Merge pull request StefanScherer#1 from StefanScherer/my

Sync fork

.gitignore

@@ -13,6 +13,7 @@
 *~
 /output/
 *.webm
-tmp/
+tmp
 /issues/
 *.iso
+path-to.vmx

AZURE.md

@@ -0,0 +1,142 @@
+# Packer + Azure
+
+Steps from the blog post http://blog.geuer-pollmann.de/blog/2016/09/21/azure-germany-loves-packer/
+
+## Security Setup
+
+### UsingPowerShell
+
+Read https://david-obrien.net/2016/06/use-packer-with-azurerm/
+
+### Using Azure CLI
+
+Read https://www.packer.io/docs/builders/azure-setup.html
+
+First, you create an app in Azure Active Directory:
+
+```
+azure ad app create --json \
+  --name "Service Principal Packer" \
+  --home-page "https://packer.io" \
+  --identifier-uris "https://packer.io" \
+  --key-type Password \
+  --password SuperLongPassword123.-
+```
+
+The output of this command shows you the application ID **appId**:
+
+In the next step, we promote our app to be a "service principal", and we list
+the service principals we have:
+
+```
+azure ad sp create --json -vv --applicationId 1326f47c-eaea-42aa-8aa8-ff99fbaf3da9
+```
+
+You will get the **appId** and the **objectId**.
+
+Now lookup you Azure Active Directory TenantID with
+
+```
+azure account show --json | jq '.[].tenantId'
+```
+
+Now lookup your Azure Subscription ID with
+
+```
+azure account show --json | jq '.[].id'
+```
+
+As a last step of the security setup, you can assign your service principal ‘Contributor’ rights to your subscription (replace $spObjectId and $subscriptionId with proper values):
+
+```
+azure role assignment create \
+  --objectId $spObjectId \
+  --roleName Contributor \
+  --scope "/subscriptions/$subscriptionId"
+```
+
+## Pick a location
+
+```
+azure location list
+```
+
+## Pick a VM
+
+First list the publishers, but normally we choose `MicrosoftWindowsServer` as publisher.
+
+```
+azure vm image list-publishers westeurope
+```
+
+Now list the images available for that publisher
+
+```
+azure vm image list -l westeurope MicrosoftWindowsServer
+```
+
+The interesting ones might be
+
+```
+data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter                  Windows  2016.0.20161010  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter:2016.0.20161010                
+data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter                  Windows  2016.0.20161108  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter:2016.0.20161108                
+data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter                  Windows  2016.0.20161213  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter:2016.0.20161213                
+data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter-with-Containers  Windows  2016.0.20161012  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161012
+data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter-with-Containers  Windows  2016.0.20161025  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161025
+data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter-with-Containers  Windows  2016.0.20161108  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161108
+data:    MicrosoftWindowsServer  WindowsServer      2016-Datacenter-with-Containers  Windows  2016.0.20161213  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Datacenter-with-Containers:2016.0.20161213
+data:    MicrosoftWindowsServer  WindowsServer      2016-Nano-Server                 Windows  2016.0.20161012  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Nano-Server:2016.0.20161012               
+data:    MicrosoftWindowsServer  WindowsServer      2016-Nano-Server                 Windows  2016.0.20161109  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Nano-Server:2016.0.20161109               
+data:    MicrosoftWindowsServer  WindowsServer      2016-Nano-Server                 Windows  2016.0.20170113  westeurope  MicrosoftWindowsServer:WindowsServer:2016-Nano-Server:2016.0.20170113               
+```
+
+
+**TODO** Describe how to create the resource group and storage account needed by packer build. I've used an existing resource group and storage account.
+
+## Create Resource Group
+
+```
+azure group create myaccount westeurope
+```
+
+## Create a storage account
+
+```
+azure storage account create --sku-name LRS --location westeurope --kind BlobStorage --access-tier Cool --resource-group myaccount myaccount
+```
+
+## Store secrets in pass
+
+I use `pass` for my secrets.
+
+```
+export PACKER_AZURE_AD_TENANT_ID=xxx
+export PACKER_AZURE_SUBSCRIPTION_ID=xxx
+export PACKER_AZURE_OBJECT_ID=xxx
+export PACKER_AZURE_APP_ID=xxx
+export PACKER_AZURE_CLIENT_SECRET='xxx'
+export PACKER_AZURE_RESOURCE_GROUP=myaccount
+export PACKER_AZURE_STORAGE_ACCOUNT=myaccount
+```
+
+## Build
+
+Load your secrets and run the packer build
+
+```
+eval $(pass packer-azure)
+packer build windows_2016_docker_azure.json
+```
+
+## Copy vhd
+
+### Create a public container
+
+Create a public container, eg. `vhds`
+
+### Copy blob
+
+```
+azure storage blob copy start https://myaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/WindowsServer2016Docker-osDisk.vhd vhds
+azure storage blob copy start https://myaccount.blob.core.windows.net/system/Microsoft.Compute/Images/images/WindowsServer2016Docker-osDisk.vhd --dest-container vhds --dest-blob WindowsServer2016Docker.20170122-osDisk.vhd
+```

