diff --git a/examples/azure/windows/README.md b/examples/azure/windows/README.md new file mode 100644 index 0000000..d70b175 --- /dev/null +++ b/examples/azure/windows/README.md @@ -0,0 +1,26 @@ +# Azure + +This example shows how to build a Windows Server 2019 image in Azure. It uses +the [Azure RM Builder](https://www.packer.io/docs/builders/azure.html) to create a VM, install Windows, run a PowerShell +script to configure the VM, and then run cnspec packer plugin to assess the security. + +1. Install [Packer](https://www.packer.io/downloads.html) + and [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) + +```shell +az login +``` + +Update the variables.pkrvars.hcl file with your Azure subscription ID and tenant ID. + +2. Install all the required plugins + +```shell +packer init windows.pkr.hcl +``` + +3. Build the image + +```shell +packer build -var-file=variables.hcl windows.pkr.hcl +``` diff --git a/examples/azure/windows/variables.pkrvars.hcl b/examples/azure/windows/variables.pkrvars.hcl new file mode 100644 index 0000000..8ff7ce3 --- /dev/null +++ b/examples/azure/windows/variables.pkrvars.hcl @@ -0,0 +1,11 @@ +# Copyright (c) Mondoo, Inc. +# SPDX-License-Identifier: BUSL-1.1 + + +tenantId = "00000000-0000-0000-0000-000000000000" +subscriptionId = "00000000-0000-0000-0000-000000000000" +resourceGroup = "myResourceGroup" +location = "westus2" + +imageName = "myImage" +imageVersion = "1.6.0" \ No newline at end of file diff --git a/examples/azure/windows/windows.pkr.hcl b/examples/azure/windows/windows.pkr.hcl new file mode 100644 index 0000000..4a75465 --- /dev/null +++ b/examples/azure/windows/windows.pkr.hcl @@ -0,0 +1,112 @@ +# Copyright (c) Mondoo, Inc. +# SPDX-License-Identifier: BUSL-1.1 + +packer { + required_plugins { + azure = { + source = "github.com/hashicorp/azure" + version = ">= 2" + } + cnspec = { + version = ">= 10.0.0" + source = "github.com/mondoohq/cnspec" + } + } +} + +locals { + random = uuidv4() + date = timestamp() +} + +variable "tenantId" { + type = string + description = "The Azure tenant ID" +} + +variable "subscriptionId" { + type = string + description = "The Azure subscription ID" +} + +variable "location" { + type = string + description = "The Azure region to deploy to" +} + +variable "resourceGroup" { + type = string + description = "The Azure resource group to deploy to" +} + +variable "galleryName" { + type = string + description = "The Azure Shared Image Gallery name" +} + +variable "imageName" { + type = string + description = "The Azure Shared Image Gallery image name" +} + +variable "imageVersion" { + type = string + description = "The Azure Shared Image Gallery image version" +} + +source "azure-arm" "windows" { + use_azure_cli_auth = true + + os_type = "Windows" + image_publisher = "MicrosoftWindowsServer" + image_offer = "WindowsServer" + image_sku = "2019-Datacenter" + + azure_tags = { + packer = "true", + build-id = "${local.random}" + } + + managed_image_name = "${var.imageName}-${var.imageVersion}" + managed_image_resource_group_name = var.resourceGroup + + location = var.location + vm_size = "Standard_B4ms" + + communicator = "winrm" + winrm_use_ssl = "true" + winrm_insecure = "true" + winrm_timeout = "50m" + winrm_username = "packer" +} + +build { + + sources = ["sources.azure-arm.windows"] + + provisioner "cnspec" { + asset_name = "${var.imageName}-${var.imageVersion}" + # score_threshold = 80 + on_failure = "continue" + debug = false + annotations = { + os-type = "WindowsServer" + os-version = "2019-Datacenter" + image-version = "${var.imageVersion}" + build-time = "${local.date}" + build-id = "${local.random}" + } + } + + provisioner "powershell" { + inline = [ + "# If Guest Agent services are installed, make sure that they have started.", + "foreach ($service in Get-Service -Name RdAgent, WindowsAzureTelemetryService, WindowsAzureGuestAgent -ErrorAction SilentlyContinue) { while ((Get-Service $service.Name).Status -ne 'Running') { Start-Sleep -s 5 } }", + + "& $env:SystemRoot\\System32\\Sysprep\\Sysprep.exe /oobe /generalize /quiet /quit /mode:vm", + "while($true) { $imageState = Get-ItemProperty HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Setup\\State | Select ImageState; if($imageState.ImageState -ne 'IMAGE_STATE_GENERALIZE_RESEAL_TO_OOBE') { Write-Output $imageState.ImageState; Start-Sleep -s 10 } else { break } }" + ] + } + + +}