Creating and effectively using WIM images - Chocolate Chocolate

Task

In my work I use Windows Image images - well-known WIM files. The approach that I want to share today is the exact opposite of creating a universal image with a complete set of software and services. The key difference from the "Thick - Thick" approach is that they have a minimum in it - just what is needed to run the puppet agent and further install the necessary software. To install the software, I use chocolatey, all packages are taken from chocolatey.org , and for custom packages there is a repository on the server in the data center). All the rest is set later, depending on the requirements of the server configuration. In my opinion, this adds a lot more flexibility, and all that is needed is, in fact, to add service packs and large updates. And today - that very day: “It’s time to renew the image”. More specifically, today you need to create an image from scratch for Windows Server 2012 Standard from a specific ISO.

Difficulties

There are no difficulties as such, the only thing that matters to me is that everything should be just so that after a year I (or one of my administrators) opened my own, read the short README and understood everything.

Implementation

On the same server where WDS is located, the Hyper-V role has been added, on which there are several virtual machines designed specifically for this. In this case, virtualka named "server-2012-std-img" on which the "bare" version of Server 2012 Standard. It is much easier to shoot images from virtualok, because you can use windows to mount vhd and do wim capture directly from the mounted disk. With this approach, there is no need to restart the real server.

Image customization

We make updates. To install updates to the image I use the wuinstall trial. Every time you have to download again ( link ), because The trial period for all appearances is sewn into the exe file. Thinking out loud: You should make a package for chocolatey for wuinstall, then you will be able to automate the installation of updates, make a present for my admin in the office ...
')

There's more than one way to do it.

I know that you can use offline updates downloaded via wsusoffline, and do the so-called “Offline Image Service”, but in my situation it is not suitable firstly because of the presence of 70% of Server 2008 servers (not R2), which is very different (in the worst side) from R2 and 2012 on package management and offline servicing functionality. And since I love the unification of processes where it is possible, I do this through wsusoffline. In addition, the service pack integration often does not work through offline servicing. Can someone know where Microsoft stores the WIM or ISO files of distributions with the latest updates?
By the way, I do not include drivers in the system image itself, since they are taken from the network folder, which is specified in the unattend.xml config, and the folder is in a location accessible to the Windows installer. Do not forget to make sure of the access rights to your driver folder (which, of course, must be unpacked with the available inf files).

Specify the path to the drivers in unattend.xml

<settings pass="offlineServicing"> <component name="Microsoft-Windows-PnpCustomizationsNonWinPE" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <DriverPaths> <PathAndCredentials wcm:action="add" wcm:keyValue="1"> <Credentials> <Domain>mydomain</Domain> <Password>wds-password</Password> <Username>wds-user</Username> </Credentials> <Path>\\wds-server.mydomain.local\REMINST\Drivers</Path> </PathAndCredentials> </DriverPaths> </component> </settings>

Installing Chocolatey is a fairly simple process, the main thing is to make sure that you have a 3.5 framework.

Install Chocolatey

 @powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%systemdrive%\chocolatey\bin

That's all, the image setting is over. It's time to create it!

Image creation

We start the process of creating an image

 ::Config file that contains some paths and date patterns call config.cmd SET mountdrive=H echo Creating image %captured_wims%\server-2012\server-2012x64.standard.sp2.%date%.%RANDOM%.install.wim utils\imagex\imagex.exe /capture %mountdrive%: %captured_wims%\server-2012x64.standard.sp2.%date%.%RANDOM%.install.wim " Windows Server 2012 SERVERSTANDARD"

The process of creating an image of Server 2012 Standard with all the updates takes about 20 minutes on a virtual machine, on a live server, of course, faster, but not so convenient. I am not very worried about this, because The process is in most cases planned.
For a long time, whether shortly, the image was created, the script put it in the right place, named it as it should - now I take it and add it to the WDS server. Done!

Looking ahead, I’ll say that the puppet agent will need to be installed when the new system is first booted, which we will deploy on a new hardware, and this is necessary for the server to become available for configuration using puppet manifests. This can be done manually, but it can be done automatically.

Install puppet agent

 cinst puppet -ia "PUPPET_MASTER_SERVER=puppet.mydomain.local"

Yes, yes, if someone is not familiar with chocolatey, I strongly advise you to experience this joy.

In this case, install the latest version of this puppet package, which will register on the server puppet.mydomain.local.

For those who want to register puppet agent automatically - we add the following to the unattend.xml file

 <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Order>1</Order> <Description>Install Puppet</Description> <Path>cinst puppet -ia "PUPPET_MASTER_SERVER=puppet.mydomain.local"</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action="add"> <Order>2</Order> <Description>Request Certificate</Description> <Path>("C:\Program Files (x86)\Puppet Labs\Puppet\bin\puppet_interactive.bat" --test) && echo OK</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action="add"> <Order>3</Order> <Description>Stop Puppet Service</Description> <Path>(sc stop puppet) && echo Service Stop OK</Path> </RunSynchronousCommand> <RunSynchronousCommand wcm:action="add"> <Order>4</Order> <Description>Start Puppet Service</Description> <Path>(sc start puppet) && echo Service Start OK</Path> </RunSynchronousCommand> </RunSynchronous> </component>

Conclusion

Thus, the Chocolatey package system replaces many individual configurations, and greatly helps to automate the installation, while at the same time providing configuration flexibility (remember, you are not required to use chocolatey.org as the source of packages). Using my package manager when deploying Windows Server is, in my opinion, another step towards infrastructure transfer to IaaC, and the choice between Thin and Fat images is key in this situation.
On my network, Windows and Linux work closely with each other, so I’ll try, whenever possible, to find universal OpenSource solutions that work on both platforms. I absolutely do not dispute the fact that SCCM is an excellent product for preparing, supporting and deploying Windows, but it does not officially support Linux ( proof ) - and this means that for your money paid for SCCM, you will have to deal with the integration yourself. In addition, Open Source makes our life better!

How do you solve the issues of heterogeneity of infrastructure? I will be very glad to hear your opinion, dear Habr!

Source: https://habr.com/ru/post/204314/

All Articles