forked from rsWinAutomationSupport/rsProvisioning
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Verify.ps1
152 lines (147 loc) · 8.59 KB
/
Verify.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Import-Module rsCommon
. (Get-rsSecrets)
. "$("C:\DevOps", $d.mR, "PullServerInfo.ps1" -join '\')"
New-rsEventLogSource -logSource verify
try {
$basePrepState = (Get-ScheduledTask -TaskName "BasePrep" -ErrorAction SilentlyContinue).State
}
catch {
}
if($basePrepState -eq "Running") {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "BasePrep task is currently running, aborting Verify task"
break
}
if((Test-Path -Path "C:\Windows\System32\Configuration\Pending.mof") -and ((Get-ScheduledTask -TaskName "Consistency").State -eq "Running")) {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Pending MOF exists and Consistency is currently running"
if((Test-Path -Path "C:\Windows\System32\Configuration\Current.mof")) {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Pending MOF exists and Consistency is currently running, Current MOF exists, aborting Verify task "
}
break
}
## This script is executed by the PullServerDSC scheduled task
## This script will check the hash value of the PullServerDSC.ps1 config script and if it has been modified it will create a new Hash and execute the PullServerDSC.ps1 script
## to start a new DSC configuration on the PullServer
### will pull before running rsPullServer.ps1
Function Check-Hash {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Checking rsPullServer hash"
if(Test-rsHash -file $("C:\DevOps", $d.mR, "rsPullServer.ps1" -join '\') -hash "C:\DevOps\rsPullServer.hash" )
{
if(!(Test-Path -Path "C:\Windows\System32\Configuration\Current.mof")) {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "rsPullServer hash matches, but Current.mof does not exist, running rsPullServer.ps1"
Invoke-DSC
}
else {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "rsPullServer hash matches, no changes have been made to rsPullServer, executing consistency check"
Get-ScheduledTask -TaskName "Consistency" | Start-ScheduledTask
}
}
else
{
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "File C:\DevOps\rsPullServer.hash was not found or hash mismatch, executing rsPullServer.ps1 & creating hash file"
Invoke-DSC
Set-rsHash -file $("C:\DevOps", $d.mR, "rsPullServer.ps1" -join '\') -hash "C:\DevOps\rsPullServer.hash"
}
}
### Client tasks
Function Check-Hosts {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Checking hosts file entry for pullserver"
$serverRegion = Get-rsRegion -Value $env:COMPUTERNAME
$pullServerRegion = $pullServerInfo.region
$pullServerName = $pullServerInfo.pullServerName
$pullServerPublicIP = $pullserverInfo.pullserverPublicIp
$pullServerPrivateIP = $pullServerInfo.pullServerPrivateIp
if($pullServerRegion -ne $serverRegion) {
$pullServerIP = $pullServerPublicIP
}
else {
$pullServerIP = $pullServerPrivateIP
}
$hostEntry = "`n${pullServerIP}`t${pullServerName}"
$entryExist = ((Get-Content "${env:windir}\system32\drivers\etc\hosts") -match "^[^#]*\s+$pullServerName")
if($entryExist) {
$entryExist = $entryExist.Split()
if(($entryExist[0]) -ne $pullServerIP) {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Host file entry for pullserver does not match, updating hosts file"
((Get-Content "${env:windir}\system32\drivers\etc\hosts") -notmatch "^\s*$") -notmatch "^[^#]*\s+$pullServerName" | Set-Content "${env:windir}\system32\drivers\etc\hosts"
Add-Content -Path "${env:windir}\system32\drivers\etc\hosts" -Value $hostEntry -Force -Encoding ASCII
}
else {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Host file entry for pullserver matches, no changes to host file are needed."
}
}
else {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Host file entry for pullserver does not exist, creating entry for pullserver in host file."
Add-Content -Path "${env:windir}\system32\drivers\etc\hosts" -Value $hostEntry -Force -Encoding ASCII
}
}
Function Install-Certs {
$pullServerName = $pullServerInfo.pullServerName
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Checking pullserver certificate."
$cN = "CN=" + $pullServerName
if((Get-ChildItem Cert:\LocalMachine\Root\ | ? Subject -eq $cN).count -lt 1) {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "No Pullserver SSL certificate installed in trusted root, Installing new SSL certificate."
powershell.exe certutil -addstore -f root $("C:\DevOps", $d.mR, "Certificates\PullServer.crt" -join '\')
}
else {
if(((Get-ChildItem Cert:\LocalMachine\Root\ | ? Subject -eq $cN).Thumbprint) -ne $((Get-PfxCertificate -FilePath $("C:\DevOps",$d.mR,"Certificates\PullServer.crt" -join'\')).Thumbprint)) {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Pullserver SSL does not match, Installing new SSL certificate."
Get-ChildItem Cert:\LocalMachine\Root\ | where {$_.Subject -eq $cN} | Remove-Item
powershell.exe certutil -addstore -f root $("C:\DevOps", $d.mR, "Certificates\PullServer.crt" -join '\')
}
else {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Pullserver SSL certificate matches, nothing to be done."
}
}
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Completed client tests, starting consistency task."
taskkill /F /IM WmiPrvSE.exe
Get-ScheduledTask -TaskName "Consistency" | Start-ScheduledTask
}
Function Remove-UnusedCerts {
$activeServers = @()
if($d.ContainsKey("rs_username") -and $d.ContainsKey("rs_apikey") ){
$activeServers += Get-rsDetailsServers | ? {$_.metadata -match "rax_dsc_config"} | Select -Property id
}
if(Test-Path $('C:\DevOps',$d.mR,"dedicated.csv" -join '\')){
$activeServers += Import-Csv -Path $('C:\DevOps',$d.mR,"dedicated.csv" -join '\') | Select id
}
if ($activeServers) {
$certs = (Get-ChildItem $("C:\DevOps", $d.mR, "Certificates\Credentials\*cer" -join '\')).BaseName
$unaccountedCerts = $certs | Where-Object { -not ($activeServers.id -contains $_)}
forEach ($cert in $unaccountedCerts) {
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "git rm Certificates\Credentials\$cert.cer"
Start -Wait -NoNewWindow "C:\Program Files (x86)\Git\bin\git.exe" -ArgumentList "rm Certificates\Credentials\$cert.cer"
}
if($unaccountedCerts){
Start -Wait -NoNewWindow "C:\Program Files (x86)\Git\bin\git.exe" -ArgumentList "commit -am `"Removing unaccounted certs`""
Start -Wait "C:\Program Files (x86)\Git\bin\git.exe" -ArgumentList "fetch origin $($d.branch_rsConfigs)"
Start -Wait "C:\Program Files (x86)\Git\bin\git.exe" -ArgumentList "merge remotes/origin/$($d.branch_rsConfigs)"
Start -Wait -NoNewWindow "C:\Program Files (x86)\Git\bin\git.exe" -ArgumentList "push origin $($d.br)"
}
}
}
chdir $("C:\DevOps", $d.mR -join '\')
Start-Service Browser
Write-EventLog -LogName DevOps -Source Verify -EntryType Information -EventId 1000 -Message "Updating pullserverInfo.ps1 and pushing to github"
Start -Wait "C:\Program Files (x86)\Git\bin\git.exe" -ArgumentList "fetch origin $($d.branch_rsConfigs)"
Start -Wait "C:\Program Files (x86)\Git\bin\git.exe" -ArgumentList "merge remotes/origin/$($d.branch_rsConfigs)"
Stop-Service Browser
if((Get-rsRole -Value $env:COMPUTERNAME) -eq "pull") {
$Global:catalog = Get-rsServiceCatalog
$Global:AuthToken = Get-rsAuthToken
if(Test-rsCloud) {
$Global:defaultRegion = $catalog.access.user.'RAX-AUTH:defaultRegion'
if(($catalog.access.user.roles | ? name -eq "rack_connect").id.count -gt 0) { $Global:isRackConnect = $true } else { $Global:isRackConnect = $false }
if(($catalog.access.user.roles | ? name -eq "rax_managed").id.count -gt 0) { $Global:isManaged = $true } else { $Global:isManaged = $false }
}
else {
$Global:defaultRegion = "NA"
$Global:isRackConnect = $false
$Global:isManaged = $false
}
Check-Hash
Remove-UnusedCerts
}
else {
Check-Hosts
Install-Certs
}