Fixes #36495 - Extend Windows templates for Puppet and Ansible

Co-authored-by: Fabrice Brimioulle <[email protected]>

app/views/unattended/provisioning_templates/finish/windows_default_finish.erb

@@ -22,7 +22,7 @@ description: |
   - computerOU: OU=Computers,CN=domain,CN=com # Place the computer account in specified Organizational Unit
   - computerDomain: domain.com # domain to join
   - machinePassword: used for unsecure domain join. needs precrated computer object (New-ADComputer)
-  - foremanDebug: false
+  - foremanDebug: true
   - skip-puppet-setup: boolean (default=false)
 
   Information about unsecure domain join
@@ -33,6 +33,7 @@ description: |
   puppet_enabled = !host_param_true?('skip-puppet-setup') && (host_puppet_server.present? || host_param_true?('force-puppet'))
   salt_enabled = host_param('salt_master') ? true : false
   chef_enabled = @host.respond_to?(:chef_proxy) && @host.chef_proxy
+  network_location = host_param('networklocation') ? host_param('networklocation') : 'private'
 %>
 
 @echo off
@@ -44,11 +45,9 @@ description: |
 <% if @host.pxe_build? %>
   set ctr=0
   set nettimeout=10
+<% end -%>
 
-  (echo Updating time)
-  (sc config w32time start= auto)
-  sc start w32time
-  ::ipconfig /renew
+  <%= snippet 'Windows network' %>
 
   <% if host_param('ntpServer') %>
     echo setting time server
@@ -71,38 +70,53 @@ description: |
     <% end %>
   <% end %>
 
+  powershell /c "powercfg /setactive 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c"
+
   <% if host_param('localAdminAccountDisabled') %>
     echo Disabling %tempAdminUser%
     net user %tempAdminUser% %tempAdminUser% /active:no
   <% end %>
 
-  <% if host_param('ansible_port') == 5985 or host_param('ansible_winrm_scheme') == 'http' %>
-    cmd /c winrm set winrm/config/service @{AllowUnencrypted="true"}
+  <% if host_param('http-proxy').present? -%>
+    cmd /C "netsh winhttp set proxy <%= host_param('http-proxy') %>:<%= host_param('http-proxy-port') %>"
   <% end %>
 
-  <% if host_param('ansible_winrm_transport') == 'basic' %>
+  <% if host_param('ansible_user').present? and !host_param('computerDomain') %>
+    powershell /c "set-localuser -name <%= host_param('ansible_user') %> -passwordneverexpires 1"
+    powershell /c "Set-NetConnectionProfile -InterfaceAlias Ethernet0 -NetworkCategory \"<%= network_location %>\""
+    cmd /c winrm set winrm/config/service @{AllowUnencrypted="true"}
+    cmd /c "netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow"
+    powershell /c "Enable-PSRemoting"
     cmd /c winrm set winrm/config/client/auth @{Basic="true"}
     cmd /c winrm set winrm/config/service/auth @{Basic="true"}
   <% end %>
 
-  <% if host_param('ansible_winrm_transport') == 'credssp' %>
-    cmd /c winrm set winrm/config/client/auth @{CredSSP="true"}
-    cmd /c winrm set winrm/config/service/auth @{CredSSP="true"}
+  <% if host_param('ansible_user').present? %>
+    powershell /c "set-localuser -name <%= host_param('ansible_user') %> -passwordneverexpires 1"
+    cmd /c winrm set winrm/config/service @{AllowUnencrypted="true"}
+    cmd /c "netsh advfirewall firewall add rule name="WinRM-HTTP" dir=in localport=5985 protocol=TCP action=allow"
+    powershell /c "Enable-PSRemoting"
+    cmd /c winrm set winrm/config/client/auth @{Basic="true"}
+    cmd /c winrm set winrm/config/service/auth @{Basic="true"}
   <% end %>
 
