jprdonnelly/sense-conductor
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
3963a8500bc3d86d10a14b8a14ddafde8593f2f7
sense-conductor/bt-autoscaler/terraform/gcp/scripts/bootstrap.ps1
Justin Donnelly 3963a8500b Uncomment "runonce" PS1 script
2021-01-25 08:14:56 -05:00

129 lines
6.3 KiB
PowerShell
Raw Blame History

#!/usr/bin/env pwsh
#
## Intended to be executed in a GitOps pipeline on the new GCE resource by remote-exec in TF
## or as a startup script via Metadata key windows-startup-script-url
##
# Format and mount data disk
Write-Host "------------------------------------------------------------"
Write-Host " Create Data drive "
Write-Host "------------------------------------------------------------"
Get-Disk |
Where-Object partitionstyle -eq 'raw' |
Initialize-Disk -PartitionStyle GPT -PassThru |
New-Partition -DriveLetter E -UseMaximumSize |
Format-Volume -FileSystem NTFS -NewFileSystemLabel 'Data' -Confirm:$false
if (! (Test-Path E:\)) {
Write-Error "Drive not found"
exit 1
}
Write-Host "------------------------------------------------------------"
Write-Host " Create Local Accounts and add to Administrators Group "
Write-Host "------------------------------------------------------------"
if (!(Get-LocalUser -Name qservice -ErrorAction Ignore)) {
$password = ConvertTo-SecureString -String 'Qlik1234!' -AsPlainText -Force
New-LocalUser `
-Name 'qservice' `
-Password $password `
-PasswordNeverExpires `
-UserMayNotChangePassword
}
if (!(Get-LocalUser -Name qlikadmin -ErrorAction Ignore)) {
$password = ConvertTo-SecureString -String 'Qlik1234!' -AsPlainText -Force
New-LocalUser `
-Name 'qlikadmin' `
-Password $password `
-PasswordNeverExpires `
-UserMayNotChangePassword
}
Add-LocalGroupMember -Group "Administrators" -Member "qservice", "qlikadmin"
Write-Host "------------------------------------------------------------"
Write-Host " Copy tooling from Cloud Storage Bucket "
Write-Host "------------------------------------------------------------"
# $config = ( Read-GcsObject -Bucket "qliksense" -ObjectName "scripts/config.json" | ConvertFrom-Json )
$deploy_path = "E:\deploy"
if (! (Test-Path $deploy_path)) {
New-Item -ItemType Directory -Path $deploy_path
New-Item -ItemType Directory -Path $deploy_path\binaries
}
gsutil -m cp -r gs://qliksense/scripts $deploy_path\
gsutil -m cp gs://qliksense/binaries/Qlik_Sense* $deploy_path\binaries\
gsutil -m cp gs://qliksense/binaries/firefox_latest.exe $deploy_path\binaries\
Unblock-File -Path $deploy_path\binaries\*
Unblock-File -Path $deploy_path\scripts\*
REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 0 /f
# WinRM Connects
New-Item -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation -Name AllowFreshCredentialsWhenNTLMOnly -Force
New-ItemProperty -Path HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowFreshCredentialsWhenNTLMOnly -Name 1 -Value * -PropertyType String
Set-Item WSMan:localhost\client\trustedhosts -value * -Force
Write-Host "------------------------------------------------------------"
Write-Host " Import PS Modules "
Write-Host "------------------------------------------------------------"
# Installing Qlik-CLI
# Write-Host "Downloading Qlik-Cli from Github and importing the Module"
# Invoke-WebRequest "https://raw.githubusercontent.com/ahaydon/Qlik-Cli/master/Qlik-Cli.psm1" -OutFile $temp\Qlik-Cli.psm1
# New-Item -ItemType directory -Path C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Qlik-Cli -force
# Move-Item $temp\Qlik-Cli.psm1 C:\Windows\System32\WindowsPowerShell\v1.0\Modules\Qlik-Cli\ -force
# Import-Module Qlik-Cli.psm1
# Export-QlikCertificate -machineNames rim -includeSecretsKey -exportFormat Windows
# TODO: Install Modules from Bucket -> C:\Program Files\WindowsPowerShell\Modules\Qlik-Cli
Get-PackageProvider -Name NuGet -ForceBootstrap
Install-Module Qlik-CLI -Force
Write-Host "------------------------------------------------------------"
Write-Host " Firefox "
Write-Host "------------------------------------------------------------"
Invoke-Command -ScriptBlock { Start-Process -FilePath "$deploy_path\binaries\firefox_latest.exe" -verb runAs -ArgumentList "/s" -Wait -PassThru } | Out-Null
# Invoke-Command -ScriptBlock { Start-Process -FilePath "$deploy_path\binaries\vscode_stable.exe" -verb runAs -ArgumentList "/VERYSILENT /NORESTART /MERGETASKS=!runcode" -Wait -PassThru } | Out-Null
Write-Host "------------------------------------------------------------"
Write-Host " Create QSEoW FW Rule "
Write-Host "------------------------------------------------------------"
New-NetFirewallRule -DisplayName "Qlik Sense" -Direction Inbound -LocalPort 80,443,4239,4241,4242,4243,4244,4248,4432,4444,4545,4555,4570,4747,4748,4899,4900,4949,5050,5151,5252,5432,9028 -Protocol TCP -Action Allow -ea Stop | Out-Null
#### Command to disable WinFW for all profiles (used for testing)
# Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False
#### Enable NFS Client, set Anon user to UID:GID 0 == root. Restart service.
Write-Host "------------------------------------------------------------"
Write-Host " Installing NFS Client "
Write-Host "------------------------------------------------------------"
Install-WindowsFeature -Name NFS-Client
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default" `
-Name "AnonymousUid" -Value "0" -PropertyType DWORD
New-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\ClientForNFS\CurrentVersion\Default" `
-Name "AnonymousGid" -Value "0" -PropertyType DWORD
nfsadmin client stop
nfsadmin client start
# REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v ConsentPromptBehaviorAdmin /t REG_DWORD /d 5 /f
# HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
# Create "RunOnce" registry key to install QSEoW
New-ItemProperty -Path 'HKLM:\Software\Microsoft\Windows\CurrentVersion\RunOnce' -Name 'Run' -Value 'C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -sta -WindowStyle Hidden -executionpolicy unrestricted -file E:\deploy\scripts\qsInstall.ps1'
# Tag the GCE metadata that the Node has been bootstrapped, remove startup-script URL.
Set-GceInstance -Name ($env:computername).ToLower() -Zone $config.zone -AddTag "bootstrapped"
Set-GceInstance -Name ($env:computername).ToLower() -Zone $config.zone -RemoveMetadata "windows-startup-script-url"
Restart-Computer
Exit 0
Reference in New Issue View Git Blame Copy Permalink