225 lines
8.7 KiB
PowerShell
225 lines
8.7 KiB
PowerShell
#!/usr/bin/env pwsh
|
|
# -----------------------------------------------------------------------------------
|
|
# Linux-safe vCenter + Posh-ACME Script (Fully Fixed)
|
|
# - SSL validation bypass (Linux-compatible)
|
|
# - Proper ErrorRecord handling
|
|
# - PowerDNS plugin works (plain string API key)
|
|
# - Fault-tolerant certificate handling
|
|
# -----------------------------------------------------------------------------------
|
|
|
|
. /opt/idssys/nodemgmt/conf/powerwall/settings.ps1
|
|
|
|
# ----------------------------
|
|
# Global variables for troubleshooting
|
|
# ----------------------------
|
|
$global:helpme = $null
|
|
$global:responseBody = $null
|
|
|
|
# ----------------------------
|
|
# Error handler
|
|
# ----------------------------
|
|
function Show-Failure {
|
|
param([System.Management.Automation.ErrorRecord]$ErrorRecord)
|
|
|
|
$global:responseBody = "<No response body available>"
|
|
|
|
try {
|
|
$ex = $ErrorRecord.Exception
|
|
if ($ex.Response -is [System.Net.Http.HttpResponseMessage]) {
|
|
try { $global:responseBody = $ex.Response.Content.ReadAsStringAsync().GetAwaiter().GetResult() } catch { $global:responseBody = "<Failed to read HTTP content>" }
|
|
} elseif ($ex.Response -is [System.Net.WebResponse]) {
|
|
try {
|
|
$stream = $ex.Response.GetResponseStream()
|
|
if ($stream) { $global:responseBody = [System.IO.StreamReader]::new($stream).ReadToEnd() }
|
|
} catch { $global:responseBody = "<Failed to read WebResponse>" }
|
|
} else { $global:responseBody = $ex.Message }
|
|
} catch { $global:responseBody = "<Error extracting failure detail>" }
|
|
|
|
$global:helpme = $global:responseBody
|
|
|
|
Write-Host "----------------------------------------" -ForegroundColor Red
|
|
Write-Host "Status: A system exception was caught." -ForegroundColor Red
|
|
Write-Host $global:responseBody -ForegroundColor Red
|
|
Write-Host "The request/response body has been saved to `$global:helpme" -ForegroundColor Red
|
|
Write-Host "----------------------------------------" -ForegroundColor Red
|
|
|
|
exit 1
|
|
}
|
|
|
|
# ----------------------------
|
|
# HttpClient wrapper (TLS1.2, skip cert check, no decompression)
|
|
# ----------------------------
|
|
function Invoke-SafeRestMethod {
|
|
param(
|
|
[Parameter(Mandatory=$true)][string]$Uri,
|
|
[string]$Method = 'GET',
|
|
[hashtable]$Headers = @{},
|
|
$Body = $null,
|
|
[switch]$AsJson,
|
|
[int]$TimeoutSec = 60
|
|
)
|
|
|
|
try {
|
|
$handler = [System.Net.Http.HttpClientHandler]::new()
|
|
$handler.AutomaticDecompression = [System.Net.DecompressionMethods]::None
|
|
# Proper SSL bypass
|
|
$handler.ServerCertificateCustomValidationCallback = { param($sender, $cert, $chain, $sslPolicyErrors) return $true }
|
|
|
|
$client = [System.Net.Http.HttpClient]::new($handler)
|
|
$client.Timeout = [System.TimeSpan]::FromSeconds($TimeoutSec)
|
|
|
|
foreach ($k in $Headers.Keys) {
|
|
$client.DefaultRequestHeaders.Remove($k) | Out-Null
|
|
$client.DefaultRequestHeaders.Add($k, $Headers[$k])
|
|
}
|
|
|
|
if ($Body -ne $null) {
|
|
if ($AsJson) {
|
|
$jsonBody = $Body | ConvertTo-Json -Depth 12 -Compress
|
|
$content = [System.Net.Http.StringContent]::new($jsonBody, [System.Text.Encoding]::UTF8, 'application/json')
|
|
} else {
|
|
$content = [System.Net.Http.StringContent]::new($Body)
|
|
}
|
|
} else { $content = $null }
|
|
|
|
$methodObj = [System.Net.Http.HttpMethod]::$Method
|
|
$request = [System.Net.Http.HttpRequestMessage]::new($methodObj, $Uri)
|
|
if ($content) { $request.Content = $content }
|
|
|
|
$response = $client.SendAsync($request).GetAwaiter().GetResult()
|
|
$respBody = if ($response.Content) { $response.Content.ReadAsStringAsync().GetAwaiter().GetResult() } else { $null }
|
|
|
|
if ($response.IsSuccessStatusCode) {
|
|
if ($respBody -and $respBody.Trim().Length -gt 0) {
|
|
try { return $respBody | ConvertFrom-Json } catch { return $respBody }
|
|
} else { return $respBody }
|
|
} else {
|
|
throw [System.Net.Http.HttpRequestException]::new("HTTP $($response.StatusCode): $($response.ReasonPhrase)", $null, $response)
|
|
}
|
|
} catch {
|
|
Show-Failure -ErrorRecord $_
|
|
} finally {
|
|
$client.Dispose()
|
|
$handler.Dispose()
|
|
}
|
|
}
|
|
|
|
# ----------------------------
|
|
# Variables
|
|
# ----------------------------
|
|
$vCenterURL = $VCENTERHOST
|
|
$CommonName = $VCENTERHOST
|
|
$EmailContact = $ACMEEMAIL
|
|
|
|
[PSCredential]$Credential = New-Object System.Management.Automation.PSCredential -ArgumentList $VCENTERUSER, (ConvertTo-SecureString $VCENTERPASS -AsPlainText -Force)
|
|
|
|
# PowerDNS plugin args (plain string API key!)
|
|
$pArgs = @{
|
|
PowerDNSApiHost = $WDNSHOST
|
|
PowerDNSApiKey = $PDNSAPI
|
|
PowerDNSUseTLS = $true
|
|
PowerDNSPort = 443
|
|
PowerDNSServerName = 'localhost'
|
|
}
|
|
|
|
# ----------------------------
|
|
# Ensure Posh-ACME Module
|
|
# ----------------------------
|
|
if (-not (Get-Module -ListAvailable -Name Posh-ACME)) {
|
|
Install-Module -Name Posh-ACME -Force -Confirm:$false -Scope AllUsers
|
|
}
|
|
Import-Module Posh-ACME -ErrorAction Stop
|
|
|
|
# ----------------------------
|
|
# Connect to vCenter API
|
|
# ----------------------------
|
|
$loginUri = "https://$vCenterURL/rest/com/vmware/cis/session"
|
|
Write-Host "Connecting to vCenter at $vCenterURL ..." -ForegroundColor Cyan
|
|
|
|
try {
|
|
$sessionResponse = Invoke-SafeRestMethod -Uri $loginUri -Method Post -Headers @{}
|
|
$sessionToken = $sessionResponse.value
|
|
if (-not $sessionToken) {
|
|
throw [System.Exception] "Unable to obtain vCenter session token"
|
|
}
|
|
} catch {
|
|
Show-Failure -ErrorRecord $_
|
|
}
|
|
|
|
$headers = @{ 'vmware-api-session-id' = $sessionToken }
|
|
Write-Host "Connected to vCenter API. Session established." -ForegroundColor Green
|
|
|
|
# ----------------------------
|
|
# Retrieve VM list (optional)
|
|
# ----------------------------
|
|
try {
|
|
$vmList = Invoke-SafeRestMethod -Uri "https://$vCenterURL/rest/vcenter/vm" -Headers $headers
|
|
if ($vmList.value) { $vmList.value | ForEach-Object { Write-Host " - $($_.name)" } }
|
|
} catch { Write-Host "Unable to retrieve VM list, continuing..." -ForegroundColor Yellow }
|
|
|
|
# ----------------------------
|
|
# Fault-tolerant ACME certificate request
|
|
# ----------------------------
|
|
$certName = "vcenter-cert"
|
|
$certSuccess = $false
|
|
try {
|
|
Write-Host "Requesting certificate via Posh-ACME..." -ForegroundColor Cyan
|
|
New-PACertificate -Domain $CommonName -DnsPlugin PowerDNS -PluginArgs $pArgs -Contact $EmailContact -AcceptTOS -Verbose -Force
|
|
$certSuccess = $true
|
|
} catch {
|
|
Write-Host "ACME certificate request failed: $($_.Exception.Message)" -ForegroundColor Yellow
|
|
$global:helpme = $_.Exception.Message
|
|
}
|
|
|
|
# ----------------------------
|
|
# Collect certificate paths
|
|
# ----------------------------
|
|
if ($certSuccess) {
|
|
$paAccount = Get-PAAccount
|
|
$certFolder = $paAccount.CertFolder
|
|
$certPath = Join-Path $certFolder "$certName\cert.pem"
|
|
$keyPath = Join-Path $certFolder "$certName\privkey.pem"
|
|
$chainPath = Join-Path $certFolder "$certName\chain.pem"
|
|
|
|
foreach ($f in @($certPath, $keyPath, $chainPath)) {
|
|
if (-not (Test-Path $f)) {
|
|
Write-Host "Certificate file missing: $f" -ForegroundColor Yellow
|
|
$certSuccess = $false
|
|
}
|
|
}
|
|
}
|
|
|
|
# ----------------------------
|
|
# Upload and apply certificate
|
|
# ----------------------------
|
|
if ($certSuccess) {
|
|
try {
|
|
Invoke-SafeRestMethod -Uri "https://$vCenterURL/rest/vcenter/certificate-management/vcenter/tls" -Method Post -Headers $headers -Body @{
|
|
cert = Get-Content -Path $certPath -Raw
|
|
key = Get-Content -Path $keyPath -Raw
|
|
chain = Get-Content -Path $chainPath -Raw
|
|
} -AsJson
|
|
Write-Host "Certificate uploaded successfully." -ForegroundColor Green
|
|
Invoke-SafeRestMethod -Uri "https://$vCenterURL/rest/vcenter/certificate-management/vcenter/tls?action=apply" -Method Post -Headers $headers
|
|
Write-Host "TLS certificate applied." -ForegroundColor Green
|
|
} catch {
|
|
Write-Host "Certificate upload/apply failed: $($_.Exception.Message)" -ForegroundColor Yellow
|
|
$global:helpme = $_.Exception.Message
|
|
}
|
|
} else {
|
|
Write-Host "Skipping certificate upload/apply due to previous errors." -ForegroundColor Yellow
|
|
}
|
|
|
|
# ----------------------------
|
|
# Restart vpxd service
|
|
# ----------------------------
|
|
try {
|
|
Invoke-SafeRestMethod -Uri "https://$vCenterURL/rest/appliance/system/services/vpxd?action=restart" -Method Post -Headers $headers
|
|
Write-Host "vCenter vpxd service restart requested." -ForegroundColor Yellow
|
|
} catch {
|
|
Write-Host "Failed to restart vpxd service: $($_.Exception.Message)" -ForegroundColor Yellow
|
|
$global:helpme = $_.Exception.Message
|
|
}
|
|
|
|
Write-Host "Script completed. Check `$global:helpme for any error details." -ForegroundColor Green
|