<# All or portions of this file Copyright (c) Amazon.com, Inc. or its affiliates or its licensors. For complete copyright and license terms please see the LICENSE at the root of this distribution (the "License"). All use of this software is governed by the License, or, if provided, by the license below or the license accompanying this file. Do not remove or modify any license notices. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #> # Grab credentials from parameter store (assumes AWS cli is installed and correct IAM policy is setup) $az = curl http://169.254.169.254/latest/meta-data/placement/availability-zone -UseBasicParsing $region = $az.Content -replace ".$" $username = aws ssm get-parameters --names "shared.builderuser" --region $region --with-decryption | ConvertFrom-Json $username = $username.Parameters.Value.ToString() $password = aws ssm get-parameters --names "shared.builderpass" --region $region --with-decryption | ConvertFrom-Json $password = ConvertTo-SecureString $password.Parameters.Value.ToString() -AsPlainText -Force $credential = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password $cygwin_packages = "openssh,vim,curl,tar,wget,zip,unzip,diffutils,bzr,nc,procps,ncdu" # Download cygwin New-Item C:\tools\cygwin -Force wget https://cygwin.com/setup-x86_64.exe -o C:\tools\cygwin\setup-x86_64.exe # Install cygwin (this is a specific version not subject to LGPLv3) # complete package list: https://cygwin.com/packages/package_list.html Write-Host " * Starting Cygwin install" Start-Process "C:\tools\cygwin\setup-x86_64.exe" -ArgumentList ("--quiet-mode " + "--wait --root C:\cygwin --site http://cygwin.osuosl.org " + "--packages $cygwin_packages") -wait ` -NoNewWindow -PassThru -RedirectStandardOutput "C:\cygwin_install.log" ` -RedirectStandardError "C:\cygwin_install.err" # Open up firewall for ssh daemon Write-Host " * Opening port 22 on firewall" New-NetFirewallRule -DisplayName "Allow SSH inbound" -Direction Inbound -LocalPort 22 -Protocol TCP -Action Allow # Workaround for https://www.cygwin.com/ml/cygwin/2015-10/msg00036.html # see: # 1) https://www.cygwin.com/ml/cygwin/2015-10/msg00038.html # 2) https://goo.gl/EWzeVV $env:LOGONSERVER = "\\" + $env:COMPUTERNAME # Configure sshd Write-Host " * Configuring SSHD" Start-Process "C:\cygwin\bin\bash.exe" -ArgumentList "--login -c `"ssh-host-config -y -c 'ntsec mintty' -u '$($username)' -w '$($Credential.GetNetworkCredential().Password)'`"" ` -wait -NoNewWindow -PassThru ` -RedirectStandardOutput "C:\logs\cygrunsrv.log" -RedirectStandardError "C:\logs\cygrunsrv.err" Start-Process "C:\cygwin\bin\bash.exe" -ArgumentList "--login -c 'echo ""KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1"" >> /etc/sshd_config'" # Copy bash script to add special permissions to builder account aws s3 cp s3://ly-jenkins-node-config/windows/setup.sh c:\cygwin\home\$username\ # Run bash setup script echo " * Configuring Bash" Start-Process "C:\cygwin\bin\bash.exe" -ArgumentList "--login -c 'chmod a+x ~/setup.sh; ~/setup.sh $username'" ` -wait -NoNewWindow -PassThru ` -RedirectStandardOutput "C:\logs\Administrator_cygwin_setup.log" ` -RedirectStandardError "C:\logs\Administrator_cygwin_setup.err" # Start sshd echo " * Starting SSHD" Start-Process "net" -ArgumentList "start cygsshd" ` -wait -NoNewWindow -PassThru ` -RedirectStandardOutput "C:\logs\net_start_sshd.log" -RedirectStandardError "C:\logs\net_start_sshd.err" # Add SSH key echo " * Getting SSH key" $sshkey = aws ssm get-parameters --names "shared.buildersshkey" --region $region --with-decryption | ConvertFrom-Json New-Item "C:\cygwin\home\$username\.ssh" -Force Add-Content "C:\cygwin\home\$username\.ssh\authorized_keys" "$($sshkey.Parameters.Value)" Start-Process "C:\cygwin\bin\bash.exe" -ArgumentList "--login -c 'chown -R $username /home/$username; chmod 600 /home/$username/.ssh/authorized_keys; sed -i 's/\r$//' /home/$username/.ssh/authorized_keys'" ` # Clean up secure variables Remove-Variable password Remove-Variable credential Remove-Variable sshkey