Icinga for Windows: How to enable features during unattended automated install?

skupjoe · December 14, 2022, 10:02pm

I am attempting to use Icinga for Windows + Icinga Driector self service API to deploy and register our agents on Windows endpoints in a single command.

After a lot of playing in the Icinga Powershell Framework module, I was able to find almost the complete set of values to pass to the InstallCommand argument, except for how to enable the Checker feature during install.

After installation, I’m finding that I need to manually enable this feature via cli call and restart the agent to get checks to work. But I am trying to achieve as much of an automated/unattended installation as possible. Does anybody know what value to pass to enable this feature during installation?

Here is my code:

[Net.ServicePointManager]::SecurityProtocol = 'tls12, tls11';
$ProgressPreference                         = 'SilentlyContinue';
[string]$ScriptFile                         = 'C:\Windows\Temp\IcingaForWindows.ps1';

Invoke-WebRequest `
    -UseBasicParsing `
    -Uri 'https://packages.icinga.com/IcingaForWindows/IcingaForWindows.ps1' `
    -OutFile $ScriptFile;

& $ScriptFile `
    -AllowUpdate `
    -ModuleDirectory 'C:\Program Files\WindowsPowerShell\Modules' `
    -InstallCommand '{"IfW-AgentDirectory":{"Values":["C:\\Program Files\\ICINGA2"]},"IfW-AgentUser":{"Values":["NT Authority\\NetworkService"]},"IfW-AgentVersion":{"Values":["release"]},"IfW-CAServer":{"Values":["<icinga_master>"]},"IfW-DirectorSelfServiceKey":{"Values":["<director_selfservice_key>"]},"IfW-DirectorUrl":{"Values":["https://<icinga_host>/icingaweb2/director"]},"IfW-ForceCertificateCreation":{"Selection":"0"},"IfW-GlobalZones":{"Selection":"0"},"IfW-Hostname":{"Selection":"1"},"IfW-InstallAgent":{"Selection":"0"},"IfW-InstallApiChecks":{"Selection":"1"},"IfW-InstallJEAProfile":{"Selection":"2"},"IfW-InstallPlugins":{"Selection":"0"},"IfW-InstallService":{"Selection":"0"},"IfW-ParentAddress":{"Values":{"<icinga_master>":<icinga_master>"]}},"IfW-ParentNodes":{"Values":["<icinga_master>"]},"IfW-ParentZone":{"Values":["<icinga_master>"]},"IfW-Port":{"Values":[5665]},"IfW-ServiceRecovery":{"Selection":"1"},"IfW-StableRepository":{"Values":["https://packages.icinga.com/IcingaForWindows/stable/ifw.repo.json"]},"IfW-WindowsFirewall":{"Selection":"0"},"IfW-WindowsServiceDirectory":{"Values":["C:\\Program Files\\icinga-framework-service"]}}'

Are all of the various InstallCommand values documented anywhere? Thanks in advance.

atj · January 17, 2023, 5:13pm

They don’t appear to be documented anywhere but grepping the icinga-powershell-framework repo for Set-Alias -Name 'IfW- gives the following:

$ grep -r "Set-Alias -Name 'IfW-" |awk '{ gsub(/\'/, "", $3); print $3 }' |sort |uniq
IfW-AgentDirectory
IfW-AgentUser
IfW-AgentVersion
IfW-CAFile
IfW-CAServer
IfW-Certificate
IfW-ConfigurationSummary
IfW-Connection
IfW-CustomHostname
IfW-CustomZones
IfW-DirectorRegisterHost
IfW-DirectorSelfServiceKey
IfW-DirectorUrl
IfW-FinishInstaller
IfW-ForceCertificateCreation
IfW-GlobalZones
IfW-Hostname
IfW-InstallAgent
IfW-InstallApiChecks
IfW-InstallJEAProfile
IfW-InstallPlugins
IfW-InstallService
IfW-ParentAddress
IfW-ParentNodes
IfW-ParentZone
IfW-PluginPackageSource
IfW-Port
IfW-ServicePassword
IfW-ServiceRecovery
IfW-StableRepository
IfW-Ticket
IfW-WindowsFirewall
IfW-WindowsServiceDirectory
IfW-WindowsServicePackageSource

The values of (some of) these attributes are stored in the Powershell configuration:

PS C:\Users\Administrator>  $config = Get-Content `
        -Path (Join-Path `
            -Path (Get-IcingaPowerShellConfigDir) -ChildPath "config.json" `
    ) | ConvertFrom-Json;

PS C:\Users\Administrator> $config.Framework.Config.Live | Get-Member -MemberType Properties | %{ $_.Name }
IfW-AgentDirectory
IfW-AgentUser
IfW-AgentVersion
IfW-CAServer
IfW-Certificate
IfW-CustomHostname
IfW-CustomZones
IfW-DirectorRegisterHost
IfW-DirectorSelfServiceKey
IfW-DirectorUrl
IfW-ForceCertificateCreation
IfW-GlobalZones
IfW-Hostname
IfW-InstallAgent
IfW-InstallApiChecks
IfW-InstallJEAProfile
IfW-InstallPlugins
IfW-InstallService
IfW-ParentNodes
IfW-ParentZone
IfW-Port
IfW-ServiceRecovery
IfW-StableRepository
IfW-Ticket
IfW-WindowsFirewall
IfW-WindowsServiceDirectory

atj · January 17, 2023, 5:21pm

For example, I managed to set a custom hostname when registering a host with the Director self-service API like so:

$InstallCommand = @{
    'IfW-DirectorUrl' = @{
        'Values' = ('https://icinga.example.com/icingaweb2/director');
    };
    'IfW-DirectorSelfServiceKey' = @{
        'Values' = ('xxxx');
    };
    'IfW-Hostname' = @{
        'Selection' = "6";
    };
    'IfW-CustomHostname' = @{
        'Values' = ('windows.example.com');
    };
}

Install-Icinga `
    -InstallCommand (ConvertTo-Json -InputObject $InstallCommand);

Note that I had to set the Selection property of the IfW-Hostname attribute to 6, which allows you to set a custom hostname:

github.com

Icinga/icinga-powershell-framework/blob/master/lib/core/installer/menu/installation/icinga/SelectHostname.psm1#L44-L48


      
          @{
              'Caption' = 'Set custom Hostname';
              'Command' = 'Show-IcingaForWindowsInstallationMenuEnterCustomHostname';
              'Help'    = 'Allows you to set a custom hostname';
          }

6 is the index of the relevant entry (starting from 0) in the argument to -Entries.

rivad · May 23, 2023, 3:24pm

This helped as I was missing IfW-CAServer - my main URL is behind a load balancer and thus the PKI auto signing failed but now it works!