Set-IcingaAgentServiceUser.psm1 - will always return $FALSE #749
Comments
|
Can confirm: PS C:\Windows\system32> Set-IcingaServiceUser -User 'NT AUTHORITY\System'
False
PS C:\Windows\system32> Set-IcingaServiceEnvironment
PS C:\Windows\system32> Set-IcingaServiceUser -User 'NT AUTHORITY\System'
[Notice]: Service User "NT AUTHORITY\System" for service "icinga2" successfully updated
TrueWe mostly switch the user to function agent-installation {
write-Host "Start Icinga Agent installation"
# Downloading icinga agent installer
$agent_installer = "C:\tools\icinga-agent-installation\Icinga2-v$agentversion-x86_64.msi"
if (-not (Test-Path $agent_installer)) {
# set security protocols for webrequests
[Net.ServicePointManager]::SecurityProtocol = 'tls12, tls11';
Invoke-WebRequest -UseBasicParsing -Uri "https://$repourl/monitoring/icingaforwindows/stable/agent/Icinga2-v$agentversion-x86_64.msi" -outfile $agent_installer
Start-Sleep -Seconds 10
}
# run icinga agent installer
msiexec /i $agent_installer /qn /norestart
Start-Sleep -Seconds 30
# configure agent
& 'C:\Program Files\ICINGA2\sbin\icinga2.exe' pki save-cert --host $endpointConnections --trustedcert "C:\ProgramData\icinga2\var\lib\icinga2\certs\trusted-parent.crt"
if($secondsatellite -eq "yes"){
& 'C:\Program Files\ICINGA2\sbin\icinga2.exe' node setup --cn ($env:COMPUTERNAME).ToLower() --zone ($env:COMPUTERNAME).ToLower() --parent_zone $parentZone --parent_host $endpointConnections --endpoint $endpoints,$endpointConnections,$caport --endpoint $secondsatendpoint,$secondendpointConnection,$caport --global_zones "global-windows" --ticket $ticket --trustedcert "C:\ProgramData\icinga2\var\lib\icinga2\certs\trusted-parent.crt" --accept-commands --accept-config --disable-confd
}
else{
& 'C:\Program Files\ICINGA2\sbin\icinga2.exe' node setup --cn ($env:COMPUTERNAME).ToLower() --zone ($env:COMPUTERNAME).ToLower() --parent_zone $parentZone --parent_host $endpointConnections --endpoint $endpoints,$endpointConnections,$caport --global_zones "global-windows" --ticket $ticket --trustedcert "C:\ProgramData\icinga2\var\lib\icinga2\certs\trusted-parent.crt" --accept-commands --accept-config --disable-confd
}
# change logging severity of the Icinga2 agent
if(Test-Path "C:\ProgramData\icinga2\etc\icinga2\features-available\windowseventlog.conf"){
write-Host "Set logging severity to critical to avoid EventLog spam"
(Get-Content "C:\ProgramData\icinga2\etc\icinga2\features-available\windowseventlog.conf") -Replace '"information"', '"critical"' | Set-Content "C:\ProgramData\icinga2\etc\icinga2\features-available\windowseventlog.conf"
}
# set the service user and restart the service
Set-IcingaAgentServiceUser -user $serviceuser
Start-Sleep -Seconds 5
Restart-Service -name "icinga2"
}This used to work before when Framework v1.11.1 was installed (though not 100% sure) |
|
Running Set-IcingaServiceEnvironment
Set-IcingaAgentServiceUser -user 'NT Authority\SYSTEM'
Restart-Service -name "icinga2"does not work reliably via the script called by Ansible. Not sure why. Maybe because update: if (whatever){
$serviceuser = 'NT AUTHORITY\NetworkService'
}else {
$serviceuser = 'NT Authority\SYSTEM'
}
Start-Process -FilePath "sc.exe" -ArgumentList "config icinga2 obj= `"$serviceuser`"" -Wait |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello
i am using ansible to automate installation and came across "Set-IcingaServiceUser" to update user in some cases.
Using a new powershell window (like ansible does by default everytime for every task) without calling "Set-IcingaServiceEnvironment" first, necessary environment variables aren't loaded and so "Set-IcingaServiceUser" will always return $FALSE.
Hope that helps.
The text was updated successfully, but these errors were encountered: