diff --git a/lib/core/framework/Install-IcingaFrameworkService.psm1 b/lib/core/framework/Install-IcingaFrameworkService.psm1 index 5b6c329..81607dc 100644 --- a/lib/core/framework/Install-IcingaFrameworkService.psm1 +++ b/lib/core/framework/Install-IcingaFrameworkService.psm1 @@ -33,7 +33,7 @@ function Install-IcingaFrameworkService() ); if ([string]::IsNullOrEmpty($Path)) { - Write-IcingaConsoleError 'No path specified for Framework service. Service will not be installed'; + Write-IcingaConsoleWarning 'No path specified for Framework service. Service will not be installed'; return; } diff --git a/lib/core/icingaagent/firewall/Disable-IcingaFirewall.psm1 b/lib/core/icingaagent/firewall/Disable-IcingaFirewall.psm1 index d2cafe0..0502a5d 100644 --- a/lib/core/icingaagent/firewall/Disable-IcingaFirewall.psm1 +++ b/lib/core/icingaagent/firewall/Disable-IcingaFirewall.psm1 @@ -11,7 +11,7 @@ function Disable-IcingaFirewall() if ($Firewall.ExitCode -ne 0) { Write-IcingaConsoleError ([string]::Format('Failed to remove legacy firewall: {0}{1}', $Firewall.Message, $Firewall.Error)); } else { - Write-IcingaConsoleNotice 'Successfully removed legacy Firewall rule'; + Write-IcingaConsoleNotice 'Successfully removed legacy firewall rule'; } } @@ -24,7 +24,7 @@ function Disable-IcingaFirewall() if ($Firewall.ExitCode -ne 0) { Write-IcingaConsoleError ([string]::Format('Failed to remove Icinga firewall: {0}{1}', $Firewall.Message, $Firewall.Error)); } else { - Write-IcingaConsoleNotice 'Successfully removed Icinga Firewall rule'; + Write-IcingaConsoleNotice 'Successfully removed Icinga firewall rule'; } } } diff --git a/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 b/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 index a82538d..a9ff5fd 100644 --- a/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 +++ b/lib/core/icingaagent/installer/Install-IcingaAgentCertificates.psm1 @@ -39,7 +39,7 @@ function Install-IcingaAgentCertificates() } if ([string]::IsNullOrEmpty($Endpoint) -And [string]::IsNullOrEmpty($CACert)) { - Write-IcingaConsoleNotice 'Your host certificates have been generated successfully. Please either specify an endpoint to connect to or provide the path to a valid ca.crt.'; + Write-IcingaConsoleWarning 'Your host certificates have been generated successfully. Please either specify an endpoint to connect to or provide the path to a valid ca.crt'; return $TRUE; } @@ -194,7 +194,7 @@ function Test-IcingaAgentCertificates() } } - Write-IcingaConsoleNotice 'Icinga host certificates are present and valid. No generation required.'; + Write-IcingaConsoleNotice 'Icinga host certificates are present and valid. No generation required'; return $TRUE; } diff --git a/lib/core/icingaagent/installer/Uninstall-IcingaAgent.psm1 b/lib/core/icingaagent/installer/Uninstall-IcingaAgent.psm1 index 740e339..ef1d852 100644 --- a/lib/core/icingaagent/installer/Uninstall-IcingaAgent.psm1 +++ b/lib/core/icingaagent/installer/Uninstall-IcingaAgent.psm1 @@ -11,20 +11,20 @@ function Uninstall-IcingaAgent() return; } - Write-IcingaConsoleNotice 'Removing current installed Icinga Agent'; + Write-IcingaConsoleNotice 'Removing current Icinga Agent'; Stop-IcingaService 'icinga2'; $Uninstaller = Start-IcingaProcess -Executable 'MsiExec.exe' -Arguments ([string]::Format('{0} /q', $IcingaData.Uninstaller)) -FlushNewLine; if ($Uninstaller.ExitCode -ne 0) { - Write-IcingaConsoleError ([string]::Format('Failed to remove Icinga 2 Agent: {0}{1}', $Uninstaller.Message, $Uninstaller.Error)); + Write-IcingaConsoleError ([string]::Format('Failed to remove Icinga Agent: {0}{1}', $Uninstaller.Message, $Uninstaller.Error)); return $FALSE; } if ($RemoveDataFolder) { [string]$IcingaProgramData = Join-Path -Path $Env:ProgramData -ChildPath 'icinga2'; - Write-IcingaConsoleNotice -Message 'Removing Icinga 2 directoy from ProgramData: "{0}"' -Objects $IcingaProgramData; + Write-IcingaConsoleNotice -Message 'Removing Icinga Agent directory: "{0}"' -Objects $IcingaProgramData; if ((Remove-ItemSecure -Path $IcingaProgramData -Recurse -Force) -eq $FALSE) { return $FALSE; } diff --git a/lib/core/icingaagent/misc/Disable-IcingaAgentFeature.psm1 b/lib/core/icingaagent/misc/Disable-IcingaAgentFeature.psm1 index 4df1806..cef5fc8 100644 --- a/lib/core/icingaagent/misc/Disable-IcingaAgentFeature.psm1 +++ b/lib/core/icingaagent/misc/Disable-IcingaAgentFeature.psm1 @@ -9,7 +9,7 @@ function Disable-IcingaAgentFeature() } if ((Test-IcingaAgentFeatureEnabled -Feature $Feature) -eq $FALSE) { - Write-IcingaConsoleWarning ([string]::Format('This feature is already disabled [{0}]', $Feature)); + Write-IcingaConsoleNotice ([string]::Format('This feature is already disabled [{0}]', $Feature)); return; } diff --git a/lib/core/icingaagent/misc/Enable-IcingaAgentFeature.psm1 b/lib/core/icingaagent/misc/Enable-IcingaAgentFeature.psm1 index beebc19..0a59aa3 100644 --- a/lib/core/icingaagent/misc/Enable-IcingaAgentFeature.psm1 +++ b/lib/core/icingaagent/misc/Enable-IcingaAgentFeature.psm1 @@ -9,7 +9,7 @@ function Enable-IcingaAgentFeature() } if ((Test-IcingaAgentFeatureEnabled -Feature $Feature)) { - Write-IcingaConsoleWarning ([string]::Format('This feature is already enabled [{0}]', $Feature)); + Write-IcingaConsoleNotice ([string]::Format('This feature is already enabled [{0}]', $Feature)); return; } diff --git a/lib/core/icingaagent/misc/Move-IcingaAgentDefaultConfig.psm1 b/lib/core/icingaagent/misc/Move-IcingaAgentDefaultConfig.psm1 index 0a5f940..901d6cf 100644 --- a/lib/core/icingaagent/misc/Move-IcingaAgentDefaultConfig.psm1 +++ b/lib/core/icingaagent/misc/Move-IcingaAgentDefaultConfig.psm1 @@ -4,7 +4,7 @@ function Move-IcingaAgentDefaultConfig() $BackupFile = Join-Path -Path $ConfigDir -ChildPath 'ps_backup\backup_executed.key'; if ((Test-Path $BackupFile)) { - Write-IcingaConsoleNotice 'A backup of your default configuration is not required. A backup was already made.'; + Write-IcingaConsoleNotice 'A backup of your default configuration is not required. A backup was already made'; return; } diff --git a/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1 b/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1 index ea33ddf..5fff42d 100644 --- a/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1 +++ b/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1 @@ -16,6 +16,7 @@ function Start-IcingaAgentInstallWizard() $AcceptConnections = $null, [array]$Endpoints = @(), [array]$EndpointConnections = @(), + $ConvertEndpointIPConfig = $null, [string]$ParentZone, [array]$GlobalZones = $null, [string]$CAEndpoint, @@ -136,8 +137,9 @@ function Start-IcingaAgentInstallWizard() } if ([string]::IsNullOrEmpty($Hostname) -And $null -eq $AutoUseFQDN -And $null -eq $AutoUseHostname) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to manually specify a hostname?' -Default 'n').result -eq 1) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to automatically fetch the hostname with its FQDN?' -Default 'y').result -eq 1) { + if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to specify the hostname manually?' -Default 'n').result -eq 1) { + $HostFQDN = Get-IcingaHostname -AutoUseFQDN 1 -AutoUseHostname 0 -LowerCase 1 -UpperCase 0; + if ((Get-IcingaAgentInstallerAnswerInput -Prompt ([string]::Format('Do you want to automatically fetch the hostname as FQDN? (Result: "{0}")', $HostFQDN)) -Default 'y').result -eq 1) { $InstallerArguments += '-AutoUseFQDN 1'; $InstallerArguments += '-AutoUseHostname 0'; $AutoUseFQDN = $TRUE; @@ -148,17 +150,24 @@ function Start-IcingaAgentInstallWizard() $AutoUseFQDN = $FALSE; $AutoUseHostname = $TRUE; } - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to modify the hostname to only include lower case characters?' -Default 'y').result -eq 1) { + $Hostname = Get-IcingaHostname -AutoUseFQDN $AutoUseFQDN -AutoUseHostname $AutoUseHostname -LowerCase 1 -UpperCase 0; + if ((Get-IcingaAgentInstallerAnswerInput -Prompt ([string]::Format('Do you want to convert the hostname into lower case characters? (Result: "{0}")', $Hostname)) -Default 'y').result -eq 1) { $InstallerArguments += '-LowerCase 1'; $InstallerArguments += '-UpperCase 0'; $LowerCase = $TRUE; $UpperCase = $FALSE; } else { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to modify the hostname to only include upper case characters?' -Default 'n').result -eq 0) { + $Hostname = Get-IcingaHostname -AutoUseFQDN $AutoUseFQDN -AutoUseHostname $AutoUseHostname -LowerCase 0 -UpperCase 1; + if ((Get-IcingaAgentInstallerAnswerInput -Prompt ([string]::Format('Do you want to convert the hostname into upper case characters? (Result: "{0}")', $Hostname)) -Default 'y').result -eq 1) { $InstallerArguments += '-LowerCase 0'; $InstallerArguments += '-UpperCase 1'; $LowerCase = $FALSE; $UpperCase = $TRUE; + } else { + $InstallerArguments += '-LowerCase 0'; + $InstallerArguments += '-UpperCase 0'; + $LowerCase = $FALSE; + $UpperCase = $FALSE; } } $Hostname = Get-IcingaHostname -AutoUseFQDN $AutoUseFQDN -AutoUseHostname $AutoUseHostname -LowerCase $LowerCase -UpperCase $UpperCase; @@ -171,13 +180,13 @@ function Start-IcingaAgentInstallWizard() } } - Write-IcingaConsoleNotice ([string]::Format('Using hostname "{0}" for the Icinga 2 Agent configuration', $Hostname)); + Write-IcingaConsoleNotice ([string]::Format('Using hostname "{0}" for the Icinga Agent configuration', $Hostname)); $IcingaAgent = Get-IcingaAgentInstallation; if ($IcingaAgent.Installed -eq $FALSE) { if ([string]::IsNullOrEmpty($PackageSource)) { if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to install the Icinga Agent now?' -Default 'y').result -eq 1) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to use a different package source then "https://packages.icinga.com/windows/"?' -Default 'n').result -eq 0) { + if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to use a different package source? (Defaults: "https://packages.icinga.com/windows/")' -Default 'n').result -eq 0) { $PackageSource = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify your package source' -Default 'v').answer; $InstallerArguments += "-PackageSource '$PackageSource'"; } else { @@ -185,15 +194,15 @@ function Start-IcingaAgentInstallWizard() $InstallerArguments += "-PackageSource '$PackageSource'"; } - Write-IcingaConsoleNotice ([string]::Format('Using package source "{0}" for the Icinga 2 Agent package', $PackageSource)); + Write-IcingaConsoleNotice ([string]::Format('Using package source "{0}" for the Icinga Agent package', $PackageSource)); $AllowVersionChanges = $TRUE; $InstallerArguments += '-AllowVersionChanges 1'; if ([string]::IsNullOrEmpty($AgentVersion)) { - $AgentVersion = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the version you wish to install ("latest", "snapshot", or a version like "2.11.0")' -Default 'v' -DefaultInput 'latest').answer; + $AgentVersion = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the version you wish to install ("latest", "snapshot" or a version like "2.11.3")' -Default 'v' -DefaultInput 'latest').answer; $InstallerArguments += "-AgentVersion '$AgentVersion'"; - Write-IcingaConsoleNotice ([string]::Format('Installing Icinga Version: "{0}"', $AgentVersion)); + Write-IcingaConsoleNotice ([string]::Format('Installing Icinga version: "{0}"', $AgentVersion)); } } else { $AllowVersionChanges = $FALSE; @@ -204,7 +213,7 @@ function Start-IcingaAgentInstallWizard() } } else { if ($null -eq $UpdateAgent) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'The Icinga 2 Agent is already installed. Would you like to update it?' -Default 'y').result -eq 1) { + if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'The Icinga Agent is already installed. Would you like to update it?' -Default 'y').result -eq 1) { $UpdateAgent = 1; $AllowVersionChanges = $TRUE; $InstallerArguments += '-AllowVersionChanges 1'; @@ -218,7 +227,7 @@ function Start-IcingaAgentInstallWizard() if ($UpdateAgent -eq 1) { if ([string]::IsNullOrEmpty($AgentVersion)) { - $AgentVersion = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the version you wish to install ("latest", "snapshot", or a version like "2.11.0")' -Default 'v').answer; + $AgentVersion = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the version you wish to install ("latest", "snapshot", or a version like "2.11.0")' -Default 'v' -DefaultInput 'latest').answer; $InstallerArguments += "-AgentVersion '$AgentVersion'"; Write-IcingaConsoleNotice ([string]::Format('Updating/Downgrading Icinga 2 Agent to version: "{0}"', $AgentVersion)); @@ -237,14 +246,14 @@ function Start-IcingaAgentInstallWizard() } if ($Endpoints.Count -eq 0) { - $ArrayString = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify all endpoints this Agent will report to (separated by ",")' -Default 'v').answer; + $ArrayString = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the parent node(s) separated by "," (Example: "master-icinga2a, master-icinga2b")' -Default 'v').answer; $Endpoints = ($ArrayString.Replace(' ', '')).Split(','); $InstallerArguments += ("-Endpoints " + ([string]::Join(',', $Endpoints))); } if ($null -eq $CAPort) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Are you using a different port than 5665 for Icinga communications?' -Default 'n').result -eq 0) { - $CAPort = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter the port for Icinga 2 communication' -Default 'v').answer; + if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Are you using a custom port for Icinga communication?' -Default 'n').result -eq 0) { + $CAPort = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter the port for Icinga communication' -Default 'v' -DefaultInput '5665').answer; $InstallerArguments += "-CAPort $CAPort"; } else { $InstallerArguments += "-CAPort 5665"; @@ -255,22 +264,25 @@ function Start-IcingaAgentInstallWizard() [bool]$CanConnectToParent = $FALSE; if ($null -eq $AcceptConnections) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Is this Agent able to connect to its parent node for certificate generation and general communication?' -Default 'y').result -eq 1) { + if ((Get-IcingaAgentInstallerAnswerInput -Prompt "Is this Agent able to connect to its parent node(s)?" -Default 'y').result -eq 1) { $CanConnectToParent = $TRUE; - $AcceptConnections = 1; - $InstallerArguments += ("-AcceptConnections 1"); - } else { $AcceptConnections = 0; $InstallerArguments += ("-AcceptConnections 0"); + } else { + $AcceptConnections = 1; + $InstallerArguments += ("-AcceptConnections 1"); } - } elseif ($AcceptConnections) { - $CanConnectToParent = $TRUE; + } else { if ((Test-IcingaWizardArgument -Argument 'AcceptConnections') -eq $FALSE) { $InstallerArguments += ([string]::Format('-AcceptConnections {0}', [int]$AcceptConnections)); } + + if ($AcceptConnections -eq $FALSE) { + $CanConnectToParent = $TRUE; + } } - if ($null -eq $AddFirewallRule) { + if ($null -eq $AddFirewallRule -And $CanConnectToParent -eq $FALSE) { if ((Get-IcingaAgentInstallerAnswerInput -Prompt ([string]::Format('Do you want to open the Windows Firewall for incoming traffic on Port "{0}"?', $CAPort)) -Default 'y').result -eq 1) { $InstallerArguments += "-AddFirewallRule 1"; $AddFirewallRule = $TRUE; @@ -278,9 +290,33 @@ function Start-IcingaAgentInstallWizard() $InstallerArguments += "-AddFirewallRule 0"; $AddFirewallRule = $FALSE; } + } else { + if ($CanConnectToParent -eq $TRUE) { + $InstallerArguments += "-AddFirewallRule 0"; + $AddFirewallRule = $FALSE; + } } - if ($EndpointConnections.Count -eq 0 -And $AcceptConnections -eq 1) { + if ($null -eq $ConvertEndpointIPConfig -And $CanConnectToParent -eq $TRUE) { + if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to convert parent node(s) connection data to IP adresses?' -Default 'y').result -eq 1) { + $InstallerArguments += "-ConvertEndpointIPConfig 1"; + $ConvertEndpointIPConfig = $TRUE; + if ($EndpointConnections.Count -eq 0) { + $EndpointsConversion = Convert-IcingaEndpointsToIPv4 -NetworkConfig $Endpoints.Split(','); + } else { + $EndpointsConversion = Convert-IcingaEndpointsToIPv4 -NetworkConfig $EndpointConnections.Split(','); + } + if ($EndpointsConversion.HasErrors) { + Write-IcingaConsoleWarning -Message 'Not all of your endpoint connection data could be resolved. These endpoints were dropped: {0}' -Objects ([string]::Join(', ', $EndpointsConversion.Unresolved)); + } + $EndpointConnections = $EndpointsConversion.Network; + } else { + $InstallerArguments += "-ConvertEndpointIPConfig 0"; + $ConvertEndpointIPConfig = $FALSE; + } + } + + if ($EndpointConnections.Count -eq 0 -And $AcceptConnections -eq 0) { $NetworkDefault = ''; foreach ($Endpoint in $Endpoints) { $NetworkDefault += [string]::Format('[{0}]:{1},', $Endpoint, $CAPort); @@ -288,13 +324,20 @@ function Start-IcingaAgentInstallWizard() if ([string]::IsNullOrEmpty($NetworkDefault) -eq $FALSE) { $NetworkDefault = $NetworkDefault.Substring(0, $NetworkDefault.Length - 1); } - $ArrayString = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the network destinations this agent will connect to, separated by ","' -Default 'v' -DefaultInput $NetworkDefault).answer; + $ArrayString = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the network destinations this Agent will connect to separated by "," (Examples: 192.168.0.1, [192.168.0.2]:5665, [icinga2.example.com]:5665)' -Default 'v' -DefaultInput $NetworkDefault).answer; $EndpointConnections = ($ArrayString.Replace(' ', '')).Split(','); + + if ($ConvertEndpointIPConfig) { + $EndpointsConversion = Convert-IcingaEndpointsToIPv4 -NetworkConfig $EndpointConnections.Split(','); + if ($EndpointsConversion.HasErrors -eq $FALSE) { + $EndpointConnections = $EndpointsConversion.Network; + } + } $InstallerArguments += ("-EndpointConnections " + ([string]::Join(',', $EndpointConnections))); } if ([string]::IsNullOrEmpty($ParentZone)) { - $ParentZone = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the parent zone this agent will connect to' -Default 'v' -DefaultInput 'master').answer; + $ParentZone = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the parent zone this Agent will connect to' -Default 'v' -DefaultInput 'master').answer; $InstallerArguments += "-ParentZone $ParentZone"; } @@ -328,10 +371,15 @@ function Start-IcingaAgentInstallWizard() if ($null -eq $GlobalZones) { if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to add custom global zones?' -Default 'n').result -eq 0) { - $ArrayString = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify your additional zones seperated by ","' -Default 'v').answer; - $GlobalZones = ($ArrayString.Replace(' ', '')).Split(',') - $GlobalZoneConfig += $GlobalZones; - $InstallerArguments += ("-GlobalZones " + ([string]::Join(',', $GlobalZones))); + $ArrayString = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify your additional zones seperated by "," (Example: "global-zone1, global-zone2")' -Default 'v').answer; + if ([string]::IsNullOrEmpty($ArrayString) -eq $FALSE) { + $GlobalZones = ($ArrayString.Replace(' ', '')).Split(',') + $GlobalZoneConfig += $GlobalZones; + $InstallerArguments += ("-GlobalZones " + ([string]::Join(',', $GlobalZones))); + } else { + $GlobalZones = @(); + $InstallerArguments += ("-GlobalZones @()"); + } } else { $GlobalZones = @(); $InstallerArguments += ("-GlobalZones @()"); @@ -342,12 +390,12 @@ function Start-IcingaAgentInstallWizard() if ($CanConnectToParent) { if ([string]::IsNullOrEmpty($CAEndpoint)) { - $CAEndpoint = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter the IP/FQDN for either ONE of your Icinga parent nodes or your Icinga 2 CA master' -Default 'v' -DefaultInput (Get-IPConfigFromString $EndpointConnections[0]).address).answer; + $CAEndpoint = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter the connection data of the parent node that handles certificate requests' -Default 'v' -DefaultInput (Get-IPConfigFromString $EndpointConnections[0]).address).answer; $InstallerArguments += "-CAEndpoint $CAEndpoint"; } if ([string]::IsNullOrEmpty($Ticket) -And $null -eq $EmptyTicket) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you have a Icinga Ticket available to sign your certificate?' -Default 'y').result -eq 1) { - $Ticket = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter your Icinga Ticket' -Default 'v').answer; + if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you have a PKI Ticket to sign your certificate request?' -Default 'y').result -eq 1) { + $Ticket = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter your PKI Ticket' -Default 'v').answer; if ([string]::IsNullOrEmpty($Ticket)) { $InstallerArguments += "-EmptyTicket 1" } else { @@ -373,7 +421,7 @@ function Start-IcingaAgentInstallWizard() } else { if ([string]::IsNullOrEmpty($CAFile) -And $null -eq $EmptyCA) { if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Is your public Icinga 2 CA (ca.crt) available on a local, network or web share?' -Default 'y').result -eq 1) { - $CAFile = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please provide the full path to your ca.crt file' -Default 'v').answer; + $CAFile = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please provide the full path to your ca.crt file (Examples: "C:\icinga2\ca.crt", "https://icinga.example.com/ca.crt"' -Default 'v').answer; if ([string]::IsNullOrEmpty($CAFile)) { $InstallerArguments += "-EmptyCA 1" } else { @@ -382,7 +430,8 @@ function Start-IcingaAgentInstallWizard() $InstallerArguments += "-CAFile '$CAFile'"; } else { $InstallerArguments += "-CAFile ''"; - $InstallerArguments += "-EmptyCA 1" + $InstallerArguments += "-EmptyCA 1"; + $EmptyCA = $TRUE; } } else { if ([string]::IsNullOrEmpty($CAFile)) { @@ -399,11 +448,11 @@ function Start-IcingaAgentInstallWizard() } if ([string]::IsNullOrEmpty($ServiceUser)) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to