[Windows][Improvement] Split and simplify "InitializeVM.ps1" script (#3806)

* improve InitializeVM script * Update windows2019.json * remove configs * resolve comments * resolve comments; fix order * fix templates
2025-12-15 14:17:22 +00:00 · 2021-07-29 10:46:27 +03:00
parent 7b1d76227c
commit 2e8f85a83b
12 changed files with 111 additions and 328 deletions
--- a/_config.yml
+++ b/_config.yml
@@ -1 +0,0 @@
-theme: jekyll-theme-slate
--- a/images/win/scripts/Installers/Configure-Antivirus.ps1
+++ b/images/win/scripts/Installers/Configure-Antivirus.ps1
@@ -1,2 +1,5 @@
 Write-Host "Set antivirus parameters"
 Set-MpPreference -ScanAvgCPULoadFactor 5 -ExclusionPath "D:\", "C:\"
+
+Write-Host "Disable Antivirus"
+Set-MpPreference -DisableRealtimeMonitoring $true
--- a/images/win/scripts/Installers/Initialize-VM.ps1
+++ b/images/win/scripts/Installers/Initialize-VM.ps1
@@ -30,48 +30,21 @@ function Disable-UserAccessControl {
    Write-Host "User Access Control (UAC) has been disabled."
 }

-# Enable $ErrorActionPreference='Stop' for AllUsersAllHosts
-Add-Content -Path $profile.AllUsersAllHosts -Value '$ErrorActionPreference="Stop"'
-
-# Set static env vars
-setx ImageVersion $env:IMAGE_VERSION /m
-setx ImageOS $env:IMAGE_OS /m
-setx AGENT_TOOLSDIRECTORY $env:AGENT_TOOLSDIRECTORY /m
-
-# Set TLS1.2
-[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor "Tls12"
-
-Write-Host "Disable Antivirus"
-Set-MpPreference -DisableRealtimeMonitoring $true
-
-# Disable Windows Update
+function Disable-WindowsUpdate {
    $AutoUpdatePath = "HKLM:SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
    If (Test-Path -Path $AutoUpdatePath) {
        Set-ItemProperty -Path $AutoUpdatePath -Name NoAutoUpdate -Value 1
        Write-Host "Disabled Windows Update"
-}
-else {
+    } else {
        Write-Host "Windows Update key does not exist"
    }
-
-# Install .NET Framework 3.5 (required by Chocolatey)
-# Explicitly install all 4.7 sub features to include ASP.Net.
-# As of  1/16/2019, WinServer 19 lists .Net 4.7 as NET-Framework-45-Features
-Install-WindowsFeature -Name NET-Framework-Features -IncludeAllSubFeature
-Install-WindowsFeature -Name NET-Framework-45-Features -IncludeAllSubFeature
-if (Test-IsWin16) {
-    Install-WindowsFeature -Name BITS -IncludeAllSubFeature
-    Install-WindowsFeature -Name DSC-Service
 }

-# Install FS-iSCSITarget-Server
-$fsResult = Install-WindowsFeature -Name FS-iSCSITarget-Server -IncludeAllSubFeature -IncludeManagementTools
-if ( $fsResult.Success ) {
-    Write-Host "FS-iSCSITarget-Server has been successfully installed"
-} else {
-    Write-Host "Failed to install FS-iSCSITarget-Server"
-    exit 1
-}
+# Enable $ErrorActionPreference='Stop' for AllUsersAllHosts
+Add-Content -Path $profile.AllUsersAllHosts -Value '$ErrorActionPreference="Stop"'
+
+Write-Host "Disable Windows Update"
+Disable-WindowsUpdate

 Write-Host "Disable UAC"
 Disable-UserAccessControl
@@ -90,58 +63,6 @@ Write-Host "Enable long path behavior"
 # See https://docs.microsoft.com/en-us/windows/desktop/fileio/naming-a-file#maximum-path-length-limitation
 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\FileSystem' -Name 'LongPathsEnabled' -Value 1

-Write-Host "Install chocolatey"
-$chocoExePath = 'C:\ProgramData\Chocolatey\bin'
-
-if ($($env:Path).ToLower().Contains($($chocoExePath).ToLower())) {
-    Write-Host "Chocolatey found in PATH, skipping install..."
