rjhornsby · March 14, 2023 17:33
diff --git a/cinc_bootstrap_win_client.ps1 b/cinc_bootstrap_win_client.ps1
 # do all the same stuff as the linux script, but do it stupider.
 #
 # powershell
 ## Bootstrap a windows node to sev1 chef
 # Requirements:
 #   - A validator key must be present on the target node at `c:/cinc/validator.pem`
 #     Your key can be found at by going to your vault /client/<your_client_id>/secret/chef/chef-server/validator"
 #
 # Usage:
 # Copy this script to your target and run it like so:
 # `$Env:http_proxy=http://user:pass@proxyserver:3128 cinc_boostrap_win_client.ps1`

 $BOOTSTRAP_URL="https://omnitruck.cinc.sh/install.ps1"
 $CHEF_ENVIRONMENT="hhs"
 $CHEF_ORG="sev1tech"
 $CINC_VERSION="17.10.0"
 $CLIENT_ID="hhs"
 $RUN_LIST="role[hhs_datadog]"
 $VALIDATOR_NAME="${CLIENT_ID}-validator"

 function bye() {
    param (
        [string] $message
    )
    Write-Error "Error: $message"
    exit 1
 }

 function missing_validator {
    Write-Error "Required file c:/cinc/validation.pem missing"
    Write-Error "Key may be obtained from https://vault.sev1tech.com:8200/ui/vault/secrets/client%2F${CLIENT_ID}%2Fsecret/show/chef/chef-server/validator"
    exit 2
 }

 function curl_proxy_url {
    if ($http_proxy_user_from_url -ne $null) {
        return $Env:http_proxy
    }
    else
    {
        $matches=select-string "^(http[s]*://)(.*)" -InputObject $Env:http_proxy
        $proxy_scheme=$matches.Matches.Groups[1].Value
        $proxy_host=$matches.Matches.Groups[2].Value
        return "${proxy_scheme}${Env:http_proxy_user}:${Env:http_proxy_pass}@${proxy_host}"
    }
 }

 if ($Env:http_proxy -eq $null) { bye -message "http_proxy env variable not set" }
 if ($Env:https_proxy -eq $null) { $Env:https_proxy=$Env:http_proxy }

 $http_proxy_credentials=Select-String "^http[s]*://(\w.*):(\w.*)@" -InputObject $Env:http_proxy
 $http_proxy_user_from_url=$http_proxy_credentials.Matches.Groups[1]
 $http_proxy_pass_from_url=$http_proxy_credentials.Matches.Groups[2]

 # values from the URL override existing env vars
 if ($http_proxy_user_from_url -ne $null) { $Env:http_proxy_user=$http_proxy_user_from_url}
 if ($http_proxy_pass_from_url -ne $null) { $Env:http_proxy_pass=$http_proxy_pass_from_url}

 if ($Env:http_proxy_user -eq $null) { bye "'http_proxy_user' not found in http_proxy or env variable not set" }
 if ($Env:http_proxy_pass -eq $null) { bye "'http_proxy_pass' not found in http_proxy or env variable not set" }

 $Env:ALL_PROXY=curl_proxy_url

 $ps_password=ConvertTo-SecureString $Env:http_proxy_pass -AsPlainText -Force
 $ps_credential=New-Object System.Management.Automation.PSCredential($Env:http_proxy_user, $ps_password)

 if ( -not(Test-Path -Path c:/cinc/validation.pem -PathType Leaf)) { missing_validator }

 $node_name=[System.Net.DNS]::GetHostByName.ToLower

 New-Item -Type Directory -Path "c:/cinc/client.d" 2>$null

 Write-Host "Creating proxy configuration"
 $proxyrb = @"
 http_proxy "$Env:http_proxy"
 http_proxy_user "$Env:http_proxy_user"
 http_proxy_pass "$Env:http_proxy_pass"

 https_proxy "$Env:http_proxy"
 https_proxy_user "$Env:http_proxy_user"
 https_proxy_pass "$Env:http_proxy_pass"

 no_proxy "localhost,127.0.0.1,169.254.169.254"
 "@

 Set-Content -Path "c:/cinc/client.d/proxy.rb" $proxyrb

 Write-Host "Creating first-boot"
 $firstbootjson = @"
 {"run_list":["${RUN_LIST}"]}
 "@

 Set-Content -Path "c:/cinc/first-boot.json" $firstbootjson

 Write-Host "Creating client.rb"
 $clientrb = @"
 chef_server_url "https://chef.sev1tech.com/organizations/${CHEF_ORG}"
 file_cache_path "c:/cinc/cache"
 file_backup_path "c:/cinc/backup"
 log_location STDOUT
 log_level :info
 node_name "$node_name"
 validation_client_name "${VALIDATOR_NAME}"
 validation_key "c:/cinc/validation.pem"
 "@

 Set-Content -Path "c:/cinc/client.rb" $clientrb

 Write-Host "Installing client"
 . { iwr -Proxy $Env:http_proxy -ProxyCredential $ps_credential -useb https://gist.githubusercontent.com/rjhornsby/66a839fc0855cb088623ef58e6aa0c92/raw/f21354205fecbb5525ad86f4e464fc6e01422306/install.ps1 } | iex; install -version $CINC_VERSION

 Write-Host "Executing first cinc-client run"
 # c:/cinc-project/cinc/cinc-client -j c:/cinc/first-boot.json --environment ${CHEF_ENVIRONMENT}

