Last active
April 14, 2024 12:27
-
-
Save bobalob/c6b0db6da7d4bb1c5b9e305f2765989e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Start-Transcript -Path C:\Deploy.Log | |
| Write-Host "Setup WinRM for $RemoteHostName" | |
| $Cert = New-SelfSignedCertificate -DnsName $RemoteHostName, $ComputerName ` | |
| -CertStoreLocation "cert:\LocalMachine\My" ` | |
| -FriendlyName "Test WinRM Cert" | |
| $Cert | Out-String | |
| $Thumbprint = $Cert.Thumbprint | |
| Write-Host "Enable HTTPS in WinRM" | |
| $WinRmHttps = "@{Hostname=`"$RemoteHostName`"; CertificateThumbprint=`"$Thumbprint`"}" | |
| winrm create winrm/config/Listener?Address=*+Transport=HTTPS $WinRmHttps | |
| Write-Host "Set Basic Auth in WinRM" | |
| $WinRmBasic = "@{Basic=`"true`"}" | |
| winrm set winrm/config/service/Auth $WinRmBasic | |
| Write-Host "Open Firewall Port" | |
| netsh advfirewall firewall add rule name="Windows Remote Management (HTTPS-In)" dir=in action=allow protocol=TCP localport=$WinRmPort | |
| Stop-Transcript |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <FirstLogonCommands> | |
| <SynchronousCommand> | |
| <CommandLine>cmd /c "copy C:\AzureData\CustomData.bin C:\Deploy.PS1"</CommandLine | |
| ><Description>CopyScript</Description> | |
| <Order>11</Order> | |
| </SynchronousCommand> | |
| <SynchronousCommand> | |
| <CommandLine>powershell.exe -sta -ExecutionPolicy Unrestricted -file C:\Deploy.PS1</CommandLine | |
| ><Description>RunScript</Description> | |
| <Order>12</Order> | |
| </SynchronousCommand> | |
| </FirstLogonCommands> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| os_profile { | |
| computer_name = "${var.vm_name}" | |
| admin_username = "${var.admin_username}" | |
| admin_password = "${var.admin_password}" | |
| #Include Deploy.PS1 with variables injected as custom_data | |
| custom_data = "${base64encode("Param($RemoteHostName = \"${null_resource.intermediates.triggers.full_vm_dns_name}\", $ComputerName = \"${var.vm_name}\", $WinRmPort = ${var.vm_winrm_port}) ${file("Deploy.PS1")}")}" | |
| } | |
| os_profile_windows_config { | |
| provision_vm_agent = true | |
| enable_automatic_upgrades = true | |
| additional_unattend_config { | |
| pass = "oobeSystem" | |
| component = "Microsoft-Windows-Shell-Setup" | |
| setting_name = "AutoLogon" | |
| content = "<AutoLogon><Password><Value>${var.admin_password}</Value></Password><Enabled>true</Enabled><LogonCount>1</LogonCount><Username>${var.admin_username}</Username></AutoLogon>" | |
| } | |
| #Unattend config is to enable basic auth in WinRM, required for the provisioner stage. | |
| additional_unattend_config { | |
| pass = "oobeSystem" | |
| component = "Microsoft-Windows-Shell-Setup" | |
| setting_name = "FirstLogonCommands" | |
| content = "${file("FirstLogonCommands.xml")}" | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment