Add Director Self-Service setup wizard integration

2025-12-20 23:00:35 -05:00 · 2019-11-02 17:42:39 +01:00 · 2019-11-02 17:42:39 +01:00 · 8a3c8c4102
commit 8a3c8c4102
parent 0a9f24f663
7 changed files with 332 additions and 12 deletions
--- a/lib/apis/Get-IcingaDirectorSelfServiceConfig.psm1
+++ b/lib/apis/Get-IcingaDirectorSelfServiceConfig.psm1
@ -15,7 +15,7 @@ function Get-IcingaDirectorSelfServiceConfig()

    $ProgressPreference = "SilentlyContinue";

-    $EndpointUrl = [string]::Format('{0}/self-service/powershell-parameters?key={1}', $DirectorUrl, $ApiKey);
+    $EndpointUrl = Join-WebPath -Path $DirectorUrl -ChildPath ([string]::Format('/self-service/powershell-parameters?key={0}', $ApiKey));

    $response = Invoke-WebRequest -Uri $EndpointUrl -UseBasicParsing -Headers @{ 'accept' = 'application/json'; 'X-Director-Accept' = 'application/json' } -Method 'POST';

--- a/lib/apis/Get-IcingaDirectorSelfServiceTicket.psm1
+++ b/lib/apis/Get-IcingaDirectorSelfServiceTicket.psm1
@ -0,0 +1,29 @@
+function Get-IcingaDirectorSelfServiceTicket()
+{
+    param(
+        $DirectorUrl,
+        $ApiKey      = $null
+    );
+
+    if ([string]::IsNullOrEmpty($DirectorUrl)) {
+        Write-Host 'Unable to fetch host ticket. No Director url has been specified';
+        return;
+    }
+
+    if ([string]::IsNullOrEmpty($ApiKey)) {
+        Write-Host 'Unable to fetch host ticket. No API key has been specified';
+        return;
+    }
+
+    [string]$url = Join-WebPath -Path $DirectorUrl -ChildPath ([string]::Format('/self-service/ticket?key={0}', $ApiKey));
+
+    $response = Invoke-WebRequest -Uri $url -UseBasicParsing -Headers @{ 'accept' = 'application/json'; 'X-Director-Accept' = 'application/json' } -Method 'POST';
+
+    if ($response.StatusCode -ne 200) {
+        throw $response.Content;
+    }
+
+    $JsonContent = ConvertFrom-Json -InputObject $response.Content;
+
+    return $JsonContent;
+}
--- a/lib/apis/Register-IcingaDirectorSelfServiceHost.psm1
+++ b/lib/apis/Register-IcingaDirectorSelfServiceHost.psm1
@ -20,7 +20,7 @@ function Register-IcingaDirectorSelfServiceHost()

    $ProgressPreference = "SilentlyContinue";

-    $EndpointUrl = [string]::Format('{0}/self-service/register-host?name={1}&key={2}', $DirectorUrl, $Hostname, $ApiKey);
+    $EndpointUrl = Join-WebPath -Path $DirectorUrl -ChildPath ([string]::Format('/self-service/register-host?name={0}&key={1}', $Hostname, $ApiKey));

    $response = Invoke-WebRequest -Uri $EndpointUrl -UseBasicParsing -Headers @{ 'accept' = 'application/json'; 'X-Director-Accept' = 'application/json' } -Method 'POST';

@ -31,8 +31,14 @@ function Register-IcingaDirectorSelfServiceHost()
    $JsonContent = ConvertFrom-Json -InputObject $response.Content;

    if (Test-PSCustomObjectMember -PSObject $JsonContent -Name 'error') {
+        if ($JsonContent.error -like '*already been registered*') {
+            return $null;
+        }
+
        throw 'Icinga Director Self-Service has thrown an error: ' + $JsonContent.error;
    }

+    Set-IcingaPowerShellConfig -Path 'IcingaDirector.SelfService.ApiKey' -Value $JsonContent;
+
    return $JsonContent;
 }
--- a/lib/core/framework/Install-IcingaFrameworkService.psm1
+++ b/lib/core/framework/Install-IcingaFrameworkService.psm1
@ -6,6 +6,11 @@ function Install-IcingaFrameworkService()
        [SecureString]$Password
    );

+    if ([string]::IsNullOrEmpty($Path)) {
+        Write-Host 'No path specified for Framework service. Service will not be installed';
+        return;
+    }
+
    if ((Test-Path $Path) -eq $FALSE) {
        throw 'Please specify the path directly to the service binary';
    }
--- a/lib/core/icingaagent/misc/Convert-IcingaDirectorSelfServiceArguments.psm1
+++ b/lib/core/icingaagent/misc/Convert-IcingaDirectorSelfServiceArguments.psm1
@ -0,0 +1,64 @@
+function Convert-IcingaDirectorSelfServiceArguments()
+{
+    param(
+        $JsonInput
+    );
+
+    if ($null -eq $JsonInput) {
+        return @{};
+    }
+
+    [hashtable]$DirectorArguments = @{
+        PackageSource       = $JsonInput.download_url;
+        AgentVersion        = $JsonInput.agent_version;
+        CAPort              = $JsonInput.agent_listen_port;
+        AllowVersionChanges = $JsonInput.allow_updates;
+        GlobalZones         = $JsonInput.global_zones;
+        ParentZone          = $JsonInput.parent_zone;
+        CAEndpoint          = $JsonInput.ca_server;
+        Endpoints           = $JsonInput.parent_endpoints;
+        AddFirewallRule     = $JsonInput.agent_add_firewall_rule;
+        AcceptConnections   = $JsonInput.agent_add_firewall_rule;
+        #ServiceUser         = $JsonInput.service_user; # This is yet missing within the Icinga Director API
+        ServiceUser         = 'NT Authority\NetworkService';
+        UpdateAgent         = $TRUE;
+        AddDirectorGlobal   = $FALSE;
+        AddGlobalTemplates  = $FALSE;
+        RunInstaller        = $TRUE;
+    };
+
+    if ($JsonInput.transform_hostname -eq 1) {
+        $DirectorArguments.Add(
+            'LowerCase', $TRUE
+        );
+    }
+
+    if ($JsonInput.transform_hostname -eq 2) {
+        $DirectorArguments.Add(
+            'UpperCase', $TRUE
+        );
+    }
+
+    if ($JsonInput.fetch_agent_fqdn) {
+        $DirectorArguments.Add(
+            'AutoUseFQDN', $TRUE
+        );
+    } elseif ($JsonInput.fetch_agent_name) {
+        $DirectorArguments.Add(
+            'AutoUseHostname', $TRUE
+        );
+    }
+
+    $NetworkDefault = '';
+    foreach ($Endpoint in $JsonInput.parent_endpoints) {
+        $NetworkDefault += [string]::Format('[{0}]:{1},', $Endpoint, $JsonInput.agent_listen_port);
+    }
+    if ([string]::IsNullOrEmpty($NetworkDefault) -eq $FALSE) {
+        $NetworkDefault = $NetworkDefault.Substring(0, $NetworkDefault.Length - 1);
+        $DirectorArguments.Add(
+            'EndpointConnections', $NetworkDefault
+        );
+    }
+
+    return $DirectorArguments;
+}
--- a/lib/core/icingaagent/misc/Start-IcingaAgentDirectorWizard.psm1
+++ b/lib/core/icingaagent/misc/Start-IcingaAgentDirectorWizard.psm1
@ -0,0 +1,127 @@
+function Start-IcingaAgentDirectorWizard()
+{
+    param(
+        [string]$DirectorUrl,
+        [string]$SelfServiceAPIKey,
+        $OverrideDirectorVars      = $null,
+        $InstallFrameworkService   = $null,
+        $ServiceDirectory          = $null,
+        $ServiceBin                = $null,
+        [bool]$RunInstaller        = $FALSE
+    );
+
+    if ([string]::IsNullOrEmpty($DirectorUrl)) {
+        $DirectorUrl = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please specify the Url pointing to your Icinga Director' -Default 'v').answer;
+    }
+
+    [bool]$HostKnown      = $FALSE;
+    [string]$TemplateKey = $SelfServiceAPIKey;
+
+    if ($null -eq $OverrideDirectorVars) {
+        if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to manually override arguments provided by the Director API?' -Default 'n').result -eq 0) {
+            $OverrideDirectorVars = $TRUE;
+        } else{
+            $OverrideDirectorVars = $FALSE;
+        }
+    }
+
+    $SelfServiceAPIKey = Get-IcingaPowerShellConfig -Path 'IcingaDirector.SelfService.ApiKey';
+    if ([string]::IsNullOrEmpty($SelfServiceAPIKey)) {
+        $LegacyTokenPath = Join-Path -Path Get-IcingaAgentConfigDirectory -ChildPath 'icingadirector.token';
+        if (Test-Path $LegacyTokenPath) {
+            $SelfServiceAPIKey =  Get-Content -Path $LegacyTokenPath;
+            Set-IcingaPowerShellConfig -Path 'IcingaDirector.SelfService.ApiKey' -Value $SelfServiceAPIKey;
+        }
+    }
+
+    if ([string]::IsNullOrEmpty($SelfServiceAPIKey)) {
+        $SelfServiceAPIKey = (Get-IcingaAgentInstallerAnswerInput -Prompt 'Please enter your Self-Service API key' -Default 'v').answer;
+    } else {
+        $HostKnown = $TRUE;
+    }
+
+    $Arguments = Get-IcingaDirectorSelfServiceConfig -DirectorUrl $DirectorUrl -ApiKey $SelfServiceAPIKey;
+    $Arguments = Convert-IcingaDirectorSelfServiceArguments -JsonInput $Arguments;
+
+    if ($OverrideDirectorVars -eq $TRUE) {
+        $NewArguments = Start-IcingaDirectorAPIArgumentOverride -Arguments $Arguments;
+        $Arguments = $NewArguments;
+    }
+
+    if ($HostKnown -eq $FALSE) {
+        Write-Host $SelfServiceAPIKey;
+        Write-Host (Get-IcingaHostname @Arguments);
+        Write-Host $DirectorUrl;
+        $SelfServiceAPIKey = Register-IcingaDirectorSelfServiceHost -DirectorUrl $DirectorUrl -ApiKey $SelfServiceAPIKey -Hostname (Get-IcingaHostname @Arguments);
+
+        # Host is already registered
+        if ($null -eq $SelfServiceAPIKey) {
+            Write-Host 'The wizard is unable to complete as this host is already registered but the local API key is not stored within the config'
+            return;
+        }
+
+        $Arguments = Get-IcingaDirectorSelfServiceConfig -DirectorUrl $DirectorUrl -ApiKey $SelfServiceAPIKey;
+        $Arguments = Convert-IcingaDirectorSelfServiceArguments -JsonInput $Arguments;
+        if ($OverrideDirectorVars -eq $TRUE) {
+            $NewArguments = Start-IcingaDirectorAPIArgumentOverride -Arguments $Arguments;
+            $Arguments = $NewArguments;
+        }
+    }
+
+    $Arguments.Add(
+        'UseDirectorSelfService', $TRUE
+    );
+    $Arguments.Add(
+        'OverrideDirectorVars', $FALSE
+    );
+    $Arguments.Add(
+        'DirectorUrl', $DirectorUrl
+    );
+    $Arguments.Add(
+        'SelfServiceAPIKey', $TemplateKey
+    );
+    $Arguments.Add(
+        'SkipDirectorQuestion', $TRUE
+    );
+    $Arguments.Add(
+        'InstallFrameworkService', $InstallFrameworkService
+    );
+    $Arguments.Add(
+        'ServiceDirectory', $ServiceDirectory
+    );
+    $Arguments.Add(
+        'ServiceBin', $ServiceBin
+    );
+    $Arguments.Add(
+        'ProvidedArgs', $Arguments
+    );
+
+    if ($RunInstaller) {
+        Start-IcingaAgentInstallWizard @Arguments;
+        return;
+    }
+
+    if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'The Director wizard is complete. Do you want to start the installation now?' -Default 'y').result -eq 1) {
+        Start-IcingaAgentInstallWizard @Arguments;
+    }
+}
+
+function Start-IcingaDirectorAPIArgumentOverride()
+{
+    param(
+        $Arguments
+    );
+
+    $NewArguments = @{};
+    Write-Host 'Please follow the wizard and manually override all entries you intend to';
+    Write-Host '====';
+
+    foreach ($entry in $Arguments.Keys) {
+        $value = (Get-IcingaAgentInstallerAnswerInput -Prompt ([string]::Format('Please enter the new value for the argument "{0}"', $entry)) -Default 'v' -DefaultInput $Arguments[$entry]).answer;
+        $NewArguments.Add($entry, $value);
+    }
+
+    return $NewArguments;
+}
+
+Export-ModuleMember -Function @( 'Start-IcingaAgentDirectorWizard' );
--- a/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1
+++ b/lib/core/icingaagent/misc/Start-IcingaAgentInstallWizard.psm1
@ -28,12 +28,41 @@ function Start-IcingaAgentInstallWizard()
        $InstallFrameworkService     = $null,
        $FrameworkServiceUrl         = $null,
        $ServiceDirectory            = $null,
-        $ServiceBin                  = $null
+        $ServiceBin                  = $null,
+        $UseDirectorSelfService      = $null,
+        [bool]$SkipDirectorQuestion  = $FALSE,
+        [string]$DirectorUrl,
+        [string]$SelfServiceAPIKey,
+        $OverrideDirectorVars        = $null,
+        [hashtable]$ProvidedArgs     = @{}
    );

