[Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingInvokeExpression','')] [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText','')] param() # Start Logging $logDir = "$env:windir\CPE\Logs" $chefConfigPath = Join-Path $env:SystemDrive 'chef' try { if (!(Test-Path $logDir)) { New-Item -ItemType Directory -Path $logDir } } finally { Start-Transcript -Path "$logDir\enrollment.log" -Force } # Function to write output without using Write-Host function Write-CHost($foregroundColor) { # save the current color $fc = $host.UI.RawUI.ForegroundColor # set the new color $host.UI.RawUI.ForegroundColor = $foregroundColor # output if ($args) { Write-Output $args } else { $input | Write-Output } # restore the original color $host.UI.RawUI.ForegroundColor = $fc } function Get-WindowsVersion() { $getVersion = (Get-CimInstance Win32_OperatingSystem).Caption return $getVersion } function Set-ChefConfigs() { # Use serial number of hardware or the CryptoGUID $client_serial = (Get-CimInstance Win32_ComputerSystemProduct).IdentifyingNumber if ([string]::IsNullOrWhiteSpace($client_serial)) { $client_serial = Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Cryptography | ` Select-Object -ExpandProperty MachineGUID } Write-CHost magenta "`t - Copying Chef Configs." New-Item -ItemType Directory -Path 'C:\chef\tags' -Force > $null New-Item -Path 'C:\chef\tags\.enroll' -Force > $null # Detect Current Set Configs, Recycle. Only need to remove the client.pem as the others will override. $client_pem = 'C:\chef\client.pem' if (Test-Path $client_pem) { Write-CHost green "`t $([Char]8730) Current client.pem removed." Remove-Item $client_pem -Force } # Here string, excuse indentation $clientConfigFile = @" log_level :info log_location STDOUT chef_server_url "https://chef.twitch.com/organizations/twitch" environment "cpe" validation_client_name "twitch-validator" validation_key "C:\\chef\\twitch-validator.pem" json_attribs "C:\\chef\\run-list.json" ssl_verify_mode :verify_peer local_key_generation true reset_timout 30 http_retry_count 3 node_name "$client_serial" "@ $clientPemFile = @" -----BEGIN RSA PRIVATE KEY----- MIIEogIBAAKCAQEAsWIs5nRnmUQNRAMy201f3tvqrbO+zQuDegtj0p5cM3DdEsmV zEo4kouDmTWRJ8Jwzuy45unOOKEpFp72uvFGHF53UVKdKB5pINvvdzo425a777bl szrrBD7VliSbSHElevkG1kRyLAoaCTkDSaX69V3w6Zvn7XjQMjCMsv9GkrYLl9ll nk4lGIhne6PzY/R9aqsfR9U7JHG8rcXz4v2bc8Sh6/TtlMS1jwl57NnX6vxg/NL3 bMI6owBfdflgOVLeYR6CmBFy+SP7p8xV+F/ioU5tZYCdGp32IGHbYXpjIUS/arCS MUbfeDYxvn/n4zq9kpDuKajZUs61p+SG2tA6EQIDAQABAoIBAAx/FxyxLK8+fRTC iO2sOMnRgmn0VMfLPNr3PHQVFffFxr1RGE2JGQ0x6PZ9MJm1eA8L3EbgR9fzepqO XmFzJ/ZNrWg8QrgV1GAtPmSO5HyL1PehUfNbfj0RVCi8sXfcCMDuFE46CjUSDR2D N7kTiWeJ07QReLhhH4G5q9/cXhNtw7HTLDuyp3KukhrH3gku0DgAZmWtZXbkKqoc aHqNEdAlJ6YchVdt118n+3+2J2ohhQUSfb/FF0bMJyR04lTCTnzLWz6SRuryxqRa /S8H4dx7kIjWI5pou9t+z0fw5MPViybvb2gHt3iyZkAL9mqWjjtZ1u4TiYvhJkOj HnNCkNUCgYEA48NdqhyUsWho1umyDE21bkle1b6B5KPs2p5w4Ry4iUHWqev2a5H8 mtWWZMYAkbWiog+Kc+qzxMSRxt3bB5CYuDNBORwFOn3WsooTZNs5bwCqr/aHAZG/ wmvOlEpzS+H4ET7xlJyGa1uCtLySUmra3L5wianymxqqB0zDagD2DvMCgYEAx1/i lXoiZ827KVz+jgkrTDARb4N1puJ1mq8SZJ3t40ZV/82jfmjZlNHFcODkvq3ztujf 5QZ5MZ6WoeAkn6bASkUMzZ6P/dyEltiLcfjiUB769SLAziCp9LRfOaFNsQSCIdze E9hVzPics9H0UqAv7SShyniWtuemlgbF13cnu+sCgYBSXZA9uGA9V9ix/4kX0fJO k9Hr0hz/Jhi9ZpbDkbNaT6jlgiN2+zAyfhMJFmGWT+0kViJnkPS5r6xYElrm/W99 DWwEzxFE+cTug+hHjM/USJVxVOG1u5NxJ7NpBRN02Z7v/ac3avNhV5KI8biofWPw eB4SapcFaDscsLHqX7ab6QKBgGYie6vBboCoxtlwt0LB9blI4pWyzYGZf0+nog+D TAtiy8mIadnnEpeHQtMJkoUQDcrEz3W+9DT0Hgx9C6XxwY4Kg32OXgtZfV7dPco8 Couq4zrS+9xcpVQjVqjqNieZvKRmRin6aDHhpj0EMFpnj0W3v14+mk7GqvMuMwmn E+bTAoGAG5iCA3pUp25TI+u0JjHcakp9+sVYJJTmNYcvlgrbuNbf+cw2xspPJXqe Ek/K+tyPo7sTc+kswKdqThsAisexb2Rnvk/bKSaNpMO266JP4Csthn99TXtIMRmA eduwlbcnFh7UR34jyjuWelRud1zqVdliJ2VcFfHZ90CXB01h7wo= -----END RSA PRIVATE KEY----- "@ $clientRunlist = @' {"run_list": ["role[client_base]"]} '@ Out-File -InputObject $clientConfigFile.Trim() -FilePath (Join-Path $chefConfigPath 'client.rb') -Force -Encoding Default Out-File -InputObject $clientPemFile.Trim() -FilePath (Join-Path $chefConfigPath 'twitch-validator.pem') -Force -Encoding Default $clientRunlist.Trim() | ConvertFrom-Json | ConvertTo-Json | Out-File -FilePath (Join-Path $chefConfigPath 'run-list.json') -Force -Encoding Default $chefConfigs = 'client.rb','twitch-validator.pem','run-list.json' ForEach ( $conf in $chefConfigs ) { if (Test-Path "C:\chef\$conf") { Write-CHost green "`t $([Char]8730) $conf set." } else { Write-CHost red "`t $([Char]33) Could not set $conf." exit 1 } } Write-CHost green "`t $([Char]8730) Chef Configs Set." } function Set-ChefRun() { Write-CHost magenta "`t - Running Chef First Boot." Start-Process -FilePath 'C:\opscode\chef\bin\chef-client.bat' -ArgumentList '-L C:\chef\chef-client.log' -NoNewWindow -Wait } # Work, Work, Work... try { # Checking Windows Version Write-CHost yellow "`nChecking Windows Version:" if (Get-WindowsVersion -like "*Enterprise*" -or Get-WindowsVersion -like "*Pro*") { Write-CHost green "$([Char]8730) $(Get-WindowsVersion) is installed." $winVerGood = $true } else { Write-CHost red "$([Char]33) $(Get-WindowsVersion) is installed." $winVerGood = $false } # Check if all is well, then continue. if ($winVerGood -eq $true) { Write-CHost yellow "`nStarting Twitch Enrollment:" # Configure Chef Write-CHost white "$([Char]9) Set Chef Configuration:" Set-ChefConfigs Set-ChefRun }else { Write-CHost yellow "Errors Reported:" Write-CHost red "$([Char]33) Please review and fix errors above in red." exit 1 } } catch { throw $_.Exception } Stop-Transcript