From 8492a39009a6e6194f1acb516ffcf74f4e4f9406 Mon Sep 17 00:00:00 2001
From: Lord Hepipud <contact@lordhepipud.de>
Date: Thu, 9 Sep 2021 18:23:37 +0200
Subject: [PATCH] Fixes Icinga env corruption on Agent failure

---
 doc/100-General/10-Changelog.md               |  1 +
 .../Start-IcingaForWindowsInstallation.psm1   | 45 +++++++++++--------
 2 files changed, 27 insertions(+), 19 deletions(-)

diff --git a/doc/100-General/10-Changelog.md b/doc/100-General/10-Changelog.md
index 06db311e..a08906c7 100644
--- a/doc/100-General/10-Changelog.md
+++ b/doc/100-General/10-Changelog.md
@@ -16,6 +16,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
 * [#361](https://github.com/Icinga/icinga-powershell-framework/issues/361) Fixes IMC freeze on Icinga Director Self-Service installation, in case no Agent installation set on Self-Service API config
 * [#362](https://github.com/Icinga/icinga-powershell-framework/issues/362) Fixes repository component installation from file share locations
 * [#363](https://github.com/Icinga/icinga-powershell-framework/issues/363) Fixes unneeded continue for JEA process lookup, in case no JEA pid is present
+* [#365](https://github.com/Icinga/icinga-powershell-framework/issues/365) Fixes Icinga environment corruption on Icinga Agent installation failure
 
 ### Enhancements
 
diff --git a/lib/core/installer/Start-IcingaForWindowsInstallation.psm1 b/lib/core/installer/Start-IcingaForWindowsInstallation.psm1
index b3ac2434..87c53a20 100644
--- a/lib/core/installer/Start-IcingaForWindowsInstallation.psm1
+++ b/lib/core/installer/Start-IcingaForWindowsInstallation.psm1
@@ -165,28 +165,35 @@ function Start-IcingaForWindowsInstallation()
     if ($InstallAgent) {
         Set-IcingaPowerShellConfig -Path 'Framework.Icinga.AgentLocation' -Value $AgentInstallDir;
         Install-IcingaComponent -Name 'agent' -Version $AgentVersion -Confirm -Release;
-        Reset-IcingaAgentConfigFile;
-        Move-IcingaAgentDefaultConfig;
-        Set-IcingaAgentNodeName -Hostname $Hostname;
-        Set-IcingaAgentServiceUser -User $ServiceUser -Password (ConvertTo-IcingaSecureString $ServicePassword) -SetPermission | Out-Null;
-        Install-IcingaAgentBaseFeatures;
-        Write-IcingaAgentApiConfig -Port $IcingaPort;
-    }
 
-    if ((Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $IcingaCAServer -Port $IcingaPort -CACert $CertificateCAFile -Ticket $CertificateTicket) -eq $FALSE) {
-        Disable-IcingaAgentFeature 'api';
-        Write-IcingaConsoleWarning `
-            -Message '{0}{1}{2}{3}{4}' `
-            -Objects (
-                'Your Icinga Agent API feature has been disabled. Please provide either your ca.crt ',
-                'or connect to a parent node for certificate requests. You can run "Install-IcingaAgentCertificates" ',
-                'with your configuration to properly create the host certificate and a valid certificate request. ',
-                'After this you can enable the API feature by using "Enable-IcingaAgentFeature api" and restart the ',
-                'Icinga Agent service "Restart-IcingaService icinga2"'
-            );
+        # Only continue this, if our installation was successful
+        if ((Get-IcingaAgentInstallation).Installed) {
+            Reset-IcingaAgentConfigFile;
+            Move-IcingaAgentDefaultConfig;
+            Set-IcingaAgentNodeName -Hostname $Hostname;
+            Set-IcingaAgentServiceUser -User $ServiceUser -Password (ConvertTo-IcingaSecureString $ServicePassword) -SetPermission | Out-Null;
+            Install-IcingaAgentBaseFeatures;
+            Write-IcingaAgentApiConfig -Port $IcingaPort;
+        }
     }
 
-    Write-IcingaAgentZonesConfig -Endpoints $IcingaEndpoints -EndpointConnections $IcingaParentAddresses -ParentZone $IcingaZone -GlobalZones $GlobalZones -Hostname $Hostname;
+    # Only continue this, if our installation was successful
+    if ((Get-IcingaAgentInstallation).Installed) {
+        if ((Install-IcingaAgentCertificates -Hostname $Hostname -Endpoint $IcingaCAServer -Port $IcingaPort -CACert $CertificateCAFile -Ticket $CertificateTicket) -eq $FALSE) {
+            Disable-IcingaAgentFeature 'api';
+            Write-IcingaConsoleWarning `
+                -Message '{0}{1}{2}{3}{4}' `
+                -Objects (
+                    'Your Icinga Agent API feature has been disabled. Please provide either your ca.crt ',
+                    'or connect to a parent node for certificate requests. You can run "Install-IcingaAgentCertificates" ',
+                    'with your configuration to properly create the host certificate and a valid certificate request. ',
+                    'After this you can enable the API feature by using "Enable-IcingaAgentFeature api" and restart the ',
+                    'Icinga Agent service "Restart-IcingaService icinga2"'
+                );
+        }
+
+        Write-IcingaAgentZonesConfig -Endpoints $IcingaEndpoints -EndpointConnections $IcingaParentAddresses -ParentZone $IcingaZone -GlobalZones $GlobalZones -Hostname $Hostname;
+    }
 
     if ($InstallService) {
         Set-IcingaPowerShellConfig -Path 'Framework.Icinga.IcingaForWindowsService' -Value $WindowsServiceDir;