    [array]$InstallerArguments = @();
    [array]$GlobalZoneConfig   = @();

+    if ($SkipDirectorQuestion -eq $FALSE) {
+        if ($null -eq $UseDirectorSelfService) {
+            if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to use the Icinga Director Self-Service API?' -Default 'y').result -eq 1) {
+                $UseDirectorSelfService = $TRUE;
+            } else {
+                $UseDirectorSelfService = $FALSE;
+                $InstallerArguments += '-UseDirectorSelfService 0';
+            }
+        }
+        if ($UseDirectorSelfService) {
+            $InstallerArguments += '-UseDirectorSelfService 1';
+            Start-IcingaAgentDirectorWizard `
+                -DirectorUrl $DirectorUrl `
+                -SelfServiceAPIKey $SelfServiceAPIKey `
+                -OverrideDirectorVars $OverrideDirectorVars `
+                -InstallFrameworkService $InstallFrameworkService `
+                -ServiceDirectory $ServiceDirectory `
+                -ServiceBin $ServiceBin `
+                -RunInstaller $RunInstaller;
+            return;
+        }
+    }
+
    if ([string]::IsNullOrEmpty($Hostname) -And $AutoUseFQDN -eq $FALSE -And $AutoUseHostname -eq $FALSE) {
        if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to manually specify a hostname?' -Default 'n').result -eq 1) {
            if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to automatically fetch the hostname with its FQDN?' -Default 'y').result -eq 1) {
@ -261,27 +290,87 @@ function Start-IcingaAgentInstallWizard()
            $InstallerArguments += [string]::Format("-ServiceDirectory '{0}'", $result.ServiceDirectory);
            $InstallerArguments += [string]::Format("-ServiceBin '{0}'", $result.ServiceBin);
            $ServiceBin = $result.ServiceBin;
+        } else {
+            $InstallerArguments += "-InstallFrameworkService 0";
        }
    } elseif ($InstallFrameworkService -eq $TRUE) {
        $result     = Get-IcingaFrameworkServiceBinary -FrameworkServiceUrl $FrameworkServiceUrl -ServiceDirectory $ServiceDirectory;
        $ServiceBin = $result.ServiceBin;
+    } else {
+        $InstallerArguments += "-InstallFrameworkService 0";
    }

