diff --git a/README.md b/README.md index e2399e0..bb5459a 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,7 @@ Below are the minimum requirements for setting up your C4B server via this guide >
  • Creates a "choco-install" raw repository
    • >
  • Sets up "ChocolateyInternal" on C4B Server as source, with API key
    • >
  • Adds firewall rule for repository access
    • - >
  • Installs MS Edge, and disables first-run experience
    • + >
  • Installs MS Edge, as Internet Explorer cannot access the Sonatype Nexus site
    • >
  • Outputs data to a JSON file to pass between scripts
    • > > diff --git a/Set-SslSecurity.ps1 b/Set-SslSecurity.ps1 index 205d272..007c019 100644 --- a/Set-SslSecurity.ps1 +++ b/Set-SslSecurity.ps1 @@ -22,12 +22,12 @@ param( # Ignored if supplied alongside -Subject. [Parameter(ValueFromPipeline, ParameterSetName='Thumbprint')] [ArgumentCompleter({ - Get-ChildItem Cert:\LocalMachine\My | ForEach-Object { + Get-ChildItem Cert:\LocalMachine\TrustedPeople | ForEach-Object { [System.Management.Automation.CompletionResult]::new( $_.Thumbprint, $_.Thumbprint, - 'ParameterValue', - $_.FriendlyName + "ParameterValue", + ($_.Subject -replace "^CN=(?.+),?.*$",'${FQDN}') ) } })] diff --git a/Start-C4bCcmSetup.ps1 b/Start-C4bCcmSetup.ps1 index 277549c..0c1f0cf 100644 --- a/Start-C4bCcmSetup.ps1 +++ b/Start-C4bCcmSetup.ps1 @@ -17,10 +17,21 @@ param( [System.Management.Automation.PSCredential] $DatabaseCredential = (Get-Credential -Username ChocoUser -Message 'Create a credential for the ChocolateyManagement DB user (document this somewhere)'), - #Certificate to use for CCM service + # Certificate to use for CCM service [Parameter()] + [Alias('CertificateThumbprint')] + [ArgumentCompleter({ + Get-ChildItem Cert:\LocalMachine\TrustedPeople | ForEach-Object { + [System.Management.Automation.CompletionResult]::new( + $_.Thumbprint, + $_.Thumbprint, + "ParameterValue", + ($_.Subject -replace "^CN=(?.+),?.*$",'${FQDN}') + ) + } + })] [String] - $CertificateThumbprint + $Thumbprint ) process { $DefaultEap = $ErrorActionPreference @@ -116,31 +127,27 @@ process { $hostName = [System.Net.Dns]::GetHostName() $domainName = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties().DomainName - if(-Not $hostName.endswith($domainName)) { + if (-not $hostName.EndsWith($domainName)) { $hostName += "." + $domainName } Write-Host "Installing Chocolatey Central Management Service" - if($CertificateThumbprint){ + $chocoArgs = @('install', 'chocolatey-management-service', "--source='ChocolateyInternal'", '-y', "--package-parameters-sensitive=`"/ConnectionString:'Server=Localhost\SQLEXPRESS;Database=ChocolateyManagement;User ID=$DatabaseUser;Password=$DatabaseUserPw;'`"", '--no-progress') + if ($Thumbprint) { Write-Verbose "Validating certificate is in LocalMachine\TrustedPeople Store" - if($CertificateThumbprint -notin (Get-ChildItem Cert:\LocalMachine\TrustedPeople | Select-Object -Expand Thumbprint)){ - Write-Warning "You specified $CertificateThumbprint for use with CCM service, but the certificate is not in the required LocalMachine\TrustedPeople store!" - Write-Warning "Please place certificate with thumbprint: $CertificateThumbprint in the LocalMachine\TrustedPeople store and re-run this step" - throw "Certificate not in correct location....exiting." - } - else { + if (-not (Get-Item Cert:\LocalMachine\TrustedPeople\$Thumbprint -EA 0) -and -not (Get-Item Cert:\LocalMachine\My\$Thumbprint -EA 0)) { + Write-Warning "You specified $Thumbprint for use with CCM service, but the certificate is not in the required LocalMachine\TrustedPeople store!" + Write-Warning "Please place certificate with thumbprint: $Thumbprint in the LocalMachine\TrustedPeople store and re-run this step" + throw "Certificate not in correct location... exiting." + } elseif ($MyCertificate = Get-Item Cert:\LocalMachine\My\$Thumbprint -EA 0) { + Write-Verbose "Copying certificate from 'Personal' store to 'TrustedPeople'" + Copy-CertToStore $MyCertificate + } else { Write-Verbose "Certificate has been successfully found in correct store" - $chocoArgs = @('install', 'chocolatey-management-service', '-y', "--package-parameters-sensitive='/ConnectionString:Server=Localhost\SQLEXPRESS;Database=ChocolateyManagement;User Id=$DatabaseUser;Password=$DatabaseUserPw'") - & Invoke-Choco @chocoArgs - - Set-CcmCertificate -CertificateThumbprint $CertificateThumbprint } + $chocoArgs += @("--package-parameters='/CertificateThumbprint=$Thumbprint'") } - - else { - $chocoArgs = @('install', 'chocolatey-management-service', "--source='ChocolateyInternal'", '-y', "--package-parameters-sensitive=`"/ConnectionString:'Server=Localhost\SQLEXPRESS;Database=ChocolateyManagement;User ID=$DatabaseUser;Password=$DatabaseUserPw;'`"", '--no-progress') - & Invoke-Choco @chocoArgs - } + & Invoke-Choco @chocoArgs Write-Host "Installing Chocolatey Central Management Website" $chocoArgs = @('install', 'chocolatey-management-web', "--source='ChocolateyInternal'", '-y', "--package-parameters-sensitive=""'/ConnectionString:Server=Localhost\SQLEXPRESS;Database=ChocolateyManagement;User ID=$DatabaseUser;Password=$DatabaseUserPw;'""", '--no-progress') diff --git a/Start-C4bSetup.ps1 b/Start-C4bSetup.ps1 index dd31323..9205514 100644 --- a/Start-C4bSetup.ps1 +++ b/Start-C4bSetup.ps1 @@ -63,6 +63,16 @@ param( # the local machine certificate stores. # Only used in Unattend mode for the SSL setup script. [Parameter(ParameterSetName='Unattended')] + [ArgumentCompleter({ + Get-ChildItem Cert:\LocalMachine\TrustedPeople | ForEach-Object { + [System.Management.Automation.CompletionResult]::new( + $_.Thumbprint, + $_.Thumbprint, + "ParameterValue", + ($_.Subject -replace "^CN=(?.+),?.*$",'${FQDN}') + ) + } + })] [string] $Thumbprint, @@ -150,16 +160,14 @@ try { # Kick off unattended running of remaining setup scripts. if ($Unattend) { + $Certificate = @{} + if ($Thumbprint) {$Certificate.Thumbprint = $Thumbprint} + Set-Location "$env:SystemDrive\choco-setup\files" .\Start-C4BNexusSetup.ps1 - .\Start-C4bCcmSetup.ps1 -DatabaseCredential $DatabaseCredential + .\Start-C4bCcmSetup.ps1 @Certificate -DatabaseCredential $DatabaseCredential .\Start-C4bJenkinsSetup.ps1 - if ($Thumbprint) { - .