Windows kickstart Powershell with local repo always tries to contact Internet

Service Monitoring
, ,
1

Hi,

I seem to be unable to install the stuff without internet connection as the script fails.

My setup:
I have an environment without internet, separated net segments (and a global DNS).
I mirrored Index of /IcingaForWindows to our Apache (http) and it is accessible from the client (I can download the kickstarter.zip manually).

I tried running the kickstarterscript on Windows according to tutorial: Getting Started - Icinga for Windows. I modified the starter like this:

[Net.ServicePointManager]::SecurityProtocol = 'tls12, tls11';
$ProgressPreference                         = 'SilentlyContinue';
[string]$ScriptFile                         = 'C:\Users\Public\IcingaForWindows.ps1';

Invoke-WebRequest `
    -UseBasicParsing `
    -Uri 'http://localserver/IcingaForWindows.ps1' `
    -OutFile $ScriptFile;

& $ScriptFile `
    -ModuleDirectory 'C:\Program Files\WindowsPowerShell\Modules\' `
    -IcingaRepository 'http://localserver/repositories/stable';

This fails with “Invalid JSON primitive”. I guess because it cannot find the ifw.repo.json.

If I do " -IcingaRepository ‘http://localserver/repositories/stable/ifw.repo.json’ (like the sample in the script itself); the script runs longer failing with “cannot download kickstart… from packages.icinga.com”. So it seems to work at first but then still tries to contact the Internet.
If I modify “Remotesource” in ifw.repo.json the script runs further, wizard starts, accepts the config but fails again later on, contacting packages.icinga.com.

Hijacking the packages.icinga.com is no option as we have multiple webservers, but only one DNS.

How is that supposed to work offline?

2

You should use powershell to sync your repo:

Sync-IcingaRepository -Name "Icinga Stable" -Path C:\TEMP\ -RemotePath "https://yourserver/stable" -Source https://packages.icinga.com/IcingaForWindows/stable/ifw.repo.json

3

Hi thanks for the reply.

My problem is: The only machine with access to packages.icinga.com is a highly secured RedHat (no powershell on this one), so even if that script modifies the respective files, it won’t help as the files will be copied over to different linux webservers (with different URLs) afterwards.

Question remains: Why is “-IcingaRepository” only honored at the beginning of the script but not, when the kickstarter-package is downloaded (wich is still part of the IcingaForWindows.ps1).
Is this a failure of the script or one of me?

I might have solved the issues of the (manually run) kickstarter-script itself, I’ll have to check some thoughts when having access to the system again.

4

Sorry for the late response on this. The problem is, that the ifw.repo.json contains the RemotePath on where to download the files from.
You have to update the ifw.repo.json file to replace https://packages.icinga.com/ with your own root folder of the installation.

5

Thanks for the reply anyway :slight_smile:
…It’s what I figured.
I now let the user that copies the repository to the different servers replace the entry in ifw.repo.json with a sed-command afterwards. That works and the secluded clients get their files and updates.

IMHO it still would be best if there will be a command switch overriding all references to the online repository with a custom set root folder on the client side, so I don’t have to change files on my servers every time I refresh the repository.