-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathdeploy_monitor.ps1
253 lines (225 loc) · 9.84 KB
/
deploy_monitor.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
# (c) Copyright 2022 HP Development Company, L.P.
#
# This source code is licensed under the MIT license found in the
# LICENSE file in the root directory of this source tree.
# This script automatically install and register the Monitor to the AWM Manager
# This script must be run locally and it only works in Windows Hosts.
# This script must be with administrator privileges
# Once the script execution completes, the Monitor will be installed and the Host should be
# displayed as 'Healthy' in the Manager Admin UI.
#
# .\deploy_monitor.ps1 -config_file <json file> -monitor_hostname <ip or fqdn> -manager_url <AWM manager URL>
#
# e.g.:
# PS C:\> .\deploy_monitor.ps1 -config_file file.json -monitor_hostname 'hostname.domain.local' -manager_url https://cas-staging.teradici.com
#
# Additionally the -ignore_cert parameter could be added to skip certificate validation in case of self signed domains
# the config file can be downloaded in the deployment service account tab when editing the current deployment
# Config file example:
#
# {
# "keyId":"6356ebcatyuk962b82460dd1",
# "username":"6356ebjyt2b82460dd1",
# "apiKey":"any_apikey",
# "deploymentId":"6356ebab6c0ddfc771d7d412",
# "keyName":"accountName",
# "tenantId":"6356sdafww6f096c92c460da1"
# }
#
# HP recommends customers investigate their own secure password storage
# solutions and to not leave passwords stored in a plaintext file. This
# script can be modified by the customer to retrieve passwords from
# secure locations. If using this script without modifications, please
# make sure to restrict read access permissions to the JSON config file
# that holds the Manager password.
new-module -name deploy_monitor -scriptblock {
Function Deploy {
param(
[Parameter(Mandatory = $true)]
[string]$config_file,
[Parameter(Mandatory = $true)]
[string]$monitor_machine_name,
[Parameter(Mandatory = $true)]
[string]$manager_url,
[Parameter()]
[switch]$ignore_cert = $false,
[Parameter()]
[ValidateSet("stable", "beta", "dev")]
[string]$channel = "stable"
)
if (-not ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)) {
Write-Host "This script must be run as an administrator. Please run PowerShell as an administrator and try again."
exit 1
}
$settings = ConvertFrom-Json (Get-Content $config_file -Raw)
$username = $settings.username
$apiKey = $settings.apiKey
$deploymentId = $settings.deploymentId
$tenantId = $settings.tenantId
Function setSSLPolicy() {
if ($ignore_cert) {
"###############################################################################"
"WARNING: Ignorning certificate validation to allow self-signed certificates."
"###############################################################################"
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllMonitorCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllMonitorCertsPolicy
}
}
Function MakeRequest {
param(
[Parameter(Mandatory = $true)] [string]$reqUrl,
[Parameter(Mandatory = $true)] [string]$method,
[string]$body,
[string]$token
)
$headers = @{}
$headers.Add("Accept", "*/*")
$headers.Add("Content-Type", "application/json")
if ($token) {
$headers.Add("Authorization", $token)
}
$params = @{
Uri = $reqUrl
Method = $method
Headers = $headers
}
if (!$body) {
$params.Add("Body", $null)
}
else {
$params.Add("Body", $body)
}
try {
$response = Invoke-RestMethod @params
return $response | ConvertTo-Json
}
catch {
$errorMessage = $_.Exception
Write-Host "ERROR: Failed to request $reqUrl with error $errorMessage."
exit
}
}
Function SignIn {
Write-Host "--> Logging into HP Anyware Manager at $manager_url."
$reqUrl = $manager_url + "/api/v1/auth/signin"
$method = "POST"
$body = @{
username = $username
password = $apiKey
tenantId = $tenantId
} | ConvertTo-Json
$response = MakeRequest $reqUrl $method $body $token | ConvertFrom-Json
$token = $response.data.token
if (!$token) {
Write-Host "ERROR: Failed to get token."
exit
}
Write-Host "--> Authenticated."
return $token
}
Function GetMachineId([string] $token) {
Write-Host "--> Getting machine $monitor_machine_name id."
