voltron/PowerCLI-Example-Scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update the module to support the new feature introduced in PowerCLI

Browse Source 
12.1.0 for vCenter Server 7.0.1: Add-TrustedHost should be used only for
   7.0.0, use 'Set-TrustedCluster -Remediate' for 7.0.1 for
     TrustedCluster adding a new host
This commit is contained in:
Carrie Yang
2020-10-13 10:57:36 +08:00
parent dc5a755805
commit f4eb24821f
3 changed files with 310 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Modules/VMware.TrustedInfrastructure.Helper/README.md
View File

@@ -1,11 +1,11 @@
Prerequisites/Steps to use this module: Prerequisites/Steps to use this module:
1. You must be a Trust Authority Administrator, a part of the TrustedAdmins group and also have the "Host.Inventory.Add Host To Cluster" privilege on vCenter system. 1. You must be a Trust Authority Administrator, a part of the TrustedAdmins group and also have the "Host.Inventory.Add Host To Cluster" privilege on vCenter system.
2. The ESXi host must be wiped from existing Trusted Infrastructure configuration. If the ESXi host has been previously configured as part of vSphere Trust Authority (part of a vCenter configured for vSphere Trust Authority, a Trust Authority Cluster or Trusted Cluster), you must use the decommission script first. 2. The ESXi host must be wiped from existing Trusted Infrastructure configuration. If the ESXi host has been previously configured as part of vSphere Trust Authority (part of a vCenter configured for vSphere Trust Authority, a Trust Authority Cluster or Trusted Cluster), you must use the decommission script first.
3. Clusters should be in a healthy state (check all vSphere Trust Authority APIs which return Health field). 3. TrustAuthorityCluster and TrustedCluster should be in a healthy state (check all vSphere Trust Authority APIs which return Health field).
4. The ESXi host must be removed from vCenter. 4. The ESXi host must be removed from vCenter.
5. You must know the ESXi host root credentials (username and password). 5. You must know the ESXi host root credentials (username and password).
6. You must have purchased sufficient license for vSphere Trust Authority. 6. You must have purchased sufficient license for vSphere Trust Authority.
7. You must have PowerCLI 12.0.0 and above. 7. You must have PowerCLI 12.1.0 and above.
8. Following PowerCLI module is required to be imported: VMware.VimAutomation.Security. 8. Following PowerCLI module is required to be imported: VMware.VimAutomation.Security.
9. Run the command Get-Command -Module VMware.TrustedInfrastructure.Helper. This should inform the following functions are available: 9. Run the command Get-Command -Module VMware.TrustedInfrastructure.Helper. This should inform the following functions are available:
- Add-TrustAuthorityVMHost - Add-TrustAuthorityVMHost

191
Modules/VMware.TrustedInfrastructure.Helper/VMware.TrustedInfrastructure.Helper.psd1
View File

@@ -53,7 +53,7 @@ Copyright = 'Copyright (c) 2020 VMware, Inc. All rights reserved.'
# Modules that must be imported into the global environment prior to importing this module # Modules that must be imported into the global environment prior to importing this module
RequiredModules = @( RequiredModules = @(
@{"ModuleName"="VMware.VimAutomation.Security";"ModuleVersion"="12.0.0.15939672"} @{"ModuleName"="VMware.VimAutomation.Security";"ModuleVersion"="12.1.0.17009493"}
) )
@@ -126,10 +126,10 @@ PrivateData = @{
} }
# SIG # Begin signature block # SIG # Begin signature block
# MIIi9AYJKoZIhvcNAQcCoIIi5TCCIuECAQExDzANBglghkgBZQMEAgEFADB5Bgor # MIIhmQYJKoZIhvcNAQcCoIIhijCCIYYCAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCBpNQqsdVk1BjVn # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCD1J+i48Lf7YHut
# MMKwrDCn/ghozrgmuT8MkgPS925Zl6CCD8swggTMMIIDtKADAgECAhBdqtQcwalQ # tHoAX/uG5pY2Z1O+6f9dCc3MyP4DB6CCD8swggTMMIIDtKADAgECAhBdqtQcwalQ
# C13tonk09GI7MA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAlVTMR0wGwYDVQQK # C13tonk09GI7MA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAlVTMR0wGwYDVQQK
# ExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3Qg # ExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3Qg
# TmV0d29yazEwMC4GA1UEAxMnU3ltYW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBT # TmV0d29yazEwMC4GA1UEAxMnU3ltYW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBT
@@ -213,104 +213,97 @@ PrivateData = @{
# yfcjKDJ2+aSDVshIzlqWqqDMDMR/tI6Xr23jVCfDn4bA1uRzCJcF29BUYl4DSMLV # yfcjKDJ2+aSDVshIzlqWqqDMDMR/tI6Xr23jVCfDn4bA1uRzCJcF29BUYl4DSMLV
# n3+nZozQnbBP1NOYX0t6yX+yKVLQEoDHD1S2HmfNxqBsEQOE00h15yr+sDtuCjqm # n3+nZozQnbBP1NOYX0t6yX+yKVLQEoDHD1S2HmfNxqBsEQOE00h15yr+sDtuCjqm
# a3aZBaPxd2hhMxRHBvxTf1K9khRcSiRqZ4yvjZCq0PZ5IRuTJnzDzh69iDiSrkXG # a3aZBaPxd2hhMxRHBvxTf1K9khRcSiRqZ4yvjZCq0PZ5IRuTJnzDzh69iDiSrkXG
# GWpJULMF+K5ZN4pqJQOUsVmBUOi6g4C3IzX0drlnHVkYrSCNlDGCEn8wghJ7AgEB # GWpJULMF+K5ZN4pqJQOUsVmBUOi6g4C3IzX0drlnHVkYrSCNlDGCESQwghEgAgEB
# MIGTMH8xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlv # MIGTMH8xCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRTeW1hbnRlYyBDb3Jwb3JhdGlv
# bjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEwMC4GA1UEAxMnU3lt # bjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3QgTmV0d29yazEwMC4GA1UEAxMnU3lt
# YW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBTaWduaW5nIENBAhBdqtQcwalQC13t # YW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBTaWduaW5nIENBAhBdqtQcwalQC13t
# onk09GI7MA0GCWCGSAFlAwQCAQUAoIGWMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3 # onk09GI7MA0GCWCGSAFlAwQCAQUAoIGWMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3
# AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMCoGCisGAQQBgjcCAQwx # AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMCoGCisGAQQBgjcCAQwx
# HDAaoRiAFmh0dHA6Ly93d3cudm13YXJlLmNvbS8wLwYJKoZIhvcNAQkEMSIEIM0S # HDAaoRiAFmh0dHA6Ly93d3cudm13YXJlLmNvbS8wLwYJKoZIhvcNAQkEMSIEIFE5
# yl+DLO5/G6CpV6dDnBERqJttAW4XXH7Aky0XuDpFMA0GCSqGSIb3DQEBAQUABIIB # XkE1aqldNZ9PdTmDM9o8F2go4eZy2Z0ldYxQDQjYMA0GCSqGSIb3DQEBAQUABIIB
# AFFIiFbh7hbtFYhpRzq2TM3DZ2R+LpRz2DdVTOR8iLirTkwcZvCMbsx4wZbcoDpQ # ABYojUSikybt+zBAYjJkVB+ZXSqf2DFW5I2FrzHL2kJXE8Z8sse8x5eBL/wTQydp
# uldpdbJS1CuXAX+TW48NtE/ph0wA+c2D5CgAvyamV9Zz/Jog9W8bYrytl3A1JNCk # I7Nt6E2Oa7l+AFI1QSmc1kdHGjrljiJV6rdIVMl2Qi1DEGYloLIkUuGpeMq09Bio
# cT6xdg8L+E6OAx1L4ls8giqJXOoJSpFX4fD8Wzdd2cA4GgfPSZ3V+KahgxnOmglp # pgRkWUQOax2L9X+Jabf5f9jK9OABnjPjU944/mw2hMNSlPFa1N3YhM9lS2Ua6sgi
# rVcsFfdMywtGyfVyYU5ZP/a2Wo9uGioZVYaRuW6gUc8aziUWpeeUCPDeOMTpRCVE # sUFE+iK4rNPQo+fT753hbzQLZvVKOkJ/Kt10ELa/nWzzZnm7O5kViagDpvQc7dYb
# Hu4YO7usse7/W2c4sQGe273k/AYyyVf1pLQrmoW5Q453KcpiZa3FJAPBoyamCO2i # WYjqm5mZviZQSZSkcj0BQPP1kpexl3c3jYz2l6EXYq4C8MXc7ZbktFqMnCe3eQno
# 0b1IdrfRwgriLapWu2Qv4SyhghAjMIIQHwYKKwYBBAGCNwMDATGCEA8wghALBgkq # NRTi0u4owXw7W3Z4IwF66/Shgg7IMIIOxAYKKwYBBAGCNwMDATGCDrQwgg6wBgkq
# hkiG9w0BBwKggg/8MIIP+AIBAzEPMA0GCWCGSAFlAwQCAQUAMIHmBgsqhkiG9w0B # hkiG9w0BBwKggg6hMIIOnQIBAzEPMA0GCWCGSAFlAwQCAQUAMHcGCyqGSIb3DQEJ
# CRABBKCB1gSB0zCB0AIBAQYJKwYBBAGgMgIDMDEwDQYJYIZIAWUDBAIBBQAEIPY5 # EAEEoGgEZjBkAgEBBglghkgBhv1sBwEwMTANBglghkgBZQMEAgEFAAQg6TWzqpl5
# SN6u90hWWtb8WksRwND3bUpYHl/udJrlk3gg43Q7Ag4BbKiJKXgAAAAAAKUUyRgT # e7eFcT7LyWtAxkl3Xz0jBI5uSPTz509MPlgCEByTeiRukyNPugnHqHi5fDcYDzIw
# MjAyMDA0MDIxMDI5MTcuMjUzWjADAgEBoGOkYTBfMQswCQYDVQQGEwJKUDEcMBoG # MjAxMDEyMTAxNzExWqCCC7swggaCMIIFaqADAgECAhAEzT+FaK52xhuw/nFgzKdt
# A1UEChMTR01PIEdsb2JhbFNpZ24gSy5LLjEyMDAGA1UEAxMpR2xvYmFsU2lnbiBU # MA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2Vy
# U0EgZm9yIEFkdmFuY2VkIC0gRzMgLSAwMDMtMDGgggxqMIIE6jCCA9KgAwIBAgIM # dCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xMTAvBgNVBAMTKERpZ2lD
# M5Agd2HEJt2UUAMNMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAkJFMRkwFwYD # ZXJ0IFNIQTIgQXNzdXJlZCBJRCBUaW1lc3RhbXBpbmcgQ0EwHhcNMTkxMDAxMDAw
# VQQKExBHbG9iYWxTaWduIG52LXNhMTEwLwYDVQQDEyhHbG9iYWxTaWduIFRpbWVz # MDAwWhcNMzAxMDE3MDAwMDAwWjBMMQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGln
# dGFtcGluZyBDQSAtIFNIQTI1NiAtIEcyMB4XDTE4MDYxNDEwMDAwMFoXDTI5MDMx # aUNlcnQsIEluYy4xJDAiBgNVBAMTG1RJTUVTVEFNUC1TSEEyNTYtMjAxOS0xMC0x
# ODEwMDAwMFowXzELMAkGA1UEBhMCSlAxHDAaBgNVBAoTE0dNTyBHbG9iYWxTaWdu # NTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOlkNZz6qZhlZBvkF9y4
# IEsuSy4xMjAwBgNVBAMTKUdsb2JhbFNpZ24gVFNBIGZvciBBZHZhbmNlZCAtIEcz # KTbMZwlYhU0w4Mn/5Ts8EShQrwcx4l0JGML2iYxpCAQj4HctnRXluOihao7/1K7S
# IC0gMDAzLTAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv3Gj+IDO # ehbv+EG1HTl1wc8vp6xFfpRtrAMBmTxiPn56/UWXMbT6t9lCPqdVm99aT1gCqDJp
# E5Be8KfdP9KY8kE6Sdp/WC+ePDoBE8ptNJlbDCccROdW4wkv9W+rTr4nYmbGuLKH # IhO+i4Itxpira5u0yfJlEQx0DbLwCJZ0xOiySKKhFKX4+uGJcEQ7je/7pPTDub0U
# x2W+xsBeqT6u+yR0iyv4aARkhqo64qohj/rxnbkYMF6afAf1O3Uu2gklGav+c+lx # LOsMKCclgKsQSxYSYAtpIoxOzcbVsmVZIeB8LBKNcA6Pisrg09ezOXdQ0EIsLnrO
# neyq9j4ShYEUJPjmPpnfrvO5i9UmywSommFW7yhwqEtqKyVq5aA2ny25mofcdA4f # nGd6OHdUQP9PlQQg1OvIzocUCP4dgN3Q5yt46r8fcMbuQhZTNkWbUxlJYp16ApuV
# QqBBOpYHDst7MtUBC1ORfVY0T7S8sHRHnKp6bF/kjlGfk5BhAz6PX0FBUHg5LRIS # FKMCAwEAAaOCAzgwggM0MA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMBYG
# 3OvqADCyP+FtE7d1SBVrTg7Rl+NO25bZ0WKvCEHPIg/o3c7Y6pNWbtM6j2dKaki6 # A1UdJQEB/wQMMAoGCCsGAQUFBwMIMIIBvwYDVR0gBIIBtjCCAbIwggGhBglghkgB
# /GHlbFmzEi0CgQIDAQABo4IBqDCCAaQwDgYDVR0PAQH/BAQDAgeAMEwGA1UdIARF # hv1sBwEwggGSMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20v
# MEMwQQYJKwYBBAGgMgEeMDQwMgYIKwYBBQUHAgEWJmh0dHBzOi8vd3d3Lmdsb2Jh # Q1BTMIIBZAYIKwYBBQUHAgIwggFWHoIBUgBBAG4AeQAgAHUAcwBlACAAbwBmACAA
# bHNpZ24uY29tL3JlcG9zaXRvcnkvMAkGA1UdEwQCMAAwFgYDVR0lAQH/BAwwCgYI # dABoAGkAcwAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAGMAbwBuAHMAdABpAHQA
# KwYBBQUHAwgwRgYDVR0fBD8wPTA7oDmgN4Y1aHR0cDovL2NybC5nbG9iYWxzaWdu # dQB0AGUAcwAgAGEAYwBjAGUAcAB0AGEAbgBjAGUAIABvAGYAIAB0AGgAZQAgAEQA
# LmNvbS9ncy9nc3RpbWVzdGFtcGluZ3NoYTJnMi5jcmwwgZgGCCsGAQUFBwEBBIGL # aQBnAGkAQwBlAHIAdAAgAEMAUAAvAEMAUABTACAAYQBuAGQAIAB0AGgAZQAgAFIA
# MIGIMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2Nh # ZQBsAHkAaQBuAGcAIABQAGEAcgB0AHkAIABBAGcAcgBlAGUAbQBlAG4AdAAgAHcA
# Y2VydC9nc3RpbWVzdGFtcGluZ3NoYTJnMi5jcnQwPAYIKwYBBQUHMAGGMGh0dHA6 # aABpAGMAaAAgAGwAaQBtAGkAdAAgAGwAaQBhAGIAaQBsAGkAdAB5ACAAYQBuAGQA
# Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc3RpbWVzdGFtcGluZ3NoYTJnMjAdBgNV # IABhAHIAZQAgAGkAbgBjAG8AcgBwAG8AcgBhAHQAZQBkACAAaABlAHIAZQBpAG4A
# HQ4EFgQUeaezg3HWs0B2IOZ0Crf39+bd3XQwHwYDVR0jBBgwFoAUkiGnSpVdZLCb # IABiAHkAIAByAGUAZgBlAHIAZQBuAGMAZQAuMAsGCWCGSAGG/WwDFTAfBgNVHSME
# tB7mADdH5p1BK0wwDQYJKoZIhvcNAQELBQADggEBAIc0fm43ZxsIEQJttimYchTL # GDAWgBT0tuEgHf4prtLkYaWyoiWyyBc1bjAdBgNVHQ4EFgQUVlMPwcYHp03X2G5X
# SH7IyY8viQ2vD/IsIZBuO7ccAaqBaMQQI0v4CeOrX+pFps4O/qSA6WtqDAD5yoYQ # coBQTOTsnsEwcQYDVR0fBGowaDAyoDCgLoYsaHR0cDovL2NybDMuZGlnaWNlcnQu
# DD7/HxrpHOUil2TZrOnj6NpTYGMLt45P3NUh9J3eE2o4NeVs4yZM29Z0Z0W5TwTE # Y29tL3NoYTItYXNzdXJlZC10cy5jcmwwMqAwoC6GLGh0dHA6Ly9jcmw0LmRpZ2lj
# WAgam2ZFPSQaGpJXyV8oR3hn21zKrQvotw/RthYyNCIENnJM73umvLauBMDZeKCI # ZXJ0LmNvbS9zaGEyLWFzc3VyZWQtdHMuY3JsMIGFBggrBgEFBQcBAQR5MHcwJAYI
# yIZrGNqWjStuIlzLf70XvZ63toZNgxBNsDKy4BOgy2DihHUU6SG9EKKktgjPOw0p # KwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBPBggrBgEFBQcwAoZD
# WVmp08NMDX9CzIgUtELlugTVmEqkjQc9SR94bWVtYL38zlnrLOnFqtqt7taTrBUw # aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ
# ggQVMIIC/aADAgECAgsEAAAAAAExicZQBDANBgkqhkiG9w0BAQsFADBMMSAwHgYD # RFRpbWVzdGFtcGluZ0NBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEALoOhRAVKBOO5
# VQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2ln # MlL62YHwGrv4CY0juT3YkqHmRhxKL256PGNuNxejGr9YI7JDnJSDTjkJsCzox+Hi
# bjETMBEGA1UEAxMKR2xvYmFsU2lnbjAeFw0xMTA4MDIxMDAwMDBaFw0yOTAzMjkx # zO3LeWvO3iMBR+2VVIHggHsSsa8Chqk6c2r++J/BjdEhjOQpgsOKC2AAAp0fR8Sf
# MDAwMDBaMFsxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNh # tApoU39aEKb4Iub4U5IxX9iCgy1tE0Kug8EQTqQk9Eec3g8icndcf0/pOZgrV5JE
# MTEwLwYDVQQDEyhHbG9iYWxTaWduIFRpbWVzdGFtcGluZyBDQSAtIFNIQTI1NiAt # 1+9uk9lDxwQzY1E3Vp5HBBHDo1hUIdjijlbXST9X/AqfI1579JSN3Z0au996KqbS
# IEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqpuOw6sRUSUBtpaU # RaZVDI/2TIryls+JRtwxspGQo18zMGBV9fxrMKyh7eRHTjOeZ2ootU3C7VuXgvjL
# 4k/YwQj2RiPZRcWVl1urGr/SbFfJMwYfoA/GPH5TSHq/nYeer+7DjEfhQuzj46FK # qQhsUwm09zCCBTEwggQZoAMCAQICEAqhJdbWMht+QeQF2jaXwhUwDQYJKoZIhvcN
