Self service: agent version: default to "latest"

[Al2Klimov]

fixes #2965
fixes Icinga/icinga-powershell-framework#795

ref/IP/58492

CC @slalomsk8er

As discussed in Icinga/icinga-powershell-framework#795 (comment), pinning agent versions is a delayed shoot in the foot. Luckily IfW accepts "latest"!

Test

Spoiler: IfW accepts "latest" as version 👍

PS C:\Users\Administrator> & $ScriptFile `
>>     -ModuleDirectory  'C:\Program Files\WindowsPowerShell\Modules\' `
>>     -InstallCommand   '{"IfW-DirectorSelfServiceKey":{"Values":["61b1bc1cbbcd6bd49ebeab7cf60efedb54564b57"]},"IfW-DirectorUrl":{"Values":["http://10.27.0.54/icingaweb2/director/"]},"IfW-StableRepository":{"Values":["https://packages.icinga.com/IcingaForWindows/stable"]}}' `
>>     -IcingaRepository 'https://packages.icinga.com/IcingaForWindows/stable/ifw.repo.json'
[Notice]: Starting Icinga for Windows installation
[Notice]: Repository "Icinga Stable" is already registered. Forcing override of data.
[Error]: Failed to convert retreived content from repository "Icinga Stable" with location "https://packages.icinga.com/IcingaForWindows/stable" to JSON
[Notice]: Unable to fetch Icinga for Windows repository information for repository "Icinga Stable" from provided location. Trying different lookup by adding "ifw.repo.json" to the end of the remote path.
[Notice]: Downloading "agent" from "https://packages.icinga.com/IcingaForWindows/stable/agent/Icinga2-v2.14.5-x86_64.msi"
[Notice]: Installing component "agent" with version "2.14.5" into "C:\Program Files\ICINGA2"
[Notice]: Successfully backed up Icinga 2 Agent default config
[Passed]: The specified user "NT Authority\NetworkService" is allowed to run as service
[Passed]: Directory "C:\ProgramData\icinga2\etc" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\ProgramData\icinga2\var" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\cache" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\config" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Notice]: Service User "NT Authority\NetworkService" for service "icinga2" successfully updated
[Notice]: Installation of component "agent" with version "2.14.5" was successful.
[Notice]: Your hostname was successfully changed to "akw16"
[Notice]: The Icinga Service User already has permission to run as service
[Passed]: Directory "C:\ProgramData\icinga2\etc" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\ProgramData\icinga2\var" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\cache" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\config" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Notice]: Service User "NT Authority\NetworkService" for service "icinga2" successfully updated
[Passed]: Directory "C:\ProgramData\icinga2\etc" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\ProgramData\icinga2\var" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\cache" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\config" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Notice]: Feature "checker" was successfully disabled
[Notice]: Feature "notification" was successfully disabled
[Notice]: Feature "api" was successfully enabled
[Notice]: Api configuration has been written successfully
[Notice]: Windows Eventlog configuration has been written successfully to use severity level: warning - Please restart the Icinga Agent to apply this change
[Notice]: Generating host certificates for host "akw16"
[Notice]: information/base: Writing private key to 'C:\ProgramData\icinga2\var\lib\icinga2\certs\akw16.key'.
information/base: Writing X509 certificate to 'C:\ProgramData\icinga2\var\lib\icinga2\certs\akw16.crt'.
[Notice]: Fetching trusted master certificate from "10.27.0.54"
[Notice]: information/cli: Retrieving TLS certificate for '10.27.0.54:5665'.

 Version:             3
 Subject:             CN = akd
 Issuer:              CN = Icinga CA
 Valid From:          Mar 24 14:09:57 2025 GMT
 Valid Until:         Apr 25 14:09:57 2026 GMT
 Serial:              6b:2f:b8:e6:8d:ec:90:3b:95:56:19:f0:a8:8e:96:38:c7:cc:b1:8c

 Signature Algorithm: sha256WithRSAEncryption
 Subject Alt Names:   akd
 Fingerprint:         9C D9 33 69 F9 9E 3F BC 67 11 75 CA C2 21 03 A7 CE CB D5 ED 10 02 D8 86 A2 1A 0E 41 3B 53 31 E8

***
*** You have to ensure that this certificate actually matches the parent
*** instance's certificate in order to avoid man-in-the-middle attacks.
***

information/pki: Writing certificate to file 'C:\ProgramData\icinga2\var\lib\icinga2\certs\trusted-parent.crt'.
[Notice]: information/cli: Writing CA certificate to file 'C:\ProgramData\icinga2\var\lib\icinga2\certs\ca.crt'.
information/cli: Writing signed certificate to file 'C:\ProgramData\icinga2\var\lib\icinga2\certs\akw16.crt'.
[Notice]: Icinga certificates successfully installed
[Notice]: Icinga Agent zones.conf has been written successfully
[Notice]: Successfully enabled firewall for port "5665"
[Passed]: Icinga Agent service is installed
[Passed]: The specified user "NT Authority\NetworkService" is allowed to run as service
[Passed]: Directory "C:\ProgramData\icinga2\etc" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\ProgramData\icinga2\var" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\cache" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\config" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: Directory "C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate" is accessible and writable by the Icinga Service User "NT Authority\NetworkService"
[Passed]: The Icinga Agent state file does not exist
[Passed]: Icinga Agent configuration is valid
[Passed]: Icinga Agent debug log is disabled
[Notice]: Restarting service "icinga2"
[Notice]: Background daemon Cmdlet "Start-IcingaWindowsRESTApi" has been configured
[Warning]: You have selected to install the Api-Check feature and all required configurations were made. The Icinga for Windows service is however not marked for installation, which will cause this feature to not work.
[Notice]: Successfully enabled service recovery for service "icinga2"
[Notice]: The task "Renew Certificate" has been successfully registered at location "\Icinga\Icinga for Windows\".
[Warning]: The service "icingapowershell" is not installed
[Warning]: The service "icingapowershell" is not installed

[Al2Klimov]

[raviks789]

This is not related to the issue, if I understand correctly. Please fix this in a separate PR.

[Al2Klimov]

• Self service: fix timing attack #3012

[raviks789]

LGTM!

[lippserd]

@raviks789 Please feel free to merge.