-    Exit
-}
-
-# Add to system PATH
-$systemPath = [Environment]::GetEnvironmentVariable('Path', [System.EnvironmentVariableTarget]::Machine)
-$systemPath += ';' + $chocoExePath
-[Environment]::SetEnvironmentVariable("PATH", $systemPath, [System.EnvironmentVariableTarget]::Machine)
-
-# Update local process' path
-$userPath = [Environment]::GetEnvironmentVariable('Path', [System.EnvironmentVariableTarget]::User)
-if ($userPath) {
-    $env:Path = $systemPath + ";" + $userPath
-}
-else {
-    $env:Path = $systemPath
-}
-
-# Run the installer
-Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))
-
-# Turn off confirmation
-choco feature enable -n allowGlobalConfirmation
-
-# https://github.com/chocolatey/choco/issues/89
-# Remove some of the command aliases, like `cpack` #89
-Remove-Item -Path $env:ChocolateyInstall\bin\cpack.exe -Force
-
-if (Test-IsWin16) {
-    # Install vcredist140
-    Choco-Install -PackageName vcredist140
-}
-
-if (Test-IsWin19) {
-    # Install vcredist2010
-    $Vc2010x86Name = "vcredist_x86.exe"
-    $Vc2010x86URI = "https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/${Vc2010x86Name}"
-    $Vc2010x64Name = "vcredist_x64.exe"
-    $Vc2010x64URI = "https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/${Vc2010x64Name}"
-    $ArgumentList = ("/install", "/quiet", "/norestart")
-    Install-Binary -Url $Vc2010x86URI -Name $Vc2010x86Name -ArgumentList $ArgumentList
-    Install-Binary -Url $Vc2010x64URI -Name $Vc2010x64Name -ArgumentList $ArgumentList
-}
-
-# Initialize environmental variable ChocolateyToolsLocation by invoking choco Get-ToolsLocation function
-Import-Module "$env:ChocolateyInstall\helpers\chocolateyInstaller.psm1" -Force
-Get-ToolsLocation
-
 # Expand disk size of OS drive
 $driveLetter = "C"
 $size = Get-PartitionSupportedSize -DriveLetter $driveLetter
--- a/images/win/scripts/Installers/Install-Choco.ps1
+++ b/images/win/scripts/Installers/Install-Choco.ps1
@@ -0,0 +1,32 @@
+Write-Host "Set TLS1.2"
+[Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor "Tls12"
+
+Write-Host "Install chocolatey"
+$chocoExePath = 'C:\ProgramData\Chocolatey\bin'
+
+# Add to system PATH
+$systemPath = [Environment]::GetEnvironmentVariable('Path', [System.EnvironmentVariableTarget]::Machine)
+$systemPath += ';' + $chocoExePath
+[Environment]::SetEnvironmentVariable("PATH", $systemPath, [System.EnvironmentVariableTarget]::Machine)
+
+# Update local process' path
+$userPath = [Environment]::GetEnvironmentVariable('Path', [System.EnvironmentVariableTarget]::User)
+if ($userPath) {
+    $env:Path = $systemPath + ";" + $userPath
+} else {
+    $env:Path = $systemPath
+}
+
+# Run the installer
+Invoke-Expression ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))
+
+# Turn off confirmation
+choco feature enable -n allowGlobalConfirmation
+
+# https://github.com/chocolatey/choco/issues/89
+# Remove some of the command aliases, like `cpack` #89
+Remove-Item -Path $env:ChocolateyInstall\bin\cpack.exe -Force
+
+# Initialize environmental variable ChocolateyToolsLocation by invoking choco Get-ToolsLocation function
+Import-Module "$env:ChocolateyInstall\helpers\chocolateyInstaller.psm1" -Force
+Get-ToolsLocation
--- a/images/win/scripts/Installers/Install-ContainersFeature.ps1
+++ b/images/win/scripts/Installers/Install-ContainersFeature.ps1
@@ -1,11 +0,0 @@
-################################################################################
-##  File:  Install-ContainersFeature.ps1
-##  Desc:  Install Windows container features.
-##         Must be an independent step becuase it requires a machine restart
-##         before we can continue.
-################################################################################
-
-Write-Host "Install Containers feature"
-Install-WindowsFeature -Name Containers
-
-Invoke-PesterTests -TestFile "WindowsFeatures" -TestName "ContainersFeature"
--- a/images/win/scripts/Installers/Install-VCRedist.ps1
+++ b/images/win/scripts/Installers/Install-VCRedist.ps1
@@ -0,0 +1,15 @@
+if (Test-IsWin16) {
+    # Install vcredist140
+    Choco-Install -PackageName vcredist140
+}
+
+if (Test-IsWin19) {
+    # Install vcredist2010
+    $Vc2010x86Name = "vcredist_x86.exe"
+    $Vc2010x86URI = "https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/${Vc2010x86Name}"
+    $Vc2010x64Name = "vcredist_x64.exe"
+    $Vc2010x64URI = "https://download.microsoft.com/download/1/6/5/165255E7-1014-4D0A-B094-B6A430A6BFFC/${Vc2010x64Name}"
+    $ArgumentList = ("/install", "/quiet", "/norestart")
+    Install-Binary -Url $Vc2010x86URI -Name $Vc2010x86Name -ArgumentList $ArgumentList
+    Install-Binary -Url $Vc2010x64URI -Name $Vc2010x64Name -ArgumentList $ArgumentList
+}
--- a/images/win/scripts/Installers/Install-WindowsFeatures.ps1
+++ b/images/win/scripts/Installers/Install-WindowsFeatures.ps1
@@ -0,0 +1,24 @@
+# Install .NET Framework 3.5 (required by Chocolatey)
+# Explicitly install all 4.7 sub features to include ASP.Net.
+# As of  1/16/2019, WinServer 19 lists .Net 4.7 as NET-Framework-45-Features
+Install-WindowsFeature -Name NET-Framework-Features -IncludeAllSubFeature
+Install-WindowsFeature -Name NET-Framework-45-Features -IncludeAllSubFeature
+
+if (Test-IsWin16) {
+    Install-WindowsFeature -Name BITS -IncludeAllSubFeature
+    Install-WindowsFeature -Name DSC-Service
+}
+
+# Install FS-iSCSITarget-Server
+$fsResult = Install-WindowsFeature -Name FS-iSCSITarget-Server -IncludeAllSubFeature -IncludeManagementTools
+if ( $fsResult.Success ) {
+    Write-Host "FS-iSCSITarget-Server has been successfully installed"
+} else {
+    Write-Host "Failed to install FS-iSCSITarget-Server"
+    exit 1
+}
+
+Write-Host "Install Containers feature"
+Install-WindowsFeature -Name Containers
+
+Invoke-PesterTests -TestFile "WindowsFeatures" -TestName "ContainersFeature"
--- a/images/win/scripts/Installers/Run-Antivirus.ps1
+++ b/images/win/scripts/Installers/Run-Antivirus.ps1
@@ -1,30 +0,0 @@
-################################################################################
-##  File:  Run-Antivirus.ps1
-##  Desc:  Run a full antivirus scan.
-##         Run right after cleanup before we sysprep
-################################################################################
-
-if ($env:run_scan_antivirus -eq $true) {
-    try {
-        Update-MpSignature
-    }
-    catch {
-        Write-Host "Some error was found"
-        Write-Host $_
-    }
-
-    Write-Host "Make sure windefend is going to start"
-    Start-Service windefend -ErrorAction Continue
-    Write-Host "Waiting for windefend to report as running"
-    $service = Get-Service "Windefend"
-    $service.WaitForStatus("Running","00:10:00")
-
-    Write-Host "Run antivirus"
-    # Tell Defender to use 100% of the CPU during the scan
-    Set-MpPreference -ScanAvgCPULoadFactor 100
-    # Full Scan
-    Start-Process -FilePath "C:\Program Files\Windows Defender\MpCmdRun.exe" -ArgumentList ("-Scan","-ScanType", 2) -Wait
-}
-else {
-    Write-Host "Scanning process has been skipped"
-}
--- a/images/win/scripts/Installers/Update-ImageData.ps1
+++ b/images/win/scripts/Installers/Update-ImageData.ps1
@@ -35,3 +35,9 @@ $json = @"
 "@

 $json | Out-File -FilePath $imageDataFile
+
+
+# Set static env vars
+setx ImageVersion $env:IMAGE_VERSION /m
+setx ImageOS $env:IMAGE_OS /m
+setx AGENT_TOOLSDIRECTORY $env:AGENT_TOOLSDIRECTORY /m
--- a/images/win/windows2016.json
+++ b/images/win/windows2016.json
@@ -16,7 +16,6 @@
        "private_virtual_network_with_public_ip": "{{env `PRIVATE_VIRTUAL_NETWORK_WITH_PUBLIC_IP`}}",
        "allowed_inbound_ip_addresses": "{{env `AGENT_IP`}}",
        "vm_size": "Standard_D8s_v4",
-        "run_scan_antivirus": "false",
        "root_folder": "C:",
        "toolset_json_path": "{{env `TEMP`}}\\toolset.json",
        "image_folder": "C:\\image",
@@ -124,17 +123,19 @@
                "PSMODULES_ROOT_FOLDER={{user `psmodules_root_folder`}}"
            ],
            "scripts": [
+                "{{ template_dir }}/scripts/Installers/Configure-Antivirus.ps1",
                "{{ template_dir }}/scripts/Installers/Install-PowerShellModules.ps1",
-                "{{ template_dir }}/scripts/Installers/Initialize-VM.ps1",
-                "{{ template_dir }}/scripts/Installers/Install-WebPlatformInstaller.ps1"
+                "{{ template_dir }}/scripts/Installers/Install-WindowsFeatures.ps1",
+                "{{ template_dir }}/scripts/Installers/Install-Choco.ps1",
+                "{{ template_dir }}/scripts/Installers/Initialize-VM.ps1"
            ],
            "execution_policy": "unrestricted"
        },
        {
            "type": "powershell",
            "scripts": [
-                "{{ template_dir }}/scripts/Installers/Update-DotnetTLS.ps1",
-                "{{ template_dir }}/scripts/Installers/Install-ContainersFeature.ps1"
+                "{{ template_dir }}/scripts/Installers/Install-WebPlatformInstaller.ps1",
+                "{{ template_dir }}/scripts/Installers/Update-DotnetTLS.ps1"
            ]
        },
        {
@@ -145,10 +146,13 @@
            "type": "powershell",
            "environment_vars": [
                "IMAGE_VERSION={{user `image_version`}}",
+                "IMAGE_OS={{user `image_os`}}",
+                "AGENT_TOOLSDIRECTORY={{user `agent_tools_directory`}}",
                "IMAGEDATA_FILE={{user `imagedata_file`}}",
                "TOOLSET_JSON_PATH={{user `toolset_json_path`}}"
            ],
            "scripts": [
+                "{{ template_dir }}/scripts/Installers/Install-VCRedist.ps1",
                "{{ template_dir }}/scripts/Installers/Update-ImageData.ps1",
                "{{ template_dir }}/scripts/Installers/Install-Docker.ps1",
                "{{ template_dir }}/scripts/Installers/Install-PowershellCore.ps1"
@@ -369,17 +373,7 @@
        },
        {
            "type": "powershell",
-            "environment_vars": [
-                "RUN_SCAN_ANTIVIRUS={{user `run_scan_antivirus`}}"
-            ],
            "scripts": [
-                "{{ template_dir }}/scripts/Installers/Run-Antivirus.ps1"
-            ]
-        },
-        {
-            "type": "powershell",
-            "scripts": [
-                "{{ template_dir }}/scripts/Installers/Configure-Antivirus.ps1",
                "{{ template_dir }}/scripts/Installers/Disable-JITDebugger.ps1"
            ]
        },
--- a/images/win/windows2019.json
+++ b/images/win/windows2019.json
@@ -16,7 +16,6 @@
        "private_virtual_network_with_public_ip": "{{env `PRIVATE_VIRTUAL_NETWORK_WITH_PUBLIC_IP`}}",
        "allowed_inbound_ip_addresses": "{{env `AGENT_IP`}}",
        "vm_size": "Standard_D8s_v4",
-        "run_scan_antivirus": "false",
        "root_folder": "C:",
        "toolset_json_path": "{{env `TEMP`}}\\toolset.json",
        "image_folder": "C:\\image",
@@ -124,9 +123,11 @@
                "PSMODULES_ROOT_FOLDER={{user `psmodules_root_folder`}}"
            ],
            "scripts": [
+                "{{ template_dir }}/scripts/Installers/Configure-Antivirus.ps1",
                "{{ template_dir }}/scripts/Installers/Install-PowerShellModules.ps1",
-                "{{ template_dir }}/scripts/Installers/Initialize-VM.ps1",
-                "{{ template_dir }}/scripts/Installers/Install-WebPlatformInstaller.ps1"
+                "{{ template_dir }}/scripts/Installers/Install-WindowsFeatures.ps1",
+                "{{ template_dir }}/scripts/Installers/Install-Choco.ps1",
+                "{{ template_dir }}/scripts/Installers/Initialize-VM.ps1"
            ],
            "execution_policy": "unrestricted"
        },
@@ -141,8 +142,8 @@
        {
            "type": "powershell",
            "scripts": [
-                "{{ template_dir }}/scripts/Installers/Update-DotnetTLS.ps1",
-                "{{ template_dir }}/scripts/Installers/Install-ContainersFeature.ps1"
+                "{{ template_dir }}/scripts/Installers/Install-WebPlatformInstaller.ps1",
+                "{{ template_dir }}/scripts/Installers/Update-DotnetTLS.ps1"
            ]
        },
        {
@@ -153,10 +154,13 @@
            "type": "powershell",
            "environment_vars": [
                "IMAGE_VERSION={{user `image_version`}}",
+                "IMAGE_OS={{user `image_os`}}",
+                "AGENT_TOOLSDIRECTORY={{user `agent_tools_directory`}}",
                "IMAGEDATA_FILE={{user `imagedata_file`}}",
                "TOOLSET_JSON_PATH={{user `toolset_json_path`}}"
            ],
            "scripts": [
+                "{{ template_dir }}/scripts/Installers/Install-VCRedist.ps1",
                "{{ template_dir }}/scripts/Installers/Update-ImageData.ps1",
                "{{ template_dir }}/scripts/Installers/Install-Docker.ps1",
                "{{ template_dir }}/scripts/Installers/Install-PowershellCore.ps1"
@@ -360,21 +364,6 @@
            "type": "windows-restart",
            "restart_timeout": "10m"
        },
-        {
-            "type": "powershell",
-            "environment_vars": [
-                "RUN_SCAN_ANTIVIRUS={{user `run_scan_antivirus`}}"
-            ],
-            "scripts": [
-                "{{ template_dir }}/scripts/Installers/Run-Antivirus.ps1"
-            ]
-        },
-        {
-            "type": "powershell",
-            "scripts": [
-                "{{ template_dir }}/scripts/Installers/Configure-Antivirus.ps1"
-            ]
-        },
        {
            "type": "powershell",
            "scripts": [
--- a/triage-rules.yml
+++ b/triage-rules.yml
@@ -1,159 +0,0 @@
-# Adapted from https://github.com/microsoft/azure-pipelines-tasks/blob/master/issue-rules.yml
-
-# Primary rules
-rules:
-
-# Area: .NET Core
- valueFor: '**Area for Triage**'
-  contains: '.NET Core'
-  addLabels: ['Area: .NET Core']
-
-# Area: .NET Framework
- valueFor: '**Area for Triage**'
-  contains: '.NET Framework'
-  addLabels: ['Area: .NET Framework']
-
-# Area: Android
- valueFor: '**Area for Triage**'
-  contains: 'Android'
-  addLabels: ['Area: Android']
-
-# Area: Apple
- valueFor: '**Area for Triage**'
-  contains: 'Apple'
-  addLabels: ['Area: Apple']
-
-# Area: Artifacts
- valueFor: '**Area for Triage**'
-  contains: 'Artifacts'
-  addLabels: ['Area: Artifacts']
-
-# Area: C/C++
- valueFor: '**Area for Triage**'
-  contains: 'C/C++'
-  addLabels: ['Area: C/C++']
-
-# Area: Containers
- valueFor: '**Area for Triage**'
-  contains: 'Containers'
-  addLabels: ['Area: Containers']
-
-# Area: Databases
- valueFor: '**Area for Triage**'
-  contains: 'Databases'
-  addLabels: ['Area: Databases']
-
-# Area: Deployment/Release
- valueFor: '**Area for Triage**'
-  contains: 'Deployment/Release'
-  addLabels: ['Area: Deployment/Release']
-
-# Area: Erlang / Elixir
- valueFor: '**Area for Triage**'
-  contains: 'Erlang / Elixir'
-  addLabels: ['Area: Erlang / Elixir']
-
-# Area: Git
- valueFor: '**Area for Triage**'
-  contains: 'Git'
-  addLabels: ['Area: Git']
-
-# Area: Go
- valueFor: '**Area for Triage**'
-  contains: 'Go'
-  addLabels: ['Area: Go']
-
-# Area: Haskell
- valueFor: '**Area for Triage**'
-  contains: 'Haskell'
-  addLabels: ['Area: Haskell']
-
-# Area: Java
- valueFor: '**Area for Triage**'
-  contains: 'Java'
-  addLabels: ['Area: Java']
-
-# Area: JavaScript and Node.js
- valueFor: '**Area for Triage**'
-  contains: 'JavaScript and Node.js'
-  addLabels: ['Area: JavaScript and Node.js']
-
-# Area: Packages
- valueFor: '**Area for Triage**'
-  contains: 'Packages'
-  addLabels: ['Area: Packages']
-
-# Area: PHP
- valueFor: '**Area for Triage**'
-  contains: 'PHP'
-  addLabels: ['Area: PHP']
-
-# Area: Python
- valueFor: '**Area for Triage**'
-  contains: 'Python'
-  addLabels: ['Area: Python']
-
-# Area: Ruby
- valueFor: '**Area for Triage**'
-  contains: 'Ruby'
-  addLabels: ['Area: Ruby']
-
-# Area: Rust
- valueFor: '**Area for Triage**'
-  contains: 'Rust'
-  addLabels: ['Area: Rust']
-
-# Area: Scala
- valueFor: '**Area for Triage**'
-  contains: 'Scala'
-  addLabels: ['Area: Scala']
-
-# Area: Scripting and command line
- valueFor: '**Area for Triage**'
-  contains: 'Scripting and command line'
-  addLabels: ['Area: Scripting and command line']
-
-# Area: Servers
- valueFor: '**Area for Triage**'
-  contains: 'Servers'
-  addLabels: ['Area: Servers']
-
-# Area: SSH
- valueFor: '**Area for Triage**'
-  contains: 'SSH'
-  addLabels: ['Area: SSH']
-
-# Area: Testing and code coverage (incl. browser testing)
- valueFor: '**Area for Triage**'
-  contains: 'Testing and code coverage'
-  addLabels: ['Area: Testing and code coverage']
-
-# Area: Xamarin
- valueFor: '**Area for Triage**'
-  contains: 'Xamarin'
-  addLabels: ['Area: Xamarin']
-
-# Types
- valueFor: '**Question, Bug, or Feature?**'
-  contains: Feature
-  addLabels: ['feature request']
- valueFor: '**Question, Bug, or Feature?**'
-  contains: Bug
-  addLabels: ['investigate']
- valueFor: '**Question, Bug, or Feature?**'
-  contains: Question
-  addLabels: ['question']
-
-# runs if first set had no matches
-# add likely teams to look at based on text searches
-nomatches:
- contains: 'Xcode'
-  addLabels: ['Area: Apple']
- contains: 'Bash'
-  addLabels: ['Area: Scripting and command line']
- contains: 'Nuget'
-  addLabels: ['Area: Packages']
- contains: 'Npm'
-  addLabels: ['Area: Packages']
- contains: 'Docker'
-  addLabels: ['Area: Deployment/Release']