-  <% if host_param('ansible_winrm_transport') == 'certificate' %>
-    cmd /c winrm set winrm/config/client/auth @{Certificate="true"}
-    cmd /c winrm set winrm/config/service/auth @{Certificate="true"}
+  <% if host_param('ping') %>
+    cmd /c "netsh advfirewall firewall add rule name=\"Enable IPv4 ICMP\" dir=in protocol=icmpv4 action=allow"
   <% end %>
 
-  <%= snippet 'Windows network' %>
-
-  <% if foreman_url('user_data') %>
-    echo execute user data script
-    IF EXIST c:\deploy\user_data.ps1 powershell.exe -OutputFormat text -command c:\deploy\user_data.ps1
-  <% end -%>
+  <% if host_param('remote_desktop') %>
+    cmd /c "netsh advfirewall firewall set rule group=\"remote desktop\" new enable=Yes"
+    cmd /c "netsh advfirewall firewall set rule group=\"remotedesktop\" new enable=Yes"
+  <% end %>
 
   <% if puppet_enabled %>
+    echo get puppet installer
+    powershell /c "wget <%= host_param('win_puppet_source') %> -O C:\puppet-agent-x64-latest.msi"
+    echo configure puppet
+    powershell /c "md C:\ProgramData\PuppetLabs\puppet\etc"
+    powershell /c "echo \"[main]\" | out-file C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf -encoding utf8"
+    powershell /c "echo \"server=http://<%= foreman_server_fqdn %>:8000/unattended/built?token=cae2cc74-1394-4acb-ad16-1011020b9bbe\" | add-content C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf -encoding utf8"
+    powershell /c "echo \"autoflush=true\" | add-content C:\ProgramData\PuppetLabs\puppet\etc\puppet.conf -encoding utf8"
     echo Installing puppet
     start /w "" msiexec /qn /i C:\extras\puppet.msi PUPPET_AGENT_STARTUP_MODE=Manual PUPPET_MASTER_SERVER=<%= host_puppet_server -%> PUPPET_AGENT_ACCOUNT_DOMAIN=<%= @host.domain -%> PUPPET_AGENT_ACCOUNT_USER=administrator PUPPET_AGENT_ACCOUNT_PASSWORD="<%= host_param('domainAdminAccountPasswd') -%>"
     echo set puppet to auto start
@@ -111,22 +125,26 @@ description: |
   <% end%>
 
   <% if host_param('foremanDebug') != true %>
-
-    echo reboot in 15sec
-    start /b shutdown /r /t 15
+    echo rebooting in 60 sec
+    shutdown /r /t 60
 
     echo Safely remove wimaging files
-    sdelete.exe -accepteula -p 2 -r c:\wimaging
-    sdelete.exe -accepteula -p 2 -r c:\minint
+    rd /s /q c:\wimaging
     sdelete.exe -accepteula -p 2 c:\Windows\Panther\unattend.xml
     sdelete.exe -accepteula -p 2 C:\Windows\Setup\Scripts\SetupComplete.cmd
 
-    echo Safely remove leftover directories
-    sdelete.exe -accepteula -p 2 -r c:\drivers
-    sdelete.exe -accepteula -p 2 -r c:\updates
+    echo remove leftover directories
+    rd /s /q c:\MININT
+    rd /s /q c:\drivers
+    rd /s /q c:\updates
+
+    <% if puppet_enabled %>
+        echo Safely remove Puppet installer
+        sdelete.exe -accepteula -p 2 C:\puppet-agent-x64-latest.msi
+    <% end %>
+
+    echo remove deploy directory
+    cd c:\
+    rd /s /q c:\deploy
 
-    echo Safely removing c:\deploy
-    cd /
-    sdelete.exe -accepteula -p 2 -r c:\deploy
   <% end -%>
-<% end -%>

app/views/unattended/provisioning_templates/provision/windows_default_provisioning.erb

