Merge pull request #293 from chocolatey/hardenNexusOperations

Brings QSG into line with Environments Projects

Author: ryanrichter94

Start-C4bSetup.ps1 Initialize-C4bSetup.ps1Start-C4bSetup.ps1 renamed to Initialize-C4bSetup.ps1

@@ -10,15 +10,14 @@ C4B Quick-Start Guide initial bootstrap script
     - Setup of local `choco-setup` directories
     - Download of Chocolatey packages required for setup
 #>
-[CmdletBinding(DefaultParameterSetName="Attended")]
+[CmdletBinding(DefaultParameterSetName = 'Prepare')]
 param(
     # Full path to Chocolatey license file.
     # Accepts any file, and moves and renames it correctly.
     # You can either define this as a parameter, or
     # script will prompt you for it.
     # Script will also validate expiry.
-    [Parameter(ParameterSetName='Unattended')]
-    [Parameter(ParameterSetName='Attended')]
+    [Parameter(ParameterSetName = 'Install')]
     [string]
     $LicenseFile = $(
         if (Test-Path $PSScriptRoot\files\chocolatey.license.xml) {
@@ -41,49 +40,70 @@ param(
         }
     ),
 
-    # Unattended mode. Allows you to skip running the other scripts indiviually.
-    [Parameter(Mandatory, ParameterSetName='Unattended')]
-    [switch]
-    $Unattend,
-
     # Specify a credential used for the ChocolateyManagement DB user.
-    # Only required in Unattend mode for the CCM setup script.
+    # Only required in install mode for the CCM setup script.
     # If not populated, the script will prompt for credentials.
-    [Parameter(ParameterSetName='Unattended')]
+    [Parameter(ParameterSetName = 'Install')]
     [System.Management.Automation.PSCredential]
     $DatabaseCredential = $(
-        if ($PSCmdlet.ParameterSetName -eq 'Unattended') {
-            $Wshell = New-Object -ComObject Wscript.Shell
-            $null = $Wshell.Popup('You will now create a credential for the ChocolateyManagement DB user, to be used by CCM (document this somewhere).')
-            Get-Credential -UserName ChocoUser -Message 'Create a credential for the ChocolateyManagement DB user'
+        if ((Test-Path C:\choco-setup\clixml\chocolatey-for-business.xml) -and (Import-Clixml C:\choco-setup\clixml\chocolatey-for-business.xml).DatabaseUser) {
+            (Import-Clixml C:\choco-setup\clixml\chocolatey-for-business.xml).DatabaseUser
+        } elseif ($PSCmdlet.ParameterSetName -eq 'Install') {
+            [PSCredential]::new(
+                "chocodbuser",
+                (ConvertTo-SecureString "$(New-Guid)-$(New-Guid)" -Force -AsPlainText)
+            )
         }
     ),
 
     # The certificate thumbprint that identifies the target SSL certificate in
     # the local machine certificate stores.
-    # Only used in Unattend mode for the SSL setup script.
-    [Parameter(ParameterSetName='Unattended')]
+    # Only used in install mode for the SSL setup script.
+    [Parameter(ParameterSetName = 'Install')]
     [ArgumentCompleter({
-        Get-ChildItem Cert:\LocalMachine\TrustedPeople | ForEach-Object {
-            [System.Management.Automation.CompletionResult]::new(
-                $_.Thumbprint,
-                $_.Thumbprint,
-                "ParameterValue",
-                ($_.Subject -replace "^CN=(?<FQDN>.+),?.*$",'${FQDN}')
-            )
+            Get-ChildItem Cert:\LocalMachine\TrustedPeople | ForEach-Object {
+                [System.Management.Automation.CompletionResult]::new(
+                    $_.Thumbprint,
+                    $_.Thumbprint,
+                    "ParameterValue",
+                ($_.Subject -replace "^CN=(?<FQDN>.+),?.*$", '${FQDN}')
+                )
+            }
+        })]
+    [string]
+    $Thumbprint = $(
+        if ((Test-Path C:\choco-setup\clixml\chocolatey-for-business.xml) -and (Import-Clixml C:\choco-setup\clixml\chocolatey-for-business.xml).CertThumbprint) {
+            (Import-Clixml C:\choco-setup\clixml\chocolatey-for-business.xml).CertThumbprint
+        } else {
+            Get-ChildItem Cert:\LocalMachine\TrustedPeople -Recurse | Sort-Object {
+                $_.Issuer -eq $_.Subject # Prioritise any certificates above self-signed
+            } | Select-Object -ExpandProperty Thumbprint -First 1
         }
-    })]
+    ),
+
+    # If using a wildcard certificate, provide a DNS name you want to use to access services secured by the certificate.\
+    [Parameter(ParameterSetName = 'Install')]
+    [Alias("FQDN")]
     [string]
-    $Thumbprint,
+    $CertificateDnsName = $(
+        if ((Test-Path C:\choco-setup\clixml\chocolatey-for-business.xml) -and (Import-Clixml C:\choco-setup\clixml\chocolatey-for-business.xml).CertSubject) {
+            (Import-Clixml C:\choco-setup\clixml\chocolatey-for-business.xml).CertSubject
+        }
+    ),
 
     # If provided, shows all Chocolatey output. Otherwise, blissful quiet.
-    [switch]$ShowChocoOutput,
+    [switch]
+    $ShowChocoOutput,
 
     # The branch or Pull Request to download the C4B setup scripts from.
     # Defaults to main.
-    [string]
     [Alias('PR')]
-    $Branch = $env:CHOCO_QSG_BRANCH
+    [string]
+    $Branch = $env:CHOCO_QSG_BRANCH,
+
+    # If provided, will skip launching the browser at the end of setup.
+    [Parameter(ParameterSetName = 'Install')]
+    [switch]$SkipBrowserLaunch
 )
 if ($ShowChocoOutput) {
     $global:PSDefaultParameterValues["Invoke-Choco:InformationAction"] = "Continue"
@@ -102,7 +122,7 @@ $QsRepo = if ($Branch) {
 }
 
 $DefaultEap, $ErrorActionPreference = $ErrorActionPreference, 'Stop'
-Start-Transcript -Path "$env:SystemDrive\choco-setup\logs\Start-C4bSetup-$(Get-Date -Format 'yyyyMMdd-HHmmss').txt"
+Start-Transcript -Path "$env:SystemDrive\choco-setup\logs\Initialize-C4bSetup-$(Get-Date -Format 'yyyyMMdd-HHmmss').txt"
 
 try {
     # Setup initial choco-setup directories
@@ -114,7 +134,7 @@ try {
     $TestDir = Join-Path $ChocoPath "tests"
     $xmlDir = Join-Path $ChocoPath "clixml"
 
-    @($ChocoPath, $FilesDir, $PkgsDir, $TempDir, $TestDir,$xmlDir) | ForEach-Object {
+    @($ChocoPath, $FilesDir, $PkgsDir, $TempDir, $TestDir, $xmlDir) | ForEach-Object {
         $null = New-Item -Path $_ -ItemType Directory -Force -ErrorAction Stop
     }
 
@@ -132,7 +152,7 @@ try {
     # Add the Module Path and Import Helper Functions
     if (-not (Get-Module C4B-Environment -ListAvailable)) {
         if ($env:PSModulePath.Split(';') -notcontains "$FilesDir\modules") {
-            [Environment]::SetEnvironmentVariable("PSModulePath", "$env:PSModulePath;$FilesDir\modules" ,"Machine")
+            [Environment]::SetEnvironmentVariable("PSModulePath", "$env:PSModulePath;$FilesDir\modules" , "Machine")
             $env:PSModulePath = [Environment]::GetEnvironmentVariables("Machine").PSModulePath
         }
     }
@@ -144,30 +164,73 @@ try {
 
     & $FilesDir\OfflineInstallPreparation.ps1 -LicensePath $LicenseFile
 
-    if (Test-Path $FilesDir\files\*.nupkg) {
-        Invoke-Choco source add --name LocalChocolateySetup --source $FilesDir\files\ --Priority 1
-    }
+    # Kick off unattended running of remaining setup scripts, if we're running from a saved-script.
+    if ($PSScriptRoot -or $PSCmdlet.ParameterSetName -eq 'Install') {
+        Update-Clixml -Properties @{
+            InitialDeployment = Get-Date
+        }
 
-    # Set Choco Server Chocolatey Configuration
-    Invoke-Choco feature enable --name="'excludeChocolateyPackagesDuringUpgradeAll'"
-    Invoke-Choco feature enable --name="'usePackageHashValidation'"
+        if ($Thumbprint) {
+            Set-ChocoEnvironmentProperty CertThumbprint $Thumbprint
+
+            if ($CertificateDnsName) {
+                Set-ChocoEnvironmentProperty CertSubject $CertificateDnsName
+            }
+
+            # Collect current certificate configuration
+            $Certificate = Get-Certificate -Thumbprint $Thumbprint
+            Copy-CertToStore -Certificate $Certificate
+    
+            $null = Test-CertificateDomain -Thumbprint $Thumbprint
+        } elseif ($PSScriptRoot) {
+            # We're going to be using a self-signed certificate
+            if (-not $CertificateDnsName) {
+                $CertificateDnsName = $env:ComputerName
+            }
+
+            $CertificateArgs = @{
+                CertStoreLocation = "Cert:\LocalMachine\My"
+                KeyUsage          = "KeyEncipherment", "DigitalSignature"
+                DnsName           = $CertificateDnsName
+                NotAfter          = (Get-Date).AddYears(10)
+            }
+
+            $Certificate = New-SelfSignedCertificate @CertificateArgs
+            Copy-CertToStore -Certificate $Certificate
+
+            $Thumbprint = $Certificate.Thumbprint
+
+            Set-ChocoEnvironmentProperty CertThumbprint $Thumbprint
+            Set-ChocoEnvironmentProperty CertSubject $CertificateDnsName
+        }
 
-    # Convert license to a "choco-license" package, and install it locally to test
-    Write-Host "Creating a 'chocolatey-license' package, and testing install." -ForegroundColor Green
-    Set-Location $FilesDir
-    .\scripts\Create-ChocoLicensePkg.ps1
-    Remove-Item "$env:SystemDrive\choco-setup\packaging" -Recurse -Force
+        if ($DatabaseCredential) {
+            Set-ChocoEnvironmentProperty DatabaseUser $DatabaseCredential
+        }
+
+        if (Test-Path $FilesDir\files\*.nupkg) {
+            Invoke-Choco source add --name LocalChocolateySetup --source $FilesDir\files\ --Priority 1
+        }
+
+        # Set Choco Server Chocolatey Configuration
+        Invoke-Choco feature enable --name="'excludeChocolateyPackagesDuringUpgradeAll'"
+        Invoke-Choco feature enable --name="'usePackageHashValidation'"
+    
+        # Convert license to a "choco-license" package, and install it locally to test
+        Write-Host "Creating a 'chocolatey-license' package, and testing install." -ForegroundColor Green
+        Set-Location $FilesDir
+        .\scripts\Create-ChocoLicensePkg.ps1
+        Remove-Item "$env:SystemDrive\choco-setup\packaging" -Recurse -Force
 
-    # Kick off unattended running of remaining setup scripts.
-    if ($Unattend) {
         $Certificate = @{}
-        if ($Thumbprint) {$Certificate.Thumbprint = $Thumbprint}
+        if ($Thumbprint) { $Certificate.Thumbprint = $Thumbprint }
 
         Set-Location "$env:SystemDrive\choco-setup\files"
-        .\Start-C4BNexusSetup.ps1
+        .\Start-C4BNexusSetup.ps1 @Certificate
         .\Start-C4bCcmSetup.ps1 @Certificate -DatabaseCredential $DatabaseCredential
-        .\Start-C4bJenkinsSetup.ps1
-        .\Set-SslSecurity.ps1 @Certificate
+        .\Start-C4bJenkinsSetup.ps1 @Certificate
+
+        Complete-C4bSetup -SkipBrowserLaunch:$SkipBrowserLaunch
     }
 } finally {
     $ErrorActionPreference = $DefaultEap