Skip to content

Running Offline

Jump to bottom
David Dieruf edited this page Feb 5, 2020 · 5 revisions

There is a sepreate branch named "air-gapped", that holds example pipeline and vars for creating stemcells in an environment where the Concourse workers have no direct internet access.

To test the pipeline, the following tools & systems where used:

  • GitLab: to hold a clone of this repo
  • Minio: as an S3 compatible blob store
  • Harbor: as a container image repository

Alternatly you could use any S3 compatible storage, any Git based code repository, and any Docker image registry. The action below would be the same, just with different URLs.

Get Started

  1. In Minio, created a bucket "windows-stemcell-assets"

  2. In Minio, created a bucket "windows-stemcell"

  3. Download latest versions of assets:

    *Note the version of vmware tools needs to be compatible with the version of your vSphere ESXi hosts. Here is a chart to match them up.

  4. Copy all assets to the windows-stemcell-assets bucket.

  5. Mark the assets bucket public mc policy set public myminio/windows-stemcell-assets. More on that here.

    With the bucket set to public, each asset can assume an address of http://minio.my-domain.local:9000/windows-stemcell-assets/<ASSET_FILE_NAME>. The reason to set the bucket public is because of URL lengths. There is a limit in the autounattend of 250 chars. The only way to get a short URL in Minio is by sharing the bucket.

  6. In Gitlab import this project by its clone URL. More about importing here.

    If your Gitlab has access to GitHub, you can keep a fork of this repo up to date with origin. Otherwise you'll need to periodically update the Gitlab project to get the latest from upsteam master.

  7. Create a folder in the vCenter datastore named "Win-Stemcell-ISO"

  8. Upload the Windows Server ISO to that datastore folder

  9. Get the Docker images of:

  10. Add the images to your container repository (like Harbor or JFrog)

  11. Update all values in vars-min.yml to reflect the addresses of all the copying you just did

  12. Using the pipeline.yml and vars-min.yml from the air-gapped branch of this project, create the pipeline in Concourse

    fly -t con set-pipeline --non-interactive \
 --pipeline windows-stemcell-concourse-offline \
 --config ./pipeline.yml \
 --load-vars-from ./vars-min.yml

  13. Unpause the pipeline and start the task create-base

  14. Grab some popcorn and watch the magic happen

Windows Updates

In a typical Enterprise it is common to have a windows update server within the domain and restrict all users to not use the public update.microsoft.com location. To achieve such an environment you need to have Windows Server Update Services (WSUS) running on an Active Directory managed domain. Currently this is beyond the scope of this project but we want to give you as much help as possible. The goal would be to modify the base stemcell operating system to not use microsoft URL's, but instead use some other URL. Everything else should stay totally in-tact and follow standard operating. So assuming you are on a domain that has WSUS running and you know the FQDN:PortNumber to the server, you coud then...

  • Log in to the base stemcell VM using vSphere remote console
  • Bring this powershell module onto the VM
  • Move the module to the correct location PS c:\> cp ./Set-ClientWSUSSetting.ps1 C:/Windows/System32/WindowsPowerShell/v1.0/Modules/Set-ClientWSUSSetting.ps1
  • Run the module to set client WSUS settings Set-ClientWSUSSetting -UpdateServer "http://<YOUR_WSUS_SERVER>" -UseWSUSServer Enable -AllowAutomaticUpdates Enable -DetectionFrequency 4 -Options DownloadAndInstall
  • Each time you create a new base stemcell VM you would need to do this
Clone this wiki locally