# bAwXxKbBuc1b8R5EiY7+C94hWBPuTcjFZwscsrPxNHaRossHbTfFoEcmAhWkkJGp # AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcG
# eZ7X61edK3wi2BTX8QceeCI2a3d5r6/5f45O4bUIMf3q7UtxYowj8QM5j0R5tnYD # A1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJl
# V56tLwhG3NKMvPSOdM7IaGlRdhGLD10kWxlUPSbMQI2CJxtZIH1Z9pOAjvgqOP1r # ZCBJRCBSb290IENBMB4XDTE2MDEwNzEyMDAwMFoXDTMxMDEwNzEyMDAwMFowcjEL
# oEBlH1d2zFuOBE8sqNuEUBNPxtyLufjdaUyI65x7MCb8eli7WbwUcpKBV7d2ydiA # MAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3
# CoBuCQIDAQABo4HoMIHlMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/ # LmRpZ2ljZXJ0LmNvbTExMC8GA1UEAxMoRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElE
# AgEAMB0GA1UdDgQWBBSSIadKlV1ksJu0HuYAN0fmnUErTDBHBgNVHSAEQDA+MDwG # IFRpbWVzdGFtcGluZyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
# BFUdIAAwNDAyBggrBgEFBQcCARYmaHR0cHM6Ly93d3cuZ2xvYmFsc2lnbi5jb20v # AL3QMu5LzY9/3am6gpnFOVQoV7YjSsQOB0UzURB90Pl9TWh+57ag9I2ziOSXv2Mh
# cmVwb3NpdG9yeS8wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nbG9iYWxz # kJi/E7xX08PhfgjWahQAOPcuHjvuzKb2Mln+X2U/4Jvr40ZHBhpVfgsnfsCi9aDg
# aWduLm5ldC9yb290LXIzLmNybDAfBgNVHSMEGDAWgBSP8Et/qC5FJK5NUPpjmove # 3iI/Dv9+lfvzo7oiPhisEeTwmQNtO4V8CdPuXciaC1TjqAlxa+DPIhAPdc9xck4K
# 4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEABFaCSnzQzsm/NmbRvjWek2yX6AbOMRhZ # rd9AOly3UeGheRTGTSQjMF287DxgaqwvB8z98OpH2YhQXv1mblZhJymJhFHmgudG
# +WxBX4AuwEIluBjH/NSxN8RooM8oagN0S2OXhXdhO9cv4/W9M6KSfREfnops7yyw # UP2UKiyn5HU+upgPhH+fMRTWrdXyZMt7HgXQhBlyF/EXBu89zdZN7wZC/aJTKk+F
# 9GKNNnPRFjbxvF7stICYePzSdnno4SGU4B/EouGqZ9uznHPlQCLPOc7b5neVp7uy # HcQdPK/P2qwQ9d2srOlW/5MCAwEAAaOCAc4wggHKMB0GA1UdDgQWBBT0tuEgHf4p
# y/YZhp2fyNSYBbJxb051rvE9ZGo7Xk5GpipdCJLxo/MddL9iDSOMXCo4ldLA1c3P # rtLkYaWyoiWyyBc1bjAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzAS
# iNofKLW6gWlkKrWmotVzr9xG2wSukdduxZi61EfEVnSAR3hYjL7vK/3sbL/RlPe/ # BgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggr
# UOB74JD9IBh4GCJdCC6MHKCX8x2ZfaOdkdMGRE4EbnocIOM28LZQuTCCA18wggJH # BgEFBQcDCDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw
# oAMCAQICCwQAAAAAASFYUwiiMA0GCSqGSIb3DQEBCwUAMEwxIDAeBgNVBAsTF0ds # LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNl
# b2JhbFNpZ24gUm9vdCBDQSAtIFIzMRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYD # cnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElEUm9vdENBLmNydDCBgQYDVR0fBHoweDA6
# VQQDEwpHbG9iYWxTaWduMB4XDTA5MDMxODEwMDAwMFoXDTI5MDMxODEwMDAwMFow # oDigNoY0aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0QXNzdXJlZElE
# TDEgMB4GA1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkds # Um9vdENBLmNybDA6oDigNoY0aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lD
# b2JhbFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wggEiMA0GCSqGSIb3DQEBAQUA # ZXJ0QXNzdXJlZElEUm9vdENBLmNybDBQBgNVHSAESTBHMDgGCmCGSAGG/WwAAgQw
# A4IBDwAwggEKAoIBAQDMJXaQeQZ4Ihb1wIO2hMoonv0FdhHFrYhy/EYCQ8eyip0E # KjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzALBglg
# XyTLLkvhYIJG4VKrDIFHcGzdZNHr9SyjD4I9DCuul9e2FIYQebs7E4B3jAjhSdJq # hkgBhv1sBwEwDQYJKoZIhvcNAQELBQADggEBAHGVEulRh1Zpze/d2nyqY3qzeM8G
# Yi8fXvqWaN+JJ5U4nwbXPsnLJlkNc96wyOkmDoMVxu9bi9IEYMpJpij2aTv2y8go # N0CE70uEv8rPAwL9xafDDiBCLK938ysfDCFaKrcFNB1qrpn4J6JmvwmqYN92pDqT
# keWdimFXN6x0FNx04Druci8unPvQu7/1PQDhBjPogiuuU6Y6FnOM3UEOIDrAtKeh # D/iy0dh8GWLoXoIlHsS6HHssIeLWWywUNUMEaLLbdQLgcseY1jxk5R9IEBhfiThh
# 6bJPkC4yYOlXy7kEkmho5TgmYHWyn3f/kRTvriBJ/K1AFUjRAjFhGV64l++td7dk # TWJGJIdjjJFSLK8pieV4H9YLFKWA1xJHcLN11ZOFk362kmf7U2GJqPVrlsD0WGkN
# mnq/X8ET75ti+w1s4FRpFqkD2m7pg5NxdsZphYIXAgMBAAGjQjBAMA4GA1UdDwEB # fMgBsbkodbeZY4UijGHKeZR+WfyMD+NvtQEmtmyl7odRIeRYYJu6DC0rbaLEfrvE
# /wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSP8Et/qC5FJK5NUPpj # JStHAgh8Sa4TtuF8QkIoxhhWz0E0tmZdtnR79VYzIi8iNrJLokqV2PWmjlIxggJN
# move4t0bvDANBgkqhkiG9w0BAQsFAAOCAQEAS0DbwFCq/sgM7/eWVEVJu5YACUGs # MIICSQIBATCBhjByMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5j
# sxOGhigHM8pr5nS5ugAtrqQK0/Xx8Q+Kv3NnSoPHRHt44K9ubG8DKY4zOUXDjuS5 # MRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMTEwLwYDVQQDEyhEaWdpQ2VydCBT
# V2yq/BKW7FPGLeQkbLmUY/vcU2hnVj6DuM81IcPJaP7O2sJTqsyQiunwXUaMld16 # SEEyIEFzc3VyZWQgSUQgVGltZXN0YW1waW5nIENBAhAEzT+FaK52xhuw/nFgzKdt
# WCgaLx3ezQA3QY/tRG3XUyiXfvNnBB4V14qWtNPeTCekTBtzc3b0F5nCH3oO4y0I # MA0GCWCGSAFlAwQCAQUAoIGYMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAc
# rQocLP88q1UOD5F+NuvDV0m+4S4tfGCLw0FREyOdzvcya5QBqJnnLDMfOjsl0oZA # BgkqhkiG9w0BCQUxDxcNMjAxMDEyMTAxNzExWjArBgsqhkiG9w0BCRACDDEcMBow
# zjsshnjJYS8Uuu7bVW/fhO4FCU29KNhyztNiUGUe65KXgzHZs7XKR1g/XzGCAokw # GDAWBBQDJb1QXtqWMC3CL0+gHkwovig0xTAvBgkqhkiG9w0BCQQxIgQgljiG33qR
# ggKFAgEBMGswWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt # W3eFxG+8JqokoQ3h+0VUPjMr2ipJwjHjKyYwDQYJKoZIhvcNAQEBBQAEggEA0rMO
# c2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMjU2 # e70hWy1hPDaGuhZm97/x9R9L+7u2D/gQ5VZi9hVNsUuspfPnPANRqNdwPZFqVhT0
# IC0gRzICDDOQIHdhxCbdlFADDTANBglghkgBZQMEAgEFAKCB8DAaBgkqhkiG9w0B # DtbXldlhx57QmM5/KAJJgI6LNurGHz2IkSEt2wx96RET33erziTdnxxcsUK90Jqd
# CQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIAZrKdIvpe4etJdIpute # xiMbLtXWr3pIgP6PuuCoTf3CaBIcHncQG8h/YYoYUggRpUV6fl2LqQeRNgt6lsfy
# bD7Bkgo2OLI6O5CjboEGMuXnMIGgBgsqhkiG9w0BCRACDDGBkDCBjTCBijCBhwQU # puD1ZvdskgUVTGKeCPP7UWyZSgGy6DAJBSw935BnXw5zxvDxIqtcX+5m/Dg/gvp7
# rmsC2QsljAmRsRYSid62aVY5HW8wbzBfpF0wWzELMAkGA1UEBhMCQkUxGTAXBgNV # 9p6+zSiYQlo5BKhN3ehunVucmSH3ARPAo3uTlkMoYUleSVvSlM0IKZkNovha1IIx
# BAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0 # a7pYtiIIYFVJXnOUSw==
# YW1waW5nIENBIC0gU0hBMjU2IC0gRzICDDOQIHdhxCbdlFADDTANBgkqhkiG9w0B
# AQEFAASCAQCtspr11iTT8uoLlJY6Gmk9/dEzqYSh+ib0ml+qk5WNO2g0ggA42yp9
# lnUfnLFUdqTCTm1kP5QHYISnBRVq88TDVqPOlxMUr/pxaWGi95NgkMbYS0A9bEf1
# 0B1BjUsVHdEcRmW3RYU6bgmcoMKCNNvt2U0+r/e85MW358FMr5+Qwje5xKFhFKQi
# wZkY34+ycnFsyMBwDCYeMxIWEAJdFdp+BQ1NI4hE1+whqEoXxBFbHABzoK7CQfZt
# x38BWzvhRjGc4DFiTH25oqKHmzvvBrtIBhR1KGP0UxgJtLIkBu1lqqVCpD2DuOpu
# 6Q/wMh8Z+1DanPs+68ioAyOE0N4MaVz+
# SIG # End signature block # SIG # End signature block

371
Modules/VMware.TrustedInfrastructure.Helper/VMware.TrustedInfrastructure.Helper.psm1
View File

@@ -30,50 +30,37 @@ $TrustAuthorityClusterSettingsFile =
