Update packer windows-update plugin

Update VMware Tools
2021-10-25 13:32:57 +02:00 · 2021-10-25 13:12:00 +02:00
109 changed files with 997 additions and 2036 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -14,56 +14,54 @@ steps:
 - name: Debugging information
  image: bv11-cr01.bessems.eu/library/packer-extended
  commands:
  - ansible --version
  - ovftool --version
  - packer --version
  - yamllint --version
- name: Kubernetes Bootstrap Appliance
+  - packer --version
  - pwsh --version
  - ovftool --version
 - name: Windows 10
  image: bv11-cr01.bessems.eu/library/packer-extended
  pull: always
  commands:
  - sed -i -e "s/<<img-productkey>>/$${PRODUCTKEY}/" packer/preseed/Windows10/Autounattend.xml
  - |
-    sed -i -e "s/<<img-password>>/$${SSH_PASSWORD}/g" \
+    sed -i -e "s/<<img-password>>/$${WINRM_PASSWORD}/g" \
-      packer/preseed/UbuntuServer22.04/user-data
+      packer/preseed/Windows10/Autounattend.xml \
      packer/preseed/Windows10/Sysprep_Unattend.xml
  - |
-    yamllint -d "{extends: relaxed, rules: {line-length: disable}}" \
+    yamllint -d "{extends: relaxed, rules: {line-length: disable}}" scripts
      ansible \
      packer/preseed/UbuntuServer22.04/user-data \
      scripts
  - |
    ansible-galaxy install \
      -r ansible/requirements.yml
  - |
    packer init -upgrade \
      ./packer
  - |
    packer validate \
      -var vm_name=$DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
-      -var vm_guestos=k8sbootstrap \
+      -var vm_guestos=win10 \
      -var repo_username=$${REPO_USERNAME} \
      -var repo_password=$${REPO_PASSWORD} \
      -var vsphere_password=$${VSPHERE_PASSWORD} \
-      -var ssh_password=$${SSH_PASSWORD} \
+      -var winrm_password=$${WINRM_PASSWORD} \
      ./packer
  - |
    packer build \
-      -on-error=cleanup -timestamp-ui \
+      -on-error=cleanup \
      -var vm_name=$DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
-      -var vm_guestos=k8sbootstrap \
+      -var vm_guestos=win10 \
      -var repo_username=$${REPO_USERNAME} \
      -var repo_password=$${REPO_PASSWORD} \
      -var vsphere_password=$${VSPHERE_PASSWORD} \
-      -var ssh_password=$${SSH_PASSWORD} \
+      -var winrm_password=$${WINRM_PASSWORD} \
      ./packer
  environment:
    VSPHERE_PASSWORD:
      from_secret: vsphere_password
-    SSH_PASSWORD:
+    WINRM_PASSWORD:
-      from_secret: ssh_password
+      from_secret: winrm_password
    REPO_USERNAME:
      from_secret: repo_username
    REPO_PASSWORD:
      from_secret: repo_password
    PRODUCTKEY:
      from_secret: prodkey_win10
    # PACKER_LOG: 1
  volumes:
  - name: output
--- a/README.md
+++ b/README.md
@@ -1 +1 @@
-# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/Kubernetes.Bootstrap.Appliance)](https://ci.spamasaurus.com/djpbessems/Packer.Images)
+# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/Windows10)](https://ci.spamasaurus.com/djpbessems/Packer.Images)
--- a/ansible/ansible.cfg
+++ b/ansible/ansible.cfg
@@ -1,3 +0,0 @@
 [defaults]
 deprecation_warnings = False
 remote_tmp           = /tmp/.ansible-${USER}/tmp
--- a/ansible/playbook.yml
+++ b/ansible/playbook.yml
@@ -1,12 +0,0 @@
 ---
 - hosts: all
  gather_facts: false
  vars_files:
    - metacluster.yml
    - workloadcluster.yml
  become: true
  roles:
    - os
    - firstboot
    - appliance
    - metacluster
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@@ -1,4 +0,0 @@
 collections:
  - ansible.utils
  - community.general
  - kubernetes.core
--- a/ansible/roles/appliance/tasks/dependencies.archive_compressed.yml
+++ b/ansible/roles/appliance/tasks/dependencies.archive_compressed.yml
@@ -1,27 +0,0 @@
 ---
 - name: Initialize tempfolder
  ansible.builtin.tempfile:
    state: directory
  register: archive
 - name: Download & extract archived static binary
  ansible.builtin.unarchive:
    src: "{{ item.url }}"
    dest: "{{ archive.path }}"
    remote_src: yes
    extra_opts: "{{ item.extra_opts | default(omit) }}"
 - name: Install extracted binary
  ansible.builtin.copy:
    src: "{{ archive.path }}/{{ item.filename }}"
    dest: /usr/local/bin/{{ item.filename }}
    remote_src: yes
    owner: root
    group: root
    mode: 0755
 - name: Cleanup tempfolder
  ansible.builtin.file:
    path: "{{ archive.path }}"
    state: absent
  when: archive.path is defined
--- a/ansible/roles/appliance/tasks/dependencies.yml
+++ b/ansible/roles/appliance/tasks/dependencies.yml
@@ -1,53 +0,0 @@
 # - name: Create folder structure(s)
 #  ansible.builtin.file:
 #    path: "{{ item }}"
 #    state: directory
 #  loop:
 #    - /foo
 - name: Download & install static binaries
  ansible.builtin.get_url:
    url: "{{ item.url }}"
    url_username: "{{ item.username | default(omit) }}"
    url_password: "{{ item.password | default(omit) }}"
    dest: /usr/local/bin/{{ item.filename }}
    owner: root
    group: root
    mode: 0755
  loop: "{{ dependencies.static_binaries | selectattr('archive', 'undefined') }}"
  loop_control:
    label: "{{ item.filename }}"
 - name: Download, extract & install archived static binaries
  include_tasks: dependencies.archive_compressed.yml
  loop: "{{ dependencies.static_binaries | rejectattr('archive', 'undefined') | selectattr('archive', 'equalto', 'compressed') }}"
  loop_control:
    label: "{{ item.filename }}"
 - name: Install ansible-galaxy collections
  ansible.builtin.shell:
    cmd: ansible-galaxy collection install {{ item }}
  loop: "{{ dependencies.ansible_galaxy_collections }}"
 - name: Install distro packages
  ansible.builtin.apt:
    pkg: "{{ dependencies.packages.apt }}"
    state: latest
    update_cache: yes
    install_recommends: no
 - name: Upgrade all packages
  ansible.builtin.apt:
    name: '*'
    state: latest
    update_cache: yes
 - name: Install additional python packages
  ansible.builtin.pip:
    name: "{{ dependencies.packages.pip }}"
    state: latest
 - name: Cleanup apt cache
  ansible.builtin.apt:
    autoremove: yes
    purge: yes
--- a/ansible/roles/appliance/tasks/main.yml
+++ b/ansible/roles/appliance/tasks/main.yml
@@ -1,2 +0,0 @@
 - name: Install & configure dependencies
  import_tasks: dependencies.yml
--- a/ansible/roles/firstboot/files/ansible_payload/playbook.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/playbook.yml
@@ -1,24 +0,0 @@
 ---
 - hosts: 127.0.0.1
  connection: local
  gather_facts: false
  vars_files:
    - metacluster.yml
  # become: true
  roles:
    - vapp
    - network
    - users
    - disks
    - metacluster
    - workloadcluster
    - tty
    - cleanup
  handlers:
    - name: Apply manifests
      kubernetes.core.k8s:
        src: "{{ item }}"
        state: present
        kubeconfig: "{{ kubeconfig.path }}"
      loop: "{{ query('ansible.builtin.fileglob', '/var/lib/rancher/k3s/server/manifests/*.yaml') | sort }}"
      ignore_errors: yes
--- a/ansible/roles/firstboot/files/ansible_payload/roles/cleanup/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/cleanup/tasks/main.yml
@@ -1,8 +0,0 @@
 - name: Disable crontab job
  ansible.builtin.cron:
    name: firstboot
    state: absent
 - name: Reboot host
  ansible.builtin.shell:
    cmd: /usr/sbin/reboot now
--- a/ansible/roles/firstboot/files/ansible_payload/roles/disks/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/disks/tasks/main.yml
@@ -1,24 +0,0 @@
 - name: Create volume group
  community.general.lvg:
    vg: longhorn_vg
    pvs:
      - /dev/sdb
    pvresize: yes
 - name: Create logical volume
  community.general.lvol:
    vg: longhorn_vg
    lv: longhorn_lv
    size: 100%VG
 - name: Create filesystem
  community.general.filesystem:
    dev: /dev/mapper/longhorn_vg-longhorn_lv
    fstype: ext4
 - name: Mount dynamic disk
  ansible.posix.mount:
    path: /mnt/blockstorage
    src: /dev/mapper/longhorn_vg-longhorn_lv
    fstype: ext4
    state: mounted
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/filter_plugins/netaddr.py
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/filter_plugins/netaddr.py
@@ -1,14 +0,0 @@
 import netaddr
 def netaddr_iter_iprange(ip_start, ip_end):
    return [str(ip) for ip in netaddr.iter_iprange(ip_start, ip_end)]
 class FilterModule(object):
        ''' Ansible filter. Interface to netaddr methods.