    if ($InstallerArguments.Count -ne 0) {
        $InstallerArguments += "-RunInstaller";
        Write-Host 'The wizard is complete. These are the configured settings:';
+
+        foreach ($entry in $ProvidedArgs.Keys) {
+            if ($entry -eq 'ProvidedArgs' -Or $entry -eq 'SkipDirectorQuestion') {
+                continue;
+            }
+
+            [bool]$SkipArgument = $FALSE;
+
+            if ($OverrideDirectorVars -eq $FALSE) {
+                switch ($entry) {
+                    'InstallFrameworkService' { break; };
+                    'FrameworkServiceUrl' { break; };
+                    'ServiceDirectory' { break; };
+                    'ServiceBin' { break; };
+                    'UseDirectorSelfService' { break; };
+                    'DirectorUrl' { break; };
+                    'SelfServiceAPIKey' { break; };
+                    'OverrideDirectorVars' { break; };
+                    Default {
+                        $SkipArgument = $TRUE;
+                        break;
+                    }
+                }
+
+                if ($SkipArgument) {
+                    continue;
+                }
+            }
+
+            [bool]$KnownArgument = $FALSE;
+            foreach ($item in $InstallerArguments) {
+                if ($item -like "-$entry *" -Or $item -eq "-$entry") {
+                    $KnownArgument = $TRUE;
+                    break;
+                }
+            }
+
+            if ($KnownArgument) {
+                continue;
+            }
+
+            $Value = $ProvidedArgs[$entry];
+            if ($Value -is [System.Object]) {
+                $Value = [string]::Join(',', $Value);
+            }
+
+            if ($OverrideDirectorVars -eq $FALSE) {
+                #$ClearedArguments += [string]::Format("-{0} '{1}'", $entry, $Value);
+                #continue;
+            }
+
+            $InstallerArguments += [string]::Format("-{0} '{1}'", $entry, $Value);
+        }
+
        Write-Host ($InstallerArguments | Out-String);

-        if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Is this configuration correct?' -Default 'y').result -eq 1) {
-            if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to run the installer now? (Otherwise only the configration command will be printed)' -Default 'y').result -eq 1) {
-                Write-Host 'To execute your Icinga Agent installation based on your answers again on this or another machine, simply run this command:'
+        if (-Not $RunInstaller) {
+            if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Is this configuration correct?' -Default 'y').result -eq 1) {
+                if ((Get-IcingaAgentInstallerAnswerInput -Prompt 'Do you want to run the installer now? (Otherwise only the configration command will be printed)' -Default 'y').result -eq 1) {
+                    Write-Host 'To execute your Icinga Agent installation based on your answers again on this or another machine, simply run this command:'

-                $RunInstaller = $TRUE;
+                    $RunInstaller = $TRUE;
+                } else {
+                    Write-Host 'To execute your Icinga Agent installation based on your answers, simply run this command:'
+                }
            } else {
-                Write-Host 'To execute your Icinga Agent installation based on your answers, simply run this command:'
+                Write-Host 'Please run the wizard again to modify your answers or modify the command below:'
            }
-        } else {
-            Write-Host 'Please run the wizard again to modify your answers or modify the command below:'
        }
        Get-IcingaAgentInstallCommand -InstallerArguments $InstallerArguments -PrintConsole;
    }
@ -289,8 +378,8 @@ function Start-IcingaAgentInstallWizard()
    if ($RunInstaller) {
        if ((Install-IcingaAgent -Version $AgentVersion -Source $PackageSource -AllowUpdates $AllowVersionChanges) -Or $Reconfigure) {
            Move-IcingaAgentDefaultConfig;
-            Set-IcingaAgentServiceUser -User $ServiceUser -Password $ServicePass;
-            Set-IcingaAgentServicePermission;
+            Set-IcingaAgentServiceUser -User $ServiceUser -Password $ServicePass | Out-Null;
+            Set-IcingaAgentServicePermission | Out-Null;
            Set-IcingaAcl "$Env:ProgramData\icinga2\etc";
            Set-IcingaAcl "$Env:ProgramData\icinga2\var";
            Set-IcingaAcl (Get-IcingaCacheDir);