@@ -12,13 +12,15 @@ description: |
   - systemLocale: en-US
   - systemUILanguage: en-US
   - systemTimeZone: GMT Standard Time #see https://msdn.microsoft.com/en-us/library/ms912391(v=winembedded.11).aspx
-  - wimImageName = Windows 8.1 Pro # Image name seems only necessary if the WIM contains more than one image
+  - wimImageName = Windows 10 Pro # Image name seems only necessary if the WIM contains more than one image
 -%>
 <%
   system_locale = host_param('systemLocale') ? host_param('systemLocale') : 'en-US'
   system_ui_lang = host_param('systemUILanguage') ? host_param('systemUILanguage') : 'en-US'
   setup_ui_lang = 'en-US'
+  input_locale = host_param('inputLocale') ? host_param('inputLocale'): 'de-DE'
   system_timezone = host_param('systemTimeZone') ? host_param('systemTimeZone') : 'GMT Standard Time'
+  network_location = host_param('networklocation') ? host_param('networklocation') : 'private'
 -%>
 <?xml version="1.0" encoding="utf-8"?>
 <unattend xmlns="urn:schemas-microsoft-com:unattend">
@@ -52,7 +54,7 @@ description: |
             <SetupUILanguage>
                 <UILanguage><%= setup_ui_lang %></UILanguage>
             </SetupUILanguage>
-              <InputLocale><%= system_locale %></InputLocale>
+              <InputLocale><%= input_locale %></InputLocale>
               <SystemLocale><%= system_locale %></SystemLocale>
               <UILanguageFallback><%= setup_ui_lang %></UILanguageFallback>
               <UILanguage><%= system_ui_lang %></UILanguage>
@@ -61,7 +63,7 @@ description: |
     </settings>
     <settings pass="oobeSystem">
         <component name="Microsoft-Windows-International-Core" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
-              <InputLocale><%= system_locale %></InputLocale>
+              <InputLocale><%= input_locale %></InputLocale>
               <SystemLocale><%= system_locale %></SystemLocale>
               <UILanguageFallback><%= setup_ui_lang %></UILanguageFallback>
               <UILanguage><%= system_ui_lang %></UILanguage>
@@ -70,9 +72,23 @@ description: |
         <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
             <UserAccounts>
                 <AdministratorPassword>
-                    <PlainText>false</PlainText>
                     <Value><%= root_pass %></Value>
+                    <PlainText>false</PlainText>
                 </AdministratorPassword>
+            <% if host_param('ansible_user') and host_param('create_ansible_user') %>
+                <LocalAccounts>
+                    <LocalAccount wcm:action="add">
+                        <Password>
+                            <Value><%= host_param('ansible_password') %></Value>
+                            <PlainText>true</PlainText>
+                        </Password>
+                        <Description>Ansible login service user</Description>
+                        <DisplayName><%= host_param('ansible_user') %></DisplayName>
+                        <Group>Administrators</Group>
+                        <Name><%= host_param('ansible_user') %></Name>
+                    </LocalAccount>
+	            </LocalAccounts>
+	        <% end %>
             </UserAccounts>
             <TimeZone><%= system_timezone -%></TimeZone>
             <% if host_param('windowsLicenseOwner') -%>
@@ -81,7 +97,7 @@ description: |
             <% end -%>
             <OOBE>
                 <HideEULAPage>true</HideEULAPage>
-                <NetworkLocation>Work</NetworkLocation>
+                <NetworkLocation>Home</NetworkLocation>
                 <ProtectYourPC>1</ProtectYourPC>
                 <SkipUserOOBE>true</SkipUserOOBE>
                 <SkipMachineOOBE>true</SkipMachineOOBE>
@@ -113,16 +129,26 @@ description: |
               <RegisteredOrganization><%= host_param('windowsLicenseOwner') -%></RegisteredOrganization>
               <RegisteredOwner><%= host_param('windowsLicenseOwner') -%></RegisteredOwner>
             <% end -%>
-              <TimeZone><%= system_timezone -%></TimeZone>
+            <TimeZone><%= system_timezone -%></TimeZone>
         </component>
         <component name="Networking-MPSSVC-Svc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
             <DomainProfile_EnableFirewall><%= host_param('EnableFirewall') || 'true' %></DomainProfile_EnableFirewall>
             <PrivateProfile_EnableFirewall><%= host_param('EnableFirewall') || 'true' %></PrivateProfile_EnableFirewall>
             <PublicProfile_EnableFirewall><%= host_param('EnableFirewall') || 'true' %></PublicProfile_EnableFirewall>
         </component>
+        <component name="Microsoft-Windows-DNS-Client" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+            <% if @host.provision_interface.subnet && !@host.provision_interface.subnet.dhcp_boot_mode? %>
+            <DNSSuffixSearchOrder>
+                <DomainName wcm:action="add" wcm:keyValue="1"><%= @host.domain %></DomainName>
+            </DNSSuffixSearchOrder>
+            <% end -%>
+            <DNSDomain><%= @host.domain %></DNSDomain>
+        </component>
+        <% if host_param('hide_server_manager') -%>
         <component name="Microsoft-Windows-ServerManager-SvrMgrNc" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
             <DoNotOpenServerManagerAtLogon>true</DoNotOpenServerManagerAtLogon>
         </component>
+        <% end -%>
         <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
             <fDenyTSConnections>false</fDenyTSConnections>
         </component>