            https://pypi.org/project/netaddr/
        '''
        def filters(self):
            return {
                'netaddr_iter_iprange': netaddr_iter_iprange
            }
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/assets.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/assets.yml
@@ -1,7 +0,0 @@
 - name: Import container images
  ansible.builtin.command:
    cmd: k3s ctr image import {{ item }}
    chdir: /opt/metacluster/container-images
  loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') | sort }}"
  loop_control:
    label: "{{ item | basename }}"
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/certauthority.yml
@@ -1,122 +0,0 @@
 - name: Install step-ca chart
  kubernetes.core.helm:
    name: step-certificates
    chart_ref: /opt/metacluster/helm-charts/step-certificates
    release_namespace: step-ca
    create_namespace: yes
    wait: yes
    kubeconfig: "{{ kubeconfig.path }}"
    values: "{{ components.stepcertificates.chart_values }}"
 - name: Retrieve configmap w/ root certificate
  kubernetes.core.k8s_info:
    kind: ConfigMap
    name: step-certificates-certs
    namespace: step-ca
    kubeconfig: "{{ kubeconfig.path }}"
  register: stepca_cm_certs
 - name: Create target namespaces
  kubernetes.core.k8s:
    kind: Namespace
    name: "{{ item }}"
    state: present
    kubeconfig: "{{ kubeconfig.path }}"
  loop:
    - argo-cd
    # - kube-system
 - name: Store root certificate in namespaced configmaps/secrets
  kubernetes.core.k8s:
    state: present
    template: "{{ item.kind }}.j2"
    kubeconfig: "{{ kubeconfig.path }}"
  vars:
    _template:
      name: "{{ item.name }}"
      namespace: "{{ item.namespace }}"
      annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}"
      labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}"
      data: "{{ item.data }}"
  loop:
    - name: argocd-tls-certs-cm
      namespace: argo-cd
      kind: configmap
      annotations: |
        meta.helm.sh/release-name: argo-cd
        meta.helm.sh/release-namespace: argo-cd
      labels: |
        app.kubernetes.io/managed-by: Helm
        app.kubernetes.io/name: argocd-cm
        app.kubernetes.io/part-of: argocd
      data:
        - key: git.{{ vapp['metacluster.fqdn'] }}
          value: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] }}"
    - name: step-certificates-certs
      namespace: kube-system
      kind: secret
      data:
        - key: root_ca.crt
          value: "{{ stepca_cm_certs.resources[0].data['root_ca.crt'] | b64encode }}"
  loop_control:
    label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}"
 - name: Configure step-ca passthrough ingress
  ansible.builtin.template:
    src: ingressroutetcp.j2
    dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
    owner: root
    group: root
    mode: 0600
  vars:
    _template:
      name: step-ca
      namespace: step-ca
      config: |2
          entryPoints:
            - websecure
          routes:
          - match: HostSNI(`ca.{{ vapp['metacluster.fqdn'] }}`)
            services:
            - name: step-certificates
              port: 443
          tls:
            passthrough: true
  notify:
    - Apply manifests
 - name: Inject step-ca certificate into traefik container
  ansible.builtin.blockinfile:
    path: /var/lib/rancher/k3s/server/manifests/traefik-config.yaml
    block: |2
          volumes:
            - name: step-certificates-certs
              mountPath: /step-ca
              type: secret
          env:
            - name: LEGO_CA_CERTIFICATES
              value: /step-ca/root_ca.crt
    marker: '    # {mark} ANSIBLE MANAGED BLOCK'
  notify:
    - Apply manifests
 - name: Trigger handlers
  ansible.builtin.meta: flush_handlers
 - name: Retrieve step-ca configuration
  kubernetes.core.k8s_info:
    kind: ConfigMap
    name: step-certificates-config
    namespace: step-ca
    kubeconfig: "{{ kubeconfig.path }}"
  register: stepca_cm_config
 - name: Install root CA in system truststore
  ansible.builtin.shell:
    cmd: >-
      step ca bootstrap \
        --ca-url=https://ca.{{ vapp['metacluster.fqdn'] }} \
        --fingerprint={{ stepca_cm_config.resources[0].data['defaults.json'] | from_json | json_query('fingerprint') }} \
        --install \
        --force
      update-ca-certificates
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/cleanup.yml
@@ -1,12 +0,0 @@
 - name: Compress tarballs
  community.general.archive:
    dest: /opt/metacluster/container-images/image-tarballs.tgz
    path: /opt/metacluster/container-images/*
    format: gz
    remove: yes
 - name: Cleanup tempfile
  ansible.builtin.file:
    path: "{{ kubeconfig.path }}"
    state: absent
  when: kubeconfig.path is defined
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/git.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/git.yml
@@ -1,137 +0,0 @@
 - block:
    - name: Install gitea chart
      kubernetes.core.helm:
        name: gitea
        chart_ref: /opt/metacluster/helm-charts/gitea
        release_namespace: gitea
        create_namespace: yes
        wait: yes
        kubeconfig: "{{ kubeconfig.path }}"
        values: "{{ components.gitea.chart_values }}"
    - name: Configure additional SSH ingress
      ansible.builtin.template:
        src: ingressroutetcp.j2
        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
        owner: root
        group: root
        mode: 0600
      vars:
        _template:
          name: gitea-ssh
          namespace: gitea
          config: |2
              entryPoints:
                - ssh
              routes:
              - match: HostSNI(`*`)
                services:
                - name: gitea-ssh
                  port: 22
      notify:
        - Apply manifests
    - name: Trigger handlers
      ansible.builtin.meta: flush_handlers
    - name: Ensure gitea API availability
      ansible.builtin.uri:
        url: https://git.{{ vapp['metacluster.fqdn'] }}/api/healthz
        method: GET
      register: api_readycheck
      until: api_readycheck.json.status is defined
      retries: 3
      delay: 30
    - name: Generate gitea API token
      ansible.builtin.uri:
        url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/users/administrator/tokens
        method: POST
        user: administrator
        password: "{{ vapp['guestinfo.rootpw'] }}"
        force_basic_auth: yes
        body:
          name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}
      register: gitea_api_token
    - name: Retrieve existing gitea configuration
      ansible.builtin.uri:
        url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/repos/search
        method: GET
      register: gitea_existing_config
    - block:
        - name: Register SSH public key
          ansible.builtin.uri:
            url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/user/keys
            method: POST
            headers:
              Authorization: token {{ gitea_api_token.json.sha1 }}
            body:
              key: "{{ gitops_sshkey.public_key }}"
              read_only: false
              title: GitOps
        - name: Create organization(s)
          ansible.builtin.uri:
            url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
            method: POST
            headers:
              Authorization: token {{ gitea_api_token.json.sha1 }}
            body: "{{ item }}"
          loop:
            - full_name: Meta-cluster
              description: Meta-cluster configuration items
              username: mc
              website: https://git.{{ vapp['metacluster.fqdn'] }}/mc
              location: '[...]'
              visibility: public
            - full_name: Workload-cluster
              description: Workload-cluster configuration items
              username: wl
              website: https://git.{{ vapp['metacluster.fqdn'] }}/wl
              location: '[...]'
              visibility: public
          loop_control:
            label: "{{ item.full_name }}"
        - name: Create repositories
          ansible.builtin.uri:
            url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs/{{ item.organization }}/repos
            method: POST
            headers:
              Authorization: token {{ gitea_api_token.json.sha1 }}
            body: "{{ item.body }}"
          loop:
            - organization: mc
              body:
                name: GitOps.Config
                # auto_init: true
                # default_branch: main
                description: GitOps manifests
            - organization: wl
              body:
                name: Template.GitOps.Config
                # auto_init: true
                # default_branch: main
                description: GitOps manifests
          loop_control:
            label: "{{ item.organization + '/' + item.body.name }}"
        - name: Rebase/Push source gitops repository
          ansible.builtin.shell:
            cmd: |
              git config --local http.sslVerify false
              git remote set-url origin https://administrator:{{ vapp['guestinfo.rootpw'] | urlencode }}@git.{{ vapp['metacluster.fqdn'] }}/mc/GitOps.Config.git
              git push
            chdir: /opt/metacluster/git-repositories/gitops
      when: (gitea_existing_config.json is undefined) or (gitea_existing_config.json.data | length == 0)
  module_defaults:
    ansible.builtin.uri:
      validate_certs: no
      status_code: [200, 201]
      body_format: json
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/gitops.yml
@@ -1,69 +0,0 @@
 - block:
    - name: Install argo-cd chart
      kubernetes.core.helm:
        name: argo-cd
        chart_ref: /opt/metacluster/helm-charts/argo-cd
        release_namespace: argo-cd
        create_namespace: yes
        wait: yes
        kubeconfig: "{{ kubeconfig.path }}"
        values: "{{ components.argocd.chart_values }}"
    - name: Ensure argo-cd API availability
      ansible.builtin.uri:
        url: https://gitops.{{ vapp['metacluster.fqdn'] }}/api/version
        method: GET
      register: api_readycheck
      until: api_readycheck.json.Version is defined
      retries: 3
      delay: 30
    - name: Generate argo-cd API token
      ansible.builtin.uri:
        url: https://gitops.{{ vapp['metacluster.fqdn'] }}/api/v1/session
        method: POST
        force_basic_auth: yes
        body:
          username: admin
          password: "{{ vapp['guestinfo.rootpw'] }}"
      register: argocd_api_token
    - name: Configure metacluster-gitops repository
      ansible.builtin.template:
        src: gitrepo.j2
        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
        owner: root
        group: root
        mode: 0600
      vars:
        _template:
          name: argocd-gitrepo-metacluster
          namespace: argo-cd
          uid: "{{ lookup('ansible.builtin.password', '/dev/null length=5 chars=ascii_lowercase,digits seed=inventory_hostname') }}"
          privatekey: "{{ lookup('ansible.builtin.file', '~/.ssh/git_rsa_id') | indent(4, true) }}"
      notify:
        - Apply manifests
    - name: Create applicationset
      ansible.builtin.template:
        src: applicationset.j2
        dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
        owner: root
        group: root
        mode: 0600
      vars:
        _template:
          name: argocd-applicationset-metacluster
