Auto-install of .Net 3.5 on Windows 2012 R2

The “standard” way of installing .Net 3.5 into a Windows 2012 R2 server, is to mount the install DVD (or ISO image), and use Add Features to install it. Obviously this is a massive pain if you’ve got a lot to do, as you either need to copy 4.5Gb of image around, or use some out-of-band method of mounting the image, neither of which are ideal. The only sane option would be to extract the ISO to a CIFS share, and make that available to all servers, but this wasn’t an option here.

For automation, we would normally use the PowerShell command:

Install-WindowsFeature Net-Framework-Core -source \\image-path\sources\sxs

… so already, it looks like we don’t need all the image to do the install, just the “sources\sxs” directory.

A quick check shows that the “sources\sxs” directory is 289Mb, so much more manageable, but surely we can do better than this, as it includes a lot of other features.

Running a filter with procmon during the feature install allows you to capture all the file accesses to the sources\sxs directory, which can be exported as a CSV file:
"Time of Day","Process Name","PID","Operation","Path","Result","Detail"
"1:59:25.0591131 PM","TiWorker.exe","2896","ReadFile","D:","SUCCESS","Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"1:59:25.1140710 PM","TiWorker.exe","2896","ReadFile","D:","SUCCESS","Offset: 4,096, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"1:59:25.1183118 PM","TiWorker.exe","2896","ReadFile","D:","SUCCESS","Offset: 8,192, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"
"1:59:25.1197002 PM","TiWorker.exe","2896","CreateFile","D:\sources\sxs","SUCCESS","Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, Impersonating: NT AUTHORITY\SYSTEM, OpenResult: Opened"
"1:59:25.1215631 PM","TiWorker.exe","2896","QueryBasicInformationFile","D:\sources\sxs","SUCCESS","CreationTime: 3/21/2014 2:27:47 PM, LastAccessTime: 3/21/2014 2:27:47 PM, LastWriteTime: 3/21/2014 2:27:47 PM, ChangeTime: 3/21/2014 2:27:47 PM, FileAttributes: RD"
"1:59:25.1215789 PM","TiWorker.exe","2896","CloseFile","D:\sources\sxs","SUCCESS",""
"1:59:30.8039209 PM","TiWorker.exe","2896","ReadFile","D:","SUCCESS","Offset: 0, Length: 4,096, I/O Flags: Non-cached, Paging I/O, Synchronous Paging I/O, Priority: Normal"

This can then be condensed with (I’m using a *nix command line to do this as it’s more familiar to me):

cat Logfile.CSV | cut -d"," -f5 | cut -d"\\" -f4 | sort -u | grep -v -e "^$" -e "^\""

To give a list of subfolders in the “sources\sxs” directory that are required. These can be used to copy the relevant source files to a zip archive:
cat Logfile.CSV | cut -d"," -f5 | cut -d"\\" -f4 | sort -u | grep -v -e "^$" -e "^\"" | while read folder
zip -r /Volumes/Win2012R2ISO/sources/sxs/$folder

…which generates an (approx) 88Mb zip file, much more suitable for installing via automation.

It’s then a fairly straightforward task to use your automation framework (Chef, Puppet etc) to copy the zip file down to the server, extract and run the powershell command to install.

RHCSA: Manage users and groups

  • Create, delete, and modify local user accounts
  • Change passwords and adjust password aging for local user accounts
  • Create, delete, and modify local groups and group memberships
  • Configure a system to use an existing authentication service for user and group information
    yum install sssd auth*
    system-config-authentication / authconfig-tui
    Base DN dc=example,dc=com
    LDAP server ldap://
    Use TLS
    Download cert
    Method – LDAP password

RHCSA: Deploy, configure, and maintain systems

  • Configure networking and hostname resolution statically or dynamically
    nmcli, nmtui
  • Schedule tasks using at and cron
    at 15:00 <<%
    echo test
    crontab –e –u gertrude
    15,45 09-17 * * 6 echo test
  • Start and stop services and configure services to start automatically at boot
    systemctl start/stop sshd.service
    systemctl enable sshd.service
  • Configure systems to boot into a specific target automatically
    systemctl set-default
    systemctl set-default
  • Install Red Hat Enterprise Linux automatically using Kickstart
  • Configure a physical machine to host virtual guests
    yum install qemu-kvm qemu-img libvirt virt-manager
  • Install Red Hat Enterprise Linux systems as virtual guests
    virt-install / virtmanager
  • Configure systems to launch virtual machines at boot
    virsh autostart ‘name’
  • Configure network services to start automatically at boot
    systemctl enable network
  • Configure a system to use time services
    yum install chrony
  • Install and update software packages from Red Hat Network, a remote repository, or from the local file system
    yum install package
    yum upgrade package
    rpm –Uvh / –ivh package
    yum-config-manager –add-repo
  • Update the kernel package appropriately to ensure a bootable system
    yum upgrade kernel
    rpm -ivh kernel-<kernel version>.<arch>.rpm
  • Modify the system bootloader
    grubby –info=/boot/<kernel>
    grubby –remove-args=”arg1 arg2” –args=”argx argy” –update-kernel=/boot/<kernel>
    grubby –update-kernel=ALL

RHCSA: Create and configure file systems

  • Create, mount, unmount, and use vfat, ext4, and xfs file systems
    mkfs.xfs, mkfs.ext4, mkfs.vfat
    mount, umount
  • Mount and unmount CIFS and NFS network file systems
    mount –t cifs server:/vol/share /mnt/share -o user=userid,pass=pword,dom=AD
    mount –t nfs server:/vol/share /mnt/share
  • Extend existing logical volumes
    ssm resize
  • Create and configure set-GID directories for collaboration
    setgid dirs make created files/dirs have the setgid group id
    chgrp mygroup ./directory
    chmod 2755 ./directory
  • Create and manage Access Control Lists (ACLs)
  • Diagnose and correct file permission problems
    chmod, chown, getfacl, setfacl

RHCSA: Configure local storage

  • List, create, delete partitions on MBR and GPT disks
    fdisk gdisk parted
    blkid lsblk
  • Create and remove physical volumes, assign physical volumes to volume groups, and create and delete logical volumes
    using a new disk/partition with LVM: pvcreate /dev/device
    creating a new volume group: vgcreate VG00 /dev/device
    adding a PV to an existing volume group: vgextend VG00 /dev/device
    creating a logical volume: lvcreate -L 100G -n lvhome VG00
  • Configure systems to mount file systems at boot by Universally Unique ID (UUID) or label
    blkid to get the UUID/label, then add to /etc/fstab
    can set label on ext filesystems with tune2fs or e2label
  • Add new partitions and logical volumes, and swap to a system non-destructively
    as per above commands!
    need to set the fstype correctly with fdisk/gdisk/parted
    mkswap, swapon

RHCSA: Operate running systems

  • Boot, reboot, and shut down a system normally
    reboot, poweroff, shutdown, wall
    systemctl reboot/poweroff/suspend/hibernate/hybrid-sleep/halt
    The systemctl commands are preferred.
  • Boot systems into different targets manually
    systemctl get-default, systemctl set-default
    systemctl rescue, systemctl emergency, systemctl isolate
    systemctl set-default
  • Interrupt the boot process in order to gain access to a system
    Esc in grub, e to edit, find linux16 line, CTRL-E to get to end of line and
    Boot to rescue mode:
    append system.unit=rescue.targetBoot to change root passwd:
    remove rhgb and quiet (if there)
    append rd.break enforcing=0 to break after ramdisk, and turn off SElinux
    mount –o remount,rw /sysroot
    chroot /sysroot
    passwd… etc
    mount –o remount,ro /sysroot
    exit (continues boot process)
    restorecon /etc/shadow
    setenforce enforcing
  • Identify CPU/memory intensive processes, adjust process priority with renice, and kill processes
    top, nice –n <nnn>, renice +5, kill, kill -9
    you can only lower the priority of your processes, unless you are root which can raise them too
  • Locate and interpret system log files and journals
  • Access a virtual machine’s console
  • Start and stop virtual machines
    virsh start myVM
    virtsh shutdown myVM
    virsh reboot myVM
  • Start, stop, and check the status of network services
    systemctl start/stop/status network.service

Securely transfer files between systems
scp file user@system2:/path/newfile

RHCSA: Manage security

  • Configure firewall settings using firewall-config, firewall-cmd, or iptables
    firewall-config (graphical tool)
  • Configure key-based authentication for SSH
    ssh-keygen –t rsa
  • Set enforcing and permissive modes for SELinux
    boot parameter “enforcing=0|1”
    Edit /etc/sysconfig/selinux applied at reboot
    setenforce Enforcing|Permissive|1|0
  • List and identify SELinux file and process context
  • Restore default file contexts
    restorecon /file
  • Use boolean settings to modify system SELinux settings
    sestatus –b | grep ‘httpd’
  • Diagnose and address routine SELinux policy violations
    view SELinux violations: sealert
    fix basic problems: restorecon, or with the instructions shown