Author Posts

March 21, 2018 at 5:51 pm

Hello,

I need some help to Register Windows Hosts to our Monitoring Solution (CheckMK) with PS DSC.

The official command (from the CheckMK Website) to add hosts over the web-api would be like this:

curl "http://myserver/mysite/check_mk/webapi.py?action=add_host&_username=automation&_secret=myautomationsecret" -d 'request={"hostname":"myserver123","folder":"","attributes":{"ipaddress":"192.168.0.42","site":"mysite","tag_agent":"cmk-agent"}}'

My current command in Powershell with the Script Resource is as follows: (which does not work)

SetScript = {
Invoke-WebRequest "https://CHECKMKSERVER/SITENAME/check_mk/webapi.py?action=add_host&_username=USER&_secret=SECRET" -Method Post -Body 'request={"hostname":"$env:computername","folder":"","attributes":{"alias":"$env:computername","ipaddress":"IPADDRESSDestinationNode","site":"SITENAME","tag_agent":"cmk-agent","tag_os":"OSSYSTEM"}}'
}

The problems are
$env:computername – will not be interpreted as a Variable in the String Request, how can i achieve this? (I tried some solutions from the internet, but nothing worked so far)
IPADDRESS – how could I pass the IP address here?

And is there a simple solution for encrypting the secret in the powershell script?

Thanks in advance!

March 22, 2018 at 10:13 am

Hi CR,

$env:computername is not interpreted as a variable because the whole expression (Body parameter) is 'simple quoted'.

You'll get better results with something like that :

SetScript = {
    $hostName = $env:computername
    $ipAddress = Get-NetIPAddress | Where-Object { $_.InterfaceAlias -notlike '*loop*' } | Select-Object -First 1 | ForEach-Object { $_.IPAddress }
    $requestBody = 'request={"hostname":"' + $hostName + '","folder":"","attributes":{"alias":"' + $hostName + '","ipaddress":"' + $ipAddress + '","site":"SITENAME","tag_agent":"cmk-agent","tag_os":"OSSYSTEM"}}'
    Invoke-WebRequest "https://CHECKMKSERVER/SITENAME/check_mk/webapi.py?action=add_host&_username=USER&_secret=SECRET" -Method Post -Body $requestBody
}

Note that the ipAddress resolution method is quite weak ...

And for the 'simple solution for encrypting the secret' part: AFAIK, there isn't any easy way in DSC. You may have a look to https://docs.microsoft.com/en-us/powershell/dsc/securemof

March 22, 2018 at 5:56 pm

Thanks for your help!
I've taken most of your suggestions and adjusted them slightly.

$hostName = "$env:COMPUTERNAME.$env:USERDNSDOMAIN".ToLower()
$ipAddress = (get-netadapter | get-netipaddress | Where-Object addressfamily -eq 'IPv4'| Where-Object interfacealias -eq 'Ethernet0' ).ipaddress
$requestBody = 'request={"hostname":"' + $hostName + '","folder":"","attributes":{"alias":"' + $hostName + '","ipaddress":"' + $ipAddress + '","site":"SITENAME","tag_agent":"cmk-agent","tag_os":"windows"}}'
Invoke-WebRequest "https://CHECKMKSERVER/SITENAME/check_mk/webapi.py?action=add_host&_username=USER&_secret=SECRET" -Method Post -Body $requestBody

Regarding the encryption, i have implemented the necessary commands. What I do not quite understand yet, how I pass over the encrypted secret correctly.

My destination nodes have a suitable CertificateFile, the Nodes Configuration data contains the path to the certificate and the thumbprint. Then i add the matching thumbprint for each node to the meta.mof with the following command.

        LocalConfigurationManager 
        { 
             CertificateId = $node.Thumbprint
        }

Then I have added this at the beginning of my config and if i execute the script it asks me for user and password – but why user ? I just want to encrypt the password?

Param (
[Parameter(Mandatory=$true)]
[ValidateNotNullorEmpty()] 
[PSCredential]$credential
)

And how do I have to integrate the $credential variable into the Invoke web request?
Like this?

_username=USER&_secret='$credential'"

March 23, 2018 at 3:44 pm

If you provided your secret as the password of the $Credential, you may get the cleartext secret with:

$secret = $Credential.GetNetworkCredential().Password