Feat: RELOPS-1269 Modernize Windows 10 hardware support

data/os/Windows.yaml

@@ -44,6 +44,7 @@ windows:
     key:
       microsoft_windows_10_pro: "W269N-WFGWX-YVC9B-4J6C9-T83GX"
       microsoft_windows_11_enterprise: "NPPR9-FWDCX-D2C8J-H872K-2YT43"
+      microsoft_windows_10_enterprise: "NPPR9-FWDCX-D2C8J-H872K-2YT43"
 
 
   # Common dirs across all Windows platforms

data/roles/win10642009hw.yaml

@@ -0,0 +1,56 @@
+---
+
+win-worker:
+  function: "tester"
+  # generic-worker
+  generic_worker:
+    # File versions
+    name: "generic-worker-multiuser-windows-amd64"
+    version: '72.1.0'
+    client_id: "project/releng/generic-worker/win10-64-2009-hw"
+    idle_timeout: 0
+
+  taskcluster:
+    worker_runner:
+        provisionerId: 'releng-hardware'
+        name: 'start-worker-windows-amd64'
+        version: '72.1.0'
+        provider: "standalone"
+        implementation: "generic-worker"
+    proxy:
+        name: "taskcluster-proxy-windows-amd64"
+        version: '72.1.0'
+    # Refrencing the file directly with version in it
+    # Since there is no programtic way to check the version of the livelog exe
+    livelog:
+        name: "livelog-windows-amd64"
+        version: '72.1.0'
+    client_id: "azure/gecko-t/win10-64-2009-hw"
+    worker_group: "mdc1"
+
+  # Mozilla-build
+  mozilla_build:
+    version: '4.1'
+    zstandard_version: '0.19.0'
+    psutil_version: '5.9.4'
+
+  # Mozilla profile
+  mozilla_profile:
+    source: "https://roninpuppetassets.blob.core.windows.net/binaries/mozilla/mozprofilerprobe.mof"
+    local:  "%{facts.custom_win_roninprogramdata}\\mozprofilerprobe.mof"
+
+  # Applications
+  googlechrome:
+    version: 'latest'
+  git:
+    version: '2.37.3'
+  hg:
+    version: '6.2.1'
+  nssm:
+    version: '2.24'
+  vac:
+    version: '464'
+  # Logging
+  # Logging level options debug, verbose, or restricted.
+  log:
+    level: "verbose"

data/roles/win10642009hwalpha.yaml

@@ -0,0 +1,56 @@
+---
+
+win-worker:
+  function: "tester"
+  # generic-worker
+  generic_worker:
+    # File versions
+    name: "generic-worker-multiuser-windows-amd64"
+    version: '72.1.0'
+    client_id: "project/releng/generic-worker/win10-64-2009-hw"
+    idle_timeout: 0
+
+  taskcluster:
+    worker_runner:
+        provisionerId: 'releng-hardware'
+        name: 'start-worker-windows-amd64'
+        version: '72.1.0'
+        provider: "standalone"
+        implementation: "generic-worker"
+    proxy:
+        name: "taskcluster-proxy-windows-amd64"
+        version: '72.1.0'
+    # Refrencing the file directly with version in it
+    # Since there is no programtic way to check the version of the livelog exe
+    livelog:
+        name: "livelog-windows-amd64"
+        version: '72.1.0'
+    client_id: "azure/gecko-t/win10-64-2009-hw-alpha"
+    worker_group: "mdc1"
+
+  # Mozilla-build
+  mozilla_build:
+    version: '4.1'
+    zstandard_version: '0.19.0'
+    psutil_version: '5.9.4'
+
+  # Mozilla profile
+  mozilla_profile:
+    source: "https://roninpuppetassets.blob.core.windows.net/binaries/mozilla/mozprofilerprobe.mof"
+    local:  "%{facts.custom_win_roninprogramdata}\\mozprofilerprobe.mof"
+
+  # Applications
+  googlechrome:
+    version: 'latest'
+  git:
+    version: '2.37.3'
+  hg:
+    version: '6.2.1'
+  nssm:
+    version: '2.24'
+  vac:
+    version: '464'
+  # Logging
+  # Logging level options debug, verbose, or restricted.
+  log:
+    level: "verbose"

modules/roles_profiles/manifests/profiles/ssh.pp

@@ -15,10 +15,15 @@
       class { 'win_users::administrator::authorized_keys':
         relops_key => $relops_key,
       }
-
-      include win_openssh::add_openssh
-      include win_openssh::configuration
-      include win_openssh::service
+      case $facts['custom_win_os_version'] {
+        'win_10_2009': {
+            include  win_openssh::schd_task
+      }
+        default: {
+            include win_openssh::add_openssh
+            include win_openssh::service
+        }
+      }
       windows_firewall::exception { "allow_${firewall_rule_name}_mdc1":
         ensure       => present,
         direction    => 'in',
@@ -30,6 +35,7 @@
         display_name => "${firewall_rule_name}_mdc1",
         description  => "${firewall_rule_name}_mdc1",
       }
+      include win_openssh::configuration
     }
     default: {
       fail("${facts['os']['name']} not supported")

modules/roles_profiles/manifests/roles/win10642009hw.pp

@@ -0,0 +1,37 @@
+# Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/
+
+class roles_profiles::roles::win10642009hw {
+  include roles_profiles::profiles::chocolatey
+  ## Install before Widnows Updates is disabled.
+  include roles_profiles::profiles::microsoft_tools
+  # System
+  include roles_profiles::profiles::disable_services
+  include roles_profiles::profiles::error_reporting
+  include roles_profiles::profiles::suppress_dialog_boxes
+  include roles_profiles::profiles::files_system_managment
+  include roles_profiles::profiles::firewall
+  include roles_profiles::profiles::network
+  include roles_profiles::profiles::ntp
+  include roles_profiles::profiles::power_management
+  include roles_profiles::profiles::scheduled_tasks
+  include roles_profiles::profiles::hardware
+  #include roles_profiles::profiles::intel_drivers
+  include roles_profiles::profiles::virtual_drivers
+  include roles_profiles::profiles::windows_datacenter_administrator
+  include roles_profiles::profiles::microsoft_kms
+
+  # Adminstration
+  include roles_profiles::profiles::logging
+  include roles_profiles::profiles::common_tools
+  include roles_profiles::profiles::nuc_management
+  #include roles_profiles::profiles::vnc
+
+  # Worker
+  include roles_profiles::profiles::git
+  include roles_profiles::profiles::mozilla_build_tester
+  include roles_profiles::profiles::mozilla_maintenance_service
+  include roles_profiles::profiles::windows_worker_runner
+  include roles_profiles::profiles::windows_datacenter_administrator
+}

modules/roles_profiles/manifests/roles/win10642009hwalpha.pp

@@ -0,0 +1,37 @@
+# Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/
+
+class roles_profiles::roles::win10642009hwalpha {
+  include roles_profiles::profiles::chocolatey
+  ## Install before Widnows Updates is disabled.
+  include roles_profiles::profiles::microsoft_tools
+  # System
+  include roles_profiles::profiles::disable_services
+  include roles_profiles::profiles::error_reporting
+  include roles_profiles::profiles::suppress_dialog_boxes
+  include roles_profiles::profiles::files_system_managment
+  include roles_profiles::profiles::firewall
+  include roles_profiles::profiles::network
+  include roles_profiles::profiles::ntp
+  include roles_profiles::profiles::power_management
+  include roles_profiles::profiles::scheduled_tasks
+  include roles_profiles::profiles::hardware
+  #include roles_profiles::profiles::intel_drivers
+  include roles_profiles::profiles::virtual_drivers
+  include roles_profiles::profiles::windows_datacenter_administrator
+  include roles_profiles::profiles::microsoft_kms
+
+  # Adminstration
+  include roles_profiles::profiles::logging
+  include roles_profiles::profiles::common_tools
+  include roles_profiles::profiles::nuc_management
+  #include roles_profiles::profiles::vnc
+
+  # Worker
+  include roles_profiles::profiles::git
+  include roles_profiles::profiles::mozilla_build_tester
+  include roles_profiles::profiles::mozilla_maintenance_service
+  include roles_profiles::profiles::windows_worker_runner
+  include roles_profiles::profiles::windows_datacenter_administrator
+}

modules/win_openssh/files/enable_openssh.ps1

@@ -0,0 +1,73 @@
+# Run as Administrator
+
+function Write-Log {
+    param (
+        [string] $message,
+        [string] $severity = 'INFO',
+        [string] $source = 'BootStrap',
+        [string] $logName = 'Application'
+    )
+    if (!([Diagnostics.EventLog]::Exists($logName)) -or !([Diagnostics.EventLog]::SourceExists($source))) {
+        New-EventLog -LogName $logName -Source $source
+    }
+    switch ($severity) {
+        'DEBUG' {
+            $entryType = 'SuccessAudit'
+            $eventId = 2
+            break
+        }
+        'WARN' {
+            $entryType = 'Warning'
+            $eventId = 3
+            break
+        }
+        'ERROR' {
+            $entryType = 'Error'
+            $eventId = 4
+            break
+        }
+        default {
+            $entryType = 'Information'
+            $eventId = 1
+            break
+        }
+    }
+    Write-EventLog -LogName $logName -Source $source -EntryType $entryType -Category 0 -EventID $eventId -Message $message
+    if ([Environment]::UserInteractive) {
+        $fc = @{ 'Information' = 'White'; 'Error' = 'Red'; 'Warning' = 'DarkYellow'; 'SuccessAudit' = 'DarkGray' }[$entryType]
+        Write-Host -Object $message -ForegroundColor $fc
+    }
+}
+
+$sshClient = Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Client*'
+$sshServer = Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH.Server*'
+
+if ($sshClient.State -ne 'Installed') {
+    Write-Log "Installing OpenSSH Client..." 'INFO'
+    Add-WindowsCapability -Online -Name $sshClient.Name
+} else {
+    Write-Log "OpenSSH Client is already installed." 'INFO'
+}
+
+if ($sshServer.State -ne 'Installed') {
+    Write-Log "Installing OpenSSH Server..." 'INFO'
+    Add-WindowsCapability -Online -Name $sshServer.Name
+} else {
+    Write-Log "OpenSSH Server is already installed." 'INFO'
+}
+
+Write-Log "Starting SSH service..." 'INFO'
+Start-Service sshd
+Set-Service -Name sshd -StartupType 'Automatic'
+
+$service = Get-Service -Name sshd
+if ($service.Status -eq 'Running') {
+    Write-Log "OpenSSH Server is running successfully." 'INFO'
+} else {
+    Write-Log "OpenSSH Server failed to start." 'ERROR'
+}
+
+Write-Log "Configuring firewall rules..." 'INFO'
+New-NetFirewallRule -Name sshd -DisplayName "OpenSSH Server (sshd)" -Enabled True -Direction Inbound -Protocol TCP -Action Allow -LocalPort 22 -ErrorAction SilentlyContinue
+
+Write-Log "OpenSSH has been installed and configured successfully." 'INFO'

modules/win_openssh/manifests/schd_task.pp

@@ -0,0 +1,21 @@
+class win_openssh::schd_task {
+
+    $enable_ssh = "${facts['custom_win_roninprogramdata']}\\enable_openssh.ps1"
+
+    file { $enable_ssh:
+        content => file('win_openssh/enable_openssh.ps1'),
+    }
+    # Resource from puppetlabs-scheduled_task
+    scheduled_task { 'enable_openssh':
+        ensure    => 'present',
+        command   => "${facts['custom_win_system32']}\\WindowsPowerShell\\v1.0\\powershell.exe",
+        arguments => "-executionpolicy bypass -File ${enable_ssh}",
+        enabled   => true,
+        trigger   => [{
+            'schedule'         => 'boot',
+            'minutes_interval' => '0',
+            'minutes_duration' => '0'
+        }],
+        user      => 'system',
+    }
+}

modules/win_scheduled_tasks/files/maintainsystem-reftester.ps1

@@ -285,9 +285,9 @@ function StartWorkerRunner {
 function Get-LoggedInUser {
     [CmdletBinding()]
     param (
-        
+
     )
-    
+
     @(((query user) -replace '\s{20,39}', ',,') -replace '\s{2,}', ',' | ConvertFrom-Csv)
 }
 
@@ -297,10 +297,10 @@ function Get-LatestGoogleChrome {
         [String]
         $Package = "googlechrome"
     )
-    
+
     ## Current version of google chrome
     $current_version = choco list --exact $Package --limit-output | ConvertFrom-Csv -Delimiter '|' -Header 'Name', 'CurrentVersion'
-    
+
     ## Use chocolatey with outdated
     $choco_packages = choco outdated --limit-output | ConvertFrom-Csv -Delimiter '|' -Header 'Name', 'CurrentVersion', 'AvailableVersion', 'Pinned'
 
@@ -309,7 +309,7 @@ function Get-LatestGoogleChrome {
 
     ## There is no google chrome update, so output the current version
     if ([String]::IsNullOrEmpty($pkg)) {
-        Write-Log -message ('{0} :: Google Chrome version installed is {1}' -f $($MyInvocation.MyCommand.Name), $current_version.CurrentVersion) -severity 'DEBUG' 
+        Write-Log -message ('{0} :: Google Chrome version installed is {1}' -f $($MyInvocation.MyCommand.Name), $current_version.CurrentVersion) -severity 'DEBUG'
     }
     else {
         ## Chrome is installed and needs to be updated
@@ -403,13 +403,17 @@ function Test-ConnectionUntilOnline {
     throw "Connection timeout."
 }
 
-## Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1910123 
+## Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1910123
 ## The bug tracks when we reimaged a machine and the machine had a different refresh rate (64hz vs 60hz)
 ## This next line will check if the refresh rate is not 60hz and trigger a reimage if so
+$hardware = Get-CimInstance -ClassName Win32_ComputerSystem | Select-Object -Property Manufacturer, Model
+$model = $hardware.Model
 $refresh_rate = (Get-WmiObject win32_videocontroller).CurrentRefreshRate
-if ($refresh_rate -ne "60") {
-    Write-Log -message ('{0} :: Refresh rate is {1}. Reimaging {2}' -f $($MyInvocation.MyCommand.Name), $refresh_rate, $ENV:COMPUTERNAME) -severity 'DEBUG'
-    Set-PXE
+if ($model -ne "ProLiant m710x Server Cartridge") {
+    if ($refresh_rate -ne "60") {
+        Write-Log -message ('{0} :: Refresh rate is {1}. Reimaging {2}' -f $($MyInvocation.MyCommand.Name), $refresh_rate, $ENV:COMPUTERNAME) -severity 'DEBUG'
+        Set-PXE
+    }
 }
 
 $bootstrap_stage = (Get-ItemProperty -path "HKLM:\SOFTWARE\Mozilla\ronin_puppet").bootstrap_stage