voltron/NodeMgmt
1
1
Fork 0
Code Issues Pull Requests Releases 1 Activity

Update vCenter-SSL.ps1

Browse Source
This commit is contained in:
David Schroeder
2025-11-15 19:56:59 -06:00
parent 6bc7835728
commit c478f4d8b5
1 changed files with 14 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
inc/vCenter-SSL.ps1
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env pwsh
# -----------------------------------------------------------------------------------
# vCenter + Posh-ACME Script using PowerCLI (TLS-safe, ACME fixed)
# vCenter + Posh-ACME Script using PowerCLI (Final Corrected)
# -----------------------------------------------------------------------------------
. /opt/idssys/nodemgmt/conf/powerwall/settings.ps1
@@ -37,9 +37,7 @@ if (-not (Get-Module -ListAvailable -Name VMware.PowerCLI)) {
}
Import-Module VMware.PowerCLI -ErrorAction Stop
# ----------------------------
# Ignore self-signed cert warnings
# ----------------------------
Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false | Out-Null
# ----------------------------
@@ -75,9 +73,16 @@ Import-Module Posh-ACME -ErrorAction Stop
# ----------------------------
# ACME / PowerDNS certificate request
# ----------------------------
# Ensure API key is plain string (Posh-ACME PowerDNS plugin requires string)
if ($PDNSAPI -is [System.Security.SecureString]) {
$PDNSAPI = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($PDNSAPI)
)
}
$pArgs = @{
PowerDNSApiHost = $WDNSHOST
PowerDNSApiKey = $PDNSAPI # Plain string, do NOT convert to SecureString
PowerDNSApiKey = $PDNSAPI
PowerDNSUseTLS = $true
PowerDNSPort = 443
PowerDNSServerName = 'localhost'
@@ -113,7 +118,7 @@ if ($certSuccess) {
}
# ----------------------------
# Upload and apply certificate via REST (PowerCLI session)
# Upload and apply certificate via REST
# ----------------------------
if ($certSuccess) {
try {
@@ -143,12 +148,12 @@ if ($certSuccess) {
}
# ----------------------------
# Restart vpxd service via PowerCLI (safe)
# Restart vpxd service via REST (safe for vCenter appliance)
# ----------------------------
try {
Write-Host "Restarting vpxd service..." -ForegroundColor Yellow
$service = Get-VMHostService -VMHost $VCENTERHOST | Where-Object { $_.Key -eq "vpxd" }
if ($service) { Restart-VMHostService -HostService $service -Confirm:$false }
Write-Host "Restarting vpxd service via REST..." -ForegroundColor Yellow
$uriRestart = "https://$VCENTERHOST/rest/appliance/system/services/vpxd?action=restart"
Invoke-RestMethod -Uri $uriRestart -Method Post -Headers $sessionHeaders -SkipCertificateCheck
Write-Host "vpxd service restart requested." -ForegroundColor Yellow
} catch {
Write-Host "Failed to restart vpxd service: $($_.Exception.Message)" -ForegroundColor Yellow