open-nomad/e2e/terraform/packer/windows
Tim Gross e012c2b5bf
Infrastructure for Windows e2e testing (#6584)
Includes:
* baseline Windows AMI
* initial pass at Terraform configurations
* OpenSSH for Windows

Using OpenSSH is a lot nicer for Nomad developers than winrm would be,
plus it lets us avoid passing around the Windows password in the
clear.

Note that now we're copying up all the provisioning scripts and
configs as a zipped bundle because TF's file provisioner dies in the
middle of pushing up multiple files (whereas `scp -r` works fine).

We're also running all the provisioning scripts inside the userdata by
polling for the zip file to show up (gross!). This is because
`remote-exec` provisioners are failing on Windows with the same symptoms as:

https://github.com/hashicorp/terraform/issues/17728

If we can't fix this, it'll prevent us from having multiple Windows
clients running until TF supports count interpolation in the
`template_file`, which is planned for a later 0.12 release.
2019-11-19 11:06:10 -05:00
..
disable-windows-updates.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
fix-tls.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-consul.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-docker.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-nomad.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-nuget.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-openssh.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-tools.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
install-vault.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
README.md Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
setup-directories.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00
setupwinrm.ps1 Infrastructure for Windows e2e testing (#6584) 2019-11-19 11:06:10 -05:00

Windows Packer Build

There are a few boilerplate items in the Powershell scripts, explained below.

The default TLS protocol in the version of .NET that our Powershell cmdlets are built in it 1.0, which means plenty of properly configured HTTP servers will reject requests. The boilerplate snippet below sets this for the current script:

# Force TLS1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

We need to run some of the scripts as an administrator role. The following is a safety check that we're doing so:

$RunningAsAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
if (!$RunningAsAdmin) {
  Write-Error "Must be executed in Administrator level shell."
  exit 1
}