diff --git a/schemas/windows_settings.cue b/schemas/windows_settings.cue index e72e7784364..05357cfa3de 100644 --- a/schemas/windows_settings.cue +++ b/schemas/windows_settings.cue @@ -11,13 +11,25 @@ #WindowsRegistryKeys: [...#WindowsRegistryKey] +#WindowsPatch: { + id: string + url: string +} + +#WindowsPatches: [...#WindowsPatch] + #WindowsBaseVersion: { + comment?: string os_disk_size?: string base_image_sku: string, base_image_version: string windows_image_name: string + patches_to_apply: #WindowsPatches } +#WindowsComments: [...string] + + #WindowsBaseVersions: { "2019": #WindowsBaseVersion "2019-containerd": #WindowsBaseVersion @@ -27,7 +39,14 @@ "23H2-gen2": #WindowsBaseVersion } +#WindowsDefenderInfo: { + DefenderUpdateUrl: string, + DefenderUpdateInfoUrl: string +} + #WindowsSettings: { + WindowsComments?: #WindowsComments + WindowsDefenderInfo: #WindowsDefenderInfo WindowsRegistryKeys: #WindowsRegistryKeys WindowsBaseVersions: #WindowsBaseVersions } diff --git a/vhdbuilder/packer/windows/components_json_helpers.ps1 b/vhdbuilder/packer/windows/components_json_helpers.ps1 index 621da14ab25..afa20634ce8 100644 --- a/vhdbuilder/packer/windows/components_json_helpers.ps1 +++ b/vhdbuilder/packer/windows/components_json_helpers.ps1 @@ -202,4 +202,59 @@ function LogReleaseNotesForWindowsRegistryKeys } return $logLines +} + +function GetPatchInfo +{ + Param( + [Parameter(Mandatory = $true)][Object] + $windowsSku, + + [Parameter(Mandatory = $true)][Object] + $windowsSettingsContent + ) + + $output = New-Object System.Collections.ArrayList + + $baseVersionBlock = $windowsSettingsContent.WindowsBaseVersions."$windowsSku"; + + if ($baseVersionBlock -eq $null) { + return $output + } + + $patchData = $baseVersionBlock.patches_to_apply + + # I'd much rather have two functions here - one to return the ids and one to return the urls. But annoyingly + # powershell converts an array of strings of size 1 into a string. Which is super dumb. And means we can't trust + # the return value of the function to be an array. It's OK for some of the functions above as they'll always be + # returning lots of items. But there is usually only one patch to apply. + return $patchData +} + +function GetWindowsBaseVersions { + Param( + [Parameter(Mandatory = $true)][Object] + $windowsSettingsContent + ) + + return $windowsSettingsContent.WindowsBaseVersions.PSObject.Properties.Name +} + +function GetDefenderUpdateUrl { + Param( + [Parameter(Mandatory = $true)][Object] + $windowsSettingsContent + ) + + return $windowsSettingsContent.WindowsDefenderInfo.DefenderUpdateUrl +} + + +function GetDefenderUpdateInfoUrl { + Param( + [Parameter(Mandatory = $true)][Object] + $windowsSettingsContent + ) + + return $windowsSettingsContent.WindowsDefenderInfo.DefenderUpdateInfoUrl } \ No newline at end of file diff --git a/vhdbuilder/packer/windows/components_json_helpers.tests.ps1 b/vhdbuilder/packer/windows/components_json_helpers.tests.ps1 index a8c83573c1b..a1529341417 100644 --- a/vhdbuilder/packer/windows/components_json_helpers.tests.ps1 +++ b/vhdbuilder/packer/windows/components_json_helpers.tests.ps1 @@ -3,6 +3,104 @@ BeforeAll { . $PSCommandPath.Replace('.tests.ps1', '.ps1') } +Describe 'GetWindowsDefenderInfo' { + BeforeEach { + $testString = '{ + "WindowsDefenderInfo": { + "DefenderUpdateUrl": "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64", + "DefenderUpdateInfoUrl": "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64&action=info" + }, +}' + $windowsSettings = echo $testString | ConvertFrom-Json + } + + it 'returns the right info for GetDefenderUpdateUrl' { + GetDefenderUpdateUrl $windowsSettings | Should -Be "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64" + } + + it 'returns the right info for GetDefenderUpdateInfoUrl' { + GetDefenderUpdateInfoUrl $windowsSettings | Should -Be "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64&action=info" + } + +} + +Describe 'GetWindowsBaseVersions' { + BeforeEach { + $testString = '{ + "WindowsBaseVersions": { + "2019": { + "base_image_sku": "2019-Datacenter-Core-smalldisk", + "windows_image_name": "windows-2019", + "base_image_version": "17763.6893.250210", + "patches_to_apply": [{"id": "patchid", "url": "patch_url"}] + }, + "23H2-gen2": { + "base_image_sku": "2019-Datacenter-Core-smalldisk", + "windows_image_name": "windows-2019", + "base_image_version": "17763.6893.250210", + "patches_to_apply": [{"id": "patchid", "url": "patch_url"}] + } + } +}' + $windowsSettings = echo $testString | ConvertFrom-Json + } + + it "returns the bsae versions" { + $baseVersions = GetWindowsBaseVersions $windowsSettings + $baseVersions.Length | Should -Be 2 + $baseVersions | Should -Contain "2019" + $baseVersions | Should -Contain "23H2-gen2" + } +} + +Describe 'WindowsBaseVersions' { + BeforeEach { + $testString = '{ + "WindowsBaseVersions": { + "2019": { + "base_image_sku": "2019-Datacenter-Core-smalldisk", + "windows_image_name": "windows-2019", + "base_image_version": "17763.6893.250210", + "patches_to_apply": [{"id": "patchid", "url": "patch_url"}] + } + } +}' + $windowsSettings = echo $testString | ConvertFrom-Json + } + + it "returns an empty array for an unknown windows sku" { + $patchurls = GetPatchInfo "12345" $windowsSettings + $patchurls.Length | Should -Be 0 + } + + it "can extract patch urls for windows 2019" { + $patchurls = GetPatchInfo "2019" $windowsSettings + $patchurls[0].url | Should -Be "patch_url" + $patchurls[0].id | Should -Be "patchid" + $patchurls.Length | Should -Be 1 + } + + it "can extract two patch urls for windows 2019" { + $testString = '{ + "WindowsBaseVersions": { + "2019": { + "base_image_sku": "2019-Datacenter-Core-smalldisk", + "windows_image_name": "windows-2019", + "base_image_version": "17763.6893.250210", + "patches_to_apply": [{"id": "patchid1", "url": "patch_url1"},{"id": "patchid2", "url": "patch_url2"}] + } + } +}' + $windowsSettings = echo $testString | ConvertFrom-Json + $patchurls = GetPatchInfo "2019" $windowsSettings + $patchurls[0].url | Should -Be "patch_url1" + $patchurls[0].id | Should -Be "patchid1" + $patchurls[1].url | Should -Be "patch_url2" + $patchurls[1].id | Should -Be "patchid2" + $patchurls.Length | Should -Be 2 + } +} + Describe 'LogReleaseNotesForWindowsRegistryKeys' { BeforeEach { $testString = '{ diff --git a/vhdbuilder/packer/windows/windows-vhd-configuration.ps1 b/vhdbuilder/packer/windows/windows-vhd-configuration.ps1 index 2860177cf0b..dfc9fd45924 100644 --- a/vhdbuilder/packer/windows/windows-vhd-configuration.ps1 +++ b/vhdbuilder/packer/windows/windows-vhd-configuration.ps1 @@ -1,9 +1,8 @@ +# TODO - over time this file should contain less and less info, and really just source the json and helpers file. Then that logic can be moved into +# the scripts that use this file and this file can be deleted. + + $global:windowsSKU = $env:WindowsSKU -$validSKU = @("2019-containerd", "2022-containerd", "2022-containerd-gen2", "23H2", "23H2-gen2") -if (-not ($validSKU -contains $windowsSKU)) -{ - throw "Unsupported windows image SKU: $windowsSKU" -} # We use the same temp dir for all temp tools that will be used for vhd build $global:aksTempDir = "c:\akstemp" @@ -14,48 +13,6 @@ $global:aksToolsDir = "c:\aks-tools" # We need to guarantee that the node provisioning will not fail because the vhd is full before resize-osdisk is called in AKS Windows CSE script. $global:lowestFreeSpace = 1*1024*1024*1024 # 1GB -$global:excludeHashComparisionListInAzureChinaCloud = @( - "calico-windows", - "azure-vnet-cni-singletenancy-windows-amd64", - "azure-vnet-cni-singletenancy-swift-windows-amd64", - "azure-vnet-cni-singletenancy-overlay-windows-amd64", - # We need upstream's help to republish this package. Before that, it does not impact functionality and 1.26 is only in public preview - # so we can ignore the different hash values. - "v1.26.0-1int.zip", - "azure-acr-credential-provider-windows-amd64-v1.29.2.tar.gz" -) - -# Windows Server 2019 update history can be found at https://support.microsoft.com/en-us/help/4464619 -# Windows Server 2022 update history can be found at https://support.microsoft.com/en-us/topic/windows-server-2022-update-history-e1caa597-00c5-4ab9-9f3e-8212fe80b2ee -# Windows Server 23H2 update history can be found at https://support.microsoft.com/en-us/topic/windows-server-version-23h2-update-history-68c851ff-825a-4dbc-857b-51c5aa0ab248 -# then you can get download links by searching for specific KBs at http://www.catalog.update.microsoft.com/home.aspx -# -# IMPORTANT NOTES: Please check the KB article before getting the KB links. For example, for 2021-4C: -# You must install the April 22, 2021 servicing stack update (SSU) (KB5001407) before installing the latest cumulative update (LCU). -# SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU. - -# defenderUpdateUrl refers to the latest windows defender platform update -$global:defenderUpdateUrl = "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64" -# defenderUpdateInfoUrl refers to the info of latest windows defender platform update -$global:defenderUpdateInfoUrl = "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64&action=info" - -switch -Regex ($windowsSku) -{ - "2019-containerd" { - $global:patchUrls = @() - $global:patchIDs = @() - } - "2022-containerd*" { - $global:patchUrls = @() - $global:patchIDs = @() - } - "23H2*" { - $global:patchUrls = @() - $global:patchIDs = @() - } -} - - $HelpersFile = "c:/k/components_json_helpers.ps1" $ComponentsJsonFile = "c:/k/components.json" $WindowsSettingsFile = "c:/k/windows_settings.json" @@ -84,15 +41,42 @@ Write-Output "WindowsSettingsFile: $WindowsSettingsFile" $componentsJson = Get-Content $ComponentsJsonFile | Out-String | ConvertFrom-Json $windowsSettingsJson = Get-Content $WindowsSettingsFile | Out-String | ConvertFrom-Json +$patch_data = GetPatchInfo $windowsSKU $windowsSettingsJson +$global:patchUrls = $patch_data | % { $_.url } +$global:patchIDs = $patch_data | % { $_.id } $global:imagesToPull = GetComponentsFromComponentsJson $componentsJson $global:keysToSet = GetRegKeysToApply $windowsSettingsJson $global:map = GetPackagesFromComponentsJson $componentsJson $global:releaseNotesToSet = GetKeyMapForReleaseNotes $windowsSettingsJson +$validSKU = GetWindowsBaseVersions $windowsSettingsJson +if (-not ($validSKU -contains $windowsSKU)) +{ + throw "Unsupported windows image SKU: $windowsSKU" +} + # Different from other packages which are downloaded/cached and used later only during CSE, windows containerd is installed # during building the Windows VHD to cache container images. # We use the latest containerd package to start containerd then cache images, and the latest one is expected to be # specified by AKS PR for most of the cases. BUT as long as there's a new unpacked image version, we should keep the # versions synced. $global:defaultContainerdPackageUrl = GetDefaultContainerDFromComponentsJson $componentsJson + +# defenderUpdateUrl refers to the latest windows defender platform update +$global:defenderUpdateUrl = GetDefenderUpdateUrl $windowsSettingsJson +# defenderUpdateInfoUrl refers to the info of latest windows defender platform update +$global:defenderUpdateInfoUrl = GetDefenderUpdateInfoUrl $windowsSettingsJson + +# The following items still need to be migrated into the windows_settings file. +$global:excludeHashComparisionListInAzureChinaCloud = @( + "calico-windows", + "azure-vnet-cni-singletenancy-windows-amd64", + "azure-vnet-cni-singletenancy-swift-windows-amd64", + "azure-vnet-cni-singletenancy-overlay-windows-amd64", + # We need upstream's help to republish this package. Before that, it does not impact functionality and 1.26 is only in public preview + # so we can ignore the different hash values. + "v1.26.0-1int.zip", + "azure-acr-credential-provider-windows-amd64-v1.29.2.tar.gz" +) + diff --git a/vhdbuilder/packer/windows/windows_settings.json b/vhdbuilder/packer/windows/windows_settings.json index 7469ce8b40e..a87f589dddc 100644 --- a/vhdbuilder/packer/windows/windows_settings.json +++ b/vhdbuilder/packer/windows/windows_settings.json @@ -1,38 +1,58 @@ { + "WindowsComments": [ + "Windows Server 2019 update history can be found at https://support.microsoft.com/en-us/help/4464619", + "Windows Server 2022 update history can be found at https://support.microsoft.com/en-us/topic/windows-server-2022-update-history-e1caa597-00c5-4ab9-9f3e-8212fe80b2ee", + "Windows Server 23H2 update history can be found at https://support.microsoft.com/en-us/topic/windows-server-version-23h2-update-history-68c851ff-825a-4dbc-857b-51c5aa0ab248", + "Then you can get download links by searching for specific KBs at http://www.catalog.update.microsoft.com/home.aspx", + "", + "IMPORTANT NOTES: Please check the KB article before getting the KB links. For example, for 2021-4C:", + "You must install the April 22, 2021 servicing stack update (SSU) (KB5001407) before installing the latest cumulative update (LCU).", + "SSUs improve the reliability of the update process to mitigate potential issues while installing the LCU." + ], + "WindowsDefenderInfo": { + "DefenderUpdateUrl": "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64", + "DefenderUpdateInfoUrl": "https://go.microsoft.com/fwlink/?linkid=870379&arch=x64&action=info" + }, "WindowsBaseVersions": { "2019": { "base_image_sku": "2019-Datacenter-Core-smalldisk", "windows_image_name": "windows-2019", - "base_image_version": "17763.6893.250210" + "base_image_version": "17763.6893.250210", + "patches_to_apply": [] }, "2019-containerd": { "base_image_sku": "2019-Datacenter-Core-smalldisk", "windows_image_name": "windows-2019-containerd", - "base_image_version": "17763.6893.250210" + "base_image_version": "17763.6893.250210", + "patches_to_apply": [] }, "2022-containerd": { "os_disk_size": "35", "base_image_sku": "2022-Datacenter-Core-smalldisk", "windows_image_name": "windows-2022-containerd", - "base_image_version": "20348.3207.250210" + "base_image_version": "20348.3207.250210", + "patches_to_apply": [] }, "2022-containerd-gen2": { "os_disk_size": "35", "base_image_sku": "2022-datacenter-core-smalldisk-g2", "windows_image_name": "windows-2022-containerd", - "base_image_version": "20348.3207.250210" + "base_image_version": "20348.3207.250210", + "patches_to_apply": [] }, "23H2": { "os_disk_size": "35", "base_image_sku": "23h2-datacenter-core", "windows_image_name": "windows-23H2", - "base_image_version": "25398.1425.250210" + "base_image_version": "25398.1425.250210", + "patches_to_apply": [] }, "23H2-gen2": { "os_disk_size": "35", "base_image_sku": "23h2-datacenter-core-g2", "windows_image_name": "windows-23H2", - "base_image_version": "25398.1425.250210" + "base_image_version": "25398.1425.250210", + "patches_to_apply": [] } }, "WindowsRegistryKeys": [