app/views/unattended/provisioning_templates/script/windows_default_script.erb

@@ -10,9 +10,12 @@ description: |
   See https://community.theforeman.org/t/windows-provisioning-made-easy/16756/
   params:
   - wimImageName: Windows 8.1 Pro # name of wim image to apply
+  - windowsLicenseKey: ABCDE-ABCDE-ABCDE-ABCDE-ABCDE # Valid Windows license key
+  - windowsLicenseOwner: Company, INC # Legal owner of the Windows license key
 -%>
 <%
-  proxy_uri = host_param('http-proxy') ? "http://#{host_param('http-proxy')}:#{host_param('http-proxy-port') || 3128}" : nil
+  iface = @host.provision_interface
+  proxy_uri = host_param('http-proxy') ? "#{host_param('http-proxy')}:#{host_param('http-proxy-port')}" : nil
   proxy_string = proxy_uri ? "-e http_proxy=#{proxy_uri}" : ''
 %>
 @setlocal enableextensions enabledelayedexpansion
@@ -21,13 +24,25 @@ set WGET=wget64.exe
 
 <%= @host.diskLayout %>
 
+
+<% if iface.subnet && !iface.subnet.dhcp_boot_mode? %>
+echo set network config for static interfaces
+    netsh interface ip set address name="Ethernet0" static "<%= iface.ip %>" "<%= iface.subnet.mask %>" "<%= iface.subnet.gateway %>"
+    net stop "DHCP-Client"
+    net stop "DHCP Client"
+    net start "DNS-Client"
+    net start "DNS Client"
+    ping -n "<%= iface.subnet.gateway %>"
+    netsh interface ip set dns name="Ethernet0" static "<%= iface.subnet.dns_primary %>"
+<% end %>
+
 echo Started downloading main WIM
 
-%WGET% <%= proxy_string %> "<%= medium_uri %>/sources/images.ini" -O X:\images.ini
+%WGET% <%= proxy_string %> "<%= medium_uri %>sources/images.ini" -O X:\images.ini
 if %ERRORLEVEL% == 0 goto :lookup_image
 
 echo WARNING: Couldn't download the images.ini, falling back to legacy mode!
-%WGET% <%= proxy_string %> "<%= medium_uri %>/sources/install.wim" -O C:\install.wim
+%WGET% <%= proxy_string %> "<%= medium_uri %>sources/install.wim" -O C:\install.wim
 goto :install
 