 Write-Host "finished"
 exit 0
	# do all the same stuff as the linux script, but do it stupider.
	#
	# powershell
	## Bootstrap a windows node to sev1 chef
	# Requirements:
	# - A validator key must be present on the target node at `c:/cinc/validator.pem`
	# Your key can be found at by going to your vault /client/<your_client_id>/secret/chef/chef-server/validator"
	#
	# Usage:
	# Copy this script to your target and run it like so:
	# `$Env:http_proxy=http://user:pass@proxyserver:3128 cinc_boostrap_win_client.ps1`

	$BOOTSTRAP_URL="https://omnitruck.cinc.sh/install.ps1"
	$CHEF_ENVIRONMENT="hhs"
	$CHEF_ORG="sev1tech"
	$CINC_VERSION="17.10.0"
	$CLIENT_ID="hhs"
	$RUN_LIST="role[hhs_datadog]"
	$VALIDATOR_NAME="${CLIENT_ID}-validator"

	function bye() {
	param (
	[string] $message
	)
	Write-Error "Error: $message"
	exit 1
	}

	function missing_validator {
	Write-Error "Required file c:/cinc/validation.pem missing"
	Write-Error "Key may be obtained from https://vault.sev1tech.com:8200/ui/vault/secrets/client%2F${CLIENT_ID}%2Fsecret/show/chef/chef-server/validator"
	exit 2
	}

	function curl_proxy_url {
	if ($http_proxy_user_from_url -ne $null) {
	return $Env:http_proxy
	}
	else
	{
	$matches=select-string "^(http[s]://)(.)" -InputObject $Env:http_proxy
	$proxy_scheme=$matches.Matches.Groups[1].Value
	$proxy_host=$matches.Matches.Groups[2].Value
	return "${proxy_scheme}${Env:http_proxy_user}:${Env:http_proxy_pass}@${proxy_host}"
	}
	}

	if ($Env:http_proxy -eq $null) { bye -message "http_proxy env variable not set" }
	if ($Env:https_proxy -eq $null) { $Env:https_proxy=$Env:http_proxy }

	$http_proxy_credentials=Select-String "^http[s]://(\w.):(\w.*)@" -InputObject $Env:http_proxy
	$http_proxy_user_from_url=$http_proxy_credentials.Matches.Groups[1]
	$http_proxy_pass_from_url=$http_proxy_credentials.Matches.Groups[2]

	# values from the URL override existing env vars
	if ($http_proxy_user_from_url -ne $null) { $Env:http_proxy_user=$http_proxy_user_from_url}
	if ($http_proxy_pass_from_url -ne $null) { $Env:http_proxy_pass=$http_proxy_pass_from_url}

	if ($Env:http_proxy_user -eq $null) { bye "'http_proxy_user' not found in http_proxy or env variable not set" }
	if ($Env:http_proxy_pass -eq $null) { bye "'http_proxy_pass' not found in http_proxy or env variable not set" }

	$Env:ALL_PROXY=curl_proxy_url

	$ps_password=ConvertTo-SecureString $Env:http_proxy_pass -AsPlainText -Force
	$ps_credential=New-Object System.Management.Automation.PSCredential($Env:http_proxy_user, $ps_password)

	if ( -not(Test-Path -Path c:/cinc/validation.pem -PathType Leaf)) { missing_validator }

	$node_name=[System.Net.DNS]::GetHostByName.ToLower

	New-Item -Type Directory -Path "c:/cinc/client.d" 2>$null

	Write-Host "Creating proxy configuration"
	$proxyrb = @"
	http_proxy "$Env:http_proxy"
	http_proxy_user "$Env:http_proxy_user"
	http_proxy_pass "$Env:http_proxy_pass"

	https_proxy "$Env:http_proxy"
	https_proxy_user "$Env:http_proxy_user"
	https_proxy_pass "$Env:http_proxy_pass"

	no_proxy "localhost,127.0.0.1,169.254.169.254"
	"@

	Set-Content -Path "c:/cinc/client.d/proxy.rb" $proxyrb

	Write-Host "Creating first-boot"
	$firstbootjson = @"
	{"run_list":["${RUN_LIST}"]}
	"@

	Set-Content -Path "c:/cinc/first-boot.json" $firstbootjson

	Write-Host "Creating client.rb"
	$clientrb = @"
	chef_server_url "https://chef.sev1tech.com/organizations/${CHEF_ORG}"
	file_cache_path "c:/cinc/cache"
	file_backup_path "c:/cinc/backup"
	log_location STDOUT
	log_level :info
	node_name "$node_name"
	validation_client_name "${VALIDATOR_NAME}"
	validation_key "c:/cinc/validation.pem"
	"@

	Set-Content -Path "c:/cinc/client.rb" $clientrb

	Write-Host "Installing client"
	. { iwr -Proxy $Env:http_proxy -ProxyCredential $ps_credential -useb https://gist.githubusercontent.com/rjhornsby/66a839fc0855cb088623ef58e6aa0c92/raw/f21354205fecbb5525ad86f4e464fc6e01422306/install.ps1 } \| iex; install -version $CINC_VERSION

	Write-Host "Executing first cinc-client run"
	# c:/cinc-project/cinc/cinc-client -j c:/cinc/first-boot.json --environment ${CHEF_ENVIRONMENT}

	Write-Host "finished"
	exit 0