Whats the best way for Icinga2 Agent Deployment for Windows?

Hello everyone,
I am working on the topic of providing Icinga2 via a suitable deployment variant in our environment. However, the choice of options is very limited and for Windows it seems to be the best method to use the icinga2 powershell module.
However, there are some problems that prevent automated deployment.
My current source code looks like this:

#Configure Icinga2 Agent with Powershell-Module
$VarAgentName = [System.Net.Dns]::Resolve($null).HostName

#Import-Module $FileLocationModule
$icinga = Icinga2AgentModule -InstallAgentVersion '2.14.0'
-AgentName ‘$VarAgentName’ -Ticket 'XXXXXXXXXXXXX'
-ParentZone ‘master’ -ParentEndpoints 'xxx.masterfqdn' -EndpointsConfig 'xxx.masterip;5665'
-CAServer ‘xxx.masterfqdn’ `
exit $icinga.install();

1st problem, with

$VarAgentName = [System.Net.Dns]::Resolve($null).HostName

I would like to specify the agent FQDN directly as a value.
Unfortunately, this does not work as it then enters the variable name instead of the value in the config files after installation.

2nd problem, how can I best handle the step with the ticket authentication? I know that you either verify the agent with a ticket during installation or authenticate the agent later on the master. In both cases, however, a manual step is necessary on the master, which I would like to avoid.

If you have any suggestions, please post them.

Additional Information:
Our icinga Environemnt a master → agent Infrastructure. We dont use satelites.

1. you have to remove the apostrophe for the $VarAgentName in the command
2. I use the icinga console to generate a install command json:
   Installation with IMC - Icinga for Windows
   and to get the framework working I used the kickstarter script
   https://icinga.com/docs/icinga-for-windows/latest/doc/950-Deprecated/01-Kickstart-Script/
   which is deprecated, so this is the way to go:
   https://packages.icinga.com/IcingaForWindows/IcingaForWindows.ps1
   Getting Started - Icinga for Windows

the powershell framework can do everything including talking to icinga director, is you use that, to get a ticket and to start the signing process

I provided the following for a first run script for VM images.

[Net.ServicePointManager]::SecurityProtocol = 'tls12, tls11';
$ProgressPreference                         = 'SilentlyContinue';
[string]$ScriptFile                         = 'C:\Users\Public\IcingaForWindows.ps1';
Invoke-WebRequest `
    -UseBasicParsing `
    -Uri 'https://packages.icinga.com/IcingaForWindows/IcingaForWindows.ps1' `
    -OutFile $ScriptFile;
& $ScriptFile `
    -ModuleDirectory 'C:\Program Files\WindowsPowerShell\Modules\' `
    -InstallCommand '{"IfW-DirectorSelfServiceKey":{"Values":["KEY von der HOST-Template"]},"IfW-DirectorUrl":{"Values":["https://icinga.example.com/icingaweb2/director/"]}, "IfW-CAServer":{"Values":["icticingalp04.example.com"]}
}'; 
Expand-Archive -Force -LiteralPath 'linuxfabrik-monitoring-plugins-2022072001.zip' -DestinationPath c:/programdata/icinga2/usr/lib64/nagios/plugins/

And for existing hosts I use the Ansible icinga2_agent role from the Linuxfabrik’s LFOps Collection.

Many thanks for your both answers.
@moreamazingnick
Thanks for the tip with the Abostroph. Without the Abostroph it has now written the correct value in the Configs.
As you said, i just tested the Icinga Installation with IMC via. Powershell-Framework and it works pretty well in my environment. Thanks for your help.

@rivad
When I use your script and adjust the parameters key, URL and CA server I get a series of error messages that the script cannot be executed correctly. We also do not have icinga Director.
Can the script be used in our environment at all?

Well, not with the IfW-DirectorSelfServiceKey as this value is generated by utilizing a self service tab on a icinga director host template.

Maybe you can find a collegue with PowerShell knowledge?

Update: The installation with the icinga framework has worked.
My current Script:

[Net.ServicePointManager]::SecurityProtocol = 'tls12, tls11';
$ProgressPreference                         = 'SilentlyContinue';
[string]$ScriptFile                         = 'C:\Users\Public\IcingaForWindows.ps1';

Invoke-WebRequest `
    -UseBasicParsing `
    -Uri 'https://packages.icinga.com/IcingaForWindows/IcingaForWindows.ps1' `
    -OutFile $ScriptFile;

& $ScriptFile `
    -ModuleDirectory 'C:\Program Files\WindowsPowerShell\Modules\' `
    -InstallCommand '{"IfW-AgentVersion":{"Values":["2.14.0"]},
                    "IfW-ParentAddress":{"Values":{"MasterFQDN":["IP"]}},
                    "IfW-Hostname":{"Selection":"0"},
                    "IfW-Certificate":{"Selection":"1"},
                    "IfW-ParentZone":{"Values":["master"]},
                    "IfW-WindowsFirewall":{"Selection":"0"},
                    "IfW-Ticket":{"Values":["AgentTicket"]},
                    "IfW-Connection":{"Selection":"1"},
                    "IfW-ParentNodes":{"Values":["MasterFQDN"]}}';

I have one more question about the certification process:
The framework offers following opportunities to choose:

Whats the best way for an automation Installation without manually interaction?

It depends on your automation workflow.
Maybe ordering a ticket and then supplying it later to the IfW install command?

Were deploying our Infrastructure via. Terraform & SaltStack.
The icinga Installation (for Windows VM’s) beginns after Terraform-Code has been applied.
If I have to generate a ticket on the master and specify this in the script during the agent installation, then this contradicts an automated installation, as manual intervention is necessary before the installation, which is exactly what I want to prevent.
I could build an SSH connection to the master into my script, which creates the ticket on the master before the agent installation and transfers it to the installation, but that would probably not be the cleanest solution.

I don’t know SaltStack but I doubt, it will be difficult to fire a REST call to the Icinga2 API to get the ticket to then later insert it into the IwF install command.