1 # -*- coding: utf-8 -*-
3 # Copyright 2012 GRNET S.A. All rights reserved.
5 # Redistribution and use in source and binary forms, with or
6 # without modification, are permitted provided that the following
9 # 1. Redistributions of source code must retain the above
10 # copyright notice, this list of conditions and the following
13 # 2. Redistributions in binary form must reproduce the above
14 # copyright notice, this list of conditions and the following
15 # disclaimer in the documentation and/or other materials
16 # provided with the distribution.
18 # THIS SOFTWARE IS PROVIDED BY GRNET S.A. ``AS IS'' AND ANY EXPRESS
19 # OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
20 # WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL GRNET S.A OR
22 # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
25 # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26 # AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
28 # ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 # POSSIBILITY OF SUCH DAMAGE.
31 # The views and conclusions contained in the software and
32 # documentation are those of the authors and should not be
33 # interpreted as representing official policies, either expressed
34 # or implied, of GRNET S.A.
36 """This module hosts OS-specific code common for the various Microsoft
39 from image_creator.os_type import OSBase, sysprep
40 from image_creator.util import FatalError, check_guestfs_version, get_command
50 kvm = get_command('kvm')
55 class Windows(OSBase):
56 """OS class for Windows"""
58 def needed_sysprep_params(self):
59 """Returns a list of needed sysprep parameters. Each element in the
60 list is a SysprepParam object.
63 password = self.SysprepParam(
64 'password', 'Image Administrator Password', 20, lambda x: True)
68 @sysprep(enabled=True)
69 def disable_ipv6_privacy_extensions(self, print_header=True):
70 """Disable IPv6 privacy extensions"""
73 self.out.output("Disabling IPv6 privacy extensions")
75 self._guest_exec('netsh interface ipv6 set global '
76 'randomizeidentifiers=disabled store=persistent')
78 @sysprep(enabled=True)
79 def microsoft_sysprep(self, print_header=True):
80 """Run the Microsoft System Preparation Tool on the Image. This will
81 remove system-specific data and will make the image ready to be
82 deployed. After this no other task may run.
86 self.out.output("Executing sysprep on the image (may take more "
89 self._guest_exec(r'C:\Windows\system32\sysprep\sysprep '
90 r'/quiet /generalize /oobe /shutdown')
94 """Prepare system for image creation."""
96 if getattr(self, 'syspreped', False):
97 raise FatalError("Image is already syspreped!")
99 txt = "System preparation parameter: `%s' is needed but missing!"
100 for param in self.needed_sysprep_params():
101 if param[0] not in self.sysprep_params:
102 raise FatalError(txt % param[0])
104 self.mount(readonly=False)
106 disabled_uac = self._update_uac_remote_setting(1)
107 token = self._enable_os_monitor()
111 self.out.output("Shutting down helper VM ...", False)
113 # guestfs_shutdown which is the prefered way to shutdown the backend
114 # process was introduced in version 1.19.16
115 if check_guestfs_version(self.g, 1, 19, 16) >= 0:
116 ret = self.g.shutdown()
118 ret = self.g.kill_subprocess()
120 self.out.success('done')
125 self.out.output("Starting windows VM ...", False)
126 monitorfd, monitor = tempfile.mkstemp()
128 vm, display = self._create_vm(monitor)
129 self.out.success("started (console on vnc display: %d)." % display)
131 self.out.output("Waiting for OS to boot ...", False)
132 if not self._wait_on_file(monitor, token):
133 raise FatalError("Windows booting timed out.")
135 self.out.success('done')
137 self.out.output("Disabling automatic logon ...", False)
138 self._disable_autologon()
139 self.out.success('done')
141 self.out.output('Preparing system from image creation:')
143 tasks = self.list_syspreps()
144 enabled = filter(lambda x: x.enabled, tasks)
148 # Make sure the ms sysprep is the last task to run if it is enabled
150 lambda x: x.im_func.func_name != 'microsoft_sysprep', enabled)
152 ms_sysprep_enabled = False
153 if len(enabled) != size:
154 enabled.append(self.ms_sysprep)
155 ms_sysprep_enabled = True
160 self.out.output(('(%d/%d)' % (cnt, size)).ljust(7), False)
162 setattr(task.im_func, 'executed', True)
164 self.out.output("Shutting down windows VM ...", False)
165 if not ms_sysprep_enabled:
167 self.out.success("done")
171 if monitor is not None:
177 self.out.output("Relaunching helper VM (may take a while) ...",
180 self.out.success('done')
183 self._update_uac_remote_setting(0)
185 def _create_vm(self, monitor):
186 """Create a VM with the image attached as the disk
188 monitor: a file to be used to monitor when the OS is up
192 mac = [0x00, 0x16, 0x3e,
193 random.randint(0x00, 0x7f),
194 random.randint(0x00, 0xff),
195 random.randint(0x00, 0xff)]
197 return ':'.join(map(lambda x: "%02x" % x, mac))
199 # Use ganeti's VNC port range for a random vnc port
200 vnc_port = random.randint(11000, 14999)
201 display = vnc_port - 5900
203 vm = kvm('-smp', '1', '-m', '1024', '-drive',
204 'file=%s,format=raw,cache=none,if=virtio' % self.image.device,
205 '-netdev', 'type=user,hostfwd=tcp::445-:445,id=netdev0',
206 '-device', 'virtio-net-pci,mac=%s,netdev=netdev0' %
207 random_mac(), '-vnc', ':%d' % display, '-serial',
208 'file:%s' % monitor, _bg=True)
212 def _destroy_vm(self, vm):
213 """Destroy a VM previously created by _create_vm"""
218 """Shuts down the windows VM"""
219 self._guest_exec(r'shutdown /s /t 5')
221 def _wait_on_file(self, fname, msg):
222 """Wait until a message appears on a file"""
224 for i in range(BOOT_TIMEOUT):
226 with open(fname) as f:
228 if line.startswith(msg):
232 def _disable_autologon(self):
233 """Disable automatic logon on the windows image"""
236 r'"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"'
238 self._guest_exec('REG DELETE %s /v DefaultUserName /f' % winlogon)
239 self._guest_exec('REG DELETE %s /v DefaultPassword /f' % winlogon)
240 self._guest_exec('REG DELETE %s /v AutoAdminLogon /f' % winlogon)
242 def _registry_file_path(self, regfile):
243 """Retrieves the case sensitive path to a registry file"""
245 systemroot = self.g.inspect_get_windows_systemroot(self.root)
246 path = "%s/system32/config/%s" % (systemroot, regfile)
248 path = self.g.case_sensitive_path(path)
249 except RuntimeError as e:
250 raise FatalError("Unable to retrieve registry file: %s. Reason: %s"
254 def _enable_os_monitor(self):
255 """Add a script in the registry that will send a random string to the
256 first serial port when the windows image finishes booting.
259 token = "".join(random.choice(string.ascii_letters) for x in range(16))
261 path = self._registry_file_path('SOFTWARE')
262 softwarefd, software = tempfile.mkstemp()
265 self.g.download(path, software)
267 h = hivex.Hivex(software, write=True)
269 # Enable automatic logon.
270 # This is needed because we need to execute a script that we add in
271 # the RunOnce registry entry and those programs only get executed
272 # when a user logs on. There is a RunServicesOnce registry entry
273 # whose keys get executed in the background when the logon dialog
274 # box first appears, but they seem to only work with services and
275 # not arbitrary command line expressions :-(
277 # Instructions on how to turn on automatic logon in Windows can be
278 # found here: http://support.microsoft.com/kb/324737
280 # Warning: Registry change will not work if the “Logon Banner” is
281 # defined on the server either by a Group Policy object (GPO) or by
285 for child in ('Microsoft', 'Windows NT', 'CurrentVersion',
287 winlogon = h.node_get_child(winlogon, child)
291 {'key': 'DefaultUserName', 't': 1,
292 'value': "Administrator".encode('utf-16le')})
295 {'key': 'DefaultPassword', 't': 1,
296 'value': self.sysprep_params['password'].encode('utf-16le')})
299 {'key': 'AutoAdminLogon', 't': 1,
300 'value': "1".encode('utf-16le')})
303 for child in ('Microsoft', 'Windows', 'CurrentVersion'):
304 key = h.node_get_child(key, child)
306 runonce = h.node_get_child(key, "RunOnce")
308 runonce = h.node_add_child(key, "RunOnce")
311 r'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe '
312 r'-ExecutionPolicy RemoteSigned '
313 r'"&{$port=new-Object System.IO.Ports.SerialPort COM1,9600,'
314 r'None,8,one;$port.open();$port.WriteLine(\"' + token + r'\");'
315 r'$port.Close()}"').encode('utf-16le')
317 h.node_set_value(runonce,
318 {'key': "BootMonitor", 't': 1, 'value': value})
322 self.g.upload(software, path)
328 def _update_uac_remote_setting(self, value):
329 """Updates the registry key value:
330 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
331 \System]"LocalAccountTokenFilterPolicy"
333 value = 1 will disable the UAC remote restrictions
334 value = 0 will enable the UAC remote restrictions
336 For more info see here: http://support.microsoft.com/kb/951016
339 True if the key is changed
340 False if the key is unchanged
343 if value not in (0, 1):
344 raise ValueError("Valid values for value parameter are 0 and 1")
346 path = self._registry_file_path('SOFTWARE')
347 softwarefd, software = tempfile.mkstemp()
350 self.g.download(path, software)
352 h = hivex.Hivex(software, write=True)
355 for child in ('Microsoft', 'Windows', 'CurrentVersion', 'Policies',
357 key = h.node_get_child(key, child)
360 for val in h.node_values(key):
361 if h.value_key(val) == "LocalAccountTokenFilterPolicy":
364 if policy is not None:
365 dword = h.value_dword(policy)
372 'key': "LocalAccountTokenFilterPolicy", 't': 4L,
373 'value': '%s\x00\x00\x00' % '\x00' if value == 0 else '\x01'}
375 h.node_set_value(key, new_value)
378 self.g.upload(software, path)
385 def _do_collect_metadata(self):
386 """Collect metadata about the OS"""
387 super(Windows, self)._do_collect_metadata()
388 self.meta["USERS"] = " ".join(self._get_users())
390 def _get_users(self):
391 """Returns a list of users found in the images"""
392 path = self._registry_file_path('SAM')
393 samfd, sam = tempfile.mkstemp()
396 self.g.download(path, sam)
401 # Navigate to /SAM/Domains/Account/Users/Names
402 for child in ('SAM', 'Domains', 'Account', 'Users', 'Names'):
403 key = h.node_get_child(key, child)
405 users = [h.node_name(x) for x in h.node_children(key)]
410 # Filter out the guest account
411 return filter(lambda x: x != "Guest", users)
413 def _guest_exec(self, command, fatal=True):
414 """Execute a command on a windows VM"""
416 user = "Administrator%" + self.sysprep_params['password']
418 runas = '--runas=%s' % user
419 winexe = subprocess.Popen(
420 ['winexe', '-U', user, "//%s" % addr, runas, command],
421 stdout=subprocess.PIPE, stderr=subprocess.PIPE)
423 stdout, stderr = winexe.communicate()
426 if rc != 0 and fatal:
427 reason = stderr if len(stderr) else stdout
428 raise FatalError("Command: `%s' failed. Reason: %s" %
431 return (stdout, stderr, rc)
433 # vim: set sta sts=4 shiftwidth=4 sw=4 et ai :