$reqUrl = $manager_url + "/api/v1/machines?machineName=$monitor_machine_name"
$method = "Get"
$response = MakeRequest $reqUrl $method $body $token | ConvertFrom-Json
$machineId = $response.data.machineId
if (!$machineId) {
Write-Host "ERROR: Could not find Machine ID of hostname $monitor_machine_name."
exit
}
Write-Host "--> Sucessfully obtained machine id."
return $machineId
}
Function EnableMonitor([string] $machineId, [string] $token) {
Write-Host "--> Enabling monitor for machine $monitor_machine_name."
$reqUrl = $manager_url + "/api/v1/machines/$machineId"
$body = @{
agentMonitored = $true
} | ConvertTo-Json
$method = "PUT"
$response = MakeRequest $reqUrl $method $body $token | ConvertFrom-Json
Write-Host "--> Monitor Enabled for machine $monitor_machine_name."
}
Function GetMonitorAPIToken([string] $machineId, [string] $token) {
Write-Host "--> Getting monitor API token."
$reqUrl = $manager_url + "/api/v1/auth/tokens/agent"
$body = @{
deploymentId = $deploymentId
machineId = $machineId
} | ConvertTo-Json
$method = "POST"
$response = $response = MakeRequest $reqUrl $method $body $token | ConvertFrom-Json
$monitorToken = $response.data.token
if (!$monitorToken) {
Write-Host "ERROR: Could not get monitor API token."
exit
}
Write-Host "--> Token Obtained"
return $monitorToken
}
Function InstallMonitor([string] $monitorToken, [string] $cloudsmithToken) {
Write-Host "--> Starting monitor installation script."
$channelUrls = @{
"stable" = "https://dl.teradici.com/$cloudsmithToken/anyware-manager/raw/names/anyware-monitor-ps1/versions/latest/anyware-monitor.ps1"
"beta" = "https://dl.teradici.com/$cloudsmithToken/anyware-manager-beta/raw/names/anyware-monitor-ps1/versions/latest/anyware-monitor.ps1"
"dev" = "https://dl.teradici.com/$cloudsmithToken/anyware-manager-dev/raw/names/anyware-monitor-ps1/versions/latest/anyware-monitor.ps1"
}
$monitorSetupUrl = $channelUrls[$channel]
$params = @{
manager_uri = $manager_url
token = $monitorToken
download_token = $cloudsmithToken
channel = $channel
use_download_timeout = 0
}
if ($ignore_cert) {
$params.Add("ignore_cert", 1)
}
.{ Invoke-WebRequest -useb $monitorSetupUrl } | Invoke-Expression; install @params
}
Function GetCloudsmithToken {
param(
[Parameter(Mandatory=$true)] [string] $deploymentId,
[Parameter(Mandatory=$true)] [string] $channel,
[Parameter(Mandatory=$true)] [string] $manager_url,
[Parameter(Mandatory=$true)] [string] $token
)
$channelRepo = @{
"stable" = "anyware-manager"
"beta" = "anyware-manager-beta"
"dev" = "anyware-manager-dev"
}[$channel]
$reqUrl = $manager_url + "/api/v1/deployments/${deploymentId}/downloadTokens/${channelRepo}"
$method = "GET"
$response = MakeRequest $reqUrl $method $null $token | ConvertFrom-Json
$cloudsmithToken = $response.data.downloadToken
if (!$cloudsmithToken) {
Write-Host "ERROR: Failed to get Cloudsmith token."
exit
}
return $cloudsmithToken
}
Function Pipeline {
Write-Host "--> Starting Deploying process for monitor $monitor_machine_name."
setSSLPolicy
$token = SignIn
$machineId = GetMachineId($token)
EnableMonitor $machineId $token
$monitorToken = GetMonitorAPIToken $machineId $token
$cloudsmithToken = GetCloudsmithToken $deploymentId $channel $manager_url $token
InstallMonitor $monitorToken $cloudsmithToken
}
Pipeline
}
export-modulemember -function "Deploy" -alias "deploy"
}