upstream/icinga-powershell-framework
1
0
Fork 0
mirror of https://github.com/Icinga/icinga-powershell-framework.git synced 2025-12-22 23:59:46 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #425 from Icinga:feature/allow_force_cert_creation_over_imc

Browse source 
Feature: Allow Force-Creation of certificates for Agent over IMC

Adds support to re\-create the Icinga Agent certificates, even when they are already present on the system. This will resolve the manual requirement to delete the folder or certificates, in case the Icinga CA changes for example
This commit is contained in:
Lord Hepipud 2022-01-04 21:55:51 +01:00 committed by GitHub
commit 45b832ac3d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 43 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/100-General/10-Changelog.md
View file

@ -26,6 +26,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
### Enhancements ### Enhancements
* [#388](https://github.com/Icinga/icinga-powershell-framework/issues/388) Improves performance for testing if `Add-Type` functions have been added, by adding an internal test for newly introduced environment variables within a PowerShell session * [#388](https://github.com/Icinga/icinga-powershell-framework/issues/388) Improves performance for testing if `Add-Type` functions have been added, by adding an internal test for newly introduced environment variables within a PowerShell session
* [#417](https://github.com/Icinga/icinga-powershell-framework/issues/417) Adds support to allow the force creation of Icinga Agent certificates, even when they are already present on the system over Icinga Management Console installation
## 1.7.1 (2021-11-11) ## 1.7.1 (2021-11-11)

8
lib/core/installer/Start-IcingaForWindowsInstallation.psm1
View file

@ -22,6 +22,7 @@ function Start-IcingaForWindowsInstallation()
# Certificate handler # Certificate handler
$CertificateType = Get-IcingaForWindowsInstallerStepSelection -InstallerStep 'Show-IcingaForWindowsInstallerMenuSelectCertificate'; $CertificateType = Get-IcingaForWindowsInstallerStepSelection -InstallerStep 'Show-IcingaForWindowsInstallerMenuSelectCertificate';
$CertificateForceGen = Get-IcingaForWindowsInstallerStepSelection -InstallerStep 'Show-IcingaForWindowsInstallerMenuSelectForceCertificateGeneration';
$CertificateTicket = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallerMenuEnterIcingaTicket'; $CertificateTicket = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallerMenuEnterIcingaTicket';
$CertificateCAFile = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallerMenuEnterIcingaCAFile'; $CertificateCAFile = Get-IcingaForWindowsInstallerValuesFromStep -InstallerStep 'Show-IcingaForWindowsInstallerMenuEnterIcingaCAFile';
@ -65,6 +66,7 @@ function Start-IcingaForWindowsInstallation()
$InstallPlugins = $TRUE; $InstallPlugins = $TRUE;
$PluginPackageRelease = $FALSE; $PluginPackageRelease = $FALSE;
$PluginPackageSnapshot = $FALSE; $PluginPackageSnapshot = $FALSE;
$ForceCertificateGen = $FALSE;
if ([string]::IsNullOrEmpty($IcingaStableRepo) -eq $FALSE) { if ([string]::IsNullOrEmpty($IcingaStableRepo) -eq $FALSE) {
Add-IcingaRepository -Name 'Icinga Stable' -RemotePath $IcingaStableRepo -Force; Add-IcingaRepository -Name 'Icinga Stable' -RemotePath $IcingaStableRepo -Force;
@ -168,6 +170,10 @@ function Start-IcingaForWindowsInstallation()
} }
} }
if ($CertificateForceGen -eq 1) {
$ForceCertificateGen = $TRUE;
}
if ($InstallAgent) { if ($InstallAgent) {
Set-IcingaPowerShellConfig -Path 'Framework.Icinga.AgentLocation' -Value $AgentInstallDir; Set-IcingaPowerShellConfig -Path 'Framework.Icinga.AgentLocation' -Value $AgentInstallDir;
Install-IcingaComponent -Name 'agent' -Version $AgentVersion -Confirm -Release; Install-IcingaComponent -Name 'agent' -Version $AgentVersion -Confirm -Release;
@ -185,7 +191,7 @@ function Start-IcingaForWindowsInstallation()
# Only continue this, if our installation was successful # Only continue this, if our installation was successful
if ((Get-IcingaAgentInstallation).Installed) { if ((Get-IcingaAgentInstallation).Installed) {
if ((Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $IcingaCAServer -Port $IcingaPort -CACert $CertificateCAFile -Ticket $CertificateTicket) -eq $FALSE) { if ((Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $IcingaCAServer -Port $IcingaPort -CACert $CertificateCAFile -Ticket $CertificateTicket -Force:$ForceCertificateGen) -eq $FALSE) {
Disable-IcingaAgentFeature 'api'; Disable-IcingaAgentFeature 'api';
Write-IcingaConsoleWarning ` Write-IcingaConsoleWarning `
-Message '{0}{1}{2}{3}{4}' ` -Message '{0}{1}{2}{3}{4}' `

