Show More
| @@ -59,7 +59,7 b" DEBIAN_ACCOUNT_ID_2 = '136693071363'" | |||||
| 59 | UBUNTU_ACCOUNT_ID = '099720109477' |
|
59 | UBUNTU_ACCOUNT_ID = '099720109477' | |
| 60 |
|
60 | |||
| 61 |
|
61 | |||
| 62 |
WINDOWS_BASE_IMAGE_NAME = 'Windows_Server-20 |
|
62 | WINDOWS_BASE_IMAGE_NAME = 'Windows_Server-2022-English-Full-Base-*' | |
| 63 |
|
63 | |||
| 64 |
|
64 | |||
| 65 | KEY_PAIRS = { |
|
65 | KEY_PAIRS = { | |
| @@ -174,6 +174,23 b" WINDOWS_USER_DATA = r'''" | |||||
| 174 | net user Administrator "%s" |
|
174 | net user Administrator "%s" | |
| 175 | wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE |
|
175 | wmic useraccount where "name='Administrator'" set PasswordExpires=FALSE | |
| 176 |
|
176 | |||
|
|
177 | # And set it via EC2Launch so it persists across reboots. | |||
|
|
178 | $config = & $env:ProgramFiles\Amazon\EC2Launch\EC2Launch.exe get-agent-config --format json | ConvertFrom-Json | |||
|
|
179 | $config | ConvertTo-Json -Depth 6 | Out-File -encoding UTF8 $env:ProgramData/Amazon/EC2Launch/config/agent-config.yml | |||
|
|
180 | $setAdminAccount = @" | |||
|
|
181 | { | |||
|
|
182 | "task": "setAdminAccount", | |||
|
|
183 | "inputs": { | |||
|
|
184 | "password": { | |||
|
|
185 | "type": "static", | |||
|
|
186 | "data": "%s" | |||
|
|
187 | } | |||
|
|
188 | } | |||
|
|
189 | } | |||
|
|
190 | "@ | |||
|
|
191 | $config.config | %%{if($_.stage -eq 'preReady'){$_.tasks += (ConvertFrom-Json -InputObject $setAdminAccount)}} | |||
|
|
192 | $config | ConvertTo-Json -Depth 6 | Out-File -encoding UTF8 $env:ProgramData/Amazon/EC2Launch/config/agent-config.yml | |||
|
|
193 | ||||
| 177 | # First, make sure WinRM can't be connected to |
|
194 | # First, make sure WinRM can't be connected to | |
| 178 | netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block |
|
195 | netsh advfirewall firewall set rule name="Windows Remote Management (HTTP-In)" new enable=yes action=block | |
| 179 |
|
196 | |||
| @@ -752,7 +769,7 b' def create_temp_windows_ec2_instances(' | |||||
| 752 | ) |
|
769 | ) | |
| 753 |
|
770 | |||
| 754 | if bootstrap: |
|
771 | if bootstrap: | |
| 755 | config['UserData'] = WINDOWS_USER_DATA % password |
|
772 | config['UserData'] = WINDOWS_USER_DATA % (password, password) | |
| 756 |
|
773 | |||
| 757 | with temporary_ec2_instances(c.ec2resource, config) as instances: |
|
774 | with temporary_ec2_instances(c.ec2resource, config) as instances: | |
| 758 | wait_for_ip_addresses(instances) |
|
775 | wait_for_ip_addresses(instances) | |
| @@ -1173,28 +1190,16 b' def ensure_windows_dev_ami(' | |||||
| 1173 | with INSTALL_WINDOWS_DEPENDENCIES.open('r', encoding='utf-8') as fh: |
|
1190 | with INSTALL_WINDOWS_DEPENDENCIES.open('r', encoding='utf-8') as fh: | |
| 1174 | commands.extend(l.rstrip() for l in fh) |
|
1191 | commands.extend(l.rstrip() for l in fh) | |
| 1175 |
|
1192 | |||
| 1176 | # Schedule run of EC2Launch on next boot. This ensures that UserData |
|
|||
| 1177 | # is executed. |
|
|||
| 1178 | # We disable setComputerName because it forces a reboot. |
|
|||
| 1179 | # We set an explicit admin password because this causes UserData to run |
|
|||
| 1180 | # as Administrator instead of System. |
|
|||
| 1181 | commands.extend( |
|
|||
| 1182 | [ |
|
|||
| 1183 | r'''Set-Content -Path C:\ProgramData\Amazon\EC2-Windows\Launch\Config\LaunchConfig.json ''' |
|
|||
| 1184 | r'''-Value '{"setComputerName": false, "setWallpaper": true, "addDnsSuffixList": true, ''' |
|
|||
| 1185 | r'''"extendBootVolumeSize": true, "handleUserData": true, ''' |
|
|||
| 1186 | r'''"adminPasswordType": "Specify", "adminPassword": "%s"}' ''' |
|
|||
| 1187 | % c.automation.default_password(), |
|
|||
| 1188 | r'C:\ProgramData\Amazon\EC2-Windows\Launch\Scripts\InitializeInstance.ps1 ' |
|
|||
| 1189 | r'–Schedule', |
|
|||
| 1190 | ] |
|
|||
| 1191 | ) |
|
|||
| 1192 |
|
||||
| 1193 | # Disable Windows Defender when bootstrapping because it just slows |
|
1193 | # Disable Windows Defender when bootstrapping because it just slows | |
| 1194 | # things down. |
|
1194 | # things down. | |
| 1195 | commands.insert(0, 'Set-MpPreference -DisableRealtimeMonitoring $true') |
|
1195 | commands.insert(0, 'Set-MpPreference -DisableRealtimeMonitoring $true') | |
| 1196 | commands.append('Set-MpPreference -DisableRealtimeMonitoring $false') |
|
1196 | commands.append('Set-MpPreference -DisableRealtimeMonitoring $false') | |
| 1197 |
|
1197 | |||
|
|
1198 | # Trigger shutdown to prepare for imaging. | |||
|
|
1199 | commands.append( | |||
|
|
1200 | 'Stop-Computer -ComputerName localhost', | |||
|
|
1201 | ) | |||
|
|
1202 | ||||
| 1198 | # Compute a deterministic fingerprint to determine whether image needs |
|
1203 | # Compute a deterministic fingerprint to determine whether image needs | |
| 1199 | # to be regenerated. |
|
1204 | # to be regenerated. | |
| 1200 | fingerprint = resolve_fingerprint( |
|
1205 | fingerprint = resolve_fingerprint( | |
General Comments 0
You need to be logged in to leave comments.
Login now