e012c2b5bf
Includes: * baseline Windows AMI * initial pass at Terraform configurations * OpenSSH for Windows Using OpenSSH is a lot nicer for Nomad developers than winrm would be, plus it lets us avoid passing around the Windows password in the clear. Note that now we're copying up all the provisioning scripts and configs as a zipped bundle because TF's file provisioner dies in the middle of pushing up multiple files (whereas `scp -r` works fine). We're also running all the provisioning scripts inside the userdata by polling for the zip file to show up (gross!). This is because `remote-exec` provisioners are failing on Windows with the same symptoms as: https://github.com/hashicorp/terraform/issues/17728 If we can't fix this, it'll prevent us from having multiple Windows clients running until TF supports count interpolation in the `template_file`, which is planned for a later 0.12 release. |
||
---|---|---|
.. | ||
disable-windows-updates.ps1 | ||
fix-tls.ps1 | ||
install-consul.ps1 | ||
install-docker.ps1 | ||
install-nomad.ps1 | ||
install-nuget.ps1 | ||
install-openssh.ps1 | ||
install-tools.ps1 | ||
install-vault.ps1 | ||
README.md | ||
setup-directories.ps1 | ||
setupwinrm.ps1 |
Windows Packer Build
There are a few boilerplate items in the Powershell scripts, explained below.
The default TLS protocol in the version of .NET that our Powershell cmdlets are built in it 1.0, which means plenty of properly configured HTTP servers will reject requests. The boilerplate snippet below sets this for the current script:
# Force TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
We need to run some of the scripts as an administrator role. The following is a safety check that we're doing so:
$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
if (!$RunningAsAdmin) {
Write-Error "Must be executed in Administrator level shell."
exit 1
}