Merge pull request #365 from Icinga:fix/ignore_agent_config_on_install_failure

Fix: Icinga environment corruption on Icinga Agent installation failure In case the Icinga Agent could not be installed, regardless of the reason, we should not write any zone, api or other related config to the environment. By doing so, we can corrupt the environment and make it impossible for the Icinga Agent to be installed in the future, unless we manually delete the folowing directories: * `C:\ProgramData\icinga2` * `C:\Program Files\ICINGA2` * `C:\Program Files (x86)\ICINGA2` (only for x86 installations)
2025-12-21 23:29:40 -05:00 · 2021-09-09 18:28:35 +02:00 · 2021-09-09 18:28:35 +02:00 · 5ae390f0f6
commit 5ae390f0f6
parent 7b6b9e8224 8492a39009
2 changed files with 27 additions and 19 deletions
--- a/doc/100-General/10-Changelog.md
+++ b/doc/100-General/10-Changelog.md
@ -16,6 +16,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 * [#361](https://github.com/Icinga/icinga-powershell-framework/issues/361) Fixes IMC freeze on Icinga Director Self-Service installation, in case no Agent installation set on Self-Service API config
 * [#362](https://github.com/Icinga/icinga-powershell-framework/issues/362) Fixes repository component installation from file share locations
 * [#363](https://github.com/Icinga/icinga-powershell-framework/issues/363) Fixes unneeded continue for JEA process lookup, in case no JEA pid is present
+* [#365](https://github.com/Icinga/icinga-powershell-framework/issues/365) Fixes Icinga environment corruption on Icinga Agent installation failure

 ### Enhancements

--- a/lib/core/installer/Start-IcingaForWindowsInstallation.psm1
+++ b/lib/core/installer/Start-IcingaForWindowsInstallation.psm1
@ -165,28 +165,35 @@ function Start-IcingaForWindowsInstallation()
    if ($InstallAgent) {
        Set-IcingaPowerShellConfig -Path 'Framework.Icinga.AgentLocation' -Value $AgentInstallDir;
        Install-IcingaComponent -Name 'agent' -Version $AgentVersion -Confirm -Release;
-        Reset-IcingaAgentConfigFile;
-        Move-IcingaAgentDefaultConfig;
-        Set-IcingaAgentNodeName -Hostname $Hostname;
-        Set-IcingaAgentServiceUser -User $ServiceUser -Password (ConvertTo-IcingaSecureString $ServicePassword) -SetPermission | Out-Null;
-        Install-IcingaAgentBaseFeatures;
-        Write-IcingaAgentApiConfig -Port $IcingaPort;
+
+        # Only continue this, if our installation was successful
+        if ((Get-IcingaAgentInstallation).Installed) {
+            Reset-IcingaAgentConfigFile;
+            Move-IcingaAgentDefaultConfig;
+            Set-IcingaAgentNodeName -Hostname $Hostname;
+            Set-IcingaAgentServiceUser -User $ServiceUser -Password (ConvertTo-IcingaSecureString $ServicePassword) -SetPermission | Out-Null;
+            Install-IcingaAgentBaseFeatures;
+            Write-IcingaAgentApiConfig -Port $IcingaPort;
+        }
    }

-    if ((Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $IcingaCAServer -Port $IcingaPort -CACert $CertificateCAFile -Ticket $CertificateTicket) -eq $FALSE) {
-        Disable-IcingaAgentFeature 'api';
-        Write-IcingaConsoleWarning `
-            -Message '{0}{1}{2}{3}{4}' `
-            -Objects (
-                'Your Icinga Agent API feature has been disabled. Please provide either your ca.crt ',
-                'or connect to a parent node for certificate requests. You can run "Install-IcingaAgentCertificates" ',
-                'with your configuration to properly create the host certificate and a valid certificate request. ',
-                'After this you can enable the API feature by using "Enable-IcingaAgentFeature api" and restart the ',
-                'Icinga Agent service "Restart-IcingaService icinga2"'
-            );
-    }
+    # Only continue this, if our installation was successful
+    if ((Get-IcingaAgentInstallation).Installed) {
+        if ((Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $IcingaCAServer -Port $IcingaPort -CACert $CertificateCAFile -Ticket $CertificateTicket) -eq $FALSE) {
+            Disable-IcingaAgentFeature 'api';
+            Write-IcingaConsoleWarning `
+                -Message '{0}{1}{2}{3}{4}' `
+                -Objects (
+                    'Your Icinga Agent API feature has been disabled. Please provide either your ca.crt ',
+                    'or connect to a parent node for certificate requests. You can run "Install-IcingaAgentCertificates" ',
+                    'with your configuration to properly create the host certificate and a valid certificate request. ',
+                    'After this you can enable the API feature by using "Enable-IcingaAgentFeature api" and restart the ',
+                    'Icinga Agent service "Restart-IcingaService icinga2"'
+                );
+        }

-    Write-IcingaAgentZonesConfig -Endpoints $IcingaEndpoints -EndpointConnections $IcingaParentAddresses -ParentZone $IcingaZone -GlobalZones $GlobalZones -Hostname $Hostname;
+        Write-IcingaAgentZonesConfig -Endpoints $IcingaEndpoints -EndpointConnections $IcingaParentAddresses -ParentZone $IcingaZone -GlobalZones $GlobalZones -Hostname $Hostname;
+    }

    if ($InstallService) {
        Set-IcingaPowerShellConfig -Path 'Framework.Icinga.IcingaForWindowsService' -Value $WindowsServiceDir;