Provision Windows hosts with Foreman

Introduction

foreman-windows is a set of scripts to prepare WIM images and templates for Foreman to provision Windows hosts. Most of the time official Microsoft deployment tools are used; mostly dism.exe.

All relevant configuration files like unattend.xml are rendered by Foreman and downloaded at build time.

Features

• Linux style installation using http:// or ftp:// installation media
• No extra servers like WDS needed - all relevant settings can be configured in Foreman directly
• Official Microsoft utilities are used for all relevant setup stages making it easy to add (future) operating systems
• Driver installation during build time
• Support for localization settings (like time zone, locale, UI language)
• Optional domain join including target OU
• Optional local user creation
• Support for Foreman's root password using Base64 encoding
• Correctly report finished host building
• Optional software installation and user tasks at the end of the build (like installing puppet etc)

Prerequisites:

The list requirements for using Foreman, all of them are not covered by this guide.

• A working Foreman version 1.8+ installation (obviously), capable of net booting clients along with a working DNS / DHCP infrastructure
• Currently, Safe Mode Render must be disabled in foreman
• A utility Windows VM or physical host to prepare the WIM images (Microsoft likes the term Technician Computer)
• A file server serving http and/or ftp protocols; fast machine recommended for production
• Installation media for each Windows version
• Driver files (.inf) you want to inject
• A VM / bare metal machine to test your setup (start with VMs ;)

Getting started with wimaging

The tasks can be broken down in two steps:

1. Configure wimaging and create WIM images

2. Configuring Foreman

Script Reference

Provision work flow

An outline of the process to better understand the tasks witch need to be done. Basically, there are three phases:

Phase I

1. Create a new host in Foreman.

Simple as that. For Bare Metal hosts Foreman discovery is recommended.

Phase II

1. PXE / wimboot boots customized boot.wim (winpe)
2. Winpe downloads the script foreman_url('script'); executes it:
   1. Drive 0 is cleaned, partitioned and mounted using foreman partition table (simple diskpart script)
   2. install.wim is downloaded via http/ftp and applied using dism.exe
   3. unattend.xml (foreman_url('provision')) is download and applied using dism.exe
   4. Drivers are downloaded and added using dism.exe
   5. Required tools are added to the new host (most prominently wget)
   6. Optionally, download extra software (like puppet)
   7. Optionally, domain join script (foreman_url('user_data'))
   8. The finish script (foreman_url('finish')) is download and 'armed'
3. reboot to new OS

Phase III

1. Windows native finish tasks are done ('starting devices...')
2. The finish script gets called by SetupComplete.cmd
   1. Set the time server; sync time
   2. Optionally, the local administrator account is activated
   3. Optionally, join domain
   4. Optionally, execute extra scripts (eg, install puppet, run a rundeck job)
   5. Securely cleanup (sensitive) scripts using SDelete.exe
3. Reboot the host; ready for further configuration by Puppet, SCCM etc.

Acknowledgments

foreman-windows is a fork of wimaging and its subprojects, with the great work of Dmitry Kireev.

wimaging has a merged a fork of wimaging-ng. Many thanks to Daniel Helgenberger for a large contribution portion.

SDelete and other PStools by SysInternals are the work of Mark Russinovich.

License

foreman-windows

Other licenses:

• wimaging license Dmitry Kireev
• wimaging-ng Daniel Helgenberger
• SysInternals
• Gnu General Public License v3 for GNU wget and other utilities