Function Add-TrustAuthorityVMHost { Function Add-TrustAuthorityVMHost {
<# <#
.SYNOPSIS .SYNOPSIS
This cmdlet adds a new host into the specific Trust Authority cluster. This cmdlet adds a new host into the specific Trust Authority cluster.
There are some preconditions need to be met: There are some preconditions need to be met:
1. The newly added host is cleared of any previous Trust Authority configurations 1. The newly added host is cleared of any previous Trust Authority configurations
2. The Trust Authority Cluster settings are all healthy 2. The Trust Authority Cluster settings are all healthy
3. The connection user has the needed privileges. Please, check vSphere documentation. 3. The connection user has the needed privileges. Please, check vSphere documentation.
4. The trust between Key Servers and TrustAuthorityKeyProvider uses the signed client certificate, user should provide its privateKey part 4. The trust between Key Servers and TrustAuthorityKeyProvider uses the signed client certificate, user should provide its privateKey part
.DESCRIPTION .DESCRIPTION
This cmdlet adds a new host into the specific Trust Authority cluster. This cmdlet adds a new host into the specific Trust Authority cluster.
.PARAMETER TrustAuthorityCluster .PARAMETER TrustAuthorityCluster
Specifies the Trust Authority cluster you want to add the new host. Specifies the Trust Authority cluster you want to add the new host.
.PARAMETER VMHostAddress .PARAMETER VMHostAddress
Specifies the ip address of the new host you want to add to the specific Trust Authority cluster. Specifies the ip address of the new host you want to add to the specific Trust Authority cluster.
.PARAMETER Credential .PARAMETER Credential
Specifies the credential of the new host. Specifies the credential of the new host.
.PARAMETER DestDir .PARAMETER DestDir
Specifies the location where you want to save the settings Specifies the location where you want to save the settings
.PARAMETER PrivateKey .PARAMETER PrivateKey
Specifies the private key part of the ClientCertificate of the TrustAuthorityKeyProvider. It's a hashtable type with: the keyprovider.Name as the Key, and the File having the PrivateKey string for the ClientCertificate of the keyprovider as its Value. Specifies the private key part of the ClientCertificate of the TrustAuthorityKeyProvider. It's a hashtable type with: the keyprovider.Name as the Key, and the File having the PrivateKey string for the ClientCertificate of the keyprovider as its Value.
.PARAMETER BaseImageFolder .PARAMETER BaseImageFolder
Specifies the folder having all the baseImage files to re-create the TrustAuthorityVMHostBaseImage. Specifies the folder having all the baseImage files to re-create the TrustAuthorityVMHostBaseImage.
.EXAMPLE .EXAMPLE
PS C:\> $ts = Get-TrustAuthorityCluster "mycluster" PS C:\> $ts = Get-TrustAuthorityCluster "mycluster"
PS C:\> $pass = Read-Host "Please enter the host's password" -AsSecureString PS C:\> $pass = Read-Host "Please enter the host's password" -AsSecureString
PS C:\> $credential = New-Object System.Management.Automation.PSCredential -ArgumentList root,$pass PS C:\> $credential = New-Object System.Management.Automation.PSCredential -ArgumentList root,$pass
PS C:\> $privateKeyHash = @{"provider1"="c:\myprivatekey.txt";} PS C:\> $privateKeyHash = @{"provider1"="c:\myprivatekey.txt";}
PS C:\> Add-TrustAuthorityVMHost -TrustAuthorityCluster $ts -VMHostAddress 1.1.1.1 -Credential $credential -DestDir c:\destDir\ -PrivateKey $privateKeyHash -BaseImageFolder "c:\baseImages\" PS C:\> Add-TrustAuthorityVMHost -TrustAuthorityCluster $ts -VMHostAddress 1.1.1.1 -Credential $credential -DestDir c:\destDir\ -PrivateKey $privateKeyHash -BaseImageFolder "c:\baseImages\"
Add the host 1.1.1.1 with the $credential to Trust Authority cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\. Add the host 1.1.1.1 with the $credential to Trust Authority cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\.
.EXAMPLE .EXAMPLE
PS C:\> $ts = Get-TrustAuthorityCluster "mycluster" PS C:\> $ts = Get-TrustAuthorityCluster "mycluster"
PS C:\> Add-TrustAuthorityVMHost -TrustAuthorityCluster $ts -VMHostAddress 1.1.1.1 -Credential root -DestDir c:\destDir\ -BaseImageFolder "c:\baseImages\" PS C:\> Add-TrustAuthorityVMHost -TrustAuthorityCluster $ts -VMHostAddress 1.1.1.1 -Credential root -DestDir c:\destDir\ -BaseImageFolder "c:\baseImages\"
Add the host 1.1.1.1 with the credential root (a window wizard will be prompted to let you input the password for the user root) to Trust Authority cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\. Add the host 1.1.1.1 with the credential root (a window wizard will be prompted to let you input the password for the user root) to Trust Authority cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\.
.NOTES .NOTES
Author : Carrie Yang Author : Carrie Yang
Author email : yangm@vmware.com Author email : yangm@vmware.com
@@ -123,7 +110,7 @@ Function Add-TrustAuthorityVMHost {
Process { Process {
Save-TrustAuthorityClusterSettings -TrustAuthorityCluster $TrustAuthorityCluster -DestinationFile $DestinationFile -ErrorAction Stop Save-TrustAuthorityClusterSettings -TrustAuthorityCluster $TrustAuthorityCluster -DestinationFile $DestinationFile -ErrorAction Stop
Join-VMHost -ClusterName $TrustAuthorityCluster.Name -VMHostAddress $VMHostAddress -Credential $Credential -ErrorAction Stop Join-VMHost -ClusterName $TrustAuthorityCluster.Name -VMHostAddress $VMHostAddress -Credential $Credential -Server $server -ErrorAction Stop
Apply-TrustAuthorityClusterSettings -TrustAuthorityCluster $TrustAuthorityCluster -SettingsFile $DestinationFile -BaseImageFolder $baseImageFolder -PrivateKey $privateKey -ErrorAction Stop Apply-TrustAuthorityClusterSettings -TrustAuthorityCluster $TrustAuthorityCluster -SettingsFile $DestinationFile -BaseImageFolder $baseImageFolder -PrivateKey $privateKey -ErrorAction Stop
} }
} }
@@ -131,42 +118,32 @@ Function Add-TrustAuthorityVMHost {
Function Add-TrustedVMHost { Function Add-TrustedVMHost {
<# <#
.SYNOPSIS .SYNOPSIS
This cmdlet adds a new host into the specific trusted cluster.
