summaryrefslogtreecommitdiffstats
path: root/make-ad-vm.sh
diff options
context:
space:
mode:
authorRich Megginson <rmeggins@redhat.com>2012-07-19 20:12:08 -0600
committerRich Megginson <rmeggins@redhat.com>2012-07-19 20:12:08 -0600
commite66b39153e5c953becbd52afb09bc70607968157 (patch)
treedea1ca95f95e030af18f36da868e8836f0e21582 /make-ad-vm.sh
parent1543c130395e1d8fe4f4de9d5ef33087e2558d23 (diff)
downloadauto-win-vm-ad-e66b39153e5c953becbd52afb09bc70607968157.tar.gz
auto-win-vm-ad-e66b39153e5c953becbd52afb09bc70607968157.tar.xz
auto-win-vm-ad-e66b39153e5c953becbd52afb09bc70607968157.zip
initial commit
Diffstat (limited to 'make-ad-vm.sh')
-rw-r--r--make-ad-vm.sh123
1 files changed, 123 insertions, 0 deletions
diff --git a/make-ad-vm.sh b/make-ad-vm.sh
new file mode 100644
index 0000000..298ab06
--- /dev/null
+++ b/make-ad-vm.sh
@@ -0,0 +1,123 @@
+#!/bin/sh
+
+# lots of parameters to set or override
+VM_IMG_DIR=${VM_IMG_DIR:-/export1/kvmimages}
+ANS_FLOPPY=${ANS_FLOPPY:-$VM_IMG_DIR/answerfloppy.vfd}
+ANS_FILE_DIR=${ANS_FILE_DIR:-/share/auto-win-vm-ad}
+FLOPPY_MNT=${FLOPPY_MNT:-/mnt/floppy}
+WIN_VER_REL_ARCH=${WIN_VER_REL_ARCH:-win2k8x8664}
+WIN_ISO=${WIN_ISO:-$VM_IMG_DIR/en_windows_server_2008_r2_standard_enterprise_datacenter_web_x64_dvd_x15-50365.iso}
+WIN_VM_DISKFILE=${WIN_VM_DISKFILE:-$VM_IMG_DIR/ad.raw}
+# windows server needs lots of ram, cpu, disk
+VM_RAM=${VM_RAM:-2048}
+VM_CPUS=${VM_CPUS:-2}
+VM_DISKSIZE=${VM_DISKSIZE:-16}
+VM_NAME=${VM_NAME:-ad}
+
+if [ -z "$AD_ROOTPW" ] ; then
+ echo Error: you must supply the password for $AD_ROOTDN
+ echo in the AD_ROOTPW environment variable
+ exit 1
+fi
+
+if [ -z "$VM_MAC" ] ; then
+ # try to get the mac addr from virsh
+ VM_MAC=`virsh net-dumpxml default | grep "'"$VM_NAME"'"|sed "s/^.*mac='\([^']*\)'.*$/\1/"`
+ if [ -z "$VM_MAC" ] ; then
+ echo Error: your machine $VM_MAC has no mac address in virsh net-dumpxml default
+ echo Please use virsh net-edit default to specify the mac address for $VM_MAC
+ echo or set VM_MAC=mac:addr in the environment
+ exit 1
+ fi
+fi
+
+if [ -z "$VM_FQDN" ] ; then
+ # try to get the ip addr from virsh
+ VM_IP=`virsh net-dumpxml default | grep "'"$VM_NAME"'"|sed "s/^.*ip='\([^']*\)'.*$/\1/"`
+ if [ -z "$VM_IP" ] ; then
+ echo Error: your machine $VM_NAME has no IP address in virsh net-dumpxml default
+ echo Please use virsh net-edit default to specify the IP address for $VM_NAME
+ echo or set VM_FQDN=full.host.domain in the environment
+ exit 1
+ fi
+ VM_FQDN=`getent hosts $VM_IP|awk '{print $2}'`
+ echo using hostname $VM_FQDN for $VM_NAME with IP address $VM_IP
+fi
+
+# now that we have the fqdn, construct our suffix
+lmhn=`echo $VM_FQDN | sed -e 's/^\([^.]*\).*$/\1/'`
+domain=`echo $VM_FQDN | sed -e 's/^[^.]*\.//'`
+lmdn=`echo $domain | sed -e 's/^\([^.]*\).*$/\1/'`
+suffix=`echo $domain | sed -e 's/^/dc=/' -e 's/\./,dc=/g'`
+VM_CA_NAME=${VM_CA_NAME:-"$lmdn-$lmhn-ca"}
+VM_AD_SUFFIX=${VM_AD_SUFFIX:-"$suffix"}
+AD_ROOTDN=${AD_ROOTDN:-"cn=administrator,cn=users,$VM_AD_SUFFIX"}