          namespace: argo-cd
      notify:
        - Apply manifests
    - name: Trigger handlers
      ansible.builtin.meta: flush_handlers
  module_defaults:
    ansible.builtin.uri:
      validate_certs: no
      status_code: [200, 201]
      body_format: json
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/ingress.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/ingress.yml
@@ -1,26 +0,0 @@
 - name: Configure traefik dashboard ingress
  ansible.builtin.template:
    src: ingressroute.j2
    dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
    owner: root
    group: root
    mode: 0600
  vars:
    _template:
      name: traefik-dashboard
      namespace: kube-system
      config: |2
          entryPoints:
          - web
          - websecure
          routes:
          - kind: Rule
            match: Host(`ingress.{{ vapp['metacluster.fqdn'] }}`)
            services:
            - kind: TraefikService
              name: api@internal
  notify:
    - Apply manifests
 - name: Trigger handlers
  ansible.builtin.meta: flush_handlers
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/init.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/init.yml
@@ -1,13 +0,0 @@
 - name: Configure fallback name resolution
  ansible.builtin.lineinfile:
    path: /etc/hosts
    line: "{{ vapp['guestinfo.ipaddress'] }}  {{ item + '.' + vapp['metacluster.fqdn'] }}"
    state: present
  loop:
    # TODO: Make this list dynamic
    - ca
    - git
    - gitops
    - ingress
    - registry
    - storage
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/k3s.yml
@@ -1,44 +0,0 @@
 - name: Gather service facts
  ansible.builtin.service_facts:
    # Module requires no attributes
 - name: Install K3s
  ansible.builtin.command:
    cmd: ./install.sh
    chdir: /opt/metacluster/k3s
  environment:
    INSTALL_K3S_SKIP_DOWNLOAD: 'true'
    INSTALL_K3S_EXEC: 'server --cluster-init --disable local-storage'
  when: ansible_facts.services['k3s.service'] is undefined
 - name: Ensure API availability
  ansible.builtin.uri:
    url: https://{{ vapp['guestinfo.ipaddress'] }}:6443/livez?verbose
    method: GET
    validate_certs: no
    status_code: [200, 401]
  register: api_readycheck
  until: api_readycheck.json.apiVersion is defined
  retries: 3
  delay: 30
 - name: Install kubectl tab-completion
  ansible.builtin.shell:
    cmd: kubectl completion bash | tee /etc/bash_completion.d/kubectl
 - name: Initialize tempfile
  ansible.builtin.tempfile:
    state: file
  register: kubeconfig
 - name: Retrieve kubeconfig
  ansible.builtin.command:
    cmd: kubectl config view --raw
  register: kubectl_config
 - name: Store kubeconfig in tempfile
  ansible.builtin.copy:
    dest: "{{ kubeconfig.path }}"
    content: "{{ kubectl_config.stdout }}"
    mode: 0600
  no_log: true
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/main.yml
@@ -1,12 +0,0 @@
 - import_tasks: init.yml
 - import_tasks: k3s.yml
 - import_tasks: assets.yml
 - import_tasks: ingress.yml
 - import_tasks: storage.yml
 - import_tasks: certauthority.yml
 - import_tasks: registry.yml
 - import_tasks: secrets.yml
 - import_tasks: git.yml
 - import_tasks: gitops.yml
 - import_tasks: cleanup.yml
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/registry.yml
@@ -1,32 +0,0 @@
 - name: Install harbor chart
  kubernetes.core.helm:
    name: harbor
    chart_ref: /opt/metacluster/helm-charts/harbor
    release_namespace: harbor
    create_namespace: yes
    wait: yes
    kubeconfig: "{{ kubeconfig.path }}"
    values: "{{ components.harbor.chart_values }}"
 - name: Push images to registry
  ansible.builtin.shell:
    cmd: >-
      skopeo copy \
        --insecure-policy \
        --dest-tls-verify=false \
        --dest-creds admin:{{ vapp['guestinfo.rootpw'] }} \
        docker-archive:./{{ item | basename }} \
        docker://registry.{{ vapp['metacluster.fqdn'] }}/library/$( \
          skopeo list-tags \
            --insecure-policy \
            docker-archive:./{{ item | basename }} | \
          jq -r '.Tags[0]')
    chdir: /opt/metacluster/container-images/
  loop: "{{ query('ansible.builtin.fileglob', '/opt/metacluster/container-images/*.tar') | sort }}"
  loop_control:
    label: "{{ item | basename }}"
 - name: Configure K3s node for private registry
  ansible.builtin.template:
    dest: /etc/rancher/k3s/registries.yaml
    src: registries.j2
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/secrets.yml
@@ -1,52 +0,0 @@
 - name: Install sealed-secrets chart
  kubernetes.core.helm:
    name: sealed-secrets-controller
    chart_ref: /opt/metacluster/helm-charts/sealed-secrets
    release_namespace: kube-system
    wait: yes
    kubeconfig: "{{ kubeconfig.path }}"
    # values: "{{ components.sealedsecrets.chart_values }}"
 - name: Store hypervisor details in configmap/secret
  kubernetes.core.k8s:
    state: present
    template: "{{ item.kind }}.j2"
    kubeconfig: "{{ kubeconfig.path }}"
  vars:
    _template:
      name: "{{ item.name }}"
      namespace: "{{ item.namespace }}"
      annotations: "{{ item.annotations | default('{}') | indent(width=4, first=True) }}"
      labels: "{{ item.labels | default('{}') | indent(width=4, first=True) }}"
      data: "{{ item.data }}"
  loop:
    - name: hypervisor-credentials
      namespace: kube-system
      kind: secret
      data:
        - key: HV_FQDN
          value: "{{ vapp['hv.fqdn'] | b64encode }}"
        - key: HV_USERNAME
          value: "{{ vapp['hv.username'] | b64encode }}"
        - key: HV_PASSWORD
          value: "{{ vapp['hv.password'] | b64encode }}"
    - name: hypervisor-ippool
      namespace: kube-system
      kind: configmap
      data:
        - key: VAPP_MOREF
          value: "{{ moref_id }}"
        - key: VAPP_IPPOOL_FQDN
          value: "{{ vapp['metacluster.fqdn'] }}"
        - key: VAPP_IPPOOL_NETWORK
          value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('network') }}"
        - key: VAPP_IPPOOL_NETMASK
          value: "{{ (vapp['guestinfo.ipaddress'] + '/' + vapp['guestinfo.prefixlength']) | ansible.utils.ipaddr('netmask') }}"
        - key: VAPP_IPPOOL_DNSSERVER
          value: "{{ vapp['guestinfo.dnsserver'] }}"
        - key: VAPP_IPPOOL_GATEWAY
          value: "{{ vapp['guestinfo.gateway'] }}"
        - key: VAPP_IPPOOL_RANGE
          value: "{{ vapp['ippool.startip'] + '#' + (vapp['ippool.startip'] | netaddr_iter_iprange(vapp['ippool.endip']) | length | string) }}"
  loop_control:
    label: "{{ item.kind + '/' + item.name + ' (' + item.namespace + ')' }}"
--- a/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/storage.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/metacluster/tasks/storage.yml
@@ -1,9 +0,0 @@
 - name: Install longhorn chart
  kubernetes.core.helm:
    name: longhorn
    chart_ref: /opt/metacluster/helm-charts/longhorn
    release_namespace: longhorn-system
    create_namespace: yes
    wait: yes
    kubeconfig: "{{ kubeconfig.path }}"
    values: "{{ components.longhorn.chart_values }}"
--- a/ansible/roles/firstboot/files/ansible_payload/roles/network/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/network/tasks/main.yml
@@ -1,12 +0,0 @@
 - name: Set hostname
  ansible.builtin.hostname:
    name: "{{ vapp['guestinfo.hostname'] }}"
 - name: Create netplan configuration file
  ansible.builtin.template:
    src: netplan.j2
    dest: /etc/netplan/00-installer-config.yaml
 - name: Apply netplan configuration
  ansible.builtin.shell:
    cmd: /usr/sbin/netplan apply
--- a/ansible/roles/firstboot/files/ansible_payload/roles/network/templates/netplan.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/network/templates/netplan.j2
@@ -1,10 +0,0 @@
 network:
  version: 2
  ethernets:
    ens192:
      addresses:
      - {{ vapp['guestinfo.ipaddress'] }}/{{ vapp['guestinfo.prefixlength'] }}
      gateway4: {{ vapp['guestinfo.gateway'] }}
      nameservers:
        addresses:
        - {{ vapp['guestinfo.dnsserver'] }}
--- a/ansible/roles/firstboot/files/ansible_payload/roles/tty/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/tty/tasks/main.yml
@@ -1,20 +0,0 @@
 - name: Create folder structure(s)
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
  loop:
    - /opt/firstboot
 - name: Save tty script file
  ansible.builtin.template:
    src: tty.j2
    dest: /opt/firstboot/tty.sh
    owner: root
    group: root
    mode: 0700
 - name: Create @reboot crontab job
  ansible.builtin.cron:
    name: tty.consolemessage
    special_time: reboot
    job: /opt/firstboot/tty.sh
--- a/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/users/tasks/main.yml
@@ -1,39 +0,0 @@
 - name: Set root password
  ansible.builtin.user:
    name: root
    password: "{{ vapp['guestinfo.rootpw'] | password_hash('sha512', 65534 | random(seed=vapp['guestinfo.hostname']) | string) }}"
    generate_ssh_key: yes
    ssh_key_bits: 2048
    ssh_key_file: .ssh/id_rsa
 - name: Save root SSH publickey
  ansible.builtin.lineinfile:
    path: /root/.ssh/authorized_keys
    line: "{{ vapp['guestinfo.rootsshkey'] }}"
 - name: Disable SSH password authentication
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
    regex: "{{ item.regex }}"
    line: "{{ item.line }}"
    state: "{{ item.state }}"
  loop:
  - regex: '^#PasswordAuthentication'
    line: 'PasswordAuthentication no'
    state: present
  - regex: '^PasswordAuthentication yes'
    line: 'PasswordAuthentication yes'
    state: absent
  loop_control:
    label: "{{ '[' + item.line + '] ' + item.state }}"
 - name: Create dedicated SSH keypair
  community.crypto.openssh_keypair:
    path: /root/.ssh/git_rsa_id
  register: gitops_sshkey
 - name: Delete 'ubuntu' user
  ansible.builtin.user:
    name: ubuntu
    state: absent
    remove: yes
--- a/ansible/roles/firstboot/files/ansible_payload/roles/vapp/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/vapp/tasks/main.yml
@@ -1,38 +0,0 @@
 - name: Store current ovfEnvironment
  ansible.builtin.shell:
    cmd: /usr/bin/vmtoolsd --cmd "info-get guestinfo.ovfEnv"
  register: ovfenv
 - name: Parse XML for MoRef ID
  community.general.xml:
    xmlstring: "{{ ovfenv.stdout }}"
    namespaces:
      ns: http://schemas.dmtf.org/ovf/environment/1
      ve: http://www.vmware.com/schema/ovfenv
    xpath: /ns:Environment
    content: attribute
  register: environment_attribute
 - name: Store MoRef ID
  ansible.builtin.set_fact:
    moref_id: "{{ ((environment_attribute.matches[0].values() | list)[0].values() | list)[1] }}"
 - name: Parse XML for vApp properties
  community.general.xml:
    xmlstring: "{{ ovfenv.stdout }}"
    namespaces:
      ns: http://schemas.dmtf.org/ovf/environment/1
    xpath: /ns:Environment/ns:PropertySection/ns:Property
    content: attribute
  register: property_section
 - name: Assign vApp properties to dictionary
  ansible.builtin.set_fact:
    vapp: >-
      {{ vapp | default({}) | combine({
        ((item.values() | list)[0].values() | list)[0]:
        ((item.values() | list)[0].values() | list)[1]})
      }}
  loop: "{{ property_section.matches }}"
  loop_control:
    label: "{{ ((item.values() | list)[0].values() | list)[0] }}"
--- a/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml
+++ b/ansible/roles/firstboot/files/ansible_payload/roles/workloadcluster/tasks/main.yml
@@ -1,106 +0,0 @@
 - block:
    - name: Gather hypervisor details
      ansible.builtin.shell:
        cmd: govc ls -L {{ item.moref }} | awk -F/ '{print ${{ item.part }}}'
      environment:
        GOVC_INSECURE: '1'
        GOVC_URL: "{{ vapp['hv.fqdn'] }}"
        GOVC_USERNAME: "{{ vapp['hv.username'] }}"
        GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
      register: govc_inventory
      loop:
        - attribute: cluster
          moref: >-
            $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
              jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
          part: (NF-1)
        - attribute: datacenter
          moref: VirtualMachine:{{ moref_id }}
          part: 2
        - attribute: datastore
          moref: >-
            $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
              jq -r '.[] | select(.Name == "datastore").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
          part: NF
        - attribute: folder
          moref: >-
            $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
              jq -r '.[] | select(.Name == "parent").Val | .Type + ":" + .Value')
          part: 0
        # - attribute: host
        #   moref: >-
        #     $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
        #       jq -r '.[] | select(.Name == "runtime").Val.Host | .Type + ":" + .Value')
        #   part: NF
        - attribute: network
          moref: >-
            $(govc object.collect -json VirtualMachine:{{ moref_id }} | \
              jq -r '.[] | select(.Name == "network").Val.ManagedObjectReference | .[].Type + ":" + .[].Value')
          part: NF
      loop_control:
        label: "{{ item.attribute }}"
    - name: Store hypervisor details in dictionary
      ansible.builtin.set_fact:
        vcenter_info: "{{ vcenter_info | default({}) | combine({ item.item.attribute : item.stdout }) }}"
      loop: "{{ govc_inventory.results }}"
      loop_control:
        label: "{{ item.item.attribute }}"
 - block:
    - name: Check for existing templates on hypervisor
      community.vmware.vmware_guest_info:
        name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
      register: existing_ova
      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
      ignore_errors: yes
    - name: Parse OVA files for network mappings
      ansible.builtin.shell:
        cmd: govc import.spec -json {{ item }}
      environment:
        GOVC_INSECURE: '1'
        GOVC_URL: "{{ vapp['hv.fqdn'] }}"
        GOVC_USERNAME: "{{ vapp['hv.username'] }}"
        GOVC_PASSWORD: "{{ vapp['hv.password'] }}"
      register: ova_spec
      when: existing_ova.results[index] is failed
      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
      loop_control:
        index_var: index
    - name: Deploy OVA templates on hypervisor
      community.vmware.vmware_deploy_ovf:
        cluster: "{{ vcenter_info.cluster }}"
        datastore: "{{ vcenter_info.datastore }}"
        folder: "{{ vcenter_info.folder }}"
        name: "{{ (item | basename | split('.'))[:-1] | join('.') }}"
        networks: "{u'{{ ova_spec.results[index].stdout | from_json | json_query('NetworkMapping[0].Name') }}':u'{{ vcenter_info.network }}'}"
        allow_duplicates: no
        power_on: false
        ovf: "{{ item }}"
      register: ova_deploy
      when: existing_ova.results[index] is failed
      loop: "{{ query('ansible.builtin.fileglob', '/opt/workloadcluster/node-templates/*.ova') | sort }}"
      loop_control:
        index_var: index
    - name: Mark deployed VM's as templates
      community.vmware.vmware_guest:
        name: "{{ item.instance.hw_name }}"
        is_template: yes
      when: ova_deploy.results[index] is not skipped
      loop: "{{ ova_deploy.results }}"
      loop_control:
        index_var: index
        label: "{{ item.item }}"
  module_defaults:
    group/vmware:
      hostname: "{{ vapp['hv.fqdn'] }}"
      validate_certs: no
      username: "{{ vapp['hv.username'] }}"
      password: "{{ vapp['hv.password'] }}"
      datacenter: "{{ vcenter_info.datacenter }}"
--- a/ansible/roles/firstboot/files/ansible_payload/templates/applicationset.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/applicationset.j2
@@ -1,28 +0,0 @@
 apiVersion: argoproj.io/v1alpha1
 kind: ApplicationSet
 metadata:
  name: {{ _template.name }}
  namespace: {{ _template.namespace }}
 spec:
  generators:
  - git:
      repoURL: ssh://git@gitea-ssh.gitea.svc.cluster.local/mc/GitOps.Config.git
      revision: HEAD
      directories:
      - path: metacluster-applicationset/*
  template:
    metadata:
      name: {% raw %}'{{ path.basename }}'{% endraw +%}
    spec:
      project: default
      syncPolicy:
        automated:
          prune: true
          selfHeal: true
      source:
        repoURL: ssh://git@gitea-ssh.gitea.svc.cluster.local/mc/GitOps.Config.git
        targetRevision: HEAD
        path: {% raw %}'{{ path }}'{% endraw +%}
      destination:
        server: https://kubernetes.default.svc
        namespace: default
--- a/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/configmap.j2
@@ -1,14 +0,0 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ _template.name }}
  namespace: {{ _template.namespace }}
  annotations:
 {{ _template.annotations }}
  labels:
 {{ _template.labels }}
 data:
 {% for kv_pair in _template.data %}
  "{{ kv_pair.key }}": |
 {{ kv_pair.value | indent(width=4, first=True) }}
 {% endfor %}
--- a/ansible/roles/firstboot/files/ansible_payload/templates/gitrepo.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/gitrepo.j2
@@ -1,13 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ _template.name }}-{{ _template.uid }}
  namespace: {{ _template.namespace }}
  labels:
    argocd.argoproj.io/secret-type: repository
 stringData:
  url: ssh://git@gitea-ssh.gitea.svc.cluster.local/mc/GitOps.Config.git
  name: {{ _template.name }}
  insecure: 'true'
  sshPrivateKey: |
 {{ _template.privatekey }}
--- a/ansible/roles/firstboot/files/ansible_payload/templates/ingressroute.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/ingressroute.j2
@@ -1,7 +0,0 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRoute
 metadata:
  name: {{ _template.name }}
  namespace: {{ _template.namespace }}
 spec:
 {{ _template.config }}
--- a/ansible/roles/firstboot/files/ansible_payload/templates/ingressroutetcp.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/ingressroutetcp.j2
@@ -1,7 +0,0 @@
 apiVersion: traefik.containo.us/v1alpha1
 kind: IngressRouteTCP
 metadata:
  name: {{ _template.name }}
  namespace: {{ _template.namespace }}
 spec:
 {{ _template.config }}
--- a/ansible/roles/firstboot/files/ansible_payload/templates/registries.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/registries.j2
@@ -1,25 +0,0 @@
 mirrors:
  cr.step.cm:
    endpoint:
      - https://registry.{{ vapp['metacluster.fqdn'] }}
    rewrite:
      "(.*)": "library/cr.step.sm/$1"
  docker.io:
    endpoint:
      - https://registry.{{ vapp['metacluster.fqdn'] }}
    rewrite:
      "(.*)": "library/docker.io/$1"
  ghcr.io:
    endpoint:
      - https://registry.{{ vapp['metacluster.fqdn'] }}
    rewrite:
      "(.*)": "library/ghcr.io/$1"
  quay.io:
    endpoint:
      - https://registry.{{ vapp['metacluster.fqdn'] }}
    rewrite:
      "(.*)": "library/quay.io/$1"
 configs:
  registry.{{ vapp['metacluster.fqdn'] }}:
    tls:
      insecure_skip_verify: true
--- a/ansible/roles/firstboot/files/ansible_payload/templates/secret.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/secret.j2
@@ -1,9 +0,0 @@
 apiVersion: v1
 kind: Secret
 metadata:
  name: {{ _template.name }}
  namespace: {{ _template.namespace }}
 data:
 {% for kv_pair in _template.data %}
  "{{ kv_pair.key }}": {{ kv_pair.value }}
 {% endfor %}
--- a/ansible/roles/firstboot/files/ansible_payload/templates/tty.j2
+++ b/ansible/roles/firstboot/files/ansible_payload/templates/tty.j2
@@ -1,42 +0,0 @@
 #!/bin/bash
 export TERM=linux
 BGRN='\033[1;92m'
 BGRY='\033[1;30m'
 BBLU='\033[1;34m'
 BRED='\033[1;91m'
 BWHI='\033[1;97m'
 CBLA='\033[?16;0;30c' # Hide blinking cursor
 DFLT='\033[0m'        # Reset colour
 LCLR='\033[K'         # Clear to end of line
 PRST='\033[0;0H'      # Reset cursor position
 # COMPONENTS=('ca' 'ingress' 'storage' 'registry' 'git' 'gitops')
 COMPONENTS=('ca' 'storage' 'registry' 'git' 'gitops')
 FQDN='{{ vapp['metacluster.fqdn'] }}'
 IPADDRESS='{{ vapp['guestinfo.ipaddress'] }}'
 # Waiting to allow boot sequence to finish; crude!
 sleep 30
 clear > /dev/tty1
 while /bin/true; do
  echo -e "${PRST}" > /dev/tty1
  echo -e "\n\n\t${DFLT}To manage this appliance, please connect to one of the following:${LCLR}\n" > /dev/tty1
  for c in "${COMPONENTS[@]}"; do
    STATUS=$(curl -ks "https://${c}.${FQDN}" -o /dev/null -w '%{http_code}')
    if [[ "${STATUS}" -eq "200" ]]; then
      echo -e "\t [${BGRN}+${DFLT}] ${BBLU}https://${c}.${FQDN}${DFLT}${LCLR}" > /dev/tty1
    else
      echo -e "\t [${BRED}-${DFLT}] ${BBLU}https://${c}.${FQDN}${DFLT}${LCLR}" > /dev/tty1
    fi
  done
  echo -e "\n\t${BGRY}Note that your DNS zone ${DFLT}must have${BGRY} respective records defined,\n\teach pointing to: ${DFLT}${IPADDRESS}${LCLR}" > /dev/tty1
  echo -e "${CBLA}" > /dev/tty1
  sleep 1
 done
--- a/ansible/roles/firstboot/files/ansible_payload/vars/.keep
+++ b/ansible/roles/firstboot/files/ansible_payload/vars/.keep
--- a/ansible/roles/firstboot/tasks/main.yml
+++ b/ansible/roles/firstboot/tasks/main.yml
@@ -1,26 +0,0 @@
 - name: Create destination folder
  ansible.builtin.file:
    path: /opt/firstboot
    state: directory
 - name: Create firstboot script file
  ansible.builtin.template:
    src: firstboot.j2
    dest: /opt/firstboot/firstboot.sh
    owner: root
    group: root
    mode: o+x
 - name: Create @reboot crontab job
  ansible.builtin.cron:
    name: firstboot
    special_time: reboot
    job: "/opt/firstboot/firstboot.sh >/dev/tty1 2>&1"
 - name: Copy payload folder
  ansible.builtin.copy:
    src: ansible_payload/
    dest: /opt/firstboot/ansible/
    owner: root
    group: root
    mode: '0644'
--- a/ansible/roles/firstboot/templates/firstboot.j2
+++ b/ansible/roles/firstboot/templates/firstboot.j2
@@ -1,4 +0,0 @@
 #!/bin/bash
 # Apply firstboot configuration w/ ansible
 /usr/local/bin/ansible-playbook /opt/firstboot/ansible/playbook.yml | tee -a /var/log/firstboot.log > /dev/tty1 2>&1
--- a/ansible/roles/metacluster/tasks/components.yml
+++ b/ansible/roles/metacluster/tasks/components.yml
@@ -1,68 +0,0 @@
 - name: Create folder structure(s)
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
  loop:
    - /opt/metacluster/helm-charts
    - /opt/metacluster/container-images
 - name: Add helm repositories
  kubernetes.core.helm_repository:
    name: "{{ item.name }}"
    repo_url: "{{ item.url }}"
    state: present
  loop: "{{ platform.helm_repositories }}"
 - name: Fetch helm charts
  ansible.builtin.command:
    cmd: helm fetch {{ item.value.helm.chart }} --untar --version {{ item.value.helm.version }}
    chdir: /opt/metacluster/helm-charts
  loop: "{{ lookup('ansible.builtin.dict', components) }}"
  loop_control:
    label: "{{ item.key }}"
 - block:
    - name: Aggregate chart_values into dict
      ansible.builtin.set_fact:
        chart_values: "{{ chart_values | default({}) | combine({ (item.key | regex_replace('[^A-Za-z0-9]', '')): { 'chart_values': (item.value.helm.chart_values | from_yaml) } }) }}"