This cmdlet adds a new host into the specific Trusted cluster.
There are some preconditions need to be met: There are some preconditions need to be met:
1. No active workloads in the workload host as the cmdlet will interrup the workloads 1. No active workloads in the workload host as the cmdlet will interrup the workloads
2. The newly added host is cleared of any previous Trust Authority Configurations 2. The newly added host is cleared of any previous Trust Authority Configurations
3. Sufficient license 3. Sufficient license
For vCenter Server 7.0.1 and above, use 'Set-TrustedCluster -Remediate' to remediate the trusted cluster after adding a new host directly.
.DESCRIPTION .DESCRIPTION
This cmdlet adds a new host into the specific Trusted cluster. This cmdlet adds a new host into the specific Trusted cluster.
.PARAMETER TrustedCluster .PARAMETER TrustedCluster
Specifies the Trusted cluster you want to add the new host. Specifies the Trusted cluster you want to add the new host.
.PARAMETER VMHostAddress .PARAMETER VMHostAddress
Specifies the ip address of the new host you want to add to the specific Trusted cluster. Specifies the ip address of the new host you want to add to the specific Trusted cluster.
.PARAMETER Credential .PARAMETER Credential
Specifies the credential of the new host. Specifies the credential of the new host.
.PARAMETER DestDir .PARAMETER DestDir
Specifies the location where you want to save the settings Specifies the location where you want to save the settings
.EXAMPLE .EXAMPLE
PS C:\> $ts = Get-TrustedCluster "mycluster" PS C:\> $ts = Get-TrustedCluster "mycluster"
PS C:\> $pass = Read-Host "Please enter the host's password" -AsSecureString PS C:\> $pass = Read-Host "Please enter the host's password" -AsSecureString
PS C:\> $credential = New-Object System.Management.Automation.PSCredential -ArgumentList root,$pass PS C:\> $credential = New-Object System.Management.Automation.PSCredential -ArgumentList root,$pass
PS C:\> Add-TrustedVMHost -TrustedCluster $ts -VMHostAddress 1.1.1.1 -Credential $credential -DestDir c:\destDir\ PS C:\> Add-TrustedVMHost -TrustedCluster $ts -VMHostAddress 1.1.1.1 -Credential $credential -DestDir c:\destDir\
Add the host 1.1.1.1 with the $credential to Trusted Cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\. Add the host 1.1.1.1 with the $credential to Trusted Cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\.
.EXAMPLE .EXAMPLE
PS C:\> $ts = Get-TrustedCluster "mycluster" PS C:\> $ts = Get-TrustedCluster "mycluster"
PS C:\> Add-TrustedVMHost -TrustedCluster $ts -VMHostAddress 1.1.1.1 -Credential root -DestDir c:\destDir\ PS C:\> Add-TrustedVMHost -TrustedCluster $ts -VMHostAddress 1.1.1.1 -Credential root -DestDir c:\destDir\
Add the host 1.1.1.1 with the credential root (a window wizard will be prompted to let you input the password for the user root) to Trusted Cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\. Add the host 1.1.1.1 with the credential root (a window wizard will be prompted to let you input the password for the user root) to Trusted Cluster "mycluster", also saves the setting file of the trustedcluster "mycluster" to folder c:\destDir\.
.NOTES .NOTES
Author : Carrie Yang Author : Carrie Yang
Author email : yangm@vmware.com Author email : yangm@vmware.com
@@ -202,7 +179,11 @@ Function Add-TrustedVMHost {
Write-Verbose "The server got is: $server" Write-Verbose "The server got is: $server"
ConfirmIsVCenter $server ConfirmIsVCenter $server
Check-VMHostVersionAndLicense -VMHostName $VMHostAddress -Credential $Credential -CheckLicense:$true if (Is70AboveServer -VIServer $server) {
Throw "Use 'Set-TrustedCluster -Remediate' cmdlet from VMware.VimAutomation.Security module."
}
Check-VMHostVersionAndLicense -VMHostName $VMHostAddress -Credential $Credential -CheckLicense:$true -Allow70Above $false
$DestinationFile = Join-Path $DestDir $TrustedClusterSettingsFile $DestinationFile = Join-Path $DestDir $TrustedClusterSettingsFile
Write-Verbose "The file to save settings is $DestinationFile" Write-Verbose "The file to save settings is $DestinationFile"
} }
@@ -211,7 +192,7 @@ Function Add-TrustedVMHost {
Check-TrustedClusterSettings -TrustedCluster $TrustedCluster -ErrorAction Stop Check-TrustedClusterSettings -TrustedCluster $TrustedCluster -ErrorAction Stop
Save-TrustedClusterSettings -TrustedCluster $TrustedCluster -DestinationFile $DestinationFile -ErrorAction Stop Save-TrustedClusterSettings -TrustedCluster $TrustedCluster -DestinationFile $DestinationFile -ErrorAction Stop
Remove-TrustedClusterSettings -TrustedCluster $TrustedCluster -ErrorAction Stop Remove-TrustedClusterSettings -TrustedCluster $TrustedCluster -ErrorAction Stop
Join-VMHost -ClusterName $TrustedCluster.Name -VMHostAddress $VMHostAddress -Credential $Credential -ErrorAction Stop Join-VMHost -ClusterName $TrustedCluster.Name -VMHostAddress $VMHostAddress -Credential $Credential -Server $server -ErrorAction Stop
Apply-TrustedClusterSettings -TrustedCluster $TrustedCluster -SettingsFile $DestinationFile -ErrorAction Stop Apply-TrustedClusterSettings -TrustedCluster $TrustedCluster -SettingsFile $DestinationFile -ErrorAction Stop
} }
} }
@@ -220,21 +201,16 @@ Function Save-TrustedClusterSettings {
<# <#
.SYNOPSIS .SYNOPSIS
This cmdlet saves the settings of the specific Trusted Cluster to the file $DestinationFile. This cmdlet saves the settings of the specific Trusted Cluster to the file $DestinationFile.
.DESCRIPTION .DESCRIPTION
This cmdlet saves the settings of the specific Trusted Cluster to the file $DestinationFile. This cmdlet saves the settings of the specific Trusted Cluster to the file $DestinationFile.
.PARAMETER TrustedCluster .PARAMETER TrustedCluster
Specifies the Trusted Cluster you want to save the settings. Specifies the Trusted Cluster you want to save the settings.
.PARAMETER DestinationFile .PARAMETER DestinationFile
Specifies the file you want to save the settings to. Specifies the file you want to save the settings to.
.EXAMPLE .EXAMPLE
PS C:\> $ts = Get-TrustedCluster "mycluster" PS C:\> $ts = Get-TrustedCluster "mycluster"
PS C:\> Save-TrustedClusterSettings -TrustedCluster $ts -DestinationFile "c:\myfile.json" PS C:\> Save-TrustedClusterSettings -TrustedCluster $ts -DestinationFile "c:\myfile.json"
Saves the settings of Trusted Cluster "mycluster" to file c:\myfile.json. Saves the settings of Trusted Cluster "mycluster" to file c:\myfile.json.
.NOTES .NOTES
Author : Carrie Yang Author : Carrie Yang
Author email : yangm@vmware.com Author email : yangm@vmware.com
@@ -284,22 +260,16 @@ Function Save-TrustAuthorityClusterSettings {
<# <#
.SYNOPSIS .SYNOPSIS
This cmdlet saves the settings of the specific Trust Authority Cluster to the file $DestinationFile. This cmdlet saves the settings of the specific Trust Authority Cluster to the file $DestinationFile.
.DESCRIPTION .DESCRIPTION
This cmdlet saves the settings of the specific Trust Authority Cluster to the file $DestinationFile. This cmdlet saves the settings of the specific Trust Authority Cluster to the file $DestinationFile.
.PARAMETER TrustedCluster .PARAMETER TrustedCluster
Specifies the Trust Authority Cluster you want to save the settings. Specifies the Trust Authority Cluster you want to save the settings.
.PARAMETER DestinationFile .PARAMETER DestinationFile
Specifies the file you want to save the settings to. Specifies the file you want to save the settings to.
.EXAMPLE .EXAMPLE
PS C:\> $ts = Get-TrustAuthorityCluster "mycluster" PS C:\> $ts = Get-TrustAuthorityCluster "mycluster"
PS C:\> Save-TrustAuthorityClusterSettings -TrustAuthorityCluster $ts -DestinationFile "c:\myfile.json" PS C:\> Save-TrustAuthorityClusterSettings -TrustAuthorityCluster $ts -DestinationFile "c:\myfile.json"
Saves the settings of Trust Authority Cluster "mycluster" to file c:\myfile.json. Saves the settings of Trust Authority Cluster "mycluster" to file c:\myfile.json.
.NOTES .NOTES
Author : Carrie Yang Author : Carrie Yang
Author email : yangm@vmware.com Author email : yangm@vmware.com
@@ -343,13 +313,13 @@ Function Save-TrustAuthorityClusterSettings {
$i = 0 $i = 0
if ($kp -ne $null) { if ($kp -ne $null) {
$jsonObj.TrustAuthorityCluster.TrustAuthorityKeyProvider = $kp | Select-Object -Property Name, MasterKeyId, Description, ProxyAddress, ProxyPort, ConnectionTimeoutSeconds, KmipServerUsername $jsonObj.TrustAuthorityCluster.TrustAuthorityKeyProvider = $kp | Select-Object -Property Name, PrimaryKeyId, Description, ProxyAddress, ProxyPort, ConnectionTimeoutSeconds, KmipServerUsername
$clientCert = @{} $clientCert = @{}
$serverCert = @{} $serverCert = @{}
$clientCSR = @{} $clientCSR = @{}
} }
foreach ($_ in $kp) { $kp | Foreach-Object {
$kps = Get-TrustAuthorityKeyProviderServer -KeyProvider $_ -Server $bluevc| Select-Object -Property Address, Port, Name $kps = Get-TrustAuthorityKeyProviderServer -KeyProvider $_ -Server $bluevc| Select-Object -Property Address, Port, Name
$clientCertTemp = Get-TrustAuthorityKeyProviderClientCertificate -KeyProvider $_ -Server $bluevc $clientCertTemp = Get-TrustAuthorityKeyProviderClientCertificate -KeyProvider $_ -Server $bluevc
$clientCertStr = [System.Convert]::ToBase64String($($clientCertTemp.GetRawCertData())) $clientCertStr = [System.Convert]::ToBase64String($($clientCertTemp.GetRawCertData()))
@@ -390,7 +360,7 @@ Function Save-TrustAuthorityClusterSettings {
$jsonObj.TrustAuthorityCluster.TrustAuthorityTpm2CACertificate = $tpm2CA | Select-Object -Property Name $jsonObj.TrustAuthorityCluster.TrustAuthorityTpm2CACertificate = $tpm2CA | Select-Object -Property Name
$i = 0 $i = 0
foreach ($_ in $tpm2CA) { $tpm2CA | Foreach-Object {
$certStr = ConvertFrom-X509Chain -CertChain $_.CertificateChain $certStr = ConvertFrom-X509Chain -CertChain $_.CertificateChain
$jsonObj.TrustAuthorityCluster.TrustAuthorityTpm2CACertificate[$i] | Add-Member -Name "certRawData" -value $certStr -MemberType NoteProperty $jsonObj.TrustAuthorityCluster.TrustAuthorityTpm2CACertificate[$i] | Add-Member -Name "certRawData" -value $certStr -MemberType NoteProperty
@@ -411,28 +381,21 @@ Function Apply-TrustAuthorityClusterSettings {
Here are some limitations when applying the TrustAuthorityKeyProvider Settings: Here are some limitations when applying the TrustAuthorityKeyProvider Settings:
- The CSR configuration will not be preserved, user needs to reset the CSR and get it signed by the Key Server, then retrieve the signed client certificate to set it back to TrustAuthorityKeyProvider - The CSR configuration will not be preserved, user needs to reset the CSR and get it signed by the Key Server, then retrieve the signed client certificate to set it back to TrustAuthorityKeyProvider
- If self signed certificates are used for trust setup, they need to be redone on new host. - If self signed certificates are used for trust setup, they need to be redone on new host.
.DESCRIPTION .DESCRIPTION
This cmdlet applies the settings in the specific $SettingsFile to a Trust Authority Cluster This cmdlet applies the settings in the specific $SettingsFile to a Trust Authority Cluster
.PARAMETER TrustAuthorityCluster .PARAMETER TrustAuthorityCluster
Specifies the Trust Authority Cluster you want to apply the settings Specifies the Trust Authority Cluster you want to apply the settings
.PARAMETER SettingsFile .PARAMETER SettingsFile
Specifies the file having the settings you want to apply Specifies the file having the settings you want to apply
.PARAMETER PrivateKey .PARAMETER PrivateKey
Specifies the private key part of the ClientCertificate of the TrustAuthorityKeyProvider. It is a hashtable type with: the Key is the TrustAuthorityKeyProvider.Name, and the Value is the filePath for the TrustAuthorityKeyProvider's ClientCertificate PrivateKey part. Specifies the private key part of the ClientCertificate of the TrustAuthorityKeyProvider. It is a hashtable type with: the Key is the TrustAuthorityKeyProvider.Name, and the Value is the filePath for the TrustAuthorityKeyProvider's ClientCertificate PrivateKey part.
.PARAMETER BaseImageFolder .PARAMETER BaseImageFolder
Specifies the folder having all the baseImage files to re-create the TrustAuthorityVMHostBaseImage. All the .tgz files under this folder and its sub-folders will be used to re-create TrustAuthorityVMHostBaseImage objects. Specifies the folder having all the baseImage files to re-create the TrustAuthorityVMHostBaseImage. All the .tgz files under this folder and its sub-folders will be used to re-create TrustAuthorityVMHostBaseImage objects.
.EXAMPLE .EXAMPLE
PS C:\> $privateKeyHash = @{"provider1"="c:\myprivatekey.txt";} PS C:\> $privateKeyHash = @{"provider1"="c:\myprivatekey.txt";}
PS C:\> $ts = Get-TrustAuthorityCluster "mycluster" PS C:\> $ts = Get-TrustAuthorityCluster "mycluster"
PS C:\> Apply-TrustAuthorityClusterSettings -TrustAuthorityCluster $ts -SettingsFile "c:\myfile.json" -PrivateKey $privateKeyHash -BaseImageFolder "c:\myimages\" PS C:\> Apply-TrustAuthorityClusterSettings -TrustAuthorityCluster $ts -SettingsFile "c:\myfile.json" -PrivateKey $privateKeyHash -BaseImageFolder "c:\myimages\"
Applies the settings in file c:\myfile.json to Trust Authority Cluster "mycluster" with all the baseimage files under c:\myimages\ recursively, and cmdlet will prompt for inputting the password for each TrustAuthorityKeyProvider, also the PrivateKey info saved in c:\myprivatekey.txt will be used for the TrustAuthorityKeyProvider provider1. Applies the settings in file c:\myfile.json to Trust Authority Cluster "mycluster" with all the baseimage files under c:\myimages\ recursively, and cmdlet will prompt for inputting the password for each TrustAuthorityKeyProvider, also the PrivateKey info saved in c:\myprivatekey.txt will be used for the TrustAuthorityKeyProvider provider1.
.NOTES .NOTES
Author : Carrie Yang Author : Carrie Yang
Author email : yangm@vmware.com Author email : yangm@vmware.com
@@ -473,44 +436,45 @@ Function Apply-TrustAuthorityClusterSettings {
$baseImages = $jsonObj."TrustAuthorityCluster".TrustAuthorityVMHostBaseImage $baseImages = $jsonObj."TrustAuthorityCluster".TrustAuthorityVMHostBaseImage
if ($kp -ne $null) { if ($kp -ne $null) {
foreach ($_ in $kp) { $kp | Foreach-Object {
$kps = $_.KmipServers $provider = $_
$kps = $provider.KmipServers
$cmd = "New-TrustAuthorityKeyProvider" $cmd = "New-TrustAuthorityKeyProvider"
$allArgs = @{ $allArgs = @{
'TrustAuthorityCluster' = $TrustAuthorityCluster; 'TrustAuthorityCluster' = $TrustAuthorityCluster;
'Name' = $($_.Name); 'Name' = $provider.Name;
'MasterKeyId' = $_.MasterKeyId; 'PrimaryKeyId' = $provider.PrimaryKeyId;
'KmipServerName' = $kps[0].Name; 'KmipServerName' = $kps[0].Name;
'KmipServerAddress' = $kps[0].Address; 'KmipServerAddress' = $kps[0].Address;
'KmipServerPort' = $kps[0].Port; 'KmipServerPort' = $kps[0].Port;
'Server' = $blueserver; 'Server' = $blueserver;
} }
if (![String]::IsNullOrWhiteSpace($_.Description)) { if (![String]::IsNullOrWhiteSpace($provider.Description)) {
$allArgs += @{'Description' = $_.Description;} $allArgs += @{'Description' = $provider.Description;}
} }
if (![String]::IsNullOrWhiteSpace($_.ProxyAddress)) { if (![String]::IsNullOrWhiteSpace($provider.ProxyAddress)) {
$allArgs += @{'ProxyAddress' = $_.ProxyAddress;} $allArgs += @{'ProxyAddress' = $provider.ProxyAddress;}
} }
if (![String]::IsNullOrWhiteSpace($_.ProxyPort)) { if (![String]::IsNullOrWhiteSpace($provider.ProxyPort)) {
$allArgs += @{'ProxyPort' = $_.ProxyPort;} $allArgs += @{'ProxyPort' = $provider.ProxyPort;}
} }
if (![String]::IsNullOrWhiteSpace($_.ConnectionTimeOutSeconds)) { if (![String]::IsNullOrWhiteSpace($provider.ConnectionTimeOutSeconds)) {
$allArgs += @{'ConnectionTimeOutSeconds' = $_.ConnectionTimeOutSeconds;} $allArgs += @{'ConnectionTimeOutSeconds' = $provider.ConnectionTimeOutSeconds;}
} }
if (![String]::IsNullOrWhiteSpace($_.KmipServerUsername)) { if (![String]::IsNullOrWhiteSpace($provider.KmipServerUsername)) {
$allArgs += @{'KmipServerUsername' = $_.KmipServerUsername;} $allArgs += @{'KmipServerUsername' = $provider.KmipServerUsername;}
} }
$silent = & $cmd @allArgs & $cmd @allArgs
if (($kps | Measure-Object).Count -gt 1) { if (($kps | Measure-Object).Count -gt 1) {
for ($i = 1; $i -gt ($kps | Measure-Object).Count; $i++) { for ($i = 1; $i -gt ($kps | Measure-Object).Count; $i++) {
Add-TrustAuthorityKeyProviderServer -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -Address $kps[$i].Address -Name $kps[$i].Name -Port $kps[$i].Port -Server $blueserver LogAndRunCmdlet {Add-TrustAuthorityKeyProviderServer -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -Address $kps[$i].Address -Name $kps[$i].Name -Port $kps[$i].Port -Server $blueserver -ErrorAction:Continue}
} }
} }
@@ -518,73 +482,92 @@ Function Apply-TrustAuthorityClusterSettings {
Write-Warning "CSR configuration won't be preserved, please manually establish the trust between kmip servers and trust authority keyprovider: $($_.Name)" Write-Warning "CSR configuration won't be preserved, please manually establish the trust between kmip servers and trust authority keyprovider: $($_.Name)"
} }
if ($_.ClientCertificate -ne $null) { if ($provider.ClientCertificate -ne $null) {
if ($privateKey -ne $null -and $privateKey.ContainsKey($($_.Name))) { if ($privateKey -ne $null -and $privateKey.ContainsKey($($provider.Name))) {
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import([System.Text.Encoding]::Default.GetBytes($_.ClientCertificate)) $cert.Import([System.Text.Encoding]::Default.GetBytes($provider.ClientCertificate))
try { try {
$pkStr = [System.IO.File]::ReadAllText($privateKey.$($_.Name)) $pkStr = [System.IO.File]::ReadAllText($privateKey.$($provider.Name))
} catch { } catch {
Throw "Failed to read privateKey file: $($privateKey.$($_.Name))" Throw "Failed to read privateKey file: $($privateKey.$($_.Name))"
} }
Set-TrustAuthorityKeyProviderClientCertificate -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -Certificate $cert -PrivateKey $pkStr -Server $blueserver
$cmd = {Set-TrustAuthorityKeyProviderClientCertificate -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -Certificate $cert -PrivateKey $privateKey.$($provider.Name) -Server $blueserver -ErrorAction:Continue}
LogAndRunCmdlet $cmd
} else { } else {
New-TrustAuthorityKeyProviderClientCertificate -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -Server $blueserver LogAndRunCmdlet {New-TrustAuthorityKeyProviderClientCertificate -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -Server $blueserver -ErrorAction:Continue}
} }
} }
if ($_.ServerCertificate -ne $null) { if ($_.ServerCertificate -ne $null) {
$trustedcerts = [System.Collections.ArrayList]@() $trustedcerts = [System.Collections.ArrayList]@()
foreach ($certStr in $_.ServerCertificate) { $provider.ServerCertificate | Foreach-Object {
$certStr = $_
$tempStr = $certStr.CertificateRawData $tempStr = $certStr.CertificateRawData
if ($certStr.Trusted) { if ($certStr.Trusted) {
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import([System.Text.Encoding]::Default.GetBytes($tempStr)) $cert.Import([System.Text.Encoding]::Default.GetBytes($tempStr))
$silent = $trustedcerts.Add($cert) $trustedcerts.Add($cert) | Out-Null
} }
} }
Set-TrustAuthorityKeyProviderServerCertificate -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -Certificate $trustedcerts -Server $blueserver
$cmd = {Set-TrustAuthorityKeyProviderServerCertificate -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -Certificate $trustedcerts -Server $blueserver -ErrorAction:Continue}
LogAndRunCmdlet $cmd
} }
$kmipPwd = Read-Host "Enter the password of Trust Authority Key Provider $($_.Name) (Return if none)" -AsSecureString $kmipPwd = Read-Host "Enter the password of Trust Authority Key Provider $($_.Name) (Return if none)" -AsSecureString
if ($kmipPwd.Length -gt 0) { if ($kmipPwd.Length -gt 0) {
Set-TrustAuthorityKeyProvider -KeyProvider $_.Name -TrustAuthorityCluster $TrustAuthorityCluster -KmipServerPassword $kmipPwd -Server $blueserver LogAndRunCmdlet {Set-TrustAuthorityKeyProvider -KeyProvider $provider.Name -TrustAuthorityCluster $TrustAuthorityCluster -KmipServerPassword $kmipPwd -Server $blueserver -ErrorAction:Continue}
} }
} }
} }
if ($principals -ne $null) {
foreach ($_ in $principals) {
$chainList = [System.Collections.ArrayList]@()
foreach ($str in $_.certRawData) {
$chain = ConvertTo-X509Chain -certString $str
$silent = $chainList.Add($chain)
}
New-TrustAuthorityPrincipal -TrustAuthorityCluster $TrustAuthorityCluster -Name $_.Name -Domain $_.Domain -Issuer $_.Issuer -CertificateChain $chainList -Type $_.Type -Server $blueserver -Confirm:$false
}
}
if ($tpm2Setting -ne $null) { if ($tpm2Setting -ne $null) {
Set-TrustAuthorityTpm2AttestationSettings -RequireCertificateValidation:$tpm2Setting.RequireCertificateValidation -RequireEndorsementKey:$tpm2Setting.RequireEndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Confirm:$false $cmd = {Set-TrustAuthorityTpm2AttestationSettings -RequireCertificateValidation:$tpm2Setting.RequireCertificateValidation -RequireEndorsementKey:$tpm2Setting.RequireEndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Server $blueserver -Confirm:$false -ErrorAction:Continue}
LogAndRunCmdlet $cmd
} }
if ($tpm2CA -ne $null) { if ($tpm2CA -ne $null) {
foreach ($_ in $tpm2CA) { $tpm2CA | Foreach-Object {
$chain = ConvertTo-X509Chain $_.certRawData $ca = $_
New-TrustAuthorityTpm2CACertificate -TrustAuthorityCluster $TrustAuthorityCluster -CertificateChain $chain -Name $_.Name -Server $blueserver -Confirm:$false $chain = ConvertTo-X509Chain $ca.certRawData
$cmd = {New-TrustAuthorityTpm2CACertificate -TrustAuthorityCluster $TrustAuthorityCluster -CertificateChain $chain -Name $ca.Name -Server $blueserver -Confirm:$false -ErrorAction:Continue}
LogAndRunCmdlet $cmd
} }
} }
if ($tpm2Ek -ne $null) { if ($tpm2Ek -ne $null) {
foreach ($_ in $tpm2Ek) { $tpm2Ek | Foreach-Object {
New-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Name $_.Name -PublicKey $_.PublicKey -Server $blueserver -Confirm:$false $ek = $_
$publicKey = $ek.PublicKey
$cmd = {New-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Name $ek.Name -PublicKey $publicKey -Server $blueserver -Confirm:$false -ErrorAction:Continue}
LogAndRunCmdlet $cmd
} }
} }
if ($baseImages -ne $null) { if ($baseImages -ne $null) {
New-TrustAuthorityVMHostBaseImage -TrustAuthorityCluster $TrustAuthorityCluster -FilePath $baseImageFolder -Server $blueserver -Confirm:$false $cmd = {New-TrustAuthorityVMHostBaseImage -TrustAuthorityCluster $TrustAuthorityCluster -FilePath $baseImageFolder -Server $blueserver -Confirm:$false -ErrorAction:Continue}
LogAndRunCmdlet $cmd
}
if ($principals -ne $null) {
$errorBeforeExecution = $Global:error.Clone()
$Global:error.Clear()
$principals | Foreach-Object {
$p = $_
$chainList = [System.Collections.ArrayList]@()
$p.certRawData | Foreach-Object {
$str = $_
$chain = ConvertTo-X509Chain -certString $str
$chainList.Add($chain) | Out-Null
}
$cmd = {New-TrustAuthorityPrincipal -TrustAuthorityCluster $TrustAuthorityCluster -Name $p.Name -Domain $p.Domain -Issuer $p.Issuer -CertificateChain $chainList -Type $p.Type -Server $blueserver -Confirm:$false -ErrorAction:Continue}
$newPrincipal = LogAndRunCmdlet $cmd
CheckNewTrustAuthorityPrincipalResult -TAPrincipal $newPrincipal
}
$Global:error.AddRange($errorBeforeExecution)
} }
} }
} }
@@ -594,21 +577,16 @@ Function Apply-TrustedClusterSettings {
<# <#
.SYNOPSIS .SYNOPSIS
This cmdlet applies the settings in the specific $SettingsFile to a Trusted Cluster. This cmdlet applies the settings in the specific $SettingsFile to a Trusted Cluster.
