djpbessems/Packer.Images
djpbessems/Packer.Images
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename FirstBoot;Various fixes wrt pw provisioning
Some checks reported errors
continuous-integration/drone/push Build was killed
Details

Browse Source
This commit is contained in:
Danny Bessems 2021-03-12 10:34:45 +01:00
parent 9cee2e8f3d
commit a1b63ef568
4 changed files with 53 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
scripts/ADDS/Register-ScheduledTask.ps1
View File

@ -4,4 +4,4 @@ Param(
)
# Create scheduled task
& schtasks.exe /Create /TN 'OVF-Properties' /SC ONSTART /RU SYSTEM /TR "powershell.exe -file C:\Payload\Apply-OVFProperties.ps1"
& schtasks.exe /Create /TN 'FirstBoot' /SC ONSTART /RU SYSTEM /TR "powershell.exe -file C:\Payload\Apply-FirstBootConfig.ps1"

50
scripts/ADDS/payload/Apply-OVFProperties.ps1 → scripts/ADDS/payload/Apply-FirstBootConfig.ps1
View File

@ -4,18 +4,23 @@ Param(
# No parameters
)
$SetLocationSplat = @{
Path = $PSScriptRoot
}
Set-Location @SetLocationSplat
$NewEventLogSplat = @{
LogName = 'Application'
Source = 'OVF-Properties'
Source = 'FirstBoot'
ErrorAction = 'SilentlyContinue'
}
New-EventLog @NewEventLogSplat
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'OVF-Properties'
Source = 'FirstBoot'
EntryType = 'Information'
EventID = 1
Message = 'OVF-Properties sequence initiated'
Message = "FirstBoot sequence initiated [working directory: '$PWD']"
}
Write-EventLog @WriteEventLogSplat
@ -44,13 +49,13 @@ Switch ($ovfPropertyValues['deployment.type']) {
# Mandatory values missing, cannot provision.
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'OVF-Properties'
Source = 'FirstBoot'
EntryType = 'Error'
EventID = 66
Message = "Unexpected or no value set for property 'deployment.type', cannot provision."
}
Write-EventLog @WriteEventLogSplat
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE
& schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force
Exit
}
@ -64,13 +69,13 @@ If ($MissingProperties.Length -gt 0) {
# Mandatory values missing, cannot provision.
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'OVF-Properties'
Source = 'FirstBoot'
EntryType = 'Error'
EventID = 66
Message = "Missing values for mandatory properties $(($MissingProperties | ForEach-Object {'{0}' -f $_}) -join ', '), cannot provision."
Message = "Missing values for mandatory properties $(($MissingProperties | ForEach-Object {"'{0}'" -f $_}) -join ', '), cannot provision."
}
Write-EventLog @WriteEventLogSplat
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE
& schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force
Exit
}
@ -113,7 +118,7 @@ If ((Get-WmiObject -Class 'Win32_NetworkAdapterConfiguration').IPAddress -NotCon
If ($Timestamp.AddMinutes($TimeoutMinutes) -lt (Get-Date)) {
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'OVF-Properties'
Source = 'FirstBoot'
EntryType = 'Warning'
EventID = 13
Message = "Timeout after $($TimeoutMinutes) minutes waiting for network connection to become available."
@ -197,7 +202,7 @@ If ((4,5) -NotContains (Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole)
# Exit
}
Catch {
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE
& schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force
Exit
}
@ -221,7 +226,7 @@ If ((4,5) -NotContains (Get-WmiObject -Class 'Win32_ComputerSystem').DomainRole)
# Exit
}
Catch {
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE
& schtasks.exe /Change /TN 'FirstBoot' /DISABLE
Stop-Computer -Force
Exit
}
@ -234,7 +239,7 @@ Do {
If ($Timestamp.AddMinutes($TimeoutMinutes) -lt (Get-Date)) {
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'OVF-Properties'
Source = 'FirstBoot'
EntryType = 'Warning'
EventID = 13
Message = "Timeout after $($TimeoutMinutes) minutes waiting for Active Directory to become available."
@ -257,25 +262,28 @@ Do {
$GetItemSplat = @{
Path = "$($PSScriptRoot)\Scripts\*.ps1"
}
Get-Item @GetItemSplat | ForEach-Object {
ForEach ($Script in (Get-Item @GetItemSplat)) {
Try {
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'OVF-Properties'
Source = 'FirstBoot'
EntryType = 'Information'
EventID = 4
Message = "Running script: '$($_.FullName)'"
Message = "Running script: '$($Script.FullName)'"
}
Write-EventLog @WriteEventLogSplat
& $_.FullName -Parameter $ovfPropertyValues
& $Script.FullName -Parameter $ovfPropertyValues
}
Catch {
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'OVF-Properties'
Source = 'FirstBoot'
EntryType = 'Error'
EventID = 66
Message = $_.Exception.Message
Message = @"
Error occurred while executing script '$($Script.Name)':
$($_.Exception.Message)
"@
}
Write-EventLog @WriteEventLogSplat
}
@ -283,10 +291,10 @@ Get-Item @GetItemSplat | ForEach-Object {
$WriteEventLogSplat = @{
LogName = 'Application'
Source = 'OVF-Properties'
Source = 'FirstBoot'
EntryType = 'Information'
EventID = 42
Message = 'OVF-Properties sequence applied and finished'
Message = 'FirstBoot sequence applied and finished'
}
Write-EventLog @WriteEventLogSplat
& schtasks.exe /Change /TN 'OVF-Properties' /DISABLE
& schtasks.exe /Change /TN 'FirstBoot' /DISABLE

21
scripts/ADDS/payload/Provision-VaultPassword.ps1
View File

@ -7,15 +7,16 @@ Param(
[Parameter()]
[string]$VaultPwPolicy,
[Parameter(Mandatory)]
[string]$VaulSecret,
[string]$VaultSecret,
[Parameter(Mandatory)]
[string]$Username
)
# Generate new password
$InvokeWebRequestSplat = @{
Uri = "$($VaultAPIAddress)/sys/policies/password/$($VaultPasswordPolicy)/generate"
Uri = "$($VaultAPIAddress)/sys/policies/password/$($VaultPwPolicy)/generate"
Headers = @{'X-Vault-Token'="$VaultToken"}
UseBasicParsing = $True
}
$NewPassword = (Invoke-WebRequest @InvokeWebRequestSplat | ConvertFrom-Json).data.password
@ -23,13 +24,13 @@ $NewPassword = (Invoke-WebRequest @InvokeWebRequestSplat | ConvertFrom-Json).dat
$Response, $ErrResponse = $Null, $Null
Try {
$InvokeWebRequestSplat = @{
Uri = "$(VaultAPIAddress)/secret/metadata/$($VaultSecret)"
Uri = "$($VaultAPIAddress)/secret/metadata/$($VaultSecret)"
Headers = @{'X-Vault-Token' = "$VaultToken"}
UseBasicParsing = $True
}
$Response = Invoke-WebRequest @InvokeWebRequestSplat
}
Catch {
Catch [System.Net.WebException] {
$StreamReader = [System.IO.StreamReader]::new($_.Exception.Response.GetResponseStream())
$StreamReader.BaseStream.Position = 0
$ErrResponse = $StreamReader.ReadToEnd()
@ -39,7 +40,7 @@ Catch {
If ([boolean]$Response) {
# Secret already exists; retrieve existing key/value pairs
$InvokeWebRequestSplat = @{
Uri = "$(VaultAPIAddress)/secret/data/$($VaultSecret)"
Uri = "$($VaultAPIAddress)/secret/data/$($VaultSecret)"
Headers = @{'X-Vault-Token' = "$VaultToken"}
UseBasicParsing = $True
}
@ -56,20 +57,22 @@ If ([boolean]$Response) {
# Store as new version
$InvokeWebRequestSplat = @{
Uri = "$($VaultAPIAddress)/secret/data/$($VaulSecret)"
Uri = "$($VaultAPIAddress)/secret/data/$($VaultSecret)"
Method = 'POST'
UseBasicParsing = $True
Headers = @{'X-Vault-Token'="$VaultToken"}
Body = @{
data = $Secret.data
} | ConvertTo-Json
}
Invoke-WebRequest @InvokeWebRequestSplat
Invoke-WebRequest @InvokeWebRequestSplat | Out-Null
}
ElseIf ([boolean]$ErrResponse) {
# Secret did not exist yet, store as new secret
$InvokeWebRequestSplat = @{
Uri = "$($VaultAPIAddress)/secret/data/$($VaulSecret)"
Uri = "$($VaultAPIAddress)/secret/data/$($VaultSecret)"
Method = 'POST'
UseBasicParsing = $True
Headers = @{'X-Vault-Token'="$VaultToken"}
Body = @{
data = @{
@ -77,7 +80,7 @@ ElseIf ([boolean]$ErrResponse) {
}
} | ConvertTo-Json
}
Invoke-WebRequest @InvokeWebRequestSplat
Invoke-WebRequest @InvokeWebRequestSplat | Out-Null
}
Return $NewPassword

8
scripts/ADDS/payload/scripts/03.Users.yml
View File

@ -16,13 +16,13 @@ Users:
Variables:
- Name: password.janedoe
Expression: |
& "$($PSScriptRoot)\..\Provision-VaultPassword.ps1" -VaulSecret $Parameter['vault.secret'] -Username 'janedoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'janedoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.johndoe
Expression: |
& "$($PSScriptRoot)\..\Provision-VaultPassword.ps1" -VaulSecret $Parameter['vault.secret'] -Username 'johndoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'johndoe' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.amdjaned
Expression: |
& "$($PSScriptRoot)\..\Provision-VaultPassword.ps1" -VaulSecret $Parameter['vault.secret'] -Username 'amdjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'amdjaned' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
- Name: password.zzldap
Expression: |
& "$($PSScriptRoot)\..\Provision-VaultPassword.ps1" -VaulSecret $Parameter['vault.secret'] -Username 'zzldap' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']
& ".\Provision-VaultPassword.ps1" -VaultSecret $Parameter['vault.secret'] -Username 'zzldap' -VaultAPIAddress $Parameter['vault.api'] -VaultToken $Parameter['vault.token'] -VaultPwPolicy $Parameter['vault.pwpolicy']