 :lookup_image
@@ -39,7 +54,7 @@ for /f "usebackq delims=" %%a in ("!file!") do (
             set currkey=%%b
             set currval=%%c
             if "x!key!"=="x!currkey!" (
-                %WGET% <%= proxy_string %> "<%= medium_uri %>/sources/!currval!" -O C:\install.wim
+                %WGET% <%= proxy_string %> <%= medium_uri %>sources/!currval! -O C:\install.wim
             )
         )
     )
@@ -74,7 +89,7 @@ IF not exist %PantherDirectory% (mkdir %PantherDirectory%)
 echo Finalizing installation...
 
 echo Downloading custom theme
-%WGET%  -P C:\Windows\Web\ -r -np -nH --cut-dirs=3 -R index.html -q --level=0 <%= medium_uri %>/theme/
+%WGET% <%= proxy_string %> -P C:\Windows\Web\ -r -np -nH --cut-dirs=3 -R index.html -q --level=0 "<%= medium_uri %>/theme/"
 
 echo Stage the Unattend.xml file for dism to apply
 echo Downloading unattend.xml
@@ -89,9 +104,8 @@ copy x:\windows\system32\sdelete.exe C:\Windows\
 IF not exist C:\Windows\Setup\Scripts (md C:\Windows\Setup\Scripts)
 echo call C:\deploy\foreman-finish.bat ^> c:\foreman.log 2^>^&1 > C:\Windows\Setup\Scripts\SetupComplete.cmd
 
-<% if foreman_url('user_data') %>
-echo Downloading user data script
-%WGET% <%= foreman_url('user_data') %> -O c:\deploy\user_data.ps1
+<% unless host_param('foremanDebug') %>
+sdelete.exe -accepteula -p 2 c:\foreman.log
 <% end -%>
 
 echo Apply Drivers

app/views/unattended/provisioning_templates/snippet/windows_networking_snippet.erb

@@ -17,7 +17,7 @@ for /f "delims=" %%a in ('ipconfig /all') do (
     )
 
     for /f "tokens=1,2,*" %%b in ("%%a") do (
-        if "%%b %%c"=="Physical Address." (
+        if "%%b %%c"=="Physical Address." or "%%b %%c"=="Physische Adresse." (
             set mac=%%d
             set mac=!mac:*: =!
             set mac=!mac:-=:!
@@ -27,6 +27,9 @@ for /f "delims=" %%a in ('ipconfig /all') do (
             if "<%= interface.mac %>"=="!mac!" (
                 <% if !interface.identifier.empty? %>
                     netsh interface set interface name="!name!" newname="<%= interface.identifier %>"
+                    <% if (interface.subnet.nil? ? false : interface.subnet.dhcp_boot_mode?) %>
+                    echo dhcp is active
+                    <% end %>
                     <% if (interface.subnet.nil? ? false : !interface.subnet.dhcp_boot_mode?) %>
                     netsh interface ip set address "<%= interface.identifier %>" static <%= interface.ip %> <%= interface.subnet.mask %> <%= interface.subnet.gateway %>
                         <% if (interface.subnet.nil? ? false : interface.subnet.dns_primary.present?) %>
@@ -43,7 +46,10 @@ for /f "delims=" %%a in ('ipconfig /all') do (
                     <% end %>
                     <% end %>
                 <% else %>
-                    <% if !(interface.subnet.nil? ? false : interface.subnet.dhcp_boot_mode?) %>
+                    <% if (interface.subnet.nil? ? false : interface.subnet.dhcp_boot_mode?) %>
+                    echo dhcp is active
+                    <% end %>
+                    <% if (interface.subnet.nil? ? false : !interface.subnet.dhcp_boot_mode?) %>
                     netsh interface ip set address "!name!" static <%= interface.ip %> <%= interface.subnet.mask %> <%= interface.subnet.gateway %>
                         <% if (interface.subnet.nil? ? false : interface.subnet.dns_primary.present?) %>
                         netsh interface ip add dnsserver "!name!" address="<%= interface.subnet.dns_primary %>" index=1