File: C:/initscript_hfs.ps1
#HFS Windows 2022 Bootscript
$password_decoded='webagW7ie2wYWK1XuTL017DvwLLxE1'
get-date
$sT=get-date
$gT=$sT
$storageDir = "C:\Windows\Temp"
cd $storageDir
$timeLog = "C:\windows\temp\tl.txt"
$logDir="C:\Windows\Logs\"
$mirror = "http://hfs-public.secureserver.net/-/"
$pythonpackage = "$($mirror)python-3.8.5-amd64.exe"
$pythoninstaller=$pythonpackage.split('/')[$($pythonpackage.split('/').length-1)]
$pythonver=$pythoninstaller.split('-')[1]
$pythonFolder="C:\Python$($pythonver.split('.')[0]+$pythonver.split('.')[1])"
$pipexe="$($pythonFolder)\Scripts\pip$($pythonver.split('.')[0]).$($pythonver.split('.')[1]).exe"
$pythonexe="$($pythonFolder)\python.exe"
$pythonexe
$pythoninstaller
$pythonver
$pythonFolder
$pipexe
$NYDP='C:\nydus'
$NYDUS_PYTHON="$($NYDP)\pyvenv\Scripts\python.exe"
$FIRST_TIME_SETUP=!(Test-Path $NYDP)
$perfLogLocation="C:\PerfLogs\VDSlogs"
$cloudconfpath="C:\Program Files\Cloudbase Solutions\Cloudbase-Init\conf\cloudbase-init.conf"
$REINSTALL_NYDUS_ONLY=$false
start-transcript -path "$($logDir)bootlog.txt"
function Get-PresetAdminUser{
return Get-WmiObject -query "SELECT * FROM Win32_UserAccount where LocalAccount='True' and Description = 'Local Admin'"
}
function export_python([REF]$pythonFolderRef) {
if (test-path C:\Python38\python.exe -pathtype leaf) {
$pythonFolderRef.Value = "C:\Python38"
}
elseif (test-path C:\Python35\python.exe -pathtype leaf) {
$pythonFolderRef.Value = "C:\Python35"
}
else{
return
}
}
function Get-PythonExe {
return "$($pythonFolder)\python.exe"
}
function Get-PythonVer {
if ($pythonFolder -eq "C:\Python35") {
return "3.5.4"
} else {
return $pythoninstaller.split('-')[1]
}
}
function Check-PythonNeedsUpgrade() {
if (test-path C:\Python38\python.exe -pathtype leaf) {
return $False
}
elseif (test-path C:\Python35\python.exe -pathtype leaf) {
return $True
}
else{
return $True
}
}
function Get-PipExe {
return "$($pythonFolder)\Scripts\pip$($pythonver.split('.')[0]).$($pythonver.split('.')[1]).exe"
}
function Run-Cmd {
param($cmdPath, $argList)
return Start-Process -Wait -NoNewWindow -Passthru -FilePath $cmdPath -ArgumentList $argList
}
function Mark {
((get-date) - $gT).totalseconds
$script:gT=get-date
}
function TimeLog {
"$($args): [$(get-date)] $(Mark)s" | Out-File -encoding ASCII -Append $timeLog
}
function Ensure-NetFirewallRule {
param($displayName, $direction, $action, $protocol, $localPort)
if(Get-NetFirewallRule -DisplayName $displayName -ea SilentlyContinue){
Remove-NetFirewallRule -DisplayName $displayName
}
New-NetFirewallRule -DisplayName $displayName -Direction $direction -Action $action -Protocol $protocol -LocalPort $localPort
}
#stop a service and its entire tree of sub-processes
function Get-ChildProcessIds{
param([Parameter(Mandatory = $true, ValueFromPipeline = $true)]
[ValidateNotNullorEmpty()]
[int]$processId,
[int]$recursionDepth=0)
$processId
#powershell's max recursion depth is 100
[int]$MAX_RECURSION_DEPTH=5
$recursionDepth=$recursionDepth+1
if($recursionDepth -lt $MAX_RECURSION_DEPTH){
(Get-WmiObject win32_process | ?{$_.ParentProcessId -eq $processId}).processID | ?{$_ -gt 4} | foreach{get-childProcessIds $_ $recursionDepth}
}
}
function Stop-ServiceThorough{
param([Parameter(Mandatory = $true)]
[ValidateNotNullorEmpty()]
[string]$serviceName)
$serviceInfo=Get-WmiObject win32_service -filter "name='$serviceName'"
if($serviceInfo){
"Stopping $serviceName..."
$processInfo = Get-WmiObject win32_process | ?{$_.ProcessId -eq $serviceInfo.ProcessId}
$procIds=$processInfo.ProcessId | get-childProcessIds
try{stop-service $serviceName -force}catch{}
$remainingProcs = Get-WmiObject win32_process | ?{$procIds -like $_.ProcessId}
if($remainingProcs){
$remainingProcs | foreach{$_.Terminate()}
}
}
}
function Retry-Download{
[cmdletbinding()]
param([parameter(ValueFromPipeline)][ValidateNotNullorEmpty()][string]$url,
[ValidateNotNullorEmpty()][string]$storageDir="C:\\Windows\\Temp",
[ValidateNotNullorEmpty()][int]$maxDownloadAttemptsCount=20)
begin{
# We need this change to be able to make requests to urls (e.g. http://hfs-public.secureserver.net), as non-encrypted requests are blocked
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls11 -bor [System.Net.SecurityProtocolType]::Tls12;
$webclient = New-Object System.Net.WebClient
}
Process {
$filename=$url.Substring($url.LastIndexOf('/')+1)
if($filename.indexof('?') -gt -1){
$filename=$filename.split('?')[0]
}
$file = "$storageDir\\$filename"
$count=0
do{
$lastErrMsg=""
start-sleep -seconds ($count*10)
"Downloading: $file Attempt: $($count+1)"
try{
#Invoke-WebRequest $url -UseBasicParsing -OutFile $file
$webclient.DownloadFile($url,$file)
}catch{
$lastErrMsg=$_.Exception.Message
"$lastErrMsg"
}
$count++
}while(($count -lt $maxDownloadAttemptsCount) -and (($lastErrMsg -like "*The remote name could not be resolved:*") -or ($lastErrMsg -like "*Unable to connect to the remote server*") -or ($lastErrMsg -like "*The remote server returned an error: (404) Not Found.*")))
if($lastErrMsg -ne ""){
"$lastErrMsg"
}
}
}
function New-PSService{
param([ValidateNotNullorEmpty()]
[string]$Path="",
[ValidateNotNullorEmpty()]
[string]$Name="",
[ValidateNotNullorEmpty()]
[string]$File="",
[ValidateNotNullorEmpty()]
[string]$Executable="powershell.exe",
[string]$Description="")
if(Get-Service $Name -ea SilentlyContinue){
Stop-Service -Force $Name
sc.exe delete $Name
$loopcount=0
do{
Start-Sleep -Seconds 1
$loopcount++
}while((Get-Service $Name -ea SilentlyContinue) -and $loopcount -lt 60)
}
nssm.exe install $Name $Executable "$Path\$File"
nssm.exe set $Name AppDirectory $Path
nssm.exe set $Name AppExit 2 Exit
sc.exe description $Name $Description
sc.exe failure $Name reset= 3600 actions= restart/5000/restart/10000/none/5000
sc.exe config $Name start= auto
}
function Add-UserToLogOnAsService{
param([ValidateNotNullorEmpty()]
[string]$account="$(((Get-WmiObject -Class Win32_ComputerSystem).domain).split('.')[0])\plesk_service",
[switch]$logonAsBat=$false)
#Get SID from current user
$objUser = New-Object System.Security.Principal.NTAccount($account)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$MySID = $strSID.Value
#Get list of currently used SIDs
SecEdit.exe /export /cfg C:\tempexport.inf | out-null
$curSIDs = Select-String C:\tempexport.inf -Pattern 'SeServiceLogonRight'
if($logonAsBat){
$curSIDs = Select-String C:\tempexport.inf -Pattern 'SeBatchLogonRight'
}
$Sids = $curSIDs.line
if(!$Sids.Contains($MySID) -and !$Sids.Contains($account)){
$sidstring = ",*$MySID"
$newSids = $Sids + $sidstring
#Write-Host "New Sid List: $newSids"
$tempinf = Get-Content C:\tempexport.inf
$tempinf = $tempinf.Replace($Sids,$newSids)
Add-Content -Path C:\tempimport.inf -Value $tempinf
SecEdit.exe /import /db C:\secedit.sdb /cfg 'C:\tempimport.inf'
SecEdit.exe /configure /db C:\secedit.sdb | out-null
Remove-Item 'C:\tempimport.inf' -force -ErrorAction SilentlyContinue
Remove-Item 'C:\secedit.sdb' -force
gpupdate.exe /force | out-null
}else{
if($logonAsBat){
write-output 'Sid already Granted Log On As Batch rights.'
}else{
write-output 'Sid already Granted Log On As Service rights.'
}
}
Remove-Item 'C:\tempexport.inf' -force
}
function Stop-Nydus{
Stop-ServiceThorough Nydus-Ex-Api
Stop-ServiceThorough Nydus-Ex
}
function Start-Nydus{
Start-Service Nydus-Ex-Api
Start-Service Nydus-Ex
}
function Add-TempAdminUser{
$password = ConvertTo-SecureString $password_decoded -AsPlainText -Force
New-LocalUser tempHfsAdmin -Password $password -Description "Temp Account"
Add-LocalGroupMember -Group "Administrators" -Member tempHfsAdmin -EA SilentlyContinue
}
function Remove-PresetAdminUser{
#remove admin/rdp access from customer's user until server is set up
if($presetAdmin.name){
net localgroup 'Remote Desktop Users' $($presetAdmin.name) /delete
net localgroup administrators $($presetAdmin.name) /delete
}
}
function Download-NSSM{
if(!(test-path "C:\\Windows\\System32\\nssm.exe")){
Retry-Download "$($mirror)nssm.exe"
TimeLog "Download nssm.exe"
copy-item "$($storageDir)\\nssm.exe" C:\\Windows\\System32 -Force
}
}
function Install-Python{
$pythonexe = "$pythonFolder\python.exe"
if(!(Test-Path $pythonexe)) {
mkdir $pythonFolder 2> $null
#install python
Retry-Download $pythonpackage
TimeLog "Download Python"
Run-Cmd "$storageDir\\$pythoninstaller" "/quiet TargetDir=$pythonFolder InstallAllUsers=1 InstallLauncherAllUsers=0 Include_pip=1 Include_dev=0 Include_test=0 Include_tools=0 AssociateFiles=0"
TimeLog "python install done"
}
}
function Disable-NetworkLevelAuth{
#Allows Macs and older RDC versions to RDC to the VM
(Get-WmiObject -Class Win32_TSGeneralSetting -Namespace root\CIMV2\TerminalServices).SetUserAuthenticationRequired(0)
TimeLog "NLA"
}
function Configure-Firewall{
Ensure-NetFirewallRule -DisplayName "Nydus - Allow TCP 2224" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 2224
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
netsh advfirewall firewall set rule group="Remote Service Management" new enable=yes
Ensure-NetFirewallRule -DisplayName "KMS - Allow TCP 1688" -Direction Inbound -Action Allow -Protocol TCP -LocalPort 1688
TimeLog "Firewall"
}
function Enable-PerfLog{
if(!(Test-Path "$perfLogLocation\\dailyLogPerf.ps1")) {
New-Item -ItemType directory -Force $perfLogLocation
@'
$daysOfLogFilesToKeep=30
$perfLogPostfix='daily_perf_log'
$perfLogLocation="C:\PerfLogs\VDSlogs"
if(!(test-path $perfLogLocation)){
mkdir $perfLogLocation
}
while(1){
"cpu", "mem", "io", "hdd" | foreach{
$shortLogName=$_
$perfLog="$($shortLogName)_$($perfLogPostfix)"
$perfLogName="$($perfLogLocation)\$($perfLog)"
$loginfo="create counter $perfLog -b 7/27/2000 00:00:00 -e 7/27/2200 23:59:59 -r -v mmddhhmm -si 05:00 -o $perfLogName -a -y -f tsv -c"
$logManResult=Logman.exe query $perfLog
if($logManResult | ?{$_ -like 'Data Collector Set was not found.'}){
switch($shortLogName){
"cpu" {Logman.exe $loginfo "\Processor(_Total)\% User Time" "\Processor(_Total)\% Privileged Time" "\Processor(_Total)\% Processor Time" "\Processor(_Total)\%% Interrupt Time" "\Processor(_Total)\Interrupts/sec" "\Processor(_Total)\% Idle Time" }
"mem" {Logman.exe $loginfo "\Memory\Available KBytes" "\Memory\Committed Bytes" "\Memory\Pool Paged Bytes" "\Memory\Cache Bytes" "\Memory\Commit Limit" "\Memory\% Committed Bytes In Use"}
"io" {Logman.exe $loginfo "\PhysicalDisk(_Total)\Disk Transfers/sec" "\PhysicalDisk(_Total)\Disk Reads/sec" "\PhysicalDisk(_Total)\Disk Writes/sec" "\PhysicalDisk(_Total)\Disk Read Bytes/sec" "\PhysicalDisk(_Total)\Disk Write Bytes/sec"}
"hdd" {Logman.exe $loginfo "\LogicalDisk(C:)\Free Megabytes" "\LogicalDisk(C:)\% Free Space"}
"network" {Logman.exe $loginfo "\Network Interface(*)\*" "\System\*"}
}
Logman.exe start $perfLog
$logManResult=logman.exe query $perfLog
}
if(($logManResult | ?{$_ -like 'Status*'}) -like '*Stopped'){
Logman.exe start $perfLog
}
#log rotation
Get-ChildItem -Path $perfLogLocation -filter "$($perfLog)_*.tsv" -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt (Get-Date).AddDays(-$daysOfLogFilesToKeep) } | Remove-Item -Force -ErrorAction SilentlyContinue
}
start-sleep -seconds 300
}
'@ | Out-File "$perfLogLocation\\dailyLogPerf.ps1" -Encoding ASCII -Force
New-PSService -Name 'LogService' -Path $perfLogLocation -File 'dailyLogPerf.ps1' -Description "Performance Log Authority Service."
TimeLog "nssm logservice"
}
}
function Install-PythonPipTools{
# Only install python pip tools if there is a network connection to the internet
if(new-object System.Net.Sockets.TcpClient("8.8.8.8", 443)){
Run-Cmd $pythonexe "-m pip install -U pip setuptools wheel"
}
}
function Configure-HKLM{
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableStrictNameChecking -Type DWORD -Value 1 -Force
#make sure lanman server starts
sc.exe failure LanManServer reset= 3600 actions= restart/5000/restart/10000/restart/5000
#Disable ctrl-alt-del (for spice console):
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" DisableCAD -Type DWORD -Value 1 -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" DisableCAD -Type DWORD -Value 1 -Force
#remove legal notice
Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\system" legalnoticecaption -Type String -Value "" -Force
Set-ItemProperty -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\policies\system" legalnoticetext -Type String -Value "" -Force
}
function Enable-Ping{
Import-Module NetSecurity
Set-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -enabled True
}
function Configure-CloudbaseInitRecovery{
sc.exe failure cloudbase-init reset= 3600 actions= restart/5000/restart/10000/none/5000
}
function Disable-SNMP{
sc.exe config SNMP start= disabled
}
function Update-Windows{
TimeLog "Patching"
Import-Module PSWindowsUpdate
}
function Uninstall-Nydus{
$a=0
while ((get-item -path $NYDP 2>$null) -and $a -lt 10) {
$a++
"rm $NYDP #$a"
Stop-Nydus
Get-ChildItem -Path $NYDP -Recurse | Remove-Item -Force -Recurse
Remove-Item -Path $NYDP -Force -Recurse
}
if (!(get-item -path $NYDP 2>$null)){"OK"}else{"F"}
}
function Check-NydusVersion{
return Run-Cmd $NYDUS_PYTHON "-c ""import pkg_resources, sys; from distutils.versionpredicate import VersionPredicate as VP; v = VP('nydus (%s)' % sys.argv[1]); not v.satisfied_by(pkg_resources.get_distribution('nydus').version) and sys.exit(9)"" "">=4.0.0,<7.0.0"" &> $null"
}
function Install-Nydus{
New-Item -ItemType directory -Force "$NYDP"
New-LocalUser -Name "nydus" -Description "Nydus Service Account" -NoPassword -UserMayNotChangePassword -AccountNeverExpires -ErrorAction Ignore
Add-UserToLogOnAsService -account nydus -logonAsBat
takeown.exe /A /F "$NYDP"
net localgroup administrators nydus /add 2> $null
New-Item -ItemType directory -Force "$NYDP\log"
New-Item -ItemType directory -Force "$NYDP\.pip"
$PIP_CONF="$($NYDP)\.pip\pip.conf"
@"
[global]
index-url = https://hfs-public.secureserver.net/simple
extra-index-url = https://hfs-public.secureserver.net/simple
"@ | out-file -Encoding ASCII $PIP_CONF
@'
param($NYDUS_CONSTRAINT, $NYDUS_PATH, $PIP_CONF, $PYTHON_EXE)
$VENV="$($NYDUS_PATH)\pyvenv"
cd $NYDUS_PATH
New-Item -ItemType directory -Force .pip,bin,delayqueue,executor,ssl,executor\queue,executor\store
Remove-Item $NYDUS_PATH\bin\service.bat -ErrorAction Ignore
cmd /c mklink $NYDUS_PATH\bin\service.bat $NYDUS_PATH\pyvenv\Lib\site-packages\nydus\scripts\service.bat
&$PYTHON_EXE -m venv $VENV
&"$($VENV)\Scripts\activate.ps1"
$Env:PIP_CONFIG_FILE = $PIP_CONF
if(new-object System.Net.Sockets.TcpClient("8.8.8.8", 443)){
python -m pip install -U pip "setuptools>=40,<41" wheel
}
python -m pip install "requests>=2.21,<2.26" "nydus$NYDUS_CONSTRAINT"
Start-Process -Wait -NoNewWindow -Passthru -FilePath "$($VENV)\Scripts\install-op.exe" -ArgumentList "customer-local-ops"
Write-Output "" >> $NYDUS_PATH\restart
@"
Nydus refers to a pair of agent applications (nydus-ex and nydus-ex-api) running on your server that communicate with the server dashboard, providing resource metrics and performing server operations you've requested. The agent listens on port 2224.
Because the server dashboard and upgrades rely on these applications, blocking port 2224 - or removing these applications from the server - stops these features from working.
"@ | out-file -Encoding ASCII $NYDUS_PATH\README.TXT
'@ | Out-File -Encoding ASCII "$($NYDP)\install-nydus.ps1"
&"$($NYDP)\install-nydus.ps1" ">=4.0.0,<7.0.0" "$NYDP" "$PIP_CONF" "$pythonexe"
New-PSService -Name 'Nydus-Ex-Api' -Path 'C:\nydus\pyvenv\Scripts' -File 'nydus-ex-api.exe' -Description "Nydus Executor API."
New-PSService -Name 'Nydus-Ex' -Path 'C:\nydus\pyvenv\Scripts' -File 'nydus-ex.exe' -Description "Nydus Executor."
TimeLog "Nydus install done"
}
function Install-Nydus-Certs{
'-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA6wQK30dN2SweTTQrXpBmbqZ5fPdo865Q9qjzOhDLDfPA6nSL
nOZc0/D3UjjG4bujGytV/sO88FQZHDNdCrpLvA5KQukedPPU9Emx48/wKde7otQa
SHg4N/IfxU1w1sQpvcX1icZZih6qMiljZJsclY/8rbil7SF9xphbiq/yaRCeihHN
y4/Z6mD3ezQ+DGYx3n0zo/NnnquIMxvUhK/ucBMlXpbqtFZP5aHH7iCf/IWM7Gkw
MNtIFrdY5V4UpYZt4bMwlaoPkgPv9bFhjdjCSLSsVI0AzpGJQtvBUVZ+7esZ/pRf
nef4emvzD5K7ZUlf8R4KAY+FPyzDYiDtPfJh6wIDAQABAoIBAGZa8V1DUd13AI+B
XC4oV+RzLtBFdPlEf1CeTqiIbddaxTeXoMKp9d38wcqWnc/sh+IqYp69o0lMZ09H
84rbjmaOFrvDihdHpwTqH8bnZmLi6X7GP9g2O83p7vpgeveeoctcL09dCtxD9L46
FmbXw4BEILmMhP+dKYlYC+6AKOSmmabmSqTHOcSvNpDyDOA1x7kLOWG8Y7XCRTgo
OOfP9mC/IqzruSEmYANM2vb4WbzV28amiT/zJqyzXeXqXgp7FpxUh7GEZ69547ec
1Hw2BwqUJ5AhWsr8sAYGhuvhCP4Gt6D70R0QVzU78hXsZO5VgnNdq6bjZF27pOvu
gEtXuvkCgYEA8XoSF/t3p2M/nQhFoI6Mygn3Ng+/R6anE6kIlWoQKPjaFEB+gMv4
ngOQw5tzDSMVTKqqxlXsIauvqnXEfoy0fTCRMa8Y4k2yLIaYAYg/cCcmg9PzPALO
GqfjcKzFTExeLNb3tZlTi9FMFotRc/NHEX0FV88WwaBa3tEejhuVC1cCgYEA+SZ+
UdOhI5PUmFL6sGC4pIiOnWWDcSnEqNMIjhM3irHpNCroi81o7Cg2rxoQN2siIE4Q
dky6cW0w7t28Z3ElFxxtQPTTqWFBx3BHMkn5L/jTXsC4YV9TJmYsiFYSUMi2H63q
6HzN2+fxAT7bri/SyDUv9hiKzGHEsZT4QK1bFY0CgYAKRNmuIWiGOsdCw05KtKUy
Flhn+SV2Q5UJVf/icr87LtH/WHrIuWPaPGaUmvC6l0pZl0xp4M+I4wc2ZYm0pAEs
7brO9RZG0W0JTbP7JLMl7tRJeOL4I1pmcctPSFmflAPRPlcMZvfRk1X8A3K0Tp0w
FjP69viNxWb34Ma+3ldpQwKBgG3UlDbKDey7DCqh2bTKzlppgETOLSVDflfVv52x
xvgy+VRv3ddTE3+XMpP571AewApxnzwnEsFRmxKRWK5Y6DrJ4zeRNYUjRHYAfsIi
beDB1ZudZSo3dVYmEFeBac2GzRIl/rnB2pWoJ0ufRAQDPO3Y1G2t3/G835JQ0ybf
xJk5AoGBAORyOV8LugDEd5Hxz4YcFz5zdR9jJRW2qbqC+Fniv9SqNoL9zUZig++N
FsF9BKUni34U4pkIMuMmB3CF5tS4WxFwYNEJ7mI+xaXDPHaaTS4eJryEC03M28fS
1omvTmga+u1H3PENTTMD3JoSia73q8fEJlDMvh8IWkzTklp5KavP
-----END RSA PRIVATE KEY-----
' | out-file 'C:\nydus\ssl\executor.key' -Encoding ASCII -Force
#nydus:400
'-----BEGIN CERTIFICATE-----
MIIEITCCAwmgAwIBAgIUCsSmwPSkKOuv2Q9VWV9WNa9su7YwDQYJKoZIhvcNAQEL
BQAwgYwxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6b25hMRMwEQYDVQQHDApT
Y290dHNkYWxlMRowGAYDVQQKDBFHb0RhZGR5LmNvbSwgSW5jLjEQMA4GA1UECwwH
SG9zdGluZzEoMCYGA1UEAwwfTnlkdXMgQ3VzdG9tZXIgU2VydmljZXMgKFNHMlAy
KTAeFw0yMzAzMjcxOTQyNTNaFw0zMzAzMjQxOTQyNTNaMIGMMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCQVoxEzARBgNVBAcMClNjb3R0c2RhbGUxGjAYBgNVBAoMEUdv
RGFkZHkuY29tLCBJbmMuMRAwDgYDVQQLDAdIb3N0aW5nMS0wKwYDVQQDDCRjMDMw
NzcyOC1hYmUyLTQ4NDgtYjRlZS0zOWY3OTJlNWNiZjQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDrBArfR03ZLB5NNCtekGZupnl892jzrlD2qPM6EMsN
88DqdIuc5lzT8PdSOMbhu6MbK1X+w7zwVBkcM10Kuku8DkpC6R5089T0SbHjz/Ap
17ui1BpIeDg38h/FTXDWxCm9xfWJxlmKHqoyKWNkmxyVj/ytuKXtIX3GmFuKr/Jp
EJ6KEc3Lj9nqYPd7ND4MZjHefTOj82eeq4gzG9SEr+5wEyVeluq0Vk/locfuIJ/8
hYzsaTAw20gWt1jlXhSlhm3hszCVqg+SA+/1sWGN2MJItKxUjQDOkYlC28FRVn7t
6xn+lF+d5/h6a/MPkrtlSV/xHgoBj4U/LMNiIO098mHrAgMBAAGjeTB3MAwGA1Ud
EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgWgMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMB
MD8GA1UdEQEB/wQ1MDOkMTAvMS0wKwYDVQQDDCRjMDMwNzcyOC1hYmUyLTQ4NDgt
YjRlZS0zOWY3OTJlNWNiZjQwDQYJKoZIhvcNAQELBQADggEBAK3baRIqSxP4vTVm
vne0Dz8UuXhJ9ls0A0HUs5fUhmO3fShCV10jLXT9mcuJYFnZnC+m2c4+WHLhey2X
Gufs8dWhhZ11O96iR3gYEK3uyh7eG4JuiP+PM/XqunqD8q1mFqeHmE/sjbAQO1gN
jQPUvo3+HN6mGnCTkIUrdPilbdAgZHy5yxzZHR3deT4nAhAPLAecK8qkLQQW+2if
jLGfZOjAxkcjLsjR9X+4VUelB7yJAw6Z5xekBfEplQJ7A/3VexR0wAwgQHX8t/Oz
TFU4nC4pC8mUYFhjGuBDiErX191bvUlrYGjhIZ+y2dw8VIU2NkgAdS7GOz+Xgi6P
KnA5wUQ=
-----END CERTIFICATE-----
' | out-file 'C:\nydus\ssl\executor.crt' -Encoding ASCII -Force
#nydus:440
'-----BEGIN CERTIFICATE-----
MIIE9jCCAt6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB0FyaXpvbmExEzARBgNVBAcMClNjb3R0c2RhbGUxGjAYBgNVBAoM
EUdvRGFkZHkuY29tLCBJbmMuMRAwDgYDVQQLDAdIb3N0aW5nMScwJQYDVQQDDB5O
eWR1cyBSb290IENlcnRpZmljYXRlIChTRzJQMikwIhgPMjAxNjA0MDEwMDAwMDBa
GA8yMDQxMDQwMTAwMDAwMFowgYcxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6
b25hMRMwEQYDVQQHDApTY290dHNkYWxlMRowGAYDVQQKDBFHb0RhZGR5LmNvbSwg
SW5jLjEQMA4GA1UECwwHSG9zdGluZzEjMCEGA1UEAwwaTnlkdXMgSEZTIFNlcnZp
Y2VzIChTRzJQMikwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCnoCnO
EuXH2m8Gw36HscpwCuDyC5MI6JNSNQc8rVFjb5k9WI+FMlMLdOPD0T0MHL2ZH9Z6
rxnh0SHeOtSBR5aY2Yd748shH/PH5vr46ByWl9JORqLGQ+8YSglS9GX7EVtWb750
ptMgVdtjZuxeq++KjJWbLnx4vdfcLVqPBeTvQP6Lp/ncfQzMMfmAUPKnxjhzh5yu
IgCvElREo0Vx3ep2mgP6mCP9i4NkRICaNsf3rFO/S5J8T1s/yc5xMgsZ2g4fwOjh
0urRKxE9dFiTmkOeSf7xfJs1QdoyRtfKdEAYjyRV/7drxt/lB/a5dcatEnHu+7TB
wve38zeEyNydB73NAgMBAAGjYzBhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/
BAQDAgEGMB0GA1UdDgQWBBQxZMjqB/6UtEjbhVFcDaIimiMM7TAfBgNVHSMEGDAW
gBR01NjBTSjH+F96qk7KadUOIql2fjANBgkqhkiG9w0BAQsFAAOCAgEAeQmZAwU5
Yc0Kfm0j1FfgI2cQeP+ykRMpEGjXdA85gXaWABkQLd8a/t5GcKYyjgsXg2E9C0L9
Z+eHM+WO4pCK7ZulO1/VLiL/pXkjOjAP52g+qeG+6/tO9OpyCfmN6+3w3MBmnjp7
Wb4EIccmQNa9PbvTVwbORfDxYdVfa6qhodeAufolkuwZtAbfI6hFtuAy2yx7P64R
iUvZhKdpPmvfpcslJ1sY1rSBFPWOuBaV/tUOEZAeww4pnrwqoqNqQ6SEs/QIQ63q
/z8Ah9PBZ/OoNEyqfqxdFkJXNxXVAljMftqiWMK+Vl0XTVXmT2pV7iswAMBXsROW
SaH+zwNoxql0abCf6Y3FNwTf83ntHtERQ0JkJZ+oKBOIzDCHab32bL3KuMh2pFHD
OrlX7WFHWIaLl9Hmtt3ukgQ3A4rUd8QfCBxVp4yA5okz2MlsTQ/4uMfIwaOmcI6z
S+BHguIe+cKGEJrVxe4xO4v+Q8ntDhTHihRCW2b63aZlsapR8F75BRd3gSfK05aF
LF+AwBN7SSG12n1xlYIeGamPL2LkgYBqQv1iOyzLvIxs1kkBZoqu12YZknZ3dLri
hcJlstlKCtryCPr8len5huVTJo1WGfT0aLXEtmtvwYIA/w3ZGr+nZdvn+gVloD/m
10ytdLnUAIu8Ob16rfvRXlinpEl6qw6q9kg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF+jCCA+KgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMCVVMx
EDAOBgNVBAgMB0FyaXpvbmExEzARBgNVBAcMClNjb3R0c2RhbGUxGjAYBgNVBAoM
EUdvRGFkZHkuY29tLCBJbmMuMRAwDgYDVQQLDAdIb3N0aW5nMScwJQYDVQQDDB5O
eWR1cyBSb290IENlcnRpZmljYXRlIChTRzJQMikwIhgPMjAxNjA0MDEwMDAwMDBa
GA8yMDQxMDQwMTAwMDAwMFowgYsxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdBcml6
