# Ardia windows client setup v0.05 # NOTE: Before running script, we need to change Execution policy from Restricted to Unrestricted. # Open Windows PowerShell as Admin and run following command: # Set-ExecutionPolicy Unrestricted -Force ########################### Parameters ########################### # dig vm-emea-2-ard.ardia.cmdops.thermofisher.com +short # k -n infra-space get secret rootca-certificate -o jsonpath='{.data.ca\.crt}' | base64 -d $defaultArdiaIP = "131.215.15.42" $caCert = "-----BEGIN CERTIFICATE----- MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCB iDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0pl cnNleSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNV BAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTAw MjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMCVVMxEzARBgNV BAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK AoICAQCAEmUXNg7D2wiz0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B 3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2jY0K2dvKpOyuR+OJv0OwWIJAJPuLodMkY tJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFnRghRy4YUVD+8M/5+bJz/ Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O+T23LLb2 VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT 79uq/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6 c0Plfg6lZrEpfDKEY1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmT Yo61Zs8liM2EuLE/pDkP2QKe6xJMlXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97l c6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8yexDJtC/QV9AqURE9JnnV4ee UB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+eLf8ZxXhyVeE Hg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8G A1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPF Up/L+M+ZBn8b2kMVn54CVVeWFPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KO VWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ7l8wXEskEVX/JJpuXior7gtNn3/3 ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQEg9zKC7F4iRO/Fjs 8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM8WcR iQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYze Sf7dNXGiFSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZ XHlKYC6SQK5MNyosycdiyA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/ qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9cJ2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRB VXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGwsAvgnEzDHNb842m1R0aB L6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gxQ+6IHdfG jjxDah2nGN59PRbxYvnKkKj9 -----END CERTIFICATE-----" $sectionStartComment = "######### TFS Ardia Start #########" $sectionEndComment = "########## TFS Ardia End ##########" $EscapedSectionStartComment = $([System.Text.RegularExpressions.Regex]::Escape($sectionStartComment)) $EscapedSectionEndComment = $([System.Text.RegularExpressions.Regex]::Escape($sectionEndComment)) ########################### Functions ############################ function outputMSG { Param([string]$msg) Write-Host Write-Host "########################################################################################" Write-Host if (![string]::IsNullOrWhiteSpace($msg)) { Write-Host " $msg" } Write-Host } function log { (Get-Date).ToString("yyyy-MM-dd hh:mm:ss") + " - " + $args[0] | out-file -append "$env:SystemDrive\ardia_client_setup.log" } function GetCert { $BinaryCert = [System.Text.Encoding]::UTF8.GetBytes($caCert) [System.Security.Cryptography.X509Certificates.X509Certificate2]::new($BinaryCert) } function HostsFileChanged { Select-String -Path "$env:SystemRoot\System32\drivers\etc\hosts" ` -Pattern ([System.Text.RegularExpressions.Regex]::Escape($sectionStartComment)) } function CertificateInstalled { $cert = GetCert Get-ChildItem Cert:\LocalMachine\Root\ | Where-Object { $_.Thumbprint -eq $cert.Thumbprint } } function ShortcutExists { Test-Path "$env:PUBLIC\Desktop\TFS ardia.internal.url" } function NTPConfigured { $ntpParameters = Get-ItemProperty ` HKLM:\SYSTEM\CurrentControlSet\Services\W32Time\Parameters $ntpParameters.NtpServer -eq "ardia.internal" } function SystemModifiedWithTheScript { (HostsFileChanged) -or (CertificateInstalled) -or (ShortcutExists) -or (NTPConfigured) } function RemoveCertificate { outputMSG "Removing Root CA Certificate from \LocalMachine\Root\" log "Removing Root CA Certificate (Thumbprint $($cert.Thumbprint)) \LocalMachine\Root\" $cert = GetCert Get-ChildItem Cert:\LocalMachine\Root | Where-Object { $_.Thumbprint -eq $cert.Thumbprint } | Remove-item } function RevertHostsFile { outputMSG "Removing hosts records from $env:SystemRoot\System32\drivers\etc\hosts" $OldHostsFileContent = Get-Content -Raw $env:SystemRoot\System32\drivers\etc\hosts $NewHostsFileContent = $OldHostsFileContent -replace ` "(?s)$EscapedSectionStartComment.*$EscapedSectionEndComment", "" log "Removing hosts records from $env:SystemRoot\System32\drivers\etc\hosts. Before: $OldHostsFileContent After: $NewHostsFileContent" $NewHostsFileContent | Out-File -FilePath "$env:SystemRoot\System32\drivers\etc\hosts " ` -Encoding Ascii outputMSG "Clearing DNS Cache" log "Clearing DNS Cache" Clear-DnsClientCache } function RemoveShortcut { outputMSG "Removing Desktop Shortcut For All Users" log "Removing Desktop Shortcut For All Users" Remove-Item -LiteralPath "$env:Public\Desktop\TFS ardia.internal.url" ` -ErrorAction SilentlyContinue } function UpdateArdiaSectionInHostsFile { Param( [string]$SectionContents ) log "Writing Hosts Records To $env:SystemRoot\System32\drivers\etc\hosts`r`n$SectionContents" $originalHostsFile = Get-Content -Raw $env:SystemRoot\System32\drivers\etc\hosts if ($originalHostsFile.Contains($sectionStartComment) ` -and -not $originalHostsFile.Contains($sectionEndComment)) { Write-Error "The hosts file has TFS Ardia Start comment but no TFS Ardia End section. It seems it's corrupted. Please fix the file manually." pause exit } if ($originalHostsFile.Contains($sectionStartComment) ` -and $originalHostsFile.Contains($sectionEndComment)) { $NewHostsFileContent = $originalHostsFile -replace ` "(?s)$EscapedSectionStartComment.*$EscapedSectionEndComment", ` "$sectionStartComment$SectionContents$sectionEndComment" } else { $newHostsFileContent = "$originalHostsFile $sectionStartComment$SectionContents$sectionEndComment" } $newHostsFileContent | Out-File -FilePath "$env:SystemRoot\System32\drivers\etc\hosts" ` -Encoding Ascii } function ConfigureNTP { Param( [string]$NtpServer ) Push-Location Set-Location HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers Set-ItemProperty . 0 $NtpServer Set-ItemProperty . "(Default)" "0" Set-Location HKLM:\SYSTEM\CurrentControlSet\services\W32Time\Parameters Set-ItemProperty . NtpServer $NtpServer Pop-Location $w32timeService = Get-Service -Name w32time if ($w32timeService.Status -eq "Running") { Stop-Service -Name w32time Start-Service -Name w32time } } ########################## Run As Admin ########################## if (-NOT ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")) { $arguments = "& '" +$myinvocation.mycommand.definition + "'" Start-Process powershell -Verb runAs -ArgumentList $arguments Break } log "============================== Start ==============================" log "Run script as an Administrator" ######################### Get User Input ######################### outputMSG if (SystemModifiedWithTheScript) { log "Detected script was run previously." log "Get user input (Revert Ardia configuration)" $RevertAnswer = Read-Host -Prompt "Ardia is configured on this computer. Do you want to revert the changes? (y/n) [n]" Write-Host if ([string]::IsNullOrWhiteSpace($RevertAnswer)) { $RevertAnswer = "n" } if ($RevertAnswer -ieq "y") { outputMSG "Removing Ardia configuration from this computer" log "Removing Ardia configuration from this computer" RemoveCertificate RevertHostsFile RemoveShortcut outputMSG "The Windows NTP client settings have been reset to connect to time.windows.com for NTP synchronization. If you do not intend to join the computer to your domain, it is recommended to ensure that it has access to time.windows.com." log "The Windows NTP client settings have been reset to connect to time.windows.com for NTP synchronization. If you do not intend to join the computer to your domain, it is recommended to ensure that it has access to time.windows.com." ConfigureNTP -NtpServer "time.windows.com" pause exit } } log "Get user input (IP)" $ArdiaIP = Read-Host -Prompt " Enter Ardia Server IP Or Press Enter For Default IP [$defaultArdiaIP]" if ([string]::IsNullOrWhiteSpace($ArdiaIP)) { $ArdiaIP = $defaultArdiaIP } Write-Host Write-Host " IP [$ArdiaIP] Will Be Used!" Write-Host ########################## Validate IP ########################### try { $ip = [ipaddress]$ArdiaIP } catch { Write-Warning $Error[0] pause exit } log "Validated IP [$ArdiaIP]" ######################### Write CA Cert ########################## $caCert | Out-File -FilePath "$env:SystemRoot\Temp\ca.crt" log "Saved Root CA certificate to $env:SystemRoot\Temp\ca.crt" ######################### Import CA Cert ######################### outputMSG "Importing Root CA Certificate to \LocalMachine\Root\" log "Importing Root CA Certificate from $env:SystemRoot\Temp\ca.crt to \LocalMachine\Root\" try { $crtimport = Import-Certificate -FilePath "$env:SystemRoot\Temp\ca.crt" -CertStoreLocation Cert:\LocalMachine\Root\ } catch { Write-Warning $Error[0] pause exit } ######################## Write Host File ######################### outputMSG $WriteHostFiles = Read-Host -Prompt " Write ardia.internal Records To Host File $env:SystemRoot\System32\drivers\etc\hosts? (y/n) [y]" Write-Host if ([string]::IsNullOrWhiteSpace($WriteHostFiles)) { $WriteHostFiles = "y" } if ($WriteHostFiles -ieq "y"){ outputMSG "Writing Hosts Records To $env:SystemRoot\System32\drivers\etc\hosts" $hostsFile = " $ArdiaIP ardia-page.ardia.pel.caltech.edu $ArdiaIP grafana.ardia.pel.caltech.edu $ArdiaIP admin.ardia.pel.caltech.edu $ArdiaIP ardia.pel.caltech.edu $ArdiaIP identity.ardia.pel.caltech.edu $ArdiaIP cmidp.ardia.pel.caltech.edu $ArdiaIP ardiaidp.ardia.pel.caltech.edu $ArdiaIP api.ardia.pel.caltech.edu $ArdiaIP reporting.ardia.pel.caltech.edu $ArdiaIP datalake.ardia.pel.caltech.edu $ArdiaIP analytics.hyperbridge.local $ArdiaIP ins-conn.ardia.pel.caltech.edu $ArdiaIP ins-studio.ardia.pel.caltech.edu $ArdiaIP ins-manager.ardia.pel.caltech.edu $ArdiaIP svc.ardia.pel.caltech.edu $ArdiaIP api.hyperbridge.local $ArdiaIP grpclps.ardia.pel.caltech.edu " UpdateArdiaSectionInHostsFile -SectionContents $hostsFile }else{ outputMSG "Skipping hostfiles" log "Skipping hostfiles" } ######################## Clear DNS cache ######################### if ($WriteHostFiles -ieq "y"){ outputMSG "Clearing DNS Cache" log "Clearing DNS Cache" Clear-DnsClientCache } ################# Create Ardia Desktop Shortcut ################## outputMSG "Creating Desktop Shortcut For All Users" log "Creating Desktop Shortcut For All Users" '[InternetShortcut] URL=https://ardia.internal/' | Out-File -FilePath "$env:Public\Desktop\TFS ardia.internal.url" -Encoding Ascii ############## Setting ardia.internal as NTP Server ############## outputMSG "Setting ardia.internal as NTP server" log "Setting ardia.internal as NTP server" ConfigureNTP -NtpServer "ardia.internal" outputMSG Read-Host -Prompt " Done, Press Enter To Close This Window" log "=============================== Done ==============================`r`n"