1
lib/core/installer/menu/installation/AdvancedEntries.psm1
View file

@ -12,6 +12,7 @@ function Add-IcingaForWindowsInstallationAdvancedEntries()
Show-IcingaForWindowsInstallationMenuEnterIcingaPort -Automated -Advanced; Show-IcingaForWindowsInstallationMenuEnterIcingaPort -Automated -Advanced;
Show-IcingaForWindowsInstallerMenuSelectOpenWindowsFirewall -DefaultInput $OpenFirewall -Automated -Advanced; Show-IcingaForWindowsInstallerMenuSelectOpenWindowsFirewall -DefaultInput $OpenFirewall -Automated -Advanced;
Show-IcingaForWindowsInstallerMenuSelectCertificate -Automated -Advanced; Show-IcingaForWindowsInstallerMenuSelectCertificate -Automated -Advanced;
Show-IcingaForWindowsInstallerMenuSelectForceCertificateGeneration -Automated -Advanced;
Show-IcingaForWindowsInstallerMenuSelectGlobalZones -Automated -Advanced; Show-IcingaForWindowsInstallerMenuSelectGlobalZones -Automated -Advanced;
Show-IcingaForWindowsInstallationMenuEnterCustomGlobalZones -Automated -Advanced; Show-IcingaForWindowsInstallationMenuEnterCustomGlobalZones -Automated -Advanced;
Show-IcingaForWindowsInstallationMenuEnterIcingaAgentVersion -Automated -Advanced; Show-IcingaForWindowsInstallationMenuEnterIcingaAgentVersion -Automated -Advanced;

34
lib/core/installer/menu/installation/icinga/ForceCertificateGeneration.psm1 Normal file
View file

@ -0,0 +1,34 @@
function Show-IcingaForWindowsInstallerMenuSelectForceCertificateGeneration()
{
param (
[array]$Value = @(),
[string]$DefaultInput = '0',
[switch]$JumpToSummary = $FALSE,
[switch]$Automated = $FALSE,
[switch]$Advanced = $FALSE
);
$Global:Icinga.InstallWizard.DirectorSelfService = $FALSE;
Show-IcingaForWindowsInstallerMenu `
-Header 'Do you want to force the creation of possible existing Icinga Agent certificates?' `
-Entries @(
@{
'Caption' = 'Do not enforce certificate creation';
'Command' = 'Show-IcingaForWindowsInstallerConfigurationSummary';
'Help' = 'In case certificates for the Icinga Agent for the matching hostname do already exist, they will not be re-created.'
},
@{
'Caption' = 'Enforce certificate creation';
'Command' = 'Show-IcingaForWindowsInstallerConfigurationSummary';
'Help' = 'This will always create the Icinga Agent certificates and create a new certificate request, even when certificates do already exist.';
}
) `
-DefaultIndex $DefaultInput `
-JumpToSummary:$JumpToSummary `
-ConfigElement `
-Automated:$Automated `
-Advanced:$Advanced;
}
Set-Alias -Name 'IfW-ForceCertificateCreation' -Value 'Show-IcingaForWindowsInstallerMenuSelectForceCertificateGeneration';