b25hMRMwEQYDVQQHDApTY290dHNkYWxlMRowGAYDVQQKDBFHb0RhZGR5LmNvbSwg
SW5jLjEQMA4GA1UECwwHSG9zdGluZzEnMCUGA1UEAwweTnlkdXMgUm9vdCBDZXJ0
aWZpY2F0ZSAoU0cyUDIpMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
vqMzbIYIGXZsV6KhZk7l/htuMAWmQSjgE/ybnt3GQppDkUNnTLi+hI6cOfJStT04
f8rD7fTddyXNbvaKl6LWlNXsa3IW1MK/t3kz7XMqWW8orF5QniOtkyZxAS9EH4gT
R53gP+Xw3O/UKjbgjQdFfNLz/DdX8PQQMPjzYL1cFlv4hUZELnIEK/mqKl2FKQUO
TmzJiqAM2PesEEHIXcZ8rdUn0T/zE4PBjLmoV3/zJvt9yvFdd3hn7yYITUISC7Wm
RPGLZZ+A52R/w4+uYcjzhUNcmcANv6Hx/cYqJoKDeAT3DOpila3G4U9LUEJAVyvf
4RBeUWL+3eC6dxPJEA/TC9JkK/01T7Nl4A4dnpjUwdDXGk9G8+AM8+O/9XWeJwBs
aTxgFTz2PNes+9ZVmACF3F8qHU5T9AyC4xUYC6Ejk4o2hERZH5MF13scOb+YUtmj
Fbbu98Zd/pblqvm04NVUPZ+L7SFEfOgNdu8I2e6AIIJdJoiheMj/3PToog6s1M9w
xqqnz/1Y7IL5XEZ47Miou0Or2hL62RY1pZ2+RU83f29ZW5TfN4vdN0UYM9dyMuXU
MmLvj72UtDWXUQ2WV0JGjNlMLtDpGB0gpvvn3OV6jXXryb7g+9uxubZ3+uND0aKj
BjIgolngtmoa3lD5VGWfa8OHIgCXz4/WBHSGyM0uzT0CAwEAAaNjMGEwDwYDVR0T
AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFHTU2MFNKMf4X3qq
Tspp1Q4iqXZ+MB8GA1UdIwQYMBaAFHTU2MFNKMf4X3qqTspp1Q4iqXZ+MA0GCSqG
SIb3DQEBCwUAA4ICAQBxnGpzT77Chi0misDHCRIICLiLZ0Ko+QTgkMWuRlB+GrZG
oTTH8oeaPWmfItKn2MTrjpzJQ8bvojuYSeeBiZ8k0hqYSwzEc/NbpdXwvRk8XMAU
snKVqd7sO0cRMB/XpauN8H8Wq1hYg7IpxzbOWC7p3xLuemwP+sI+uSP7DZKKxxLn
8Yktiv2NSk2jz702GcZhh5rfp4qXWlXEthSF5fjlyQYWcConfsZNi9v/mtn/871T
WtN8UQz1l45+Y9JLbMZYbFE0ZiVlBLgIJL27wXI66mG7o9YKbWOJ7CELUVcrpzka
WN8n+vWGH2C994Bh5HTrblqQoRuNRCamZR5LLY8yVkZ0yYLFs4fadxy/TbHTUtv8
eV5nUGi0KPZktV2Kluv2d9FLEjGISBFNcr0l40rekjdVtl0f9bdDkjDObFGN9uTg
HIbN7+b9/EJfwCXPjDSricge/CdW4OvMRqy0JuE1zC0U1rbGJ0T+R7qBfk3YNANB
d0xPbfjo4+7ZjiX2TygJ8oDwdrAq22D3mXNI92R90rX53Tna0Mxzi54GwFhbf+QI
n8QeHT15Ax+teU2qDNZQDM9wvKBDlnv6plhBoDmEW0gzaFzz/aIs/uHMrVGtshFI
d5s7HTcpVQo7jyODm3s+ETY6u6OkhxUF6CvE0u9vd2QFqN8GjDSvnaGFXKqOsw==
-----END CERTIFICATE-----
' | out-file 'C:\nydus\ssl\client_ca.crt' -Encoding ASCII -Force
#nydus:440
$p="Cert:\LocalMachine\My\"
Get-ChildItem -Path $p | Where-Object {$_.Issuer -match "Nydus Customer Services"} | Remove-Item
Import-Certificate -FilePath C:\nydus\ssl\executor.crt -CertStoreLocation $p
}
function Restore-PresetAdminUser{
net localgroup 'Remote Desktop Users' $($presetAdmin.name) /add 2> $null
net localgroup administrators $($presetAdmin.name) /add 2> $null
net user administrator /active:no 2> $null
}
function Import-CloudInitConfig{
if (test-path $cloudconfpath) {
@"
[DEFAULT]
username=Admin
groups=Administrators
inject_user_password=true
network_adapter=Red Hat VirtIO Ethernet Adapter
raw_hhd=false
cdrom=true
vfat=true
mtools_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\bin\
verbose=true
debug=true
logdir=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\log\
logfile=cloudbase-init.log
logging_serial_port_settings=COM1,115200,N,8
local_scripts_path=C:\Program Files\Cloudbase Solutions\Cloudbase-Init\LocalScripts\
routed_metadata=false