+
+
+if [ ! -f $ANS_FLOPPY ] ; then
+ mkfs.vfat -C $ANS_FLOPPY 1440 || { echo error $! from mkfs.vfat -C $ANS_FLOPPY 1440 ; exit 1 ; }
+fi
+
+if [ ! -d $FLOPPY_MNT ] ; then
+ mkdir -p $FLOPPY_MNT || { echo error $! from mkdir -p $FLOPPY_MNT ; exit 1 ; }
+
+fi
+
+mount -o loop -t vfat $ANS_FLOPPY $FLOPPY_MNT || { echo error $! from mount -o loop -t vfat $ANS_FLOPPY $FLOPPY_MNT ; exit 1 ; }
+
+cp $ANS_FILE_DIR/$WIN_VER_REL_ARCH.xml $FLOPPY_MNT/autounattend.xml || { echo error $! from cp $ANS_FILE_DIR/$WIN_VER_REL_ARCH.xml $FLOPPY_MNT/autounattend.xml ; umount $FLOPPY_MNT ; exit 1 ; }
+
+# convert to DOS format to make it easier to read on windows
+for file in adcertreq.inf setuppass3.cmd setuppass2.cmd dcinstall.ini postinstall.cmd specialize.cmd Setupca.vbs SetupComplete.cmd audituser.cmd ; do
+ sed 's/$/ /' $ANS_FILE_DIR/$file > $FLOPPY_MNT/$file || { echo error $! from sed $ANS_FILE_DIR/$file to $FLOPPY_MNT/$file ; umount $FLOPPY_MNT ; exit 1 ; }
+done
+
+umount $FLOPPY_MNT || { echo error $! from umount $FLOPPY_MNT ; exit 1 ; }
+
+serialpath=/tmp/serial-`date +'%Y%m%d%H%M%S'`.$$
+
+virt-install --connect=qemu:///system --hvm \
+ --accelerate --name "$VM_NAME" --ram=$VM_RAM --vcpu=$VM_CPUS \
+ --cdrom $WIN_ISO --vnc --os-type windows \
+ --serial file,path=$serialpath --serial pty \
+ --disk path=$WIN_VM_DISKFILE,bus=ide,size=$VM_DISKSIZE,format=raw,cache=none \
+ --disk path=$ANS_FLOPPY,device=floppy \
+ --network=bridge=virbr0,model=rtl8139,mac=$VM_MAC \
+ $VI_DEBUG --noautoconsole || { echo error $! from virt-install ; exit 1 ; }
+
+echo now we wait for everything to be set up
+TRIES=100
+SLEEPTIME=30
+ii=0
+while [ $ii -lt $TRIES ] ; do
+ # this search will only return success if AD is TLS enabled
+ if LDAPTLS_REQCERT=never ldapsearch -xLLL -ZZ -H ldap://$VM_FQDN -s base -b "" currenttime > /dev/null 2>&1 ; then
+ echo Server is running and configured
+ break
+ else
+ ii=`expr $ii + 1`
+ echo Try $ii - waiting
+ sleep $SLEEPTIME
+ fi
+done
+
+if [ $ii -ge $TRIES ] ; then
+ echo Error: VM AD not responding after $TRIES tries
+ exit 1
+fi
+
+CA_CERT_DN="cn=$VM_CA_NAME,cn=certification authorities,cn=public key services,cn=services,cn=configuration,$VM_AD_SUFFIX"
+
+TMP_CACERT=/tmp/cacert.`date +'%Y%m%d%H%M%S'`.$$.pem
+echo "-----BEGIN CERTIFICATE-----" > $TMP_CACERT
+ldapsearch -xLLL -H ldap://$VM_FQDN -D "$AD_ROOTDN" -w "$AD_ROOTPW" -s base -b "$CA_CERT_DN" "objectclass=*" cACertificate | perl -p0e 's/\n //g' | sed -e '/^cACertificate/ { s/^cACertificate:: //; s/\(.\{1,64\}\)/\1\n/g; p }' -e 'd' | grep -v '^$' >> $TMP_CACERT
+echo "-----END CERTIFICATE-----" >> $TMP_CACERT
+
+echo Now test our CA cert
+if LDAPTLS_CACERT=$TMP_CACERT ldapsearch -xLLL -ZZ -H ldap://$VM_FQDN -s base -b "" currenttime > /dev/null 2>&1 ; then
+ echo Success - the CA cert in $TMP_CACERT is working
+else
+ echo Error: the CA cert in $TMP_CACERT is not working
+ LDAPTLS_CACERT=$TMP_CACERT ldapsearch -d 1 -xLLL -ZZ -H ldap://$VM_FQDN -s base -b "" currenttime
+ exit 1
+fi