From 729c4b24134584d0c27509dba9de6f975bc0e6d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Reis?= <reis@janeasystems.com>
Date: Tue, 28 Feb 2023 21:42:16 +0000
Subject: [PATCH 1/4] ansible,doc: update Windows manual steps

PR-URL: https://github.com/nodejs/build/pull/3211
Reviewed-By: Richard Lau <rlau@redhat.com>
---
 ansible/MANUAL_STEPS.md | 37 +++++++++++++++++++++++++++++++++----
 1 file changed, 33 insertions(+), 4 deletions(-)

diff --git a/ansible/MANUAL_STEPS.md b/ansible/MANUAL_STEPS.md
index e869c2f64..31d0301b8 100644
--- a/ansible/MANUAL_STEPS.md
+++ b/ansible/MANUAL_STEPS.md
@@ -617,9 +617,35 @@ Install the `pywinrm` pip module: `pip install pywinrm`
 The preparation script needs to be run in PowerShell (run as Administrator):
 
 ```powershell
-iwr -useb https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1 | iex
+[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+Invoke-WebRequest "https://raw.githubusercontent.com/ansible/ansible/devel/examples/scripts/ConfigureRemotingForAnsible.ps1" -OutFile "ConfigureRemotingForAnsible.ps1"
+.\ConfigureRemotingForAnsible.ps1 -ForceNewSSLCert true -CertValidityDays 3650
 ```
 
+#### Port Configuration
+
+Delete the unencrypted WinRM endpoint:
+
+```powershell
+winrm delete winrm/config/Listener?Address=*+Transport=HTTP
+```
+
+On Rackspace hosts, it is necessary to change the port to match the value found in secrets (change 12345):
+
+```powershell
+winrm set winrm/config/Listener?Address=*+Transport=HTTPS '@{Port="12345"}'
+```
+
+On Azure, changing the ports is done in the Load Balancer configuration using the Azure Portal.
+
+To see the status of running listeners:
+
+```powershell
+winrm enumerate winrm/config/listener
+```
+
+#### Test
+
 Test the connection to the target machine with `ansible HOST -m win_ping -vvvv`. If there is any issue, please refer to the official Ansible documentation in [Setting up a Windows Host][].
 
 ## jenkins-workspace
@@ -734,9 +760,6 @@ NFS_BOOT_SERVER_IP:PATH_TO_TFTP_BOOT_EXPORT /boot nfs4 nfsvers=3,rw,noexec,async
 
 After these steps are performed and the Pi's are running, Ansible can be run to finish setup. A reboot is recommended after initial setup to ensure the environment is configured correctly (locale and other settings that are changed).
 
-[Setting up a Windows Host]: https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html
-[newer Ansible configuration]: https://github.com/nodejs/build/tree/main/ansible
-[stand-alone]: https://github.com/nodejs/build/tree/main/setup/windows
 
 ## IBM i
 
@@ -800,3 +823,9 @@ mkdir -p /u/unix1/java
 cd /u/unix1/java
 pax -rf /u/unix1/SDK8_64bit_SR6_FP10.PAX.Z -ppx
 ```
+
+
+
+[Setting up a Windows Host]: https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html
+[newer Ansible configuration]: https://github.com/nodejs/build/tree/main/ansible
+[stand-alone]: https://github.com/nodejs/build/tree/main/setup/windows

From a7aa3c637a52c2b762317670856aa74b61dc41de Mon Sep 17 00:00:00 2001
From: StefanStojanovic <stefan.stojanovic@janeasystems.com>
Date: Wed, 1 Mar 2023 16:10:27 +0100
Subject: [PATCH 2/4] ansible: add .NET SDK on Windows

This is required to migrate from WiX3 to WiX4 for building the Node msi.

Refs: https://github.com/nodejs/node/pull/45943
PR-URL: https://github.com/nodejs/build/pull/3211
Reviewed-By: Richard Lau <rlau@redhat.com>
---
 ansible/roles/visual-studio/tasks/partials/vs2019.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ansible/roles/visual-studio/tasks/partials/vs2019.yml b/ansible/roles/visual-studio/tasks/partials/vs2019.yml
index cb618c1ca..6c54f401b 100644
--- a/ansible/roles/visual-studio/tasks/partials/vs2019.yml
+++ b/ansible/roles/visual-studio/tasks/partials/vs2019.yml
@@ -8,10 +8,11 @@
 - name: install Visual Studio Community 2019
   win_chocolatey: name=visualstudio2019community
 
+# Note: The .NET SDK was added as a prerequisite for WiX4 - https://github.com/nodejs/node/pull/45943
 - name: install Visual Studio Community 2019 Native Desktop Workload
   win_chocolatey:
       name: visualstudio2019-workload-nativedesktop
-      params: '--add Microsoft.VisualStudio.Component.VC.Tools.ARM64 --add Microsoft.VisualStudio.Component.VC.ATL.ARM64'
+      params: '--add Microsoft.VisualStudio.Component.VC.Tools.ARM64 --add Microsoft.VisualStudio.Component.VC.ATL.ARM64 --add Microsoft.NetCore.Component.SDK'
 
 - name: install WiX Toolset
   import_tasks: 'wixtoolset.yml'

From 6b02368b910498073f748b88144f4a2625f8f099 Mon Sep 17 00:00:00 2001
From: StefanStojanovic <stefan.stojanovic@janeasystems.com>
Date: Wed, 1 Mar 2023 16:38:37 +0100
Subject: [PATCH 3/4] ansible: prevent autologin block on reboot windows

Windows 10 and 11 machines occasionally show finish setting up device
screen thus preventing Jenkins from starting after reboot. These changes
disable that behavior.

Refs: https://github.com/nodejs/build/issues/3046
PR-URL: https://github.com/nodejs/build/pull/3211
Reviewed-By: Richard Lau <rlau@redhat.com>
---
 ansible/roles/bootstrap/tasks/partials/win.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/ansible/roles/bootstrap/tasks/partials/win.yml b/ansible/roles/bootstrap/tasks/partials/win.yml
index 5e3701837..b9aea53cc 100644
--- a/ansible/roles/bootstrap/tasks/partials/win.yml
+++ b/ansible/roles/bootstrap/tasks/partials/win.yml
@@ -46,3 +46,17 @@
       name: Enabled
       data: 0
       type: dword
+
+- block:
+  - name: disable Let's Finish Setting up Your Device screen
+    win_regedit:
+      path: 'HKCU:\Software\Microsoft\Windows\CurrentVersion\UserProfileEngagement'
+      name: ScoobeSystemSettingEnabled
+      data: 0
+      type: dword
+  - name: disable Windows Welcome Experience
+    win_regedit:
+      path: 'HKCU:\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager'
+      name: SubscribedContent-310093Enabled
+      data: 0
+      type: dword

From 1566a933dfcdb116a627175b3e976e650c5cdfee Mon Sep 17 00:00:00 2001
From: StefanStojanovic <stefan.stojanovic@janeasystems.com>
Date: Wed, 1 Mar 2023 16:43:28 +0100
Subject: [PATCH 4/4] ansible: add win11 arm64 machines to inventory

Refs: https://github.com/nodejs-private/secrets/pull/246
PR-URL: https://github.com/nodejs/build/pull/3211
Reviewed-By: Richard Lau <rlau@redhat.com>
---
 ansible/inventory.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ansible/inventory.yml b/ansible/inventory.yml
index 54d0a375a..fdf3dad51 100644
--- a/ansible/inventory.yml
+++ b/ansible/inventory.yml
@@ -108,6 +108,12 @@ hosts:
         msft-win10_vs2019-x64-2: {ip: nodejs.westus3.cloudapp.azure.com}
         msft-win10_vs2019-x64-3: {ip: nodejs.australiaeast.cloudapp.azure.com}
         msft-win10_vs2019-x64-4: {ip: nodejs2.eastus.cloudapp.azure.com}
+        msft-win11_vs2019-arm64-1: {ip: nodejs.westeurope.cloudapp.azure.com}
+        msft-win11_vs2019-arm64-2: {ip: nodejs2.eastus.cloudapp.azure.com}
+        msft-win11_vs2019-arm64-3: {ip: nodejs.westeurope.cloudapp.azure.com}
+        msft-win11_vs2019-arm64-4: {ip: nodejs2.eastus.cloudapp.azure.com}
+        msft-win11_vs2019-arm64-5: {ip: nodejs.westeurope.cloudapp.azure.com}
+        msft-win11_vs2019-arm64-6: {ip: nodejs2.eastus.cloudapp.azure.com}
         msft-win2016_vs2017-x64-1: {ip: nodejs.westeurope.cloudapp.azure.com}
         msft-win2016_vs2017-x64-2: {ip: nodejs.westus3.cloudapp.azure.com}
         msft-win2016_vs2017-x64-3: {ip: nodejs.australiaeast.cloudapp.azure.com}