chandra-goka/sample.ps1

## sample.ps1
<#
    .SYNOPSIS
      Registers this host with ssm agent
    .DESCRIPTION
      Downloads the agent, installs it, must be run as Administrator
#>

$JWT_TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzZXJ2aWNlX2lkIjoiNGM5NjA1MmEtODVjMC00MDZlLWJjZmMtOGI0MWI3OWFiNWY3IiwiZG9tYWluIjoiMTIzNDExNyIsInNlcnZpY2VfdHlwZSI6Ik1BTkFHRURfVk1DIiwidG9rZW5faWQiOiI5OGViOWE0OC1hMjNjLTRiMjMtYWM4Mi1jOWRiNGMxMDFhZTQifQ.kX3aR8X_mO6uSjOMKygTDfNl9Xen0RvCOLHy5-zfpTWwPz7j1XjVPpE24SJztdW7RFdomLCbZ7CA9MFFrcNFv8gyFhlUpe926DIV9TGt1HcC-_KSLtm82PhK5hL8pSDhwj1esPi3xv-JROzgYgfdy_b2aTFdJk4wIxjog7xEIr09ijftfyWZSZglCN7JbmqDMglXJuS1j5fC4Ix9Ji2MUFl2Prb1KNtPLzLSsBYwPYaNi5kxKmFT5VhNJ_6V1p9-QG_vut7A-xFbi_psWJW2xPxzpe2U8sZziEFkZiLHwA1_Whd541f396xz-drJNVFyRa43iqGqGAvvO8B9L0VQDQ"

$error_codes = @{"UNABLE_TO_ACTIVATE"=1; "JOB_RETRIEVE_FAILURE"=2; "NO_JOB_FOUND"=3; "OS_UNSUPPORTED"=4;}

echo "Checking machine id.."
for ($num = 1 ; $num -le 10 ; $num++) {
    $machineId = & 'C:\Program Files\VMware\VMware Tools\rpctool.exe' "info-get guestinfo.machine.id"
    if (!$machineId) {
      echo "Waiting 2 minutes and checking again."
      Start-Sleep -s 120
      continue
    }
    echo "Machine ID found"
    break
}

echo "machineId: $machineId"
if (!$machineId) {
  echo "The installation cannot continue because the guestinfo.machine.id is not set."
  exit 10
}

function Send-Error($error_code, $JWT_TOKEN)
{
    $error_url = "https://api.goss.vdo.manage.rackspace.com/v1.0/instance/jwt/goss/error/{0}" -f $error_code
    Invoke-WebRequest $error_url -Method POST -Headers @{'X-Auth-Token' = $JWT_TOKEN; 'instanceId' = $machineId;} -UseBasicParsing
}

if ($PSVersionTable.PSVersion.Major -lt 3) {
  echo "PowerShell version unsupported."
  exit 10
}

$supported = @("2012", "2016", "2019")

$isServer = (Get-CimInstance Win32_OperatingSystem | Select-Object -expand ProductType) -eq 3
$osName = Get-CimInstance Win32_OperatingSystem | Select-Object -expand Caption
$isVersionSupported = $null -ne ($supported | ? { $osName -match $_ })
$isSupported = ([Environment]::Is64BitOperatingSystem) -and $isServer -and $isVersionSupported

if(-Not $isSupported) {
  echo "Operating System version unsupported."
  Send-Error $error_codes.OS_UNSUPPORTED $JWT_TOKEN
  exit 10
}

$goss_access_url = "https://api.goss.vdo.manage.rackspace.com/v1.0/instance/jwt/goss/activate/{0}" -f $machineId
try {
    $access_job_response = Invoke-WebRequest $goss_access_url -Method POST -Headers @{'X-Auth-Token' = $JWT_TOKEN; 'Content-Type' = 'application/json'} -UseBasicParsing
} catch {
    echo "Unable to create activation for ssm."
    Send-Error $error_codes.UNABLE_TO_ACTIVATE $JWT_TOKEN
    exit 11
}
$job_location = $access_job_response.headers.Location

$status = "RUNNING"
$activation = $null
DO {
    Start-Sleep -s 10
    try {
        $job_status_response = Invoke-WebRequest $job_location -Method GET -Headers @{'X-Auth-Token' = $JWT_TOKEN} -UseBasicParsing
    } catch {
        echo "Failed to get job status while getting activation for SSM"
        Send-Error $error_codes.JOB_RETRIEVE_FAILURE $JWT_TOKEN
        exit 11
    }

        $job_json_response = ConvertFrom-Json $([String]::new($job_status_response.Content))
        $cnt = $job_json_response.data.currentItemCount

        if ($cnt -ne 1) {
            echo "Unexpected response from job status while activating SSM."
            Send-Error $error_codes.NO_JOB_FOUND $JWT_TOKEN
            exit 11
        }

        $status = $job_json_response.data.items[0].status
        $activation = $job_json_response.data.items[0].message
} While ($status -eq "RUNNING")

if ($status -ne "SUCCEEDED") {
    echo "Failed to create an activation for SSM"
    Send-Error $error_codes.UNABLE_TO_ACTIVATE $JWT_TOKEN
    exit 11
}

$activationcode = $activation.activation_code
$activationid = $activation.activation_id
$region = $activation.region


$dir = $env:TEMP + "\ssm"
New-Item -ItemType directory -Path $dir -Force
cd $dir

(New-Object System.Net.WebClient).DownloadFile("https://amazon-ssm-$region.s3.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe", $dir + "\AmazonSSMAgentSetup.exe")
Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/norestart", "/uninstall", "/q", "/log", "install.log") -Wait
Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/norestart", "/q", "/log", "install.log", "CODE=$activationcode", "ID=$activationid", "REGION=$region") -Wait
Get-Content ($env:ProgramData + "\Amazon\SSM\InstanceData\registration")
Get-Service -Name "AmazonSSMAgent"

cd $Env:ProgramFiles\Amazon\SSM
$output = .\ssm-cli.exe get-instance-information | ConvertFrom-Json
$managed_instance_id = $output.psobject.properties["instance-id"].value
echo "ssm_instance_id=$managed_instance_id"
	<#
	.SYNOPSIS
	Registers this host with ssm agent
	.DESCRIPTION
	Downloads the agent, installs it, must be run as Administrator
	#>

	$JWT_TOKEN="eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJzZXJ2aWNlX2lkIjoiNGM5NjA1MmEtODVjMC00MDZlLWJjZmMtOGI0MWI3OWFiNWY3IiwiZG9tYWluIjoiMTIzNDExNyIsInNlcnZpY2VfdHlwZSI6Ik1BTkFHRURfVk1DIiwidG9rZW5faWQiOiI5OGViOWE0OC1hMjNjLTRiMjMtYWM4Mi1jOWRiNGMxMDFhZTQifQ.kX3aR8X_mO6uSjOMKygTDfNl9Xen0RvCOLHy5-zfpTWwPz7j1XjVPpE24SJztdW7RFdomLCbZ7CA9MFFrcNFv8gyFhlUpe926DIV9TGt1HcC-_KSLtm82PhK5hL8pSDhwj1esPi3xv-JROzgYgfdy_b2aTFdJk4wIxjog7xEIr09ijftfyWZSZglCN7JbmqDMglXJuS1j5fC4Ix9Ji2MUFl2Prb1KNtPLzLSsBYwPYaNi5kxKmFT5VhNJ_6V1p9-QG_vut7A-xFbi_psWJW2xPxzpe2U8sZziEFkZiLHwA1_Whd541f396xz-drJNVFyRa43iqGqGAvvO8B9L0VQDQ"

	$error_codes = @{"UNABLE_TO_ACTIVATE"=1; "JOB_RETRIEVE_FAILURE"=2; "NO_JOB_FOUND"=3; "OS_UNSUPPORTED"=4;}

	echo "Checking machine id.."
	for ($num = 1 ; $num -le 10 ; $num++) {
	$machineId = & 'C:\Program Files\VMware\VMware Tools\rpctool.exe' "info-get guestinfo.machine.id"
	if (!$machineId) {
	echo "Waiting 2 minutes and checking again."
	Start-Sleep -s 120
	continue
	}
	echo "Machine ID found"
	break
	}

	echo "machineId: $machineId"
	if (!$machineId) {
	echo "The installation cannot continue because the guestinfo.machine.id is not set."
	exit 10
	}

	function Send-Error($error_code, $JWT_TOKEN)
	{
	$error_url = "https://api.goss.vdo.manage.rackspace.com/v1.0/instance/jwt/goss/error/{0}" -f $error_code
	Invoke-WebRequest $error_url -Method POST -Headers @{'X-Auth-Token' = $JWT_TOKEN; 'instanceId' = $machineId;} -UseBasicParsing
	}

	if ($PSVersionTable.PSVersion.Major -lt 3) {
	echo "PowerShell version unsupported."
	exit 10
	}

	$supported = @("2012", "2016", "2019")

	$isServer = (Get-CimInstance Win32_OperatingSystem \| Select-Object -expand ProductType) -eq 3
	$osName = Get-CimInstance Win32_OperatingSystem \| Select-Object -expand Caption
	$isVersionSupported = $null -ne ($supported \| ? { $osName -match $_ })
	$isSupported = ([Environment]::Is64BitOperatingSystem) -and $isServer -and $isVersionSupported

	if(-Not $isSupported) {
	echo "Operating System version unsupported."
	Send-Error $error_codes.OS_UNSUPPORTED $JWT_TOKEN
	exit 10
	}

	$goss_access_url = "https://api.goss.vdo.manage.rackspace.com/v1.0/instance/jwt/goss/activate/{0}" -f $machineId
	try {
	$access_job_response = Invoke-WebRequest $goss_access_url -Method POST -Headers @{'X-Auth-Token' = $JWT_TOKEN; 'Content-Type' = 'application/json'} -UseBasicParsing
	} catch {
	echo "Unable to create activation for ssm."
	Send-Error $error_codes.UNABLE_TO_ACTIVATE $JWT_TOKEN
	exit 11
	}
	$job_location = $access_job_response.headers.Location

	$status = "RUNNING"
	$activation = $null
	DO {
	Start-Sleep -s 10
	try {
	$job_status_response = Invoke-WebRequest $job_location -Method GET -Headers @{'X-Auth-Token' = $JWT_TOKEN} -UseBasicParsing
	} catch {
	echo "Failed to get job status while getting activation for SSM"
	Send-Error $error_codes.JOB_RETRIEVE_FAILURE $JWT_TOKEN
	exit 11
	}

	$job_json_response = ConvertFrom-Json $([String]::new($job_status_response.Content))
	$cnt = $job_json_response.data.currentItemCount

	if ($cnt -ne 1) {
	echo "Unexpected response from job status while activating SSM."
	Send-Error $error_codes.NO_JOB_FOUND $JWT_TOKEN
	exit 11
	}

	$status = $job_json_response.data.items[0].status
	$activation = $job_json_response.data.items[0].message
	} While ($status -eq "RUNNING")

	if ($status -ne "SUCCEEDED") {
	echo "Failed to create an activation for SSM"
	Send-Error $error_codes.UNABLE_TO_ACTIVATE $JWT_TOKEN
	exit 11
	}

	$activationcode = $activation.activation_code
	$activationid = $activation.activation_id
	$region = $activation.region


	$dir = $env:TEMP + "\ssm"
	New-Item -ItemType directory -Path $dir -Force
	cd $dir

	(New-Object System.Net.WebClient).DownloadFile("https://amazon-ssm-$region.s3.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe", $dir + "\AmazonSSMAgentSetup.exe")
	Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/norestart", "/uninstall", "/q", "/log", "install.log") -Wait
	Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/norestart", "/q", "/log", "install.log", "CODE=$activationcode", "ID=$activationid", "REGION=$region") -Wait
	Get-Content ($env:ProgramData + "\Amazon\SSM\InstanceData\registration")
	Get-Service -Name "AmazonSSMAgent"

	cd $Env:ProgramFiles\Amazon\SSM
	$output = .\ssm-cli.exe get-instance-information \| ConvertFrom-Json
	$managed_instance_id = $output.psobject.properties["instance-id"].value
	echo "ssm_instance_id=$managed_instance_id"