building windows images with packer

Building Windows Images with PackerMatt Wrock (@mwrockx)

Matt Wrock (@mwrockx)

Anatomy of a packer run

Create a VM or cloud instance

builderMaking it your own

provisioner

Package

post_processor

ChefShell scriptPuppetAnsible

VirtualBoxAWSAzureVMWare vSphere

VagrantAtlas


What you need

▪ VirtualBox

▪ Packer

▪ Windows ISO


The packer template (builder) "builders": [ { "type": "virtualbox-iso", "vboxmanage": [ [ "modifyvm", "{{.Name}}", "--natpf1", "guest_winrm,tcp,,55985,,5985" ], [ "modifyvm", "{{.Name}}", "--memory", "2048" ], [ "modifyvm", "{{.Name}}", "--vram", "48" ], [ "modifyvm", "{{.Name}}", "--cpus", "2" ] ], "guest_additions_mode": "{{ user `guest_additions_mode` }}", "guest_additions_path": "C:/users/vagrant/VBoxGuestAdditions.iso", "guest_os_type": "Windows2012_64", "headless": "{{ user `headless` }}", "iso_url": "{{ user `iso_url` }}", "iso_checksum": "{{ user `iso_checksum` }}", "iso_checksum_type": "sha1", "communicator": "winrm", "winrm_username": "vagrant", "winrm_password": "vagrant", "winrm_timeout": "8h", "shutdown_command": "a:/PackerShutdown.bat", "shutdown_timeout": "15m", "floppy_files": [ "answer_files/2012_r2{{user `core`}}/Autounattend.xml", "scripts/oracle.cer", "scripts/postunattend.xml", "scripts/PackerShutdown.bat", "scripts/SimpleStartup.ps1" ] },

• Defines vm properties• States what code to put on the vm• Transport properties


Dynamic values "builders": [ { "type": "virtualbox-iso", "guest_additions_mode": "{{ user `guest_additions_mode` }}", "guest_additions_path": "C:/users/vagrant/VBoxGuestAdditions.iso", "guest_os_type": "Windows2012_64", "headless": "{{ user `headless` }}", "iso_url": "{{ user `iso_url` }}", "iso_checksum": "{{ user `iso_checksum` }}" }], "variables": { "guest_additions_mode": "upload", "headless": "false", "iso_checksum": "849734f37346385dac2c101e4aacba4626bb141c", "iso_url": "http://care.dlservice.microsoft.com/dl/download/6/2/A/62A76ABB-9990-4EFC-A4FE-C7D698DAEB96/9600.17050.WINBLUE_REFRESH.140317-1640_X64FRE_SERVER_EVAL_EN-US-IR3_SSS_X64FREE_EN-US_DV9.ISO" }


Starting the build

packer build -force -headless=true -only virtualbox-iso .\vbox-2012r2.json


In the beginning there was AutoUnttend.xml <UserData> <ProductKey> <Key>6XBNX-4JQGW-QX6QG-74P76-72V67</Key> <WillShowUI>OnError</WillShowUI> </ProductKey> <AcceptEula>true</AcceptEula> <FullName>Vagrant</FullName> <Organization>Vagrant</Organization></UserData>

<FirstLogonCommands> <SynchronousCommand wcm:action="add"> <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\SimpleStartup.ps1</CommandLine> <Order>1</Order> </SynchronousCommand></FirstLogonCommands>

<InstallFrom> <MetaData wcm:action="add"> <Key>/IMAGE/NAME </Key> <Value>Windows Server 2012 R2 SERVERSTANDARD</Value> </MetaData></InstallFrom>


It’s all fun and games until you enable winrm

start-transcript -path $env:temp\transcript.txt -noclobber

winrm set winrm/config/service/auth '@{Basic="true"}'winrm set winrm/config/service '@{AllowUnencrypted="true"}'

SimpleStartup.ps1

AllowUnencrypted is strongly discouraged in production images.


Provisioning"provisioners": [ { "type": "powershell", "script": "scripts/provision.ps1", "elevated_user": “vagrant", "elevated_password": "vagrant" }],


Provisioning – provision.ps1Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Force

Write-Host "Enabling file sharing firewale rules"netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes

iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))


Remember to clear empty bits on diskWrite-Host "0ing out empty space..."$FilePath="c:\zero.tmp"$Volume = Get-WmiObject win32_logicaldisk -filter "DeviceID='C:'"$ArraySize= 64kb$SpaceToLeave= $Volume.Size * 0.05$FileSize= $Volume.FreeSpace - $SpacetoLeave$ZeroArray= new-object byte[]($ArraySize) $Stream= [io.File]::OpenWrite($FilePath)try { $CurFileSize = 0 while($CurFileSize -lt $FileSize) { $Stream.Write($ZeroArray,0, $ZeroArray.Length) $CurFileSize +=$ZeroArray.Length }}finally { if($Stream) { $Stream.Close() }} Del $FilePath


Ending with sysprep

C:/windows/system32/sysprep/sysprep.exe /generalize /oobe /unattend:C:/Windows/Panther/Unattend/unattend.xml /quiet /shutdown

• Provisioner.ps1 copies another autounattend.xml to c:\windows\panther\unattend• Packer template shutdown_command:


Post processing: package as a vagrant box "post-processors": [ [{ "type": "vagrant", "keep_input_artifact": true, "output": "windows2012r2min-{{.Provider}}.box", "vagrantfile_template": "vagrantfile-windows.template" },

Supplying an embedded Vagrantfile:

# -*- mode: ruby -*-# vi: set ft=ruby :

Vagrant.configure(2) do |config| config.vm.guest = :windows config.vm.communicator = "winrm"

config.vm.provider "virtualbox" do |vb| vb.gui = true vb.memory = "1024" end

config.vm.provider 'hyperv' do |hv| hv.ip_address_timeout = 240 endend


Tips and Gotchas▪ Don’t install windows updates when trying to troubleshoot

▪ Do as much as you can in the provisioner and not in the boot/build phase or unattend.xml

▪ Get *FREE* evaluation ISOs from Technet Eval Center (via url) - https://www.microsoft.com/en-us/evalcenter

▪ Organize templates, scripts and unattend files in source control

▪ VirtualBox guest additions uploads is buggy. Don’t use it if you don’t need it or download the iso from your own source.

▪ The VirtualBox builder may fail at the very end and all artifacts are deleted. Running headless reduces the likelihood of this.

https://www.microsoft.com/en-us/evalcenter


Other Resources▪ Pretty good docs at http://packer.io

▪ Nice basic template examples and starting points at https://github.com/boxcutter/windows

▪ My repo with scripts for running updates and minimizing size: https://github.com/mwrock/packer-templates

▪ Windows packer template generator: https://github.com/joefitzgerald/inductor

▪ Step by step blog post: http://www.hurryupandwait.io/blog/creating-windows-base-images-for-virtualbox-and-hyper-v-using-packer-boxstarter-and-vagrant

▪ http://www.hurryupanwait.io/ - posts on Creating Vagrant boxes, converting VirtualBox vagrant boxes to Hyper-V, creating packer templates for Windows Nano

http://packer.io/

https://github.com/boxcutter/windows

https://github.com/mwrock/packer-templates

https://github.com/joefitzgerald/inductor

http://www.hurryupandwait.io/blog/creating-windows-base-images-for-virtualbox-and-hyper-v-using-packer-boxstarter-and-vagrant

http://www.hurryupandwait.io/blog/creating-windows-base-images-for-virtualbox-and-hyper-v-using-packer-boxstarter-and-vagrant

http://www.hurryupanwait.com/

building windows images with packer

Technology