamReader = [System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream())
$StreamReader.BaseStream.Position = 0 $StreamReader.BaseStream.Position = 0
$ErrResponse = $StreamReader.ReadToEnd() $ErrResponse = $StreamReader.ReadToEnd()
@ -39,7 +40,7 @@ Catch {
If ([boolean]$Response) { If ([boolean]$Response) {
# Secret already exists; retrieve existing key/value pairs # Secret already exists; retrieve existing key/value pairs
$InvokeWebRequestSplat = @{ $InvokeWebRequestSplat = @{
Uri = "$(VaultAPIAddress)/secret/data/$($VaultSecret)" Uri = "$($VaultAPIAddress)/secret/data/$($VaultSecret)"
Headers = @{'X-Vault-Token' = "$VaultToken"} Headers = @{'X-Vault-Token' = "$VaultToken"}
UseBasicParsing = $True UseBasicParsing = $True
} }
@ -56,20 +57,22 @@ If ([boolean]$Response) {
# Store as new version # Store as new version
$InvokeWebRequestSplat = @{ $InvokeWebRequestSplat = @{
Uri = "$($VaultAPIAddress)/secret/data/$($VaulSecret)" Uri = "$($VaultAPIAddress)/secret/data/$($VaultSecret)"
Method = 'POST' Method = 'POST'
UseBasicParsing = $True
Headers = @{'X-Vault-Token'="$VaultToken"} Headers = @{'X-Vault-Token'="$VaultToken"}
Body = @{ Body = @{
data = $Secret.data data = $Secret.data
} | ConvertTo-Json } | ConvertTo-Json
} }
Invoke-WebRequest @InvokeWebRequestSplat Invoke-WebRequest @InvokeWebRequestSplat | Out-Null
} }
ElseIf ([boolean]$ErrResponse) { ElseIf ([boolean]$ErrResponse) {
# Secret did not exist yet, store as new secret # Secret did not exist yet, store as new secret
$InvokeWebRequestSplat = @{ $InvokeWebRequestSplat = @{
Uri = "$($VaultAPIAddress)/secret/data/$($VaulSecret)" Uri = "$($VaultAPIAddress)/secret/data/$($VaultSecret)"
Method = 'POST' Method = 'POST'
UseBasicParsing = $True
Headers = @{'X-Vault-Token'="$VaultToken"} Headers = @{'X-Vault-Token'="$VaultToken"}
Body = @{ Body = @{
data = @{ data = @{
@ -77,7 +80,7 @@ ElseIf ([boolean]$ErrResponse) {
} }
} | ConvertTo-Json } | ConvertTo-Json
} }
Invoke-WebRequest @InvokeWebRequestSplat Invoke-WebRequest @InvokeWebRequestSplat | Out-Null
} }
Return $NewPassword Return $NewPassword

8
scripts/ADDS/payload/scripts/03.Users.yml
View File

@ -16,13 +16,13 @@ Users:
Variables: Variables:
- Name: password.janedoe - Name: password.janedoe
Expression: | Expression: |
& "$($PSScriptRoot)\..\Provision-VaultPassword.ps1" -VaulSecret $Parameter['vault.secret'] -Username 'janedoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy'] & ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'janedoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.johndoe - Name: password.johndoe
Expression: | Expression: |
& "$($PSScriptRoot)\..\Provision-VaultPassword.ps1" -VaulSecret $Parameter['vault.secret'] -Username 'johndoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy'] & ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'johndoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.amdjaned - Name: password.amdjaned
Expression: | Expression: |
& "$($PSScriptRoot)\..\Provision-VaultPassword.ps1" -VaulSecret $Parameter['vault.secret'] -Username 'amdjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy'] & ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'amdjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.zzldap - Name: password.zzldap
Expression: | Expression: |
& "$($PSScriptRoot)\..\Provision-VaultPassword.ps1" -VaulSecret $Parameter['vault.secret'] -Username 'zzldap' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy'] & ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'zzldap' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']