forked from glennsarti/dev-tools
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config-pe-client-tools.ps1
170 lines (145 loc) · 5.66 KB
/
config-pe-client-tools.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
[CmdletBinding()]
param(
[Parameter(Mandatory = $false)]
[String]$PuppetMaster = ''
)
$ErrorActionPreference = 'Stop'
$userDir = Join-Path -Path $ENV:USERPROFILE -ChildPath '.puppetlabs'
$userClientToolsDir = Join-Path -Path $userDir -ChildPath 'client-tools'
$tokenFile = Join-Path -Path $userDir -ChildPath 'token'
$certsDir = Join-Path -Path $ENV:ALLUSERSPROFILE -ChildPath 'PuppetLabs\puppet\etc\ssl\certs'
## DANGER - Major hack
Add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class IDontCarePolicy : ICertificatePolicy {
public IDontCarePolicy() {}
public bool CheckValidationResult(
ServicePoint sPoint, X509Certificate cert,
WebRequest wRequest, int certProb) {
return true;
}
}
"@
Function Invoke-ShowConfiguration() {
Write-Host ""
Write-Host "Gathering information from the PE Client Tools configuration..."
if (-not (Test-Path -Path $userDir)) {
Write-Warning "The PuppetLabs user directory is missing. Expected to find '$$userDir'"
}
if (Test-Path -Path $tokenFile) {
$fileInfo = Get-Item -Path $tokenFile
Write-Host "Token file was last updated $($fileInfo.LastWriteTime)" -Foreground Green
} else {
Write-Warning "A token file from the Puppet RBAC service is expected at '$tokenFile'"
}
# Check config Files
'puppet-code.conf','puppetdb.conf','puppet-access.conf','orchestrator.conf' | % {
$filepath = Join-Path -Path $userClientToolsDir -ChildPath $_
if (Test-Path -Path $filePath) {
Write-Host "PE Client Tools configuration file '$_'" -Foreground Green
Get-Content -Path $filePath
} else {
Write-Warning "Missing configuration file '$filepath'"
}
}
}
Function Invoke-QuickConfig($puppetMaster = '') {
Write-Host "Creating required directories..."
# Quick hack but it works ...
if (-Not (Test-Path -Path $certsDir)) {
(& cmd /c md "`"$certsDir`"") | Out-Null
}
if (-Not (Test-Path -Path $userClientToolsDir)) {
(& cmd /c md "`"$userClientToolsDir`"") | Out-Null
}
if ($puppetMaster -eq '') {
$puppetMaster = Read-Host "Enter Puppet Master name"
}
# Sanity Check - Resolve by name
try {
Write-Host "Attempting to resolve $puppetMaster ..."
$result = [System.Net.Dns]::gethostentry($puppetMaster)
Write-Host "$puppetMaster has resolved to IP $($result.AddressList)"
} catch {
Write-Warning "Unable to resolve $puppetMaster by name"
return
}
# Get the master certificate...
$caCertFile = Join-Path -Path $certsDir -ChildPath 'ca.pem'
if (Test-Path -Path $caCertFile) {
Write-Host "Removing previous CA Master certificate..."
Remove-Item -Path $caCertFile -Force -Confirm:$false | Out-Null
}
try {
[System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy
Write-Host "Fetching the CA Master certificate ..."
$wc = New-Object System.Net.WebClient
$wc.DownloadFile("https://$($puppetMaster):8140/puppet-ca/v1/certificate/ca",$caCertFile)
} catch {
Write-Warning "Error from $PuppetMaster was $_"
return
}
# [System.Net.ServicePointManager]::CertificatePolicy = new-object IDontCarePolicy
# Write-Host "Fetching the CA Master certificate ..."
# $response = Invoke-WebRequest -URI "https://$($puppetMaster):8140/puppet-ca/v1/certificate/ca" -UseBasicParsing
# if ($response.StatusCode -ne 200) { Write-Warning "Response code $($response.StatusCode) from Puppet Master was not OK."; return }
# $response.Content | Out-File -FilePath $caCertFile -Encoding "ASCII"
Write-Host "Writing config files with defaults..."
# Write the config files
@"
{
"service-url": "https://$($puppetMaster):4433/rbac-api"
}
"@ | Out-File -FilePath (Join-Path -Path $userClientToolsDir -ChildPath 'puppet-access.conf') -Encoding "ASCII"
@"
{
"options" : {
"service-url": "https://$($puppetMaster):8143"
}
}
"@ | Out-File -FilePath (Join-Path -Path $userClientToolsDir -ChildPath 'orchestrator.conf') -Encoding "ASCII"
@"
{
"service-url": "https://$($puppetMaster):8170/code-manager"
}
"@ | Out-File -FilePath (Join-Path -Path $userClientToolsDir -ChildPath 'puppet-code.conf') -Encoding "ASCII"
@"
{
"puppetdb": {
"server_urls": "https://$($puppetMaster):8081",
"cacert": "$($caCertFile -replace '\\','\\')"
}
}
"@ | Out-File -FilePath (Join-Path -Path $userClientToolsDir -ChildPath 'puppetdb.conf') -Encoding "ASCII"
Write-Host "Quick configuration completed!"
Invoke-ShowConfiguration
}
# Main
Write-Host "PE Client Tools Helper"
Write-Host "----------------------"
$PEClientToolsPath = 'C:\Program Files\Puppet Labs\Client'
$PEClientToolsBinPath = "$($PEClientToolsPath)\bin"
If (-not (Test-Path -Path $PEClientToolsBinPath)) {
Write-Warning "Could not locate the PE Client Tools at '$($PEClientToolsPath)'"
return
}
if ($PuppetMaster -eq '') {
$validOptions = @('1','2','3')
# Show Menu
Write-Host '1. Start the PE Client Tools Shell'
Write-Host '2. Show current PE Client Tool configuration'
Write-Host '3. Quick config PE Client Tools'
Write-Host ''
do {
$option = Read-Host -Prompt "Enter select ($($validOptions -join ','))"
} until ($validOptions -contains $option)
switch ($option) {
'1' { Start-Process -FilePath "cmd.exe" -Argument @('/k',"`"$($PEClientToolsBinPath)\pe_client_shell.bat`"") | Out-Null }
'2' { Invoke-ShowConfiguration }
'3' { Invoke-QuickConfig }
}
} else {
Write-Host "Running quick config for puppet master $PuppetMaster"
Invoke-QuickConfig -PuppetMaster $PuppetMaster
}