Packer.Images/README.md

Packer.Images

This OVA appliance allows deploying an Active Directory Domain Controller fully automated:

The included .ovf file has the following XML contents (simplified for clarity) to facilitate the different DeploymentOptions:

<Envelope [...]>
  [...]
  <DeploymentOptionSection>
    <Info>Deployment Type</Info>
    <Configuration ovf:id="primary">
      <Label>Primary (redundant deployment)</Label>
      <Description>Initial Domain Controller with 'PDC Emulator'-role</Description>
    </Configuration>
    <Configuration ovf:id="secondary">
      <Label>Secondary (redundant deployment)</Label>
      <Description>Additional Domain Controller</Description>
    </Configuration>
    <Configuration ovf:id="standalone">
      <Label>Stand-alone (non-redundant deployment)</Label>
      <Description>Single Domain Controller</Description>
    </Configuration>
  </DeploymentOptionSection>
  <VirtualSystem ovf:id="[...]">
    [...]
    <ProductSection>
      [...]
      <Category>1) Operating System</Category>
      <Property ovf:configuration="primary secondary standalone" ovf:key="guestinfo.hostname" [...]>
        <Label>Hostname*</Label>
      </Property>
      [...]
      <Category>2) Networking</Category>
      <Property ovf:configuration="secondary" ovf:key="guestinfo.dnsserver" [...]>
        <Label>DNS server*</Label>
      </Property>
      [...]
      <Category>3) Active Directory Domain Services</Category>
      <Property ovf:configuration="primary standalone" ovf:key="addsconfig.ntpserver" [...]>
        <Label>NTP Server*</Label>
      [...]
      </Property>
    </ProductSection>
  </VirtualSystem>
</Envelope>

When provisioning the appliance through the vCenter 'Deploy OVF template...' wizard, or through vApp-compatible Infrastructure as code tooling (e.g. HashiCorp Terraform), it is possible to provide all relevant configuration through vApp properties.

vSphere 'Deploy OVF template...' wizard

HashiCorp Terraform vSphere provider

vapp { properties = { # "deployment.typ" = "primary" "guestinfo.hostname" = "DC01" "guestinfo.ipaddress" = "10.0.0.21" "guestinfo.prefixlength" = "24" # "guestinfo.dnsserver" = "0.0.0.0" "guestinfo.gateway" = "10.0.0.1" "addsconfig.domainname" = "contoso.com" "addsconfig.netbiosname" = "CONTOSO" "addsconfig.administratorpw" = var.adds_adminpassword "addsconfig.safemodepw" = var.adds_safemodepassword # "addsconfig.ntpserver" = "0.pool.ntp.org,1.pool.ntp.org,2.pool.ntp.org" "vault.api" = "https://vault.example.org/v1" "vault.token" = "s.R2E1anlOcTZrTmZSTVZRazJM" "vault.pwpolicy" = "complex" "vault.secret" = "contoso-project42" # "dhcpconfig.startip" = "10.0.0.50" # "dhcpconfig.endip" = "10.0.0.250" # "dhcpconfig.subnetmask" = "255.255.255.0" # "dhcpconfig.gateway" = "10.0.0.1" # "dhcpconfig.leaseduration" = "01:00:00.00" } }

On first boot, the appliance will start configuring itself without any further user-input, by performing the following steps:

• Change hostname
• Configure network
• Set password for local administrator
• Promote to Domain Controller
• Iterate through all payload scripts:
  • Create Active Directory Organizational Units
  • Create Active Directory security groups
  • Create Active Directory user accounts
  • Set up Delegation of Control
  • Configure Active Directory Group Policy Objects with Windows Firewall settings
  • Configure DHCP (scopes, options and Failover relationship)
  • Create DNS records
  • Define Active Directory Group Policy WMI Filters
  • Define and link Active Directory Group Policy Objects and Preferences
  • Set Active Directory Default domain Password policy