metadata_services=cloudbaseinit.metadata.services.configdrive.ConfigDriveService,cloudbaseinit.metadata.services.httpservice.HttpService
plugins=cloudbaseinit.plugins.windows.removeqxl.RemoveQXLPlugin, cloudbaseinit.plugins.common.networkconfig.NetworkConfigPlugin, cloudbaseinit.plugins.common.localscripts.LocalScriptsPlugin, cloudbaseinit.plugins.windows.loopback.SetupLoopBackPlugin, cloudbaseinit.plugins.windows.extendvolumes.ExtendVolumesPlugin, cloudbaseinit.plugins.windows.activatewindows.ActivateWindowsPlugin, cloudbaseinit.plugins.windows.localadminscheduledtask.LocalAdminScheduledTaskPlugin, cloudbaseinit.plugins.windows.registerdns.RegisterDNSPlugin, cloudbaseinit.plugins.common.userdata.UserDataPlugin, cloudbaseinit.plugins.common.setuserpassword.SetUserPasswordPlugin
allow_reboot=true
https_allow_insecure=true
https_ca_bundle=false
reset_service_password=false
metadata_base_url=http://169.254.169.254/
"@ | out-file -Encoding ASCII $cloudconfpath
}
}
function Configure-LanmanServer{
# Fix Lanman Server dependencies
# SamSS=Security Accounts Manager; Srv2=SMB2 driver
sc.exe config lanmanserver depend= SamSS/Srv2
sc.exe start lanmanserver
}
function License-Server{
Run-Cmd wscript.exe "/H:cscript /B"
Run-Cmd cmd.exe "/c slmgr.vbs /ckms"
Run-Cmd cmd.exe "/c slmgr.vbs /ipk VDYBN-27WPP-V4HQT-9VMD4-VMK7H"
Run-Cmd cmd.exe "/c slmgr.vbs -skms ms-kms01.secureserver.net"
Run-Cmd cmd.exe "/c slmgr.vbs /ato"
}
function Log-TotalTime{
"Total: $(((get-date) - $sT).totalseconds)"
"Total: $(((get-date) - $sT).totalseconds)" | out-file -append $timeLog
}
function Change-Hostname{
if("temp" -ne $env:computername){
Rename-Computer -NewName "temp" -Force
}
}
if ($REINSTALL_NYDUS_ONLY) {
Stop-Nydus
Uninstall-Nydus
Install-Python
Install-PythonPipTools
Install-Nydus
Install-Nydus-Certs
Start-Nydus
}else{
$presetAdmin=Get-PresetAdminUser
Stop-Nydus
Add-TempAdminUser
Remove-PresetAdminUser
Download-NSSM
Disable-NetworkLevelAuth
Configure-Firewall
Enable-PerfLog
if($FIRST_TIME_SETUP) {
Install-Python
Install-PythonPipTools
Configure-HKLM
Enable-Ping
Configure-CloudbaseInitRecovery
Disable-SNMP
Update-Windows
}else{
$result = Check-NydusVersion
$upgrade_python = Check-PythonNeedsUpgrade
if($result.ExitCode -or $upgrade_python) {
"Nydus/Python too old or version check failed (exit $($result.ExitCode)); deleting $NYDP"
Uninstall-Nydus
}
Install-Python
if($upgrade_python) {
Install-PythonPipTools
}
}
Install-Nydus
Install-Nydus-Certs
Restore-PresetAdminUser
Import-CloudInitConfig
Change-Hostname
Configure-LanmanServer
License-Server
}
Log-TotalTime
get-date
#remove-item C:\Windows\Temp\bootscript.ps1 -force
stop-transcript
shutdown /r /f /c "Rebooting for System Configuration"
# winlogon sometimes causes reboot to hang
$process = Get-WmiObject win32_process | Where -Object {$_.name -eq 'winlogon.exe'}
if ($process){
$process | %{$_.Terminate()}
}