Update vCenter-SSL.ps1
This commit is contained in:
@@ -44,7 +44,7 @@ function Show-Failure {
|
|||||||
param([System.Management.Automation.ErrorRecord]$ErrorRecord)
|
param([System.Management.Automation.ErrorRecord]$ErrorRecord)
|
||||||
$msg = $ErrorRecord.Exception.Message
|
$msg = $ErrorRecord.Exception.Message
|
||||||
|
|
||||||
Write-Log ERROR $msg
|
Write-Log ERROR $msg -ForegroundColor Red
|
||||||
Write-Host "======================================================" -ForegroundColor Red
|
Write-Host "======================================================" -ForegroundColor Red
|
||||||
Write-Host "ERROR: $msg" -ForegroundColor Red
|
Write-Host "ERROR: $msg" -ForegroundColor Red
|
||||||
Write-Host "======================================================" -ForegroundColor Red
|
Write-Host "======================================================" -ForegroundColor Red
|
||||||
@@ -77,7 +77,7 @@ try {
|
|||||||
if (-not (Get-Module -ListAvailable -Name Posh-ACME)) {
|
if (-not (Get-Module -ListAvailable -Name Posh-ACME)) {
|
||||||
Install-Module Posh-ACME -Force -Scope AllUsers
|
Install-Module Posh-ACME -Force -Scope AllUsers
|
||||||
}
|
}
|
||||||
Import-Module Posh-ACME -ErrorAction Stop *>$null
|
Import-Module Posh-ACME -ErrorAction Stop *>$null -ForegroundColor Red
|
||||||
Write-Log INFO "Posh-ACME loaded."
|
Write-Log INFO "Posh-ACME loaded."
|
||||||
} catch { Show-Failure $_ }
|
} catch { Show-Failure $_ }
|
||||||
|
|
||||||
@@ -100,7 +100,7 @@ try {
|
|||||||
$vms = Get-VM
|
$vms = Get-VM
|
||||||
Write-Log INFO "Retrieved $($vms.Count) VMs from vCenter."
|
Write-Log INFO "Retrieved $($vms.Count) VMs from vCenter."
|
||||||
} catch {
|
} catch {
|
||||||
Write-Log WARN "Failed to enumerate VMs: $($_.Exception.Message)"
|
Write-Log WARN "Failed to enumerate VMs: $($_.Exception.Message)" -ForegroundColor Orange
|
||||||
}
|
}
|
||||||
|
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
@@ -119,7 +119,7 @@ try {
|
|||||||
Select-Object -First 1
|
Select-Object -First 1
|
||||||
}
|
}
|
||||||
} catch {
|
} catch {
|
||||||
Write-Log WARN "Failed to query Posh-ACME certificates: $($_.Exception.Message)"
|
Write-Log WARN "Failed to query Posh-ACME certificates: $($_.Exception.Message)" -ForegroundColor Orange
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($paCert) {
|
if ($paCert) {
|
||||||
@@ -134,7 +134,7 @@ if ($paCert) {
|
|||||||
$needNewCert = $false
|
$needNewCert = $false
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
Write-Log WARN "No existing cert found — issuance required."
|
Write-Log WARN "No existing cert found — issuance required." -ForegroundColor Orange
|
||||||
$needNewCert = $true
|
$needNewCert = $true
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -167,17 +167,17 @@ if ($needNewCert) {
|
|||||||
$paCert = Get-PACertificate
|
$paCert = Get-PACertificate
|
||||||
Write-Log INFO ("New certificate issued: NotAfter={0}" -f $paCert.NotAfter)
|
Write-Log INFO ("New certificate issued: NotAfter={0}" -f $paCert.NotAfter)
|
||||||
} catch {
|
} catch {
|
||||||
Write-Log ERROR ("ACME issuance failed: {0}" -f $_.Exception.Message)
|
Write-Log ERROR ("ACME issuance failed: {0}" -f $_.Exception.Message) -ForegroundColor Red
|
||||||
if (-not $paCert) {
|
if (-not $paCert) {
|
||||||
Write-Log ERROR "No fallback certificate exists — aborting."
|
Write-Log ERROR "No fallback certificate exists — aborting." -ForegroundColor Red
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
Write-Log WARN "Using existing Posh-ACME certificate."
|
Write-Log WARN "Using existing Posh-ACME certificate." -ForegroundColor Orange
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (-not $paCert) {
|
if (-not $paCert) {
|
||||||
Write-Log ERROR "No usable certificate available — aborting."
