# Packer.Images [![Build Status](https://ci.spamasaurus.com/api/badges/djpbessems/Packer.Images/status.svg?ref=refs/heads/ADCS)](https://ci.spamasaurus.com/djpbessems/Packer.Images)

This OVA appliance allows deploying an Active Directory Certificate Authority fully automated:  

The included `.ovf` file has the following XML contents (simplified for clarity) to facilitate the different `DeploymentOption`s:  
```xml
<Envelope [...]>
  [...]
  <DeploymentOptionSection>
    <Info>Deployment Type</Info>
    <Configuration ovf:id="standalone-root">
      <Label>Root Certificate Authority</Label>
      <Description>Root CA with self-signed certificate; should be kept turned off</Description>
    </Configuration>
    <Configuration ovf:id="enterprise-intermediate">
      <Label>Subordinate enterprise Certificate Authority</Label>
      <Description>Subordinate CA on domain-member server; kept online to service certificate requests/enrollment and host CRL</Description>
    </Configuration>
    <Configuration ovf:id="standalone-intermediate">
      <Label>Subordinate standalone Certificate Authority</Label>
      <Description>Subordinate CA on standalone server; kept online to service certificate requests and host CRL</Description>
    </Configuration>
  </DeploymentOptionSection>
  <VirtualSystem ovf:id="[...]">
    [...]
    <ProductSection>
      [...]
      <Category>1) Operating System</Category>
      <Property ovf:configuration="standalone-root enterprise-intermediate standalone-intermediate" ovf:key="guestinfo.hostname" [...]>
        <Label>Hostname*</Label>
      </Property>
      [...]
      <Category>3) Active Directory Certificate Services</Category>
      <Property ovf:configuration="secondary" ovf:key="adcsconfig.foo" [...]>
        <Label>Foo*</Label>
      </Property>
      [...]
      </Property>
    </ProductSection>
  </VirtualSystem>
</Envelope>
```

When **provisioning** the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible *Infrastructure as code* tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.  

<table>
<tr>
<td><em>vSphere 'Deploy OVF template...' wizard</em></td> <td> <a href="https://registry.terraform.io/providers/hashicorp/vsphere/latest/docs/resources/virtual_machine#deploying-vm-from-an-ovfova-template">HashiCorp Terraform vSphere provider</a> </td>
</tr>
<tr>
<td><img src=".assets/vAppConfigurations-ADCS-example.png" alt="vApp properties" width="400" /><br/><img src=".assets/vAppProperties-ADCS-example.png" alt="vApp properties" width="400" /></td>
<td>

```hcl
  vapp {
    properties = {
      # "deployment.type"            = "standalone-root"
      
      "guestinfo.hostname"         = "CA01"
      "guestinfo.ipaddress"        = "10.0.0.42"
      "guestinfo.prefixlength"     = "24"
      "guestinfo.dnsserver"        = "10.0.0.21"
      "guestinfo.gateway"          = "10.0.0.1"

      "adcsconfig.foo"             = "..."
      "adcsconfig.bar"             = "..."
    }
  }
```

</td>
</tr>
</table>

On first boot, the appliance will start **configuring** itself without any further user-input, by performing the following steps:  
- *WIP*