spuranam · April 28, 2022 21:10
diff --git a/gcp-machineset.yaml b/gcp-machineset.yaml
 apiVersion: machine.openshift.io/v1beta1
 kind: MachineSet
 metadata:
  labels:
    machine.openshift.io/cluster-api-cluster: aravindh-winc-6h9df
  name: aravindh-winc-6h9df-windows-worker-a
  namespace: openshift-machine-api
 spec:
  replicas: 1
  selector:
    matchLabels:
      machine.openshift.io/cluster-api-cluster: aravindh-winc-6h9df
      machine.openshift.io/cluster-api-machineset: aravindh-winc-6h9df-windows-worker-a
  template:
    metadata:
      labels:
        machine.openshift.io/cluster-api-cluster: aravindh-winc-6h9df
        machine.openshift.io/cluster-api-machine-role: worker
        machine.openshift.io/cluster-api-machine-type: worker
        machine.openshift.io/cluster-api-machineset: aravindh-winc-6h9df-windows-worker-a
        machine.openshift.io/os-id: Windows
    spec:
      providerSpec:
        value:
          apiVersion: machine.openshift.io/v1beta1
          canIPForward: false
          credentialsSecret:
            name: gcp-cloud-credentials
          deletionProtection: false
          disks:
          - autoDelete: true
            boot: true
            image: projects/windows-cloud/global/images/windows-server-2019-dc-core-for-containers-v20220314
            sizeGb: 128
            type: pd-ssd
          gcpMetadata:
          - key: sysprep-specialize-script-ps1
            value: |-
              function Get-RandomPassword {
                Add-Type -AssemblyName 'System.Web'
                return [System.Web.Security.Membership]::GeneratePassword(16, 2)
              }
              $UserAccount = Get-LocalUser -Name "Administrator"
              $password = ConvertTo-SecureString Get-RandomPassword -asplaintext -force
              $UserAccount | Set-LocalUser -Password $password
              $UserAccount | Enable-LocalUser
              Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
              $firewallRuleName = "ContainerLogsPort"
              $containerLogsPort = "10250"
              New-NetFirewallRule -DisplayName $firewallRuleName -Direction Inbound -Action Allow -Protocol TCP -LocalPort $containerLogsPort -EdgeTraversalPolicy Allow
              Set-Service -Name sshd -StartupType 'Automatic'
              Start-Service sshd
              $pubKeyConf = (Get-Content -path C:\ProgramData\ssh\sshd_config) -replace '#PubkeyAuthentication yes','PubkeyAuthentication yes'
              $pubKeyConf | Set-Content -Path C:\ProgramData\ssh\sshd_config
              $passwordConf = (Get-Content -path C:\ProgramData\ssh\sshd_config) -replace '#PasswordAuthentication yes','PasswordAuthentication yes'
              $passwordConf | Set-Content -Path C:\ProgramData\ssh\sshd_config
              $authorizedKeyFilePath = "$env:ProgramData\ssh\administrators_authorized_keys"
              New-Item -Force $authorizedKeyFilePath
              echo "ssh-rsa INSERTPUBLICKEYHERE " | Out-File $authorizedKeyFilePath -Encoding ascii
              $acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
              $acl.SetAccessRuleProtection($true, $false)
              $administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
              $systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
              $acl.SetAccessRule($administratorsRule)
              $acl.SetAccessRule($systemRule)
              $acl | Set-Acl
              Restart-Service sshd
              New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\hns\State' -Name DeviceLessNicDisabled -PropertyType DWORD -Value 1 -Force
          kind: GCPMachineProviderSpec
          machineType: n1-standard-4
          metadata:
            creationTimestamp: null
          networkInterfaces:
          - network: aravindh-winc-6h9df-network
            subnetwork: aravindh-winc-6h9df-worker-subnet
          projectID: openshift-gce-devel
          region: us-west1
          serviceAccounts:
          - email: aravindh-winc-6h9df-w@openshift-gce-devel.iam.gserviceaccount.com
            scopes:
            - https://www.googleapis.com/auth/cloud-platform
          tags:
          - aravindh-winc-6h9df-worker
          userDataSecret:
            name: windows-user-data
          zone: us-west1-a
	apiVersion: machine.openshift.io/v1beta1
	kind: MachineSet
	metadata:
	labels:
	machine.openshift.io/cluster-api-cluster: aravindh-winc-6h9df
	name: aravindh-winc-6h9df-windows-worker-a
	namespace: openshift-machine-api
	spec:
	replicas: 1
	selector:
	matchLabels:
	machine.openshift.io/cluster-api-cluster: aravindh-winc-6h9df
	machine.openshift.io/cluster-api-machineset: aravindh-winc-6h9df-windows-worker-a
	template:
	metadata:
	labels:
	machine.openshift.io/cluster-api-cluster: aravindh-winc-6h9df
	machine.openshift.io/cluster-api-machine-role: worker
	machine.openshift.io/cluster-api-machine-type: worker
	machine.openshift.io/cluster-api-machineset: aravindh-winc-6h9df-windows-worker-a
	machine.openshift.io/os-id: Windows
	spec:
	providerSpec:
	value:
	apiVersion: machine.openshift.io/v1beta1
	canIPForward: false
	credentialsSecret:
	name: gcp-cloud-credentials
	deletionProtection: false
	disks:
	- autoDelete: true
	boot: true
	image: projects/windows-cloud/global/images/windows-server-2019-dc-core-for-containers-v20220314
	sizeGb: 128
	type: pd-ssd
	gcpMetadata:
	- key: sysprep-specialize-script-ps1
	value: \|-
	function Get-RandomPassword {
	Add-Type -AssemblyName 'System.Web'
	return [System.Web.Security.Membership]::GeneratePassword(16, 2)
	}
	$UserAccount = Get-LocalUser -Name "Administrator"
	$password = ConvertTo-SecureString Get-RandomPassword -asplaintext -force
	$UserAccount \| Set-LocalUser -Password $password
	$UserAccount \| Enable-LocalUser
	Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
	$firewallRuleName = "ContainerLogsPort"
	$containerLogsPort = "10250"
	New-NetFirewallRule -DisplayName $firewallRuleName -Direction Inbound -Action Allow -Protocol TCP -LocalPort $containerLogsPort -EdgeTraversalPolicy Allow
	Set-Service -Name sshd -StartupType 'Automatic'
	Start-Service sshd
	$pubKeyConf = (Get-Content -path C:\ProgramData\ssh\sshd_config) -replace '#PubkeyAuthentication yes','PubkeyAuthentication yes'
	$pubKeyConf \| Set-Content -Path C:\ProgramData\ssh\sshd_config
	$passwordConf = (Get-Content -path C:\ProgramData\ssh\sshd_config) -replace '#PasswordAuthentication yes','PasswordAuthentication yes'
	$passwordConf \| Set-Content -Path C:\ProgramData\ssh\sshd_config
	$authorizedKeyFilePath = "$env:ProgramData\ssh\administrators_authorized_keys"
	New-Item -Force $authorizedKeyFilePath
	echo "ssh-rsa INSERTPUBLICKEYHERE " \| Out-File $authorizedKeyFilePath -Encoding ascii
	$acl = Get-Acl C:\ProgramData\ssh\administrators_authorized_keys
	$acl.SetAccessRuleProtection($true, $false)
	$administratorsRule = New-Object system.security.accesscontrol.filesystemaccessrule("Administrators","FullControl","Allow")
	$systemRule = New-Object system.security.accesscontrol.filesystemaccessrule("SYSTEM","FullControl","Allow")
	$acl.SetAccessRule($administratorsRule)
	$acl.SetAccessRule($systemRule)
	$acl \| Set-Acl
	Restart-Service sshd
	New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\hns\State' -Name DeviceLessNicDisabled -PropertyType DWORD -Value 1 -Force
	kind: GCPMachineProviderSpec
	machineType: n1-standard-4
	metadata:
	creationTimestamp: null
	networkInterfaces:
	- network: aravindh-winc-6h9df-network
	subnetwork: aravindh-winc-6h9df-worker-subnet
	projectID: openshift-gce-devel
	region: us-west1
	serviceAccounts:
	- email: aravindh-winc-6h9df-w@openshift-gce-devel.iam.gserviceaccount.com
	scopes:
	- https://www.googleapis.com/auth/cloud-platform
	tags:
	- aravindh-winc-6h9df-worker
	userDataSecret:
	name: windows-user-data
	zone: us-west1-a