README-shutdown_command.md

@@ -12,4 +12,19 @@ Replace it with
    "shutdown_command": "c:/windows/system32/sysprep/sysprep.exe /generalize /oobe /quiet /shutdown /unattend:a:/unattend.xml",
 ```
 
-and on the first `vagrant up` the box will boot with an out-of-box-experience (OOBE)
+Also make sure to add the `./scripts/unattend.xml` file to the `floppy_files`.
+
+On the first `vagrant up` the box will boot with an out-of-box-experience (OOBE)
+
+## Windows Server 2016
+
+On newer systems like Windows 10 and Windows Server 2016 this shutdown_command is not enough.
+We also have to stop the "tiledatamodelsvc" service to make sysprep work. So we use a small cmd script.
+
+```json
+   "shutdown_command": "a:/sysprep.bat"
+```
+
+Also make sure to add the files `./scripts/unattend.xml` and `./scripts/sysprep.bat` to the `floppy_files`.
+
+On the first `vagrant up` the box will boot with an out-of-box-experience (OOBE)

README.md

@@ -1,4 +1,5 @@
 # My Retina Windows Templates for Packer
+[![Build status](https://ci.appveyor.com/api/projects/status/76pea1oexae5ca05?svg=true)](https://ci.appveyor.com/project/StefanScherer/packer-windows)
 
 ### Introduction
 
@@ -14,7 +15,7 @@ Some of my enhancements are:
 
 ### Packer Version
 
-[Packer](https://github.com/mitchellh/packer/blob/master/CHANGELOG.md) `0.10.0` or greater is required.
+[Packer](https://github.com/mitchellh/packer/blob/master/CHANGELOG.md) `0.12.2` or greater is required.
 
 ### Windows Versions
 
@@ -91,17 +92,7 @@ Doing so will give you hours back in your day, which is a good thing.
 These boxes use WinRM. There is no OpenSSH installed.
 
 ### Hyper-V Support
-If you are running Windows 10, then you can also use these packerfiles to build a Hyper-V virtual machine:
-
-This requires @taliesens [fork of Packer](https://github.com/mitchellh/packer/pull/2576) with Hyper-V support. The linked PR also has binaries available ex: https://dl.bintray.com/taliesins/Packer/Packer.1.0.0.104-HyperV.nupkg
-
-Then run Packer:
-```
-packer build -var 'hyperv_switchname=Wifi' .\windows_2016.json
-```
-Be sure to set hyperv_switchname to an external Hyper-V switch.
-
-I have the ISO already downloaded to save time, and only have Hyper-V installed on my laptop, so I run:
+If you are running Windows 10, then you can also use these packerfiles to build a Hyper-V virtual machine. I have the ISO already downloaded to save time, and only have Hyper-V installed on my laptop, so I run:
 ```
 packer build --only hyperv-iso -var 'hyperv_switchname=Ethernet' -var 'iso_url=./server2016.iso' .\windows_2016_docker.json
 ```

answer_files/10/Autounattend.xml

@@ -84,6 +84,12 @@
         </component>
     </settings>
     <settings pass="oobeSystem">
+        <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <InputLocale>en-US</InputLocale>
+            <SystemLocale>en-US</SystemLocale>
+            <UILanguage>en-US</UILanguage>
+            <UserLocale>en-US</UserLocale>
+        </component>
         <component xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
             <UserAccounts>
                 <AdministratorPassword>
@@ -183,6 +189,16 @@
                     <Order>12</Order>
                     <Description>Disable password expiration for vagrant user</Description>
                 </SynchronousCommand>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>%SystemRoot%\System32\reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v DefaultPassword /t REG_SZ /d "vagrant" /f</CommandLine>
+                    <Order>13</Order>
+                    <Description>Enable AutoLogon</Description>
+                </SynchronousCommand>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>%SystemRoot%\System32\reg.exe ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v AutoAdminLogon /t REG_SZ /d 1 /f</CommandLine>
+                    <Order>14</Order>
+                    <Description>Enable AutoLogon</Description>
+                </SynchronousCommand>
                 <!-- WITHOUT WINDOWS UPDATES -->
                 <!--
                 <SynchronousCommand wcm:action="add">
@@ -198,6 +214,12 @@
                     <Order>98</Order>
                     <Description>Enable Microsoft Updates</Description>
                 </SynchronousCommand>
+                <SynchronousCommand wcm:action="add">
+                    <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\disable-screensaver.ps1</CommandLine>
+                    <Description>Disable Screensaver</Description>
+                    <Order>99</Order>
+                    <RequiresUserInput>true</RequiresUserInput>
+                </SynchronousCommand>
                 <SynchronousCommand wcm:action="add">
                     <CommandLine>cmd.exe /c C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -File a:\win-updates.ps1</CommandLine>
                     <Description>Install Windows Updates</Description>