|
Write-Log ERROR "No usable certificate available — aborting." -ForegroundColor Red
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -185,23 +185,23 @@ if ($needNewCert) {
|
|||||||
# # ----------------------------
|
# # ----------------------------
|
||||||
# # Certificate file resolution
|
# # Certificate file resolution
|
||||||
# # ----------------------------
|
# # ----------------------------
|
||||||
# $certFolder = Split-Path $paCert.CertFile -Parent
|
$certFolder = Split-Path $paCert.CertFile -Parent
|
||||||
#
|
|
||||||
# $certPath = Join-Path $certFolder "cert.cer"
|
$certPath = Join-Path $certFolder "cert.cer"
|
||||||
# $keyPath = Join-Path $certFolder "cert.key"
|
$keyPath = Join-Path $certFolder "cert.key"
|
||||||
# $chainPath = Join-Path $certFolder "chain.cer"
|
$chainPath = Join-Path $certFolder "chain.cer"
|
||||||
#
|
|
||||||
# Write-Log INFO "Using cert folder: $certFolder"
|
Write-Log INFO "Using cert folder: $certFolder"
|
||||||
# Write-Log INFO " CERT : $certPath"
|
Write-Log INFO " CERT : $certPath"
|
||||||
# Write-Log INFO " KEY : $keyPath"
|
Write-Log INFO " KEY : $keyPath"
|
||||||
# Write-Log INFO " CHAIN: $chainPath"
|
Write-Log INFO " CHAIN: $chainPath"
|
||||||
#
|
|
||||||
# foreach ($f in @($certPath,$keyPath,$chainPath)) {
|
foreach ($f in @($certPath,$keyPath,$chainPath)) {
|
||||||
# if (-not (Test-Path $f)) {
|
if (-not (Test-Path $f)) {
|
||||||
# Write-Log ERROR "Missing cert file: $f"
|
Write-Log ERROR "Missing cert file: $f" -ForegroundColor Red
|
||||||
# exit 1
|
exit 1
|
||||||
# }
|
}
|
||||||
# }
|
}
|
||||||
|
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
# Add CA chain to trusted store (remove duplicates)
|
# Add CA chain to trusted store (remove duplicates)
|
||||||
@@ -219,7 +219,7 @@ if ($needNewCert) {
|
|||||||
Add-VITrustedCertificate -PemCertificateOrChain $pemChain -VCenterOnly -Confirm:$false | Out-Null
|
Add-VITrustedCertificate -PemCertificateOrChain $pemChain -VCenterOnly -Confirm:$false | Out-Null
|
||||||
|
|
||||||
} catch {
|
} catch {
|
||||||
Write-Log WARN "Failed to manage CA trust entries: $($_.Exception.Message)"
|
Write-Log WARN "Failed to manage CA trust entries: $($_.Exception.Message)" -FvoregroundColor Orange
|
||||||
}
|
}
|
||||||
|
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
@@ -235,7 +235,7 @@ if ($needNewCert) {
|
|||||||
$needPush = $false
|
$needPush = $false
|
||||||
}
|
}
|
||||||
} catch {
|
} catch {
|
||||||
Write-Log WARN "Unable to read vCenter cert, assuming update required."
|
Write-Log WARN "Unable to read vCenter cert, assuming update required." -ForegroundColor Orange
|
||||||
}
|
}
|
||||||
|
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
@@ -266,7 +266,7 @@ if ($needNewCert) {
|
|||||||
$null = $svc | Restart-VIApplianceService -Confirm:$false
|
$null = $svc | Restart-VIApplianceService -Confirm:$false
|
||||||
Write-Log INFO "vpxd restarted successfully."
|
Write-Log INFO "vpxd restarted successfully."
|
||||||
} catch {
|
} catch {
|
||||||
Write-Log WARN "vpxd restart failed: $($_.Exception.Message)"
|
Write-Log WARN "vpxd restart failed: $($_.Exception.Message)" -ForegroundColor Orange
|
||||||
}
|
}
|
||||||
|
|
||||||
# ----------------------------
|
# ----------------------------
|
||||||
@@ -280,7 +280,7 @@ if ($needNewCert) {
|
|||||||
$result = bash -c $sshCmd
|
$result = bash -c $sshCmd
|
||||||
Write-Log INFO "Veeam rescan result: $result"
|
Write-Log INFO "Veeam rescan result: $result"
|
||||||
} catch {
|
} catch {
|
||||||
Write-Log WARN "Veeam rescan failed: $($_.Exception.Message)"
|
Write-Log WARN "Veeam rescan failed: $($_.Exception.Message)" -ForegroundColor Orange
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user