\Set-SslSecurity.ps1 -Thumbprint $Thumbprint - } - else { - .\Set-SslSecurity.ps1 - } + .\Set-SslSecurity.ps1 @Certificate } } finally { $ErrorActionPreference = $DefaultEap diff --git a/scripts/Set-CCMCert.ps1 b/scripts/Set-CCMCert.ps1 index 1ff5c0f..c9c642f 100644 --- a/scripts/Set-CCMCert.ps1 +++ b/scripts/Set-CCMCert.ps1 @@ -16,8 +16,19 @@ PS> .\Set-CCMCert.ps1 -CertificateThumbprint 'Your_Certificate_Thumbprint_Value' [CmdletBinding()] param( [Parameter(Mandatory)] + [Alias("CertificateThumbprint")] + [ArgumentCompleter({ + Get-ChildItem Cert:\LocalMachine\TrustedPeople | ForEach-Object { + [System.Management.Automation.CompletionResult]::new( + $_.Thumbprint, + $_.Thumbprint, + "ParameterValue", + ($_.Subject -replace "^CN=(?.+),?.*$",'${FQDN}') + ) + } + })] [String] - $CertificateThumbprint + $Thumbprint ) begin { @@ -41,14 +52,14 @@ process { #Add new CCM Web IIS Binding Write-Verbose "Adding new IIS binding to Chocolatey Central Management" $guid = [Guid]::NewGuid().ToString("B") - netsh http add sslcert ipport=0.0.0.0:443 certhash=$CertificateThumbprint certstorename=MY appid="$guid" + netsh http add sslcert ipport=0.0.0.0:443 certhash=$Thumbprint certstorename=MY appid="$guid" Get-WebBinding -Name ChocolateyCentralManagement | Remove-WebBinding New-WebBinding -Name ChocolateyCentralManagement -Protocol https -Port 443 -SslFlags 0 -IpAddress '*' #Write Thumbprint to CCM Service appsettings.json $appSettingsJson = 'C:\ProgramData\chocolatey\lib\chocolatey-management-service\tools\service\appsettings.json' $json = Get-Content $appSettingsJson | ConvertFrom-Json - $json.CertificateThumbprint = $CertificateThumbprint + $json.CertificateThumbprint = $Thumbprint $json | ConvertTo-Json | Set-Content $appSettingsJson -Force #Try Restarting CCM Service diff --git a/scripts/Set-JenkinsCert.ps1 b/scripts/Set-JenkinsCert.ps1 index 0193ae0..66e3737 100644 --- a/scripts/Set-JenkinsCert.ps1 +++ b/scripts/Set-JenkinsCert.ps1 @@ -11,7 +11,19 @@ param( # Thumbprint of the certificate stored in the Trusted People cert-store. [Parameter(Mandatory)] - [string]$Thumbprint, + [Alias("CertificateThumbprint")] + [ArgumentCompleter({ + Get-ChildItem Cert:\LocalMachine\TrustedPeople | ForEach-Object { + [System.Management.Automation.CompletionResult]::new( + $_.Thumbprint, + $_.Thumbprint, + "ParameterValue", + ($_.Subject -replace "^CN=(?.+),?.*$",'${FQDN}') + ) + } + })] + [String] + $Thumbprint, # Port number to use for Jenkins HTTPS. [uint16]$Port = 7443 diff --git a/scripts/Set-NexusCert.ps1 b/scripts/Set-NexusCert.ps1 index 25b692a..0e24110 100644 --- a/scripts/Set-NexusCert.ps1 +++ b/scripts/Set-NexusCert.ps1 @@ -18,7 +18,18 @@ PS> .\Set-NexusCert.ps1 -Thumbprint 'Your_Certificate_Thumbprint_Value' -NexusPo [CmdletBinding()] param( [Parameter(Mandatory)] - [string] + [Alias("CertificateThumbprint")] + [ArgumentCompleter({ + Get-ChildItem Cert:\LocalMachine\TrustedPeople | ForEach-Object { + [System.Management.Automation.CompletionResult]::new( + $_.Thumbprint, + $_.Thumbprint, + "ParameterValue", + ($_.Subject -replace "^CN=(?.+),?.*$",'${FQDN}') + ) + } + })] + [String] $Thumbprint, [Parameter()]