      when: item.value.helm.chart_values is defined
      loop: "{{ lookup('ansible.builtin.dict', components) }}"
      loop_control:
        label: "{{ item.key }}"
    - name: Write dict to vars_file
      ansible.builtin.copy:
        dest: /opt/firstboot/ansible/vars/metacluster.yml
        content: "{{ { 'components': chart_values } | to_nice_yaml(indent=2, width=4096) }}"
 - name: Parse helm charts for container images
  ansible.builtin.shell:
    cmd: "{{ item.value.helm.parse_logic }}"
    chdir: /opt/metacluster/helm-charts/{{ item.key }}
  register: containerimages
  loop: "{{ lookup('ansible.builtin.dict', components) }}"
  loop_control:
    label: "{{ item.key }}"
 - name: Pull and store containerimages
  ansible.builtin.shell:
    cmd: >-
      skopeo copy \
        --insecure-policy \
        --retry-times=5 \
        docker://{{ item }} \
        docker-archive:./{{ ( item | regex_findall('[^/:]+'))[-2] }}.tar:{{ item }}
    chdir: /opt/metacluster/container-images
  loop: "{{ ((containerimages.results | map(attribute='stdout_lines') | flatten) + dependencies.container_images) | unique }}"
 # - name: Inject manifests
 #   ansible.builtin.template:
 #     src: "{{ item.type }}.j2"
 #     dest: /var/lib/rancher/k3s/server/manifests/{{ item.name }}-manifest.yaml
 #     owner: root
 #     group: root
 #     mode: 0600
 #   loop: "{{ lookup('ansible.builtin.dict', components) | map(attribute='value.manifests') | list | select('defined') | flatten }}"
 #   loop_control:
 #     label: "{{ item.type + '/' + item.name }}"
--- a/ansible/roles/metacluster/tasks/k3s.yml
+++ b/ansible/roles/metacluster/tasks/k3s.yml
@@ -1,52 +0,0 @@
 - name: Create folder structure(s)
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
  loop:
    - /var/lib/rancher/k3s/agent/images
    - /var/lib/rancher/k3s/server/manifests
    - /opt/metacluster/k3s
 - name: Download & install K3s binary
  ansible.builtin.get_url:
    url: https://github.com/k3s-io/k3s/releases/download/{{ platform.k3s.version }}/k3s
    dest: /usr/local/bin/k3s
    owner: root
    group: root
    mode: 0755
  register: download
  until: download is not failed
  retries: 3
  delay: 10
 - name: Download K3s images tarball
  ansible.builtin.get_url:
    url: https://github.com/k3s-io/k3s/releases/download/{{ platform.k3s.version }}/k3s-airgap-images-amd64.tar.gz
    dest: /var/lib/rancher/k3s/agent/images
  register: download
  until: download is not failed
  retries: 3
  delay: 10
 - name: Download K3s install script
  ansible.builtin.get_url:
    url: https://get.k3s.io
    dest: /opt/metacluster/k3s/install.sh
    owner: root
    group: root
    mode: 0755
  register: download
  until: download is not failed
  retries: 3
  delay: 10
 - name: Inject manifests
  ansible.builtin.template:
    src: helmchartconfig.j2
    dest: /var/lib/rancher/k3s/server/manifests/{{ item.name }}-config.yaml
    owner: root
    group: root
    mode: 0600
  loop: "{{ platform.packaged_components }}"
  loop_control:
    label: "{{ item.name }}"
--- a/ansible/roles/metacluster/tasks/main.yml
+++ b/ansible/roles/metacluster/tasks/main.yml
@@ -1,8 +0,0 @@
 - name: Pre-stage K3s components
  import_tasks: k3s.yml
 - name: Pre-stage meta-cluster components
  import_tasks: components.yml
 - name: Pre-stage meta-cluster configuration and workload-cluster components
  import_tasks: staging.yml
--- a/ansible/roles/metacluster/tasks/staging.yml
+++ b/ansible/roles/metacluster/tasks/staging.yml
@@ -1,21 +0,0 @@
 - name: Create folder structure(s)
  ansible.builtin.file:
    path: "{{ item }}"
    state: directory
  loop:
    - /opt/metacluster/git-repositories/gitops
    - /opt/workloadcluster/node-templates
 - name: Clone git repository
  ansible.builtin.git:
    repo: "{{ platform.gitops.repository.uri }}"
    version: "{{ platform.gitops.repository.revision }}"
    dest: /opt/metacluster/git-repositories/gitops
 - name: Download node-template images
  ansible.builtin.uri:
    url: "{{ item.url }}"
    dest: /opt/workloadcluster/node-templates/{{ downstream.node_templates.prefix }}{{ item.name }}
  loop: "{{ downstream.node_templates.images }}"
  loop_control:
    label: "{{ downstream.node_templates.prefix }}{{ item.name }}"
--- a/ansible/roles/metacluster/templates/helmchartconfig.j2
+++ b/ansible/roles/metacluster/templates/helmchartconfig.j2
@@ -1,8 +0,0 @@
 apiVersion: helm.cattle.io/v1
 kind: HelmChartConfig
 metadata:
  name: {{ item.name }}
  namespace: {{ item.namespace }}
 spec:
  valuesContent: |-
 {{ item.config }}
--- a/ansible/roles/os/tasks/cloud-init.yml
+++ b/ansible/roles/os/tasks/cloud-init.yml
@@ -1,13 +0,0 @@
 - name: Delete cloud-init package
  ansible.builtin.apt:
    name: cloud-init
    state: absent
    purge: yes
 - name: Delete cloud-init files
  ansible.builtin.file:
    path: "{{ item }}"
    state: absent
  loop:
    - /etc/cloud
    - /var/lib/cloud
--- a/ansible/roles/os/tasks/logging.yml
+++ b/ansible/roles/os/tasks/logging.yml
@@ -1,5 +0,0 @@
 - name: Enable crontab logging
  ansible.builtin.lineinfile:
    path: /etc/rsyslog.d/50-default.conf
    regexp: '^#cron\.\*.*'
    line: "cron.*\t\t\t\t./var/log/cron.log"
--- a/ansible/roles/os/tasks/main.yml
+++ b/ansible/roles/os/tasks/main.yml
@@ -1,17 +0,0 @@
 - name: Disable tty logins
  import_tasks: tty.yml
 - name: Remove snapd
  import_tasks: snapd.yml
 - name: Remove cloud-init
  import_tasks: cloud-init.yml
 - name: Configure default logging
  import_tasks: logging.yml
 - name: Configure services
  import_tasks: services.yml
 - name: Install packages
  import_tasks: packages.yml
--- a/ansible/roles/os/tasks/packages.yml
+++ b/ansible/roles/os/tasks/packages.yml
@@ -1,35 +0,0 @@
 - name: Configure 'needrestart' package
  ansible.builtin.lineinfile:
    path: /etc/needrestart/needrestart.conf
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  loop:
    - regexp: "^#\\$nrconf\\{restart\\} = 'i';"
      line: "$nrconf{restart} = 'a';"
    - regexp: "^#\\$nrconf\\{kernelhints\\} = -1;"
      line: "$nrconf{kernelhints} = -1;"
 - name: Install additional packages
  ansible.builtin.apt:
    pkg: "{{ packages.apt }}"
    state: latest
    update_cache: yes
    install_recommends: no
 - name: Upgrade all packages
  ansible.builtin.apt:
    name: '*'
    state: latest
    update_cache: yes
 - name: Install additional python packages
  ansible.builtin.pip:
    name: "{{ item }}"
    executable: pip3
    state: latest
  loop: "{{ packages.pip }}"
 - name: Cleanup
  ansible.builtin.apt:
    autoremove: yes
    purge: yes
--- a/ansible/roles/os/tasks/services.yml
+++ b/ansible/roles/os/tasks/services.yml
@@ -1,5 +0,0 @@
 - name: Disable & mask networkd-wait-online
  ansible.builtin.systemd:
    name: systemd-networkd-wait-online
    enabled: no
    masked: yes
--- a/ansible/roles/os/tasks/snapd.yml
+++ b/ansible/roles/os/tasks/snapd.yml
@@ -1,19 +0,0 @@
 - name: Delete snapd package
  ansible.builtin.apt:
    name: snapd
    state: absent
    purge: yes
 - name: Delete leftover files
  ansible.builtin.file:
    path: /root/snap
    state: absent
 - name: Hold snapd package
  ansible.builtin.dpkg_selections:
    name: snapd
    selection: hold
 - name: Reload systemd unit configurations
  ansible.builtin.systemd:
    daemon_reload: yes
--- a/ansible/roles/os/tasks/tty.yml
+++ b/ansible/roles/os/tasks/tty.yml
@@ -1,16 +0,0 @@
 - name: Disable extra tty
  ansible.builtin.lineinfile:
    path: /etc/systemd/logind.conf
    regexp: "{{ item.regexp }}"
    line: "{{ item.line }}"
  loop:
  - regexp: '^#NAutoVTs='
    line: 'NAutoVTs=1'
  - regexp: '^#ReserveVT='
    line: 'ReserveVT=11'
 - name: Mask getty@tty1 service
  ansible.builtin.systemd:
    name: getty@tty1
    enabled: no
    masked: yes
--- a/ansible/roles/os/vars/main.yml
+++ b/ansible/roles/os/vars/main.yml
@@ -1,12 +0,0 @@
 packages:
  apt:
    - jq
    - python3-pip
  pip:
    - ansible-core
    - jinja2
    - lxml
    - markupsafe
    - pip
    - setuptools
    - wheel
--- a/ansible/vars/metacluster.yml
+++ b/ansible/vars/metacluster.yml
@@ -1,220 +0,0 @@
 platform:
  k3s:
    version: v1.24.1+k3s1
  gitops:
    repository:
      uri: https://code.spamasaurus.com/djpbessems/GitOps.MetaCluster.git
      # revision: v0.1.0
      revision: HEAD
  packaged_components:
    - name: traefik
      namespace: kube-system
      config: |2
            additionalArguments:
              - "--certificatesResolvers.stepca.acme.caserver=https://step-certificates.step-ca.svc.cluster.local/acme/acme/directory"
              - "--certificatesResolvers.stepca.acme.email=admin"
              - "--certificatesResolvers.stepca.acme.storage=/data/acme.json"
              - "--certificatesResolvers.stepca.acme.tlsChallenge=true"
              - "--certificatesresolvers.stepca.acme.certificatesduration=24"
            globalArguments: []
            ingressRoute:
              dashboard:
                enabled: false
            ports:
              ssh:
                port: 8022
                protocol: TCP
              web:
                redirectTo: websecure
              websecure:
                tls:
                  certResolver: stepca
  helm_repositories:
    - name: argo
      url: https://argoproj.github.io/argo-helm
    - name: gitea-charts
      url: https://dl.gitea.io/charts/
    - name: harbor
      url: https://helm.goharbor.io
    - name: jetstack
      url: https://charts.jetstack.io
    - name: longhorn
      url: https://charts.longhorn.io
    - name: sealed-secrets
      url: https://bitnami-labs.github.io/sealed-secrets
    - name: smallstep
      url: https://smallstep.github.io/helm-charts/
 components:
  argo-cd:
    helm:
      version: 4.9.7  # (= ArgoCD v2.4.2)
      chart: argo/argo-cd
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
        configs:
          secret:
            argocdServerAdminPassword: "{{ vapp['guestinfo.rootpw'] | password_hash('bcrypt') }}"
        server:
          extraArgs:
            - --insecure
          ingress:
            enabled: true
            hosts:
              - gitops.{{ vapp['metacluster.fqdn'] }}
  cert-manager:
    helm:
      version: 1.9.1
      chart: jetstack/cert-manager
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      # chart_values: !unsafe |
      #   installCRDs: true
  gitea:
    helm:
      version: v6.0.0 # (= Gitea v1.17.1)
      chart: gitea-charts/gitea
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
      chart_values: !unsafe |
        gitea:
          admin:
            username: administrator
            password: "{{ vapp['guestinfo.rootpw'] }}"
            email: admin@{{ vapp['metacluster.fqdn'] }}
          config:
            server:
              OFFLINE_MODE: true
              PROTOCOL: http
              ROOT_URL: https://git.{{ vapp['metacluster.fqdn'] }}/
        image:
          pullPolicy: IfNotPresent
        ingress:
          enabled: true
          hosts:
            - host: git.{{ vapp['metacluster.fqdn'] }}
              paths:
                - path: /
                  pathType: Prefix
        service:
          ssh:
            type: ClusterIP
            port: 22
            clusterIP:
  harbor:
    helm:
      version: 1.9.1  # (= Harbor v2.5.1)
      chart: harbor/harbor
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
      chart_values: !unsafe |
        expose:
          ingress:
            annotations: {}
            hosts:
              core: registry.{{ vapp['metacluster.fqdn'] }}
          tls:
            certSource: none
            enabled: false
        externalURL: https://registry.{{ vapp['metacluster.fqdn'] }}
        harborAdminPassword: "{{ vapp['guestinfo.rootpw'] }}"
        notary:
          enabled: false
  longhorn:
    helm:
      version: 1.3.0
      chart: longhorn/longhorn
      parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
      chart_values: !unsafe |
        defaultSettings:
          defaultDataPath: /mnt/blockstorage
          defaultReplicaCount: 1
        ingress:
          enabled: true
          host: storage.{{ vapp['metacluster.fqdn'] }}
        persistence:
          defaultClassReplicaCount: 1
  sealed-secrets:
    helm:
      version: 2.4.0  # (= SealedSecrets v0.18.1)
      chart: sealed-secrets/sealed-secrets
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
  step-certificates:
    helm:
      version: 1.18.2+20220324
      chart: smallstep/step-certificates
      parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
      chart_values: !unsafe |
        ca:
          bootstrap:
            postInitHook: |
              echo '{{ vapp["guestinfo.rootpw"] }}' > ~/pwfile
              step ca provisioner add acme \
                --type ACME \
                --password-file=~/pwfile \
                --force-cn
              rm ~/pwfile
          dns: ca.{{ vapp['metacluster.fqdn'] }},step-certificates.step-ca.svc.cluster.local,127.0.0.1
          password: "{{ vapp['guestinfo.rootpw'] }}"
          provisioner:
            name: admin
            password: "{{ vapp['guestinfo.rootpw'] }}"
        inject:
          secrets:
            ca_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
            provisioner_password: "{{ vapp['guestinfo.rootpw'] | b64encode }}"
        service:
          targetPort: 9000
 dependencies:
  ansible_galaxy_collections:
    - ansible.posix
    - ansible.utils
    - community.crypto
    - community.general
    - community.vmware
    - kubernetes.core
  container_images:
    - vmware/powerclicore:12.7
  static_binaries:
    - filename: clusterctl
      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.2.2/clusterctl-linux-amd64
    - filename: govc
      url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
      archive: compressed
    - filename: helm
      url: https://get.helm.sh/helm-v3.9.0-linux-amd64.tar.gz
      archive: compressed
      extra_opts: --strip-components=1
    - filename: kubeseal
      url: https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.18.2/kubeseal-0.18.2-linux-amd64.tar.gz
      archive: compressed
    - filename: skopeo
      url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.10.0/skopeo
    - filename: step
      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.22.0/step_linux_0.22.0_amd64.tar.gz
      archive: compressed
      extra_opts: --strip-components=2
    - filename: yq
      url: http://github.com/mikefarah/yq/releases/download/v4.25.3/yq_linux_amd64
  packages:
    apt:
      - lvm2
    pip:
      - jmespath
      - kubernetes
      - netaddr
      - passlib
      - pyvmomi
--- a/ansible/vars/workloadcluster.yml
+++ b/ansible/vars/workloadcluster.yml
@@ -1,7 +0,0 @@
 downstream:
  node_templates:
    prefix: NodeTmpl_
    images:
      - url: https://stable.release.flatcar-linux.net/amd64-usr/3227.2.0/flatcar_production_vmware_ova.ova
        name: flatcar.ova
--- a/inspec/Windows10IoTEnterprise/profile/controls/Win10/Disabled
+++ b/inspec/Windows10IoTEnterprise/profile/controls/Win10/Disabled
@@ -0,0 +1,16 @@
 script = <<-EOH
 $nic = get-netadapter
 Get-NetAdapterBinding –InterfaceAlias $nic.name –ComponentID ms_tcpip6
 EOH
 control "ipv6" do
    title 'Disabled network protocol IPv6'
    desc '
        This test assures that IPv6 is disabled
    '
    describe powershell(script) do
        its('stdout') { should match 'False' }
    end
 end
--- a/inspec/Windows10IoTEnterprise/profile/controls/Win10/Disabled
+++ b/inspec/Windows10IoTEnterprise/profile/controls/Win10/Disabled
@@ -0,0 +1,29 @@
 script = <<-EOH
  # Initialize variable to empty array
  $NonCompliantServices = @()
  # Specify relevant services
  $Services = @(
      "wuauserv",
      "W3SVC",
      "XboxGipSvc",
      "XblGameSave"
  )
  # Enumerate all services
  $NonCompliantServices += Get-Service $Services -ErrorAction 'SilentlyContinue' | Where-Object {$_.StartType -ne 'Disabled'}
  # Output; 'True' or list of noncompliant services
  Write-Output ($True, $NonCompliantServices)[!($NonCompliantServices.Count -eq 0)]
 EOH
 control "disabled_services" do
    title 'Disabled services'
    desc '
        This test assures that all unneeded services are set to "disabled".
    '
    describe powershell(script) do
        its('stdout') { should match 'True' }
    end
 end
--- a/inspec/Windows10IoTEnterprise/profile/controls/Win10/Single
+++ b/inspec/Windows10IoTEnterprise/profile/controls/Win10/Single
@@ -0,0 +1,29 @@
 script = <<-EOH
  # Initialize variable to empty array
  $LogicalDisks = @()
  # Enumerate all logicaldisks
  # DriveType:
  #  Unknown (0)
  #  No Root Directory (1)
  #  Removable Disk (2)
  #  Local Disk (3)
  #  Network Drive (4)
  #  Compact Disc (5)
  #  RAM Disk (6)
  $LogicalDisks += Get-WmiObject -Class 'win32_logicaldisk' -Filter 'DriveType=3'
  # Filter/Quantify
  ($LogicalDisks.Count -eq 1) -and (($LogicalDisks | Where-Object {$_.DeviceID -ne 'C:'}).Count -eq 0)
 EOH
 control "single_disk" do
    title 'Single Disk'
    desc '
        This test assures that only a single disk (C:) is available
    '
    describe powershell(script) do
        its('stdout') { should match 'True' }
    end
 end
--- a/inspec/Windows10IoTEnterprise/profile/controls/Win10/Software
+++ b/inspec/Windows10IoTEnterprise/profile/controls/Win10/Software
@@ -0,0 +1,54 @@
 control "software_installed-7zip" do
    title 'Included Default Applications: 7-Zip'
    desc '
        This test assures that the software application "7-Zip" is installed.
    '
    describe chocolatey_package('7zip.install') do
        it { should be_installed }
    end
 end
 # control "software_installed-dotnetfx" do
 #     title 'Included Default Applications: .NET'
 #     desc '
 #         This test assures that the software application ".NET" is installed.
 #     '
 #     describe chocolatey_package('dotnetfx') do
 #         it { should be_installed }
 #     end
 # end
 # control "software_installed-foxitreader" do
 #    title 'Included Default Applications: Foxit Reader'
 #    desc '
 #        This test assures that the software application "Foxit Reader" is installed.
 #    '
 #    describe chocolatey_package('foxitreader') do
 #        it { should be_installed }
 #    end
 # end
 # control "software_installed-notepadplusplus" do
 #     title 'Included Default Applications: Notepad++'
 #     desc '
 #         This test assures that the software application "Notepad++" is installed.
 #     '
 #     describe chocolatey_package('notepadplusplus') do
 #         it { should be_installed }
 #     end
 # end
 # control "software_installed-putty" do
 #     title 'Included Default Applications: Putty'
 #     desc '
 #         This test assures that the software application "PuTTy" is installed.
 #     '
 #     describe chocolatey_package('putty') do
 #         it { should be_installed }
 #     end
 # end
--- a/inspec/Windows10IoTEnterprise/profile/inspec.yml
+++ b/inspec/Windows10IoTEnterprise/profile/inspec.yml
@@ -0,0 +1,10 @@
 ---
 name: Windows 10 IoT Enterprise
 title: Windows 10 IoT Enterprise InSpec Tests
 summary: Unit test for Windows 10 IoT Enterprise
 version: 1.0.0
 maintainer: https://code.spamasaurus.com/djpbessems
 copyright: https://code.spamasaurus.com/djpbessems
 license: Proprietary
 supports:
  - platform-family: windows
--- a/packer/iso.auto.pkrvars.hcl
+++ b/packer/iso.auto.pkrvars.hcl
@@ -1,4 +0,0 @@
 iso_url      = "sn.itch.fyi/Repository/iso/Canonical/Ubuntu%20Server%2022.04/ubuntu-22.04-live-server-amd64.iso"
 iso_checksum = "sha256:84AEAF7823C8C61BAA0AE862D0A06B03409394800000B3235854A6B38EB4856F"
 // iso_url      = "sn.itch.fyi/Repository/iso/Canonical/Ubuntu%20Server%2020.04/ubuntu-20.04.2-live-server-amd64.iso"
 // iso_checksum = "sha256:D1F2BF834BBE9BB43FAF16F9BE992A6F3935E65BE0EDECE1DEE2AA6EB1767423"
--- a/packer/k8sbootstrap.pkr.hcl
+++ b/packer/k8sbootstrap.pkr.hcl
@@ -1,101 +0,0 @@
 packer {
  required_plugins {
  }
 }
 source "vsphere-iso" "k8sbootstrap" {
  vcenter_server          = var.vcenter_server
  username                = var.vsphere_username
  password                = var.vsphere_password
  insecure_connection     = "true"
  vm_name                 = "${var.vm_guestos}-${var.vm_name}"
  datacenter              = var.vsphere_datacenter
  cluster                 = var.vsphere_cluster
  host                    = var.vsphere_host
  folder                  = var.vsphere_folder
  datastore               = var.vsphere_datastore
  guest_os_type           = "ubuntu64Guest"
  boot_order              = "disk,cdrom"
  boot_command            = [
    "e<down><down><down><end>",
    " autoinstall ds=nocloud;",
    "<F10>"
  ]
  boot_wait               = "2s"
  communicator            = "ssh"
  ssh_username            = "ubuntu"
  ssh_password            = var.ssh_password
  ssh_timeout             = "20m"
  ssh_handshake_attempts  = "100"
  ssh_pty                 = true
  CPUs                    = 2
  RAM                     = 8192
  network_adapters {
    network               = var.vsphere_network
    network_card          = "vmxnet3"
  }
  storage {
    disk_size             = 76800
    disk_thin_provisioned = true
  }
  disk_controller_type    = ["pvscsi"]
  usb_controller          = ["xhci"]
  cd_files                = [
    "packer/preseed/UbuntuServer22.04/user-data",
    "packer/preseed/UbuntuServer22.04/meta-data"
  ]
  cd_label                = "cidata"
  iso_url                 = local.iso_authenticatedurl
  iso_checksum            = var.iso_checksum
  shutdown_command        = "echo '${var.ssh_password}' | sudo -S shutdown -P now"
  shutdown_timeout        = "5m"
  export {
    images                = false
    output_directory      = "/scratch/k8sbootstrap"
  }
  remove_cdrom            = true
 }
 build {
  sources = [
    "source.vsphere-iso.k8sbootstrap"
  ]
  provisioner "ansible" {
    pause_before     = "2m30s"
    playbook_file    = "ansible/playbook.yml"
    user             = "ubuntu"
    ansible_env_vars = [
      "ANSIBLE_CONFIG=ansible/ansible.cfg"
    ]
    use_proxy        = "false"
    extra_arguments  = [
      "--extra-vars", "ansible_ssh_pass=${var.ssh_password}",
      "--extra-vars", "repo_username=${var.repo_username}",
      "--extra-vars", "repo_password=${var.repo_password}"
    ]
  }
  post-processor "shell-local" {
    inline = [
      "pwsh -command \"& scripts/Update-OvfConfiguration.ps1 \\",
      " -OVFFile '/scratch/k8sbootstrap/${var.vm_guestos}-${var.vm_name}.ovf' \\",
      " -Parameter @{'appliance.name'='${var.vm_guestos}';'appliance.version'='${var.vm_name}'}\"",
      "pwsh -file scripts/Update-Manifest.ps1 \\",
      " -ManifestFileName '/scratch/k8sbootstrap/${var.vm_guestos}-${var.vm_name}.mf'",
      "ovftool --acceptAllEulas --allowExtraConfig --overwrite \\",
      " '/scratch/k8sbootstrap/${var.vm_guestos}-${var.vm_name}.ovf' \\",
      " /output/Kubernetes.Bootstrap.Appliance.ova"
    ]
  }
 }
--- a/packer/preseed/UbuntuServer22.04/meta-data
+++ b/packer/preseed/UbuntuServer22.04/meta-data
--- a/packer/preseed/UbuntuServer22.04/user-data
+++ b/packer/preseed/UbuntuServer22.04/user-data
@@ -1,29 +0,0 @@
 #cloud-config
 autoinstall:
  version: 1
  locale: en_US
  keyboard:
    layout: en
    variant: us
  network:
    network:
      version: 2
      ethernets:
        ens192:
          dhcp4: true
          dhcp-identifier: mac
  storage:
    layout:
      name: direct
  identity:
    hostname: packer-template
    username: ubuntu
    # password: $6$ZThRyfmSMh9499ar$KSZus58U/l58Efci0tiJEqDKFCpoy.rv25JjGRv5.iL33AQLTY2aljumkGiDAiX6LsjzVsGTgH85Tx4S.aTfx0
    password: $6$rounds=4096$ZKfzRoaQOtc$M.fhOsI0gbLnJcCONXz/YkPfSoefP4i2/PQgzi2xHEi2x9CUhush.3VmYKL0XVr5JhoYvnLfFwqwR/1YYEqZy/
  ssh:
    install-server: yes
    allow-pw: true
  user-data:
    disable_root: false
  late-commands:
    - echo 'ubuntu ALL=(ALL) NOPASSWD:ALL' > /target/etc/sudoers.d/ubuntu
--- a/packer/preseed/Windows10/Autounattend.xml
+++ b/packer/preseed/Windows10/Autounattend.xml
@@ -0,0 +1,159 @@
 <?xml version="1.0" encoding="utf-8"?>
 <unattend xmlns="urn:schemas-microsoft-com:unattend">
    <servicing/>
    <settings pass="windowsPE">
        <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <DiskConfiguration>
                <Disk wcm:action="add">
                    <CreatePartitions>
                        <CreatePartition wcm:action="add">
                            <Order>1</Order>
                            <Type>Primary</Type>
                            <Extend>true</Extend>
                        </CreatePartition>
                    </CreatePartitions>
                    <ModifyPartitions>
                        <ModifyPartition wcm:action="add">
                            <Extend>false</Extend>
                            <Format>NTFS</Format>
                            <Letter>C</Letter>
                            <Order>1</Order>
                            <PartitionID>1</PartitionID>
                            <Label>Windows 10</Label>
                        </ModifyPartition>
                    </ModifyPartitions>
                    <DiskID>0</DiskID>
                    <WillWipeDisk>true</WillWipeDisk>
                </Disk>
                <WillShowUI>OnError</WillShowUI>
            </DiskConfiguration>
            <UserData>
                <AcceptEula>true</AcceptEula>
                <!-- <FullName>Spamasaurus Rex</FullName>
                <Organization>Spamasaurus Rex</Organization> -->
                <ProductKey>
                    <Key><<img-productkey>></Key>
                    <WillShowUI>Never</WillShowUI>
                </ProductKey>
            </UserData>
            <ImageInstall>
                <OSImage>
                    <InstallTo>
                        <DiskID>0</DiskID>
                        <PartitionID>1</PartitionID>
                    </InstallTo>
                    <WillShowUI>OnError</WillShowUI>
                    <InstallToAvailablePartition>false</InstallToAvailablePartition>
                    <InstallFrom>
                        <MetaData wcm:action="add">
                            <Key>/IMAGE/INDEX</Key>
                            <Value>3</Value>
                        </MetaData>
                    </InstallFrom>
                </OSImage>
            </ImageInstall>
        </component>
        <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-International-Core-WinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <SetupUILanguage>
                <UILanguage>en-US</UILanguage>
            </SetupUILanguage>
            <InputLocale>en-US</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UILanguageFallback>en-US</UILanguageFallback>
            <UserLocale>en-US</UserLocale>
        </component>
    </settings>
    <settings pass="offlineServicing">
        <component name="Microsoft-Windows-LUA-Settings" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <EnableLUA>false</EnableLUA>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-US</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UserLocale>en-US</UserLocale>
        </component>
        <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <UserAccounts>
                <AdministratorPassword>
                    <Value><<img-password>></Value>
                    <PlainText>true</PlainText>
                </AdministratorPassword>
            </UserAccounts>
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <NetworkLocation>Home</NetworkLocation>
                <ProtectYourPC>1</ProtectYourPC>
            </OOBE>
            <AutoLogon>
                <Password>
                    <Value><<img-password>></Value>
                    <PlainText>true</PlainText>
                </Password>
                <Username>administrator</Username>
                <Enabled>true</Enabled>
            </AutoLogon>
            <FirstLogonCommands>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
                    <Description>Set execution policy 64bit</Description>
                    <Order>1</Order>
                    <RequiresUserInput>true</RequiresUserInput>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>C:\Windows\SysWOW64\cmd.exe /c powershell -Command "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force"</CommandLine>
                    <Description>Set execution policy 32bit</Description>
                    <Order>2</Order>
                    <RequiresUserInput>true</RequiresUserInput>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cmd.exe /c reg add "HKLM\System\CurrentControlSet\Control\Network\NewNetworkWindowOff"</CommandLine>
                    <Description>Disable new network prompt</Description>
                    <Order>3</Order>
                    <RequiresUserInput>true</RequiresUserInput>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\Set-NetworkProfile.ps1</CommandLine>
                    <Description>Set network profile to private</Description>
                    <Order>4</Order>
                    <RequiresUserInput>true</RequiresUserInput>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\Disable-WinRM.ps1</CommandLine>
                    <Description>Disable WinRM</Description>
                    <Order>5</Order>
                    <RequiresUserInput>true</RequiresUserInput>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cmd.exe /c a:\Install-VMwareTools.cmd</CommandLine>
                    <Order>13</Order>
                    <Description>Install VMware Tools</Description>
                </SynchronousCommand>
                <SynchronousCommand wcm:action="add">
                    <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\Enable-WinRM.ps1</CommandLine>
                    <Description>Enable WinRM</Description>
                    <Order>99</Order>
                </SynchronousCommand>
            </FirstLogonCommands>
            <ShowWindowsLive>false</ShowWindowsLive>
        </component>
    </settings>
    <settings pass="specialize">
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <OEMInformation>
                <HelpCustomized>false</HelpCustomized>
            </OEMInformation>
            <!-- Rename computer here. -->
            <ComputerName>packer-template</ComputerName>
            <TimeZone>W. Europe Standard Time</TimeZone>
            <RegisteredOwner/>
        </component>
        <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Security-SPP-UX" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
            <SkipAutoActivation>true</SkipAutoActivation>
        </component>
    </settings>
 </unattend>
--- a/packer/preseed/Windows10/Sysprep_Unattend.xml
+++ b/packer/preseed/Windows10/Sysprep_Unattend.xml
@@ -0,0 +1,42 @@
 <?xml version="1.0" encoding="utf-8"?>
 <unattend xmlns="urn:schemas-microsoft-com:unattend">
    <settings pass="generalize">
        <component name="Microsoft-Windows-Security-SPP" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <SkipRearm>1</SkipRearm>
        </component>
        <component name="Microsoft-Windows-PnpSysprep" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls>
            <DoNotCleanUpNonPresentDevices>true</DoNotCleanUpNonPresentDevices>
        </component>
    </settings>
    <settings pass="oobeSystem">
        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <InputLocale>en-US</InputLocale>
            <SystemLocale>en-US</SystemLocale>
            <UILanguage>en-US</UILanguage>
            <UserLocale>en-US</UserLocale>
        </component>
        <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
            <OOBE>
                <HideEULAPage>true</HideEULAPage>
                <HideLocalAccountScreen>true</HideLocalAccountScreen>
                <HideOEMRegistrationScreen>true</HideOEMRegistrationScreen>
                <HideOnlineAccountScreens>true</HideOnlineAccountScreens>
                <HideWirelessSetupInOOBE>true</HideWirelessSetupInOOBE>
                <NetworkLocation>Work</NetworkLocation>
                <ProtectYourPC>1</ProtectYourPC>
                <SkipMachineOOBE>true</SkipMachineOOBE>
                <SkipUserOOBE>true</SkipUserOOBE>
            </OOBE>
            <TimeZone>UTC</TimeZone>
            <UserAccounts>
                <AdministratorPassword>
                    <Value><<img-password>></Value>
                    <PlainText>true</PlainText>
                </AdministratorPassword>
            </UserAccounts>
        </component>
    </settings>
    <settings pass="specialize">
    </settings>
 </unattend>
--- a/packer/variables.pkr.hcl
+++ b/packer/variables.pkr.hcl
@@ -1,12 +1,9 @@
 variable "vcenter_server" {}
 variable "vsphere_username" {}
-variable "vsphere_password" {
+variable "vsphere_password" {}
    sensitive = true
 }
 variable "vsphere_host" {}
 variable "vsphere_datacenter" {}
 variable "vsphere_cluster" {}
 variable "vsphere_templatefolder" {}
 variable "vsphere_folder" {}
@@ -15,17 +12,7 @@ variable "vsphere_network" {}
 variable "vm_name" {}
 variable "vm_guestos" {}
-variable "ssh_password" {
+variable "winrm_password" {}
    sensitive = true
 }
 variable "iso_url" {}
 variable "iso_checksum" {}
 variable "repo_username" {}
-variable "repo_password" {
+variable "repo_password" {}
    sensitive = true
 }
 local "iso_authenticatedurl" {
    expression = "https://${var.repo_username}:${var.repo_password}@${var.iso_url}"
    sensitive  = true
 }
--- a/packer/vsphere.auto.pkrvars.hcl
+++ b/packer/vsphere.auto.pkrvars.hcl
@@ -1,9 +1,8 @@
 vcenter_server         = "bv11-vc.bessems.lan"
 vsphere_username       = "administrator@vsphere.local"
 vsphere_datacenter     = "DeSchakel"
-vsphere_cluster        = "Cluster.01"
+vsphere_host           = "bv11-esx.bessems.lan"
-vsphere_host           = "bv11-esx02.bessems.lan"
+vsphere_datastore      = "Datastore01.SSD"
 vsphere_datastore      = "NAS01.RAID5"
 vsphere_folder         = "/Packer"
 vsphere_templatefolder = "/Templates"
-vsphere_network        = "LAN"
+vsphere_network        = "LAN"
--- a/packer/windows10.pkr.hcl
+++ b/packer/windows10.pkr.hcl
@@ -0,0 +1,133 @@
 packer {
  required_plugins {
    windows-update = {
      version = ">= 0.14.0"
      source  = "github.com/rgl/windows-update"
    }
  }
 }
 source "vsphere-iso" "win10" {
  vcenter_server          = var.vcenter_server
  username                = var.vsphere_username
  password                = var.vsphere_password
  insecure_connection     = "true"
  vm_name                 = "${var.vm_guestos}-${var.vm_name}"
  datacenter              = var.vsphere_datacenter
  host                    = var.vsphere_host
  folder                  = var.vsphere_folder
  datastore               = var.vsphere_datastore
  guest_os_type           = "windows9_64Guest"
  boot_order              = "disk,cdrom"
  boot_command            = [""]
  boot_wait               = "5m"
  communicator            = "winrm"
  winrm_username          = "administrator"
  winrm_password          = var.winrm_password
  winrm_timeout           = "10m"
  CPUs                    = 2
  RAM                     = 8192
  network_adapters {
    network               = var.vsphere_network
    network_card          = "vmxnet3"
  }
  storage {
    disk_size             = 20480
    disk_thin_provisioned = true
  }
  disk_controller_type    = ["lsilogic-sas"]
  usb_controller          = ["xhci"]
  floppy_files            = [
    "packer/preseed/Windows10/Autounattend.xml",
    "packer/preseed/Windows10/Sysprep_Unattend.xml",
    "scripts/Set-NetworkProfile.ps1",
    "scripts/Disable-WinRM.ps1",
    "scripts/Enable-WinRM.ps1",
    "scripts/Install-VMwareTools.cmd"
  ]
  iso_checksum            = "sha256:8D1663B71280533824CF95C7AB48ADAF5A187C38FCFF5B16A569F903688916D0"
  iso_paths               = [
    "ISO-files/VMware-tools-windows-11.3.5-18557794/VMware-tools-windows-11.3.5-18557794.iso"
  ]
  iso_url                 = "https://${var.repo_username}:${var.repo_password}@sn.itch.fyi/Repository/iso/Microsoft/Windows%2010/20H2/en_windows_10_enterprise_20H2_x64.iso"
  shutdown_command        = "C:\\Windows\\System32\\Sysprep\\sysprep.exe /generalize /oobe /unattend:A:\\Sysprep_Unattend.xml"
  shutdown_timeout        = "1h"
  export {
    images                = false
    output_directory      = "/scratch/win10"
  }
  remove_cdrom            = true
 }
 build {
  sources = ["source.vsphere-iso.win10"]
  provisioner "windows-update" {
    filters = [
      "exclude:$_.Title -like '*Preview*'",
      "include:$true"
    ]
  }
  provisioner "powershell" {
    inline = [
      "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12",
      "Invoke-Expression ((New-Object Net.WebClient).DownloadString('https://chocolatey.org/install.ps1'))"
    ]
  }
  provisioner "powershell" {
    inline = [
      "choco config set --name=limit-output --value=LimitOutput",
      "choco install -y 7zip.install",
      "choco install -y sysinternals",
      "choco install -y firefox"
    ]
  }
  provisioner "windows-update" {
    filters = [
      "exclude:$_.Title -like '*Preview*'",
      "include:$true"
    ]
  }
  provisioner "powershell" {
    inline = [
      "New-Item -Path 'C:\\Payload\\Scripts' -ItemType 'Directory' -Force:$True -Confirm:$False"
    ]
  }
  provisioner "file" {
    destination = "C:\\Payload\\"
    source      = "scripts/Windows10/payload/"
  }
  provisioner "powershell" {
    scripts = [
      "scripts/Windows10/Register-ScheduledTask.ps1"
    ]
  }
  post-processor "shell-local" {
    inline = [
      "pwsh -command \"& scripts/Update-OvfConfiguration.ps1 \\",
      " -OVFFile '/scratch/win10/${var.vm_guestos}-${var.vm_name}.ovf' \\",
      " -Parameter @{'appliance.name'='${var.vm_guestos}';'appliance.version'='${var.vm_name}'}\"",
      "pwsh -file scripts/Update-Manifest.ps1 \\",
      " -ManifestFileName '/scratch/win10/${var.vm_guestos}-${var.vm_name}.mf'",
      "ovftool --acceptAllEulas --allowExtraConfig --overwrite \\",
      " '/scratch/win10/${var.vm_guestos}-${var.vm_name}.ovf' \\",
      " /output/Windows10.ova"
    ]
  }
 }
--- a/scripts/Disable-WinRM.ps1
+++ b/scripts/Disable-WinRM.ps1
@@ -0,0 +1,8 @@
 netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block
 netsh advfirewall firewall set rule group="Windows Remote Management" new enable=yes
 $winrmService = Get-Service -Name WinRM
 if ($winrmService.Status -eq "Running"){
    Disable-PSRemoting -Force
 }
 Stop-Service winrm
 Set-Service -Name winrm -StartupType Disabled
--- a/scripts/Enable-WinRM.ps1
+++ b/scripts/Enable-WinRM.ps1
@@ -0,0 +1,18 @@
 $NetworkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID([Guid]"{DCB00C01-570F-4A9B-8D69-199FDBA5723B}"))
 $Connections = $NetworkListManager.GetNetworkConnections()
 $Connections | ForEach-Object { $_.GetNetwork().SetCategory(1) }
 Enable-PSRemoting -Force
 winrm quickconfig -q
 winrm quickconfig -transport:http
 winrm set winrm/config '@{MaxTimeoutms="1800000"}'
 winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="800"}'
 winrm set winrm/config/service '@{AllowUnencrypted="true"}'
 winrm set winrm/config/service/auth '@{Basic="true"}'
 winrm set winrm/config/client/auth '@{Basic="true"}'
 winrm set winrm/config/listener?Address=*+Transport=HTTP '@{Port="5985"}'
 netsh advfirewall firewall set rule group="Windows Remote Administration" new enable=yes
 netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=allow
 netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" profile=public new remoteip=any
 Set-Service winrm -startuptype "auto"
 Restart-Service winrm
--- a/scripts/Install-VMwareTools.cmd
+++ b/scripts/Install-VMwareTools.cmd
@@ -0,0 +1,2 @@
@rem Silent mode, basic UI, no reboot
 e:\setup64 /s /v "/qb REBOOT=R"
--- a/scripts/MVMC/BlockList.xml
+++ b/scripts/MVMC/BlockList.xml
@@ -0,0 +1,73 @@
 <?xml version="1.0"  encoding="utf-8" ?>
 <BlockList>
    <!-- services to disable -->
    <Services>
 		<Name>MVMCP2VAgent</Name>
 		<Name>VMTools</Name>
 		<Name> VMUpgradeHelper </Name>
 		<Name> vmvss </Name>
        <Name>vmdesched</Name>
        <Name>Virtual Server</Name>
        <!-- Virtual Machine Helper -->
        <Name>vmh</Name>
        <!-- Xen-specific service -->
        <Name>xensvc</Name>
    </Services>
    <!-- drivers to disable -->
    <Drivers>
        <Name>vmx_svga</Name>
        <Name>vmmouse</Name>
        <Name>vmscsi</Name>
        <Name>amdpcn</Name>
        <Name>PCnet</Name>
        <Name>VMMEMCTL</Name>
        <Name> pvscsi </Name>
        <Name> vmci </Name>
        <Name> vmmouse </Name>
        <Name> vmaudio </Name>
        <Name> vmrawdsk </Name>
        <Name> vmxnet </Name>
        <Name> vmxnet3ndis6 </Name>
        <Name> vm3dmp </Name>
        <Name> vmdebug </Name>
        <Name> vmxnet3ndis5 </Name>
        <Name>cirrus</Name>
        <!-- storage drivers -->
        <Name>buslogic</Name>
        <Name>symc810</Name>
        <Name>cpqarray</Name>
        <Name>pcntn4m</Name>
        <Name>cpqnf3</Name>
        <Name>MRaidNT</Name>
        <Name>Symc8XX</Name>
        <!-- VIA chipset drivers -->
        <Name>viaide</Name>
        <Name>VIAudio</Name>
        <Name>VIAPFD</Name>
        <Name>viafilter</Name>
        <Name>viaagp</Name>
        <Name>viaagp1</Name>
        <!-- network drivers: Intel(R) PRO/100 -->
        <Name>E100B</Name>
        <!-- tape drivers -->
        <Name>4mmdat</Name>
        <Name>4mmdat-SeSFT</Name>
        <Name>SCSIChanger</Name>
        <!-- Virtual Machine Monitor -->
        <Name>vmm</Name>
        <!-- Xen-specific drivers -->
        <Name>xenevtchn</Name>
        <Name>xenvbd</Name>
        <Name>xennet</Name>
    </Drivers>
    <Programs>
        <Name>ProMON</Name>
        <Name>s3tray2</Name>
        <Name>VMwareTray</Name>
        <Name>VMwareUser</Name>
    </Programs>
 </BlockList>
--- a/scripts/MVMC/Microsoft.Accelerators.Framework.Core.dll
+++ b/scripts/MVMC/Microsoft.Accelerators.Framework.Core.dll
--- a/scripts/MVMC/Microsoft.Accelerators.Framework.dll
+++ b/scripts/MVMC/Microsoft.Accelerators.Framework.dll
--- a/scripts/MVMC/Microsoft.Accelerators.Mvmc.Engine.dll
+++ b/scripts/MVMC/Microsoft.Accelerators.Mvmc.Engine.dll
--- a/scripts/MVMC/Microsoft.Accelerators.Mvmc.ScxSshCommon.dll
+++ b/scripts/MVMC/Microsoft.Accelerators.Mvmc.ScxSshCommon.dll
--- a/scripts/MVMC/Microsoft.Accelerators.Mvmc.ScxSshWrapper_x64.dll
+++ b/scripts/MVMC/Microsoft.Accelerators.Mvmc.ScxSshWrapper_x64.dll
--- a/scripts/MVMC/Microsoft.Accelerators.Mvmc.ScxSshWrapper_x86.dll
+++ b/scripts/MVMC/Microsoft.Accelerators.Mvmc.ScxSshWrapper_x86.dll
--- a/scripts/MVMC/Microsoft.Practices.ServiceLocation.dll
+++ b/scripts/MVMC/Microsoft.Practices.ServiceLocation.dll
--- a/scripts/MVMC/Microsoft.Practices.Unity.dll
+++ b/scripts/MVMC/Microsoft.Practices.Unity.dll
--- a/scripts/MVMC/Microsoft.Samples.WindowsAzure.ServiceManagement.dll
+++ b/scripts/MVMC/Microsoft.Samples.WindowsAzure.ServiceManagement.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.CloudService.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.CloudService.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.ConsoleAppUtils.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.ConsoleAppUtils.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.Service.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.Service.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.ServiceBus.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.ServiceBus.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.ServiceManagement.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.ServiceManagement.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.SqlDatabase.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.SqlDatabase.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.Sync.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.Sync.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.Tools.Vhd.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.Tools.Vhd.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.Websites.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.Websites.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Management.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Management.dll
--- a/scripts/MVMC/Microsoft.WindowsAzure.Storage.dll
+++ b/scripts/MVMC/Microsoft.WindowsAzure.Storage.dll
--- a/scripts/MVMC/MvmcCmdlet.dll
+++ b/scripts/MVMC/MvmcCmdlet.dll
--- a/scripts/MVMC/MvmcCmdlet.psd1
+++ b/scripts/MVMC/MvmcCmdlet.psd1
--- a/scripts/MVMC/Sshlib_x64.dll
+++ b/scripts/MVMC/Sshlib_x64.dll
--- a/scripts/MVMC/Sshlib_x86.dll
+++ b/scripts/MVMC/Sshlib_x86.dll
--- a/scripts/MVMC/System.Reactive.Core.dll
+++ b/scripts/MVMC/System.Reactive.Core.dll
--- a/scripts/MVMC/System.Reactive.Interfaces.dll
+++ b/scripts/MVMC/System.Reactive.Interfaces.dll
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
djpbessems	b4f62b465d	Update packer windows-update plugin All checks were successful continuous-integration/drone/push Build is passing Details	2021-10-25 13:32:57 +02:00
djpbessems	060ac37dc0	Update VMware Tools	2021-10-25 13:12:00 +02:00
`@@ -1 +1 @@`
	`# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/Kubernetes.Bootstrap.Appliance)](https://ci.spamasaurus.com/djpbessems/Packer.Images)`	`# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/Windows10)](https://ci.spamasaurus.com/djpbessems/Packer.Images)`
		`@@ -1,2 +0,0 @@`
			`- name: Install & configure dependencies`
			`import_tasks: dependencies.yml`
		`@@ -0,0 +1,2 @@`
							`@rem Silent mode, basic UI, no reboot`
							`e:\setup64 /s /v "/qb REBOOT=R"`