change the user the Icinga Agent service is running with (Default: "NT Authority\NetworkService")?' -Default 'n').result -eq 0) { - $ServiceUser = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter the user you wish the Icinga Agent service to run with' -Default 'v').answer; + if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to change the user of the Icinga Agent service? (Defaults: "NT Authority\NetworkService")' -Default 'n').result -eq 0) { + $ServiceUser = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter a custom user for the Icinga Agent service' -Default 'v' -DefaultInput 'NT Authority\NetworkService').answer; $InstallerArguments += "-ServiceUser $ServiceUser"; if ($null -eq $ServicePass) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Does your Icinga Service user require a password to login (not required for System users)?' -Default 'y').result -eq 1) { + if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Does your Icinga Agent service user require a password to login? (Not required for System users)' -Default 'y').result -eq 1) { $ServicePass = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter the password for your service user' -Secure -Default 'v').answer; $InstallerArguments += "-ServicePass $ServicePass"; } else { @@ -437,7 +486,7 @@ function Start-IcingaAgentInstallWizard() } if ($null -eq $InstallFrameworkService) { - if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to install the PowerShell Framework as a Service?' -Default 'y').result -eq 1) { + if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to install the PowerShell Framework as a service?' -Default 'y').result -eq 1) { $result = Get-IcingaFrameworkServiceBinary; $InstallerArguments += "-InstallFrameworkService 1"; $InstallerArguments += [string]::Format("-FrameworkServiceUrl '{0}'", $result.FrameworkServiceUrl); @@ -484,18 +533,30 @@ function Start-IcingaAgentInstallWizard() Move-IcingaAgentDefaultConfig; Set-IcingaAgentNodeName -Hostname $Hostname; Set-IcingaAgentServiceUser -User $ServiceUser -Password $ServicePass -SetPermission | Out-Null; - Install-IcingaFrameworkService -Path $ServiceBin -User $ServiceUser -Password $ServicePass | Out-Null; + if ($InstallFrameworkService) { + Install-IcingaFrameworkService -Path $ServiceBin -User $ServiceUser -Password $ServicePass | Out-Null; + } Register-IcingaBackgroundDaemon -Command 'Start-IcingaServiceCheckDaemon'; Install-IcingaAgentBaseFeatures; Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $CAEndpoint -Port $CAPort -CACert $CAFile -Ticket $Ticket | Out-Null; Write-IcingaAgentApiConfig -Port $CAPort; + if ($EmptyCA -eq $TRUE) { + Disable-IcingaAgentFeature 'api'; + Write-IcingaConsoleWarning -Message '{0}{1}{2}{3}{4}' -Objects 'Your Icinga Agent API feature has been disabled. Please provide either your ca.crt ', + 'or connect to a parent node for certificate requests. You can run "Install-IcingaAgentCertificates" ', + 'with your configuration to properly create the host certificate and a valid certificate request. ', + 'After this you can enable the API feature by using "Enable-IcingaAgentFeature api" and restart the ', + 'Icinga Agent service "Restart-IcingaService icinga2"'; + } Write-IcingaAgentZonesConfig -Endpoints $Endpoints -EndpointConnections $EndpointConnections -ParentZone $ParentZone -GlobalZones $GlobalZoneConfig -Hostname $Hostname; if ($AddFirewallRule) { # First cleanup the system by removing all old Firewalls Enable-IcingaFirewall -IcingaPort $CAPort -Force; } Test-IcingaAgent; - Restart-IcingaService 'icingapowershell'; + if ($InstallFrameworkService) { + Restart-IcingaService 'icingapowershell'; + } Restart-IcingaService 'icinga2'; } } diff --git a/lib/core/icingaagent/setters/Set-IcingaAgentServicePermission.psm1 b/lib/core/icingaagent/setters/Set-IcingaAgentServicePermission.psm1 index ff38c78..fd63c13 100644 --- a/lib/core/icingaagent/setters/Set-IcingaAgentServicePermission.psm1 +++ b/lib/core/icingaagent/setters/Set-IcingaAgentServicePermission.psm1 @@ -12,7 +12,7 @@ function Set-IcingaAgentServicePermission() $NewSystemContent = @(); if ([string]::IsNullOrEmpty($ServiceUser)) { - Write-IcingaTestOutput -Severity 'FAILED' -Message 'There is no user assigned to the Icinga 2 service or the service is not yet installed'; + Write-IcingaTestOutput -Severity 'Failed' -Message 'There is no user assigned to the Icinga 2 service or the service is not yet installed'; return $FALSE; } diff --git a/lib/core/icingaagent/tests/Test-IcingaAcl.psm1 b/lib/core/icingaagent/tests/Test-IcingaAcl.psm1 index 249e7a3..68a950e 100644 --- a/lib/core/icingaagent/tests/Test-IcingaAcl.psm1 +++ b/lib/core/icingaagent/tests/Test-IcingaAcl.psm1 @@ -38,13 +38,13 @@ function Test-IcingaAcl() [string]$messageFormat = 'Directory "{0}" {1} by the Icinga Service User "{2}"'; if ($UserFound) { if ($HasAccess) { - Write-IcingaTestOutput -Severity 'PASSED' -Message ([string]::Format($messageFormat, $Directory, 'is accessible and writeable', $ServiceUser)); + Write-IcingaTestOutput -Severity 'Passed' -Message ([string]::Format($messageFormat, $Directory, 'is accessible and writeable', $ServiceUser)); } else { - Write-IcingaTestOutput -Severity 'FAILED' -Message ([string]::Format($messageFormat, $Directory, 'is accessible but NOT writeable', $ServiceUser)); + Write-IcingaTestOutput -Severity 'Failed' -Message ([string]::Format($messageFormat, $Directory, 'is accessible but NOT writeable', $ServiceUser)); Write-IcingaConsolePlain "\_ Please run the following command to fix this issue: Set-IcingaAcl -Directory '$Directory'"; } } else { - Write-IcingaTestOutput -Severity 'FAILED' -Message ([string]::Format($messageFormat, $Directory, 'is not accessible', $ServiceUser)); + Write-IcingaTestOutput -Severity 'Failed' -Message ([string]::Format($messageFormat, $Directory, 'is not accessible', $ServiceUser)); Write-IcingaConsolePlain "\_ Please run the following command to fix this issue: Set-IcingaAcl -Directory '$Directory'"; } } diff --git a/lib/core/icingaagent/tests/Test-IcingaAgent.psm1 b/lib/core/icingaagent/tests/Test-IcingaAgent.psm1 index 32ffdee..1c6cbaf 100644 --- a/lib/core/icingaagent/tests/Test-IcingaAgent.psm1 +++ b/lib/core/icingaagent/tests/Test-IcingaAgent.psm1 @@ -1,18 +1,18 @@ function Test-IcingaAgent() { if (Get-Service 'icinga2' -ErrorAction SilentlyContinue) { - Write-IcingaTestOutput -Severity 'PASSED' -Message 'Icinga Agent Service is installed'; + Write-IcingaTestOutput -Severity 'Passed' -Message 'Icinga Agent service is installed'; Test-IcingaAgentServicePermission | Out-Null; Test-IcingaAcl "$Env:ProgramData\icinga2\etc" -WriteOutput | Out-Null; Test-IcingaAcl "$Env:ProgramData\icinga2\var" -WriteOutput | Out-Null; Test-IcingaAcl (Get-IcingaCacheDir) -WriteOutput | Out-Null; Test-IcingaAgentConfig | Out-Null; if (Test-IcingaAgentFeatureEnabled -Feature 'debuglog') { - Write-IcingaTestOutput -Severity 'WARNING' -Message 'The Debug-Log of the Icinga Agent is enabled. Please keep in mind to disable it once testing is done, as a huge amount of data is generated.' + Write-IcingaTestOutput -Severity 'Warning' -Message 'The debug log of the Icinga Agent is enabled. Please keep in mind to disable it once testing is done, as a huge amount of data is generated' } else { - Write-IcingaTestOutput -Severity 'PASSED' -Message 'Icinga Agent Debug-Log is disabled' + Write-IcingaTestOutput -Severity 'Passed' -Message 'Icinga Agent debug log is disabled' } } else { - Write-IcingaTestOutput -Severity 'FAILED' -Message 'Icinga Agent Service is not installed'; + Write-IcingaTestOutput -Severity 'Failed' -Message 'Icinga Agent service is not installed'; } } diff --git a/lib/core/icingaagent/tests/Test-IcingaAgentConfig.psm1 b/lib/core/icingaagent/tests/Test-IcingaAgentConfig.psm1 index 3dc55ab..5fbab5c 100644 --- a/lib/core/icingaagent/tests/Test-IcingaAgentConfig.psm1 +++ b/lib/core/icingaagent/tests/Test-IcingaAgentConfig.psm1 @@ -8,10 +8,10 @@ function Test-IcingaAgentConfig() $ConfigResult = Start-IcingaProcess -Executable $Binary -Arguments 'daemon -C'; if ($ConfigResult.ExitCode -eq 0) { - Write-IcingaTestOutput -Severity 'PASSED' -Message 'Icinga Agent configuration is valid'; + Write-IcingaTestOutput -Severity 'Passed' -Message 'Icinga Agent configuration is valid'; return $TRUE; } else { - Write-IcingaTestOutput -Severity 'FAILED' -Message 'Icinga Agent configuration is containing errors. Run this command for getting a detailed error report: "Test-IcingaAgentConfig -WriteStackTrace | Out-Null"'; + Write-IcingaTestOutput -Severity 'Failed' -Message 'Icinga Agent configuration contains errors. Run this command for getting a detailed error