예제 #1
0
func provExec(p io.Writer, machine vms.Machine, command string) (string, error) {

	machine.Status()
	ip, _ := machine.IP()
	for checkPlaza(ip.String(), utils.Env("PLAZA_PORT", "9090")) != true {

		machine.Status()
		ip, _ = machine.IP()
		time.Sleep(time.Millisecond * 500)
	}

	plazaAddress, err := machine.IP()
	if err != nil {
		log.Error(err.Error())
		return "", err
	}

	plazaPort, err := strconv.Atoi(utils.Env("PLAZA_PORT", "9090"))
	if err != nil {
		log.Error(err.Error())
		return "", err
	}

	domain := utils.Env("WINDOWS_DOMAIN", "")
	if domain == "" {
		log.Error("domain unknown")
		return "", errors.New("domain unknown")
	}

	username, password, err := machine.Credentials()
	if err != nil {
		log.Error(err.Error())
		return "", err
	}

	res, err := PowershellExec(
		plazaAddress.String(),
		plazaPort,
		username,
		domain,
		password,
		command,
	)

	p.Write([]byte(command))
	if err != nil {
		return "", err
	}

	return res.Stdout, nil
}
예제 #2
0
func Provision(machine vms.Machine) provisioner.ProvFunc {

	return func(p io.Writer) {
		resp, err := provExec(p, machine, "New-Item HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows -Name WindowsUpdate")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		username, password, err := machine.Credentials()
		if err != nil {
			p.Write([]byte(err.Error()))
		}
		pcname, err := provExec(p, machine, "hostname")
		if err != nil {
			p.Write([]byte(err.Error()))
		}
		pcname = strings.TrimSpace(pcname)
		domain := utils.Env("WINDOWS_DOMAIN", "")

		resp, err = provExec(p, machine, "New-Item HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate -Name AU")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "New-ItemProperty HKLM:\\SOFTWARE\\Policies\\Microsoft\\Windows\\WindowsUpdate\\AU -Name NoAutoUpdate -Value 1")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "Install-windowsfeature AD-domain-services")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "Import-Module ADDSDeployment; $pwd=ConvertTo-SecureString '"+password+"' -asplaintext -force; Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath 'C:\\Windows\\NTDS' -DomainMode 'Win2012R2' -DomainName '"+domain+"' -SafeModeAdministratorPassword:$pwd -DomainNetbiosName 'INTRA' -ForestMode 'Win2012R2' -InstallDns:$true -LogPath 'C:\\Windows\\NTDS' -NoRebootOnCompletion:$true -SysvolPath 'C:\\Windows\\SYSVOL' -Force:$true")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		machine.Stop()
		for isStopped(machine) != true {
		}
		machine.Start()

		resp, err = provExec(p, machine, "set-ItemProperty -Path 'HKLM:\\System\\CurrentControlSet\\Control\\Terminal Server'-name 'fDenyTSConnections' -Value 0")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "set-ItemProperty -Path 'HKLM:\\System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp' -name 'UserAuthentication' -Value 1")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "import-module RemoteDesktop; Import-module ServerManager; Add-WindowsFeature -Name RDS-RD-Server -IncludeAllSubFeature; Add-WindowsFeature -Name RDS-Web-Access -IncludeAllSubFeature; Add-WindowsFeature -Name RDS-Connection-Broker -IncludeAllSubFeature")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "import-module RemoteDesktop; Import-module ServerManager; Install-windowsfeature RSAT-AD-AdminCenter")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		machine.Stop()
		for isStopped(machine) != true {

		}
		machine.Start()

		resp, err = provExec(p, machine, "sc.exe config RDMS start= auto")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "Import-Module ServerManager; Add-WindowsFeature Adcs-Cert-Authority")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "$secpasswd = ConvertTo-SecureString '"+password+"' -AsPlainText -Force;$mycreds = New-Object System.Management.Automation.PSCredential ('"+username+"', $secpasswd); Install-AdcsCertificationAuthority -CAType 'EnterpriseRootCa' -Credential:$mycreds -force:$true ")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "Start-Service RDMS; import-module remotedesktop ; New-RDSessionDeployment -ConnectionBroker "+pcname+"."+domain+" -WebAccessServer "+pcname+"."+domain+" -SessionHost "+pcname+"."+domain)
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		time.Sleep(time.Second * 60)

		resp, err = provExec(p, machine, "import-module remotedesktop ; New-RDSessionCollection -CollectionName collection -SessionHost "+pcname+"."+domain+" -CollectionDescription 'Nanocloud collection' -ConnectionBroker "+pcname+"."+domain)
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "(Get-WmiObject -class 'Win32_TSGeneralSetting' -Namespace root\\cimv2\\terminalservices -ComputerName "+pcname+").SetUserAuthenticationRequired(0)")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}

		resp, err = provExec(p, machine, "NEW-ADOrganizationalUnit 'NanocloudUsers' -path 'DC=intra,DC=localdomain,DC=com'")
		if err != nil {
			p.Write([]byte(err.Error()))
		} else {
			p.Write([]byte(resp))
		}
	}
}