Provision Windows hosts with Foreman
Introduction
foreman-windows
is a set of scripts to prepare WIM images and templates for Foreman to provision Windows hosts.
Most of the time official Microsoft deployment tools are used; mostly dism.exe
.
All relevant configuration files like unattend.xml
are rendered by Foreman and downloaded at build time.
Features
- Linux style installation using
http://
or ftp://
installation media
- No extra servers like WDS needed - all relevant settings can be configured in Foreman directly
- Official Microsoft utilities are used for all relevant setup stages making it easy to add (future) operating systems
- Driver installation during build time
- Support for localization settings (like time zone, locale, UI language)
- Optional domain join including target OU
- Optional local user creation
- Support for Foreman's root password using Base64 encoding
- Correctly report finished host building
- Optional software installation and user tasks at the end of the build (like installing puppet etc)
Prerequisites:
The list requirements for using Foreman, all of them are not covered by this guide.
- A working Foreman version 1.8+ installation (obviously), capable of net booting clients along with a working DNS / DHCP infrastructure
- Currently, Safe Mode Render must be disabled in foreman
- A utility Windows VM or physical host to prepare the WIM images (Microsoft likes the term Technician Computer)
- A file server serving http and/or ftp protocols; fast machine recommended for production
- Installation media for each Windows version
- Driver files (
.inf
) you want to inject
- A VM / bare metal machine to test your setup (start with VMs ;)
Getting started with wimaging
The tasks can be broken down in two steps:
Provision work flow
An outline of the process to better understand the tasks witch need to be done. Basically, there are three phases:
Phase I
- Create a new host in Foreman.
Simple as that. For Bare Metal hosts Foreman discovery is recommended.
Phase II
- PXE / wimboot boots customized boot.wim (winpe)
- Winpe downloads the script
foreman_url('script')
; executes it:
- Drive 0 is cleaned, partitioned and mounted using foreman partition table (simple
diskpart
script)
install.wim
is downloaded via http/ftp and applied using dism.exe
unattend.xml
(foreman_url('provision')
) is download and applied using dism.exe
- Drivers are downloaded and added using
dism.exe
- Required tools are added to the new host (most prominently
wget
)
- Optionally, download extra software (like puppet)
- Optionally, domain join script (
foreman_url('user_data')
)
- The finish script (
foreman_url('finish')
) is download and 'armed'
- reboot to new OS
Phase III
- Windows native finish tasks are done ('starting devices...')
- The finish script gets called by
SetupComplete.cmd
- Set the time server; sync time
- Optionally, the local administrator account is activated
- Optionally, join domain
- Optionally, execute extra scripts (eg, install puppet, run a rundeck job)
- Securely cleanup (sensitive) scripts using
SDelete.exe
- Reboot the host; ready for further configuration by Puppet, SCCM etc.
Acknowledgments
foreman-windows is a fork of wimaging and its subprojects, with the great work of Dmitry Kireev.
wimaging
has a merged a fork of wimaging-ng. Many thanks to Daniel Helgenberger for a large contribution portion.
SDelete and other PStools by SysInternals are the work of Mark Russinovich.
License
foreman-windows
Other licenses: