Sorry, we don't support your browser.  Install a modern browser

Ability to push ICG Config to devices automatically#79

Subscribe to updates
D

It would be great if one could either do a scheduled job or a profile that would automatically push ICG config information to a device versus having to go right click on a device and select ICG Configuration > Send ICG configurations.

3 years ago
D

Though I do still agree with having this as a feature, there is a workaround that was mentioned in Slack: ICG-Auto-Enrollment Script

I modified that a bit and came up with the script below:

# Define Variables (FINGERPRINT, ICGFQDN, ICGPORT, and ICGOTP may be different for each environment
FILE=/wfs/icgcert.crt
# FINGERPRINT needs to have the colons so it will compare properly to the one in an existing certificate
FINGERPRINT=99:30:41:27:6f:fa:01:e0:27:a2:aa:d4:9e:34:c3:78:46:d3:e9:76:ff:6a:62:0b:67:67:e3:38:32:04:2a:a2
ICGFQDN=icg.domain.com
ICGOTP=YourOTP
ICGPORT=8443
# ICGCONFIGFINGERPRINT takes what is entered for FINGEPRINT and removes the colons to be used with icg-config
ICGCONFIGFINGERPRINT="$(echo "$FINGERPRINT" | sed 's/://g')"
# Check if /wfs/icgcert.crt exists
if [ -f "$FILE" ]; then
    # Get the fingerprint from the current /wfs/icgcert.crt certificate
    CRT="$(openssl x509 -noout -fingerprint -sha256 -inform pem -in "$FILE" | cut -f2 -d'=')";
    # Check if the fingerprint of the current certificate matches the one entered for the FINGERPRINT variable
    if [ "$CRT" != "$FINGERPRINT" ]; then 
        # If the fingerprints do not match, remove /wfs/icgcert.crt and /wfs/icg-checksums
        rm "$FILE";
        rm /wfs/icg-checksums;
        # Run command to connect to new ICG
        icg-config -s "$ICGFQDN" -p "$ICGPORT" -o "$ICGOTP" -f "$ICGCONFIGFINGERPRINT" | $LOGGER;
    fi
else
    # If /wfs/icgcert.crt does not exist, then run command to connect to ICG
    icg-config -s "$ICGFQDN" -p "$ICGPORT" -o "$ICGOTP" -f "$ICGCONFIGFINGERPRINT" | $LOGGER;
fi
3 years ago
1
P

Hey David, so, do you think we still need to put this as feature proposal or is your script a solution for itself?

3 years ago
P
Changed the status to
Feedback needed
3 years ago
D

I think it should still be added as a feature.

3 years ago
P

We are in preparation for OS12 and most of our Development resources are focused on that main topic. Please be patient, we will continue our review of your suggestion in the meantime and try to put as much as we can in the OS12/upcoming ICG/UMS integration. Please stay tuned!

3 years ago
P

We have passed this feedback to PM. They are evaluating it. I can’t promise it will get implemented sonish but at least they are looking at it!

2 years ago
P
Changed the status to
Qualified by Igel
a year ago

We would also appreciate an automated possibility to enroll the ICG config to the clients with a task.

a year ago
Add your suggestion