Skip to content

Windows: Add an extra restart onto the end of our buildkite-worker provisioner #102

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Windows: Add an extra restart onto the end of our buildkite-worker provisioner #102

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
e3fe4fa
Windows: Make copying verbose, so we can see it happening in logs
staticfloat Apr 10, 2025
bce612f
Windows: Add an extra restart onto the end of our buildkite-worker pr…
staticfloat Apr 10, 2025
09a6e21
Also disable windows update service completely
staticfloat Apr 10, 2025
84c8929
Delete dead symlink
staticfloat Apr 10, 2025
f903648
More forceful disabling
staticfloat Apr 11, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
50 changes: 50 additions & 0 deletions windows-kvm/base-image/setup_scripts/3-00-disable-windows-updates.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# We don't want our downstream images to be installing windows updates, EVER.
# So we set the Windows Update server to localhost, which breaks it nicely.

# Helper function to avoid having to create root keys all the time
function RegMkPath()
{
Param($Path)
if (-NOT (Test-Path $Path)) {
New-Item -Path $Path -Force
}
return $Path
}

Write-Output " -> Disabling Windows Update..."
$RegPath = RegMkPath -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate"
New-ItemProperty -Path $RegPath -Name "WUServer" -Value "http://127.0.0.1" -PropertyType STRING -Force
New-ItemProperty -Path $RegPath -Name "WUStatusServer" -Value "http://127.0.0.1" -PropertyType STRING -Force

$RegPath = RegMkPath -Path "HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"
New-ItemProperty -Path $RegPath -Name "UseWUServer" -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path $RegPath -Name "NoAutoUpdate" -Value 1 -PropertyType DWORD -Force
New-ItemProperty -Path $RegPath -Name "AUOptions" -Value 1 -PropertyType DWORD -Force

$RegPath = RegMkPath -Path "HKLM:\SYSTEM\CurrentControlSet\Services\wuauserv"
New-ItemProperty -Path $RegPath -Name "Start" -Value 4 -PropertyType DWORD -Force
$RegPath = RegMkPath -Path "HKLM:\SYSTEM\CurrentControlSet\Services\WaaSMedicSvc"
New-ItemProperty -Path $RegPath -Name "Start" -Value 4 -PropertyType DWORD -Force

$RegPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DriverSearching"
Set-ItemProperty -Path $RegPath -Name "SearchOrderConfig" -Value 0 -PropertyType DWORD -Force

# Disable Windows Update Services
$services = @(
"wuauserv", # Windows Update
"bits", # Background Intelligent Transfer Service
"dosvc", # Delivery Optimization
"WaaSMedicSvc", # Windows Update Medic Service
"UsoSvc", # Update Orchestrator Service
"sedsvc" # (Sometimes present on older systems)
)

foreach ($service in $services) {
Write-Host "Disabling service: $service"
Stop-Service -Name $service -Force -ErrorAction SilentlyContinue
Set-Service -Name $service -StartupType Disabled
}

# Disable all Windows Update-related scheduled tasks
Get-ScheduledTask -TaskPath '\Microsoft\Windows\WindowsUpdate\' | Disable-ScheduledTask
Get-ScheduledTask -TaskPath '\Microsoft\Windows\UpdateOrchestrator\' | Disable-ScheduledTask
0 ...image/setup_scripts/3-00-enable-winrm.ps1 → ...image/setup_scripts/3-01-enable-winrm.ps1
View file
Open in desktop
File renamed without changes.
4 changes: 2 additions & 2 deletions windows-kvm/buildkite-worker/common.jl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -147,13 +147,13 @@ function generate_systemd_script(io::IO, brg::BuildkiteRunnerGroup;
# If the buildkite-agent pristine disk image is newer than our timestamp sentinel file
"[ $(agent_pristine_disk_path(agent_hostname)) -nt $(agent_timestamp_path(agent_hostname)) ]",
# Then copy over our cache disk (since it was also re-created)
"cp $(agent_pristine_disk_path(agent_hostname))-1 $(agent_scratch_dir(agent_hostname))/",
"cp -v $(agent_pristine_disk_path(agent_hostname))-1 $(agent_scratch_dir(agent_hostname))/",
# Also update our timestamp path
"touch $(agent_timestamp_path(agent_hostname))",
], " && "), [:IgnoreExitCode]),

# Copy our pristine image to our scratchspace, overwiting the one that already exists, always.
SystemdBashTarget("cp $(agent_pristine_disk_path(agent_hostname)) $(agent_scratch_dir(agent_hostname))/"),
SystemdBashTarget("cp -v $(agent_pristine_disk_path(agent_hostname)) $(agent_scratch_dir(agent_hostname))/"),
])
else
# If we're not a buildkite agent, we don't want to reset completely after every reboot
Expand Down
4 changes: 4 additions & 0 deletions windows-kvm/buildkite-worker/kvm_machine.pkr.hcl.template
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,4 +80,8 @@ build {
elevated_user = var.username
elevated_password = var.password
}

# Add a restart at the end, to try and get rid of any pending restarts
# that the image might have due to installed files.
provisioner "windows-restart" {}
}
1 change: 0 additions & 1 deletion windows-kvm/debug/setup_scripts/0-06-configure-telegraf.ps1
View file
Open in desktop

This file was deleted.