Register Hosts in CheckMK with DSC

This topic contains 3 replies, has 2 voices, and was last updated by  Julien Nury 2 months ago.

  • Author
    Posts
  • #96665

    CR
    Participant

    Hello,

    I need some help to Register Windows Hosts to our Monitoring Solution (CheckMK) with PS DSC.

    The official command (from the CheckMK Website) to add hosts over the web-api would be like this:

    curl "http://myserver/mysite/check_mk/webapi.py?action=add_host&_username=automation&_secret=myautomationsecret" -d 'request={"hostname":"myserver123","folder":"","attributes":{"ipaddress":"192.168.0.42","site":"mysite","tag_agent":"cmk-agent"}}'
    

    My current command in Powershell with the Script Resource is as follows: (which does not work)

    SetScript = {
    Invoke-WebRequest "https://CHECKMKSERVER/SITENAME/check_mk/webapi.py?action=add_host&_username=USER&_secret=SECRET" -Method Post -Body 'request={"hostname":"$env:computername","folder":"","attributes":{"alias":"$env:computername","ipaddress":"IPADDRESSDestinationNode","site":"SITENAME","tag_agent":"cmk-agent","tag_os":"OSSYSTEM"}}'
    }
    

    The problems are
    $env:computername – will not be interpreted as a Variable in the String Request, how can i achieve this? (I tried some solutions from the internet, but nothing worked so far)
    IPADDRESS – how could I pass the IP address here?

    And is there a simple solution for encrypting the secret in the powershell script?

    Thanks in advance!

  • #96723

    Julien Nury
    Participant

    Hi CR,

    $env:computername is not interpreted as a variable because the whole expression (Body parameter) is 'simple quoted'.

    You'll get better results with something like that :

    SetScript = {
        $hostName = $env:computername
        $ipAddress = Get-NetIPAddress | Where-Object { $_.InterfaceAlias -notlike '*loop*' } | Select-Object -First 1 | ForEach-Object { $_.IPAddress }
        $requestBody = 'request={"hostname":"' + $hostName + '","folder":"","attributes":{"alias":"' + $hostName + '","ipaddress":"' + $ipAddress + '","site":"SITENAME","tag_agent":"cmk-agent","tag_os":"OSSYSTEM"}}'
        Invoke-WebRequest "https://CHECKMKSERVER/SITENAME/check_mk/webapi.py?action=add_host&_username=USER&_secret=SECRET" -Method Post -Body $requestBody
    }
    

    Note that the ipAddress resolution method is quite weak ...

    And for the 'simple solution for encrypting the secret' part: AFAIK, there isn't any easy way in DSC. You may have a look to https://docs.microsoft.com/en-us/powershell/dsc/securemof

    • #96821

      CR
      Participant

      Thanks for your help!
      I've taken most of your suggestions and adjusted them slightly.

      $hostName = "$env:COMPUTERNAME.$env:USERDNSDOMAIN".ToLower()
      $ipAddress = (get-netadapter | get-netipaddress | Where-Object addressfamily -eq 'IPv4'| Where-Object interfacealias -eq 'Ethernet0' ).ipaddress
      $requestBody = 'request={"hostname":"' + $hostName + '","folder":"","attributes":{"alias":"' + $hostName + '","ipaddress":"' + $ipAddress + '","site":"SITENAME","tag_agent":"cmk-agent","tag_os":"windows"}}'
      Invoke-WebRequest "https://CHECKMKSERVER/SITENAME/check_mk/webapi.py?action=add_host&_username=USER&_secret=SECRET" -Method Post -Body $requestBody
      

      Regarding the encryption, i have implemented the necessary commands. What I do not quite understand yet, how I pass over the encrypted secret correctly.

      My destination nodes have a suitable CertificateFile, the Nodes Configuration data contains the path to the certificate and the thumbprint. Then i add the matching thumbprint for each node to the meta.mof with the following command.

              LocalConfigurationManager 
              { 
                   CertificateId = $node.Thumbprint
              }
      

      Then I have added this at the beginning of my config and if i execute the script it asks me for user and password – but why user ? I just want to encrypt the password?

      Param (
      [Parameter(Mandatory=$true)]
      [ValidateNotNullorEmpty()] 
      [PSCredential]$credential
      )
      

      And how do I have to integrate the $credential variable into the Invoke web request?
      Like this?

      _username=USER&_secret='$credential'"
  • #96945

    Julien Nury
    Participant

    If you provided your secret as the password of the $Credential, you may get the cleartext secret with:

    $secret = $Credential.GetNetworkCredential().Password
    

You must be logged in to reply to this topic.