voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update VMware.VMEncryption.psm1

Browse Source 
Update the Set-VMHostCryptoKey to make the RemoveKeys() only apply to vSphere 6.5 and not remove host key when it is in use.
This commit is contained in:
Baoyin Qiao
2019-12-23 17:34:19 +08:00
committed by GitHub
parent 5e66c56742
commit 0d4ba8b4dc
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Modules/VMware.VMEncryption/VMware.VMEncryption.psm1
View File

@@ -224,11 +224,19 @@ Function Set-VMHostCryptoKey {
Write-Error "Change Crypto Key on VMHost: $VMHost failed.$_!`n" Write-Error "Change Crypto Key on VMHost: $VMHost failed.$_!`n"
return return
} }
# Remove the old host key only when connected to vSphere 6.5 to ensure any coredumps are recrypted with the new host key;
# For vSphere 6.7 and above, the ConfigureCryptoKey() will automatically remove the old host key when successfully changed
# the host key.
# Adding below condition to avoid misunderstanding when running against vSphere 6.7 and above.
# Remove the old host key $VCVersion = ($global:DefaultVIServer).Version
Write-Verbose "Removing the old hostKey: $($OldKey.KeyId) on $VMHost...`n" $MajorVersion = $VCVersion.split('.')[0]
$VMHostCM = Get-View $VMHostView.ConfigManager.CryptoManager $MinorVersion = $VCVersion.split('.')[1]
$VMHostCM.RemoveKeys($OldKey, $true) if ($MajorVersion -eq 6 -And $MinorVersion -eq 5) {
Write-Verbose "Removing the old hostKey: $($OldKey.KeyId) on $VMHost...`n"
$VMHostCM = Get-View $VMHostView.ConfigManager.CryptoManager
$VMHostCM.RemoveKeys($OldKey, $false)
}
} }
} }