report: "Test-IcingaAgentConfig -WriteStackTrace | Out-Null"'; if ($WriteStackTrace) { Write-IcingaConsolePlain $ConfigResult.Message; } diff --git a/lib/core/icingaagent/tests/Test-IcingaAgentServicePermission.psm1 b/lib/core/icingaagent/tests/Test-IcingaAgentServicePermission.psm1 index 6b53163..b99bebc 100644 --- a/lib/core/icingaagent/tests/Test-IcingaAgentServicePermission.psm1 +++ b/lib/core/icingaagent/tests/Test-IcingaAgentServicePermission.psm1 @@ -15,7 +15,7 @@ function Test-IcingaAgentServicePermission() if ([string]::IsNullOrEmpty($ServiceUser)) { if (-Not $Silent) { - Write-IcingaTestOutput -Severity 'FAILED' -Message 'There is no user assigned to the Icinga 2 service or the service is not yet installed'; + Write-IcingaTestOutput -Severity 'Failed' -Message 'There is no user assigned to the Icinga 2 service or the service is not yet installed'; } return $FALSE; } @@ -40,9 +40,9 @@ function Test-IcingaAgentServicePermission() if (-Not $Silent) { if ($FoundSID) { - Write-IcingaTestOutput -Severity 'PASSED' -Message ([string]::Format('The specified user "{0}" is allowed to run as service.', $ServiceUser)); + Write-IcingaTestOutput -Severity 'Passed' -Message ([string]::Format('The specified user "{0}" is allowed to run as service', $ServiceUser)); } else { - Write-IcingaTestOutput -Severity 'FAILED' -Message ([string]::Format('The specified user "{0}" is not allowed to run as service.', $ServiceUser)); + Write-IcingaTestOutput -Severity 'Failed' -Message ([string]::Format('The specified user "{0}" is not allowed to run as service', $ServiceUser)); } } diff --git a/lib/core/icingaagent/writers/Write-IcingaTestOutput.psm1 b/lib/core/icingaagent/writers/Write-IcingaTestOutput.psm1 index bfb8110..345db68 100644 --- a/lib/core/icingaagent/writers/Write-IcingaTestOutput.psm1 +++ b/lib/core/icingaagent/writers/Write-IcingaTestOutput.psm1 @@ -1,7 +1,7 @@ function Write-IcingaTestOutput() { param( - [ValidateSet('PASSED', 'WARNING', 'FAILED')] + [ValidateSet('Passed', 'Warning', 'Failed')] $Severity, $Message ); @@ -9,15 +9,15 @@ function Write-IcingaTestOutput() $Color = 'Green'; Switch ($Severity) { - 'PASSED' { + 'Passed' { $Color = 'Green'; break; }; - 'WARNING' { + 'Warning' { $Color = 'Yellow'; break; }; - 'FAILED' { + 'Failed' { $Color = 'Red'; break; }; diff --git a/lib/core/tools/Convert-IcingaEndpointsToIP.psm1 b/lib/core/tools/Convert-IcingaEndpointsToIP.psm1 new file mode 100644 index 0000000..f5201c7 --- /dev/null +++ b/lib/core/tools/Convert-IcingaEndpointsToIP.psm1 @@ -0,0 +1,63 @@ +<# +.SYNOPSIS + Converts Icinga Network configuration from FQDN to IP +.DESCRIPTION + This Cmdlet will convert a given Icinga Endpoint configuration based + on a FQDN to a IPv4 based configuration and returns nothing of the + FQDN could not be resolved +.FUNCTIONALITY + Converts Icinga Network configuration from FQDN to IP +.EXAMPLE + PS>Convert-IcingaEndpointsToIPv4 -NetworkConfig @( '[icinga2.example.com]:5665' ); +.PARAMETER NetworkConfig + An array of Icinga endpoint or single network configuration, like '[icinga2.example.com]:5665' + which will be converted to IP based configuration +.INPUTS + System.Array +.OUTPUTS + System.Hashtable +.LINK + https://github.com/Icinga/icinga-powershell-framework +#> +function Convert-IcingaEndpointsToIPv4() +{ + param ( + [array]$NetworkConfig + ); + + [array]$ResolvedNetwork = @(); + [array]$UnresolvedNetwork = @(); + [bool]$HasUnresolved = $FALSE; + [string]$Domain = $ENV:UserDNSDomain; + + foreach ($entry in $NetworkConfig) { + $Network = Get-IPConfigFromString -IPConfig $entry; + try { + $ResolvedIP = [System.Net.Dns]::GetHostAddresses($Network.address); + $ResolvedNetwork += $entry.Replace($Network.address, $ResolvedIP); + } catch { + # Once we failed in first place, try to lookup the "FQDN" with our host domain + # we are in. Might resolve some issues if our DNS is not knowing the plain + # hostname and untable to resolve it + try { + $ResolvedIP = [System.Net.Dns]::GetHostAddresses( + [string]::Format( + '{0}.{1}', + $Network.address, + $Domain + ) + ); + $ResolvedNetwork += $entry.Replace($Network.address, $ResolvedIP); + } catch { + $UnresolvedNetwork += $Network.address; + $HasUnresolved = $TRUE; + } + } + } + + return @{ + 'Network' = $ResolvedNetwork; + 'HasErrors' = $HasUnresolved; + 'Unresolved' = $UnresolvedNetwork; + }; +}