.DESCRIPTION .DESCRIPTION
This cmdlet applies the settings in the specific $SettingsFile to a Trusted Cluster This cmdlet applies the settings in the specific $SettingsFile to a Trusted Cluster
.PARAMETER TrustedCluster .PARAMETER TrustedCluster
Specifies the Trusted Cluster you want to apply the settings. Specifies the Trusted Cluster you want to apply the settings.
.PARAMETER SettingsFile .PARAMETER SettingsFile
Specifies the file having the settings you want to apply. Specifies the file having the settings you want to apply.
.EXAMPLE .EXAMPLE
PS C:\> $ts = Get-TrustedCluster "mycluster" PS C:\> $ts = Get-TrustedCluster "mycluster"
PS C:\> Apply-TrustedClusterSettings -TrustedCluster $ts -SettingsFile "c:\myfile.json" PS C:\> Apply-TrustedClusterSettings -TrustedCluster $ts -SettingsFile "c:\myfile.json"
Applies the settings in file c:\myfile.json to Trusted Cluster "mycluster". Applies the settings in file c:\myfile.json to Trusted Cluster "mycluster".
.NOTES .NOTES
Author : Carrie Yang Author : Carrie Yang
Author email : yangm@vmware.com Author email : yangm@vmware.com
@@ -637,18 +615,59 @@ Function Apply-TrustedClusterSettings {
} }
if ($jsonObj.TrustedCluster.AttestationServiceInfo -ne $null) { if ($jsonObj.TrustedCluster.AttestationServiceInfo -ne $null) {
$attests = Get-AttestationServiceInfo | where {$($_.Name) -in $($jsonObj.TrustedCluster.AttestationServiceInfo)} $attests = Get-AttestationServiceInfo -Server $greenvc | Where-Object {$($_.Name) -in $($jsonObj.TrustedCluster.AttestationServiceInfo)}
Add-TrustedClusterAttestationServiceInfo -TrustedCluster $TrustedCluster -AttestationServiceInfo $attests -Confirm:$false -Server $greenvc $cmd = {Add-TrustedClusterAttestationServiceInfo -TrustedCluster $TrustedCluster -AttestationServiceInfo $attests -Confirm:$false -Server $greenvc -ErrorAction:Continue}
LogAndRunCmdlet $cmd
} }
if ($jsonObj.TrustedCluster.KeyProviderServiceInfo -ne $null) { if ($jsonObj.TrustedCluster.KeyProviderServiceInfo -ne $null) {
$kms = Get-KeyProviderServiceInfo | where {$($_.Name) -in $($jsonObj.TrustedCluster.KeyProviderServiceInfo)} $kms = Get-KeyProviderServiceInfo -Server $greenvc | Where-Object {$($_.Name) -in $($jsonObj.TrustedCluster.KeyProviderServiceInfo)}
Add-TrustedClusterKeyProviderServiceInfo -TrustedCluster $TrustedCluster -KeyProviderServiceInfo $kms -Confirm:$false -Server $greenvc $cmd = {Add-TrustedClusterKeyProviderServiceInfo -TrustedCluster $TrustedCluster -KeyProviderServiceInfo $kms -Confirm:$false -Server $greenvc -ErrorAction:Continue}
LogAndRunCmdlet $cmd
} }
} }
} }
Function LogAndRunCmdlet {
[CmdLetBinding()]
Param (
[Parameter(Mandatory=$True)]
[ScriptBlock] $CmdBlock
)
Process {
Write-Host "Running cmdlet: $CmdBlock"
& $CmdBlock
}
}
Function CheckNewTrustAuthorityPrincipalResult {
[CmdLetBinding()]
Param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)][AllowNull()]
[VMware.VimAutomation.Security.Types.V1.TrustedInfrastructure.TrustAuthorityPrincipal] $TAPrincipal
)
Begin {
$expectedCmdName = "NewTrustAuthorityPrincipal"
$expectedError = "com.vmware.esx.authentication.trust.security_token_issuers.issuer_already_exists"
}
Process {
$err = $Global:Error[0]
if (($TAPrincipal -eq $null) -and ($($err.Exception.TargetSite.Name) -eq $expectedCmdName)) {
if ($($err.Exception.InnerException) -match $expectedError) {
Write-Error "Operation didn't complete successfully. This is a known issue. Refer to https://kb.vmware.com/s/article/77146 to recover the host, then rerun New-TrustAuthorityPrincipal cmdlet to create the TrustAuthorityPrincipal for the new host please."
}
} elseif ($TAPrincipal) {
$TAPrincipal
}
}
}
Function Join-VMHost { Function Join-VMHost {
Param ( Param (
@@ -660,12 +679,16 @@ Function Join-VMHost {
[Parameter(Mandatory=$True)] [Parameter(Mandatory=$True)]
[System.Management.Automation.Credential()] [System.Management.Automation.Credential()]
$Credential $Credential,
[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()]
[String] $Server
) )
Process { Process {
Write-Host "Adding new host $VMHostAddress to cluster $ClusterName..." Write-Host "Adding new host $VMHostAddress to cluster $ClusterName..."
Add-VMHost -Name $VMHostAddress -Credential $Credential -Location $ClusterName -Force Add-VMHost -Name $VMHostAddress -Credential $Credential -Location $ClusterName -Server $Server -Force
} }
} }
@@ -680,6 +703,7 @@ Function Remove-TrustedClusterSettings {
Begin { Begin {
$greenvc = GetViServer -clusterUid $TrustedCluster.Uid $greenvc = GetViServer -clusterUid $TrustedCluster.Uid
Write-Host "Removing the settings of TrustedCluster $($TrustedCluster.Name)..." Write-Host "Removing the settings of TrustedCluster $($TrustedCluster.Name)..."
$TrustedCluster = Get-TrustedCluster $TrustedCluster.Name -Server $greenvc
} }
Process { Process {
@@ -687,7 +711,7 @@ Function Remove-TrustedClusterSettings {
Set-TrustedCluster -TrustedCluster $TrustedCluster -State Disabled -Server $greenvc -Confirm:$false Set-TrustedCluster -TrustedCluster $TrustedCluster -State Disabled -Server $greenvc -Confirm:$false
} else { } else {
if ($TrustedCluster.KeyProviderServiceInfo -ne $null) { if ($TrustedCluster.KeyProviderServiceInfo -ne $null) {
Remove-TrustedClusterKeyProviderServiceInfo -TrustedCluster $TrustedCluster -KeyProviderServiceInfo $TrustedCluster.KeyProviderServiceInfo -Server $greenvc Remove-TrustedClusterKeyProviderServiceInfo -TrustedCluster $TrustedCluster -KeyProviderServiceInfo $TrustedCluster.KeyProviderServiceInfo -Server $greenvc -Confirm:$false
} }
} }
} }
@@ -714,23 +738,50 @@ Function IsSelfSignedClientCertificate {
$privateKeyNotSet = $False $privateKeyNotSet = $False
$kpNames = [System.Collections.ArrayList]@() $kpNames = [System.Collections.ArrayList]@()
if ($kp -ne $null) { if ($kp -ne $null) {
foreach ($k in $kp) { $kp | Foreach-Object {
$k = $_
$clientCert = Get-TrustAuthorityKeyProviderClientCertificate -KeyProvider $k -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc $clientCert = Get-TrustAuthorityKeyProviderClientCertificate -KeyProvider $k -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
if ($clientCert -ne $null -and !($privateKey -ne $null -and $privateKey.ContainsKey($($k.Name)))) { if ($clientCert -ne $null -and !($privateKey -ne $null -and $privateKey.ContainsKey($($k.Name)))) {
$privateKeyNotSet = $True $privateKeyNotSet = $True
$silent = $kpNames.Add($k.Name) $kpNames.Add($k.Name) | Out-Null
} }
} }
} }
if ($privateKeyNotSet) { if ($privateKeyNotSet) {
$kpnameStr = [System.String]::join(",", $($kpNames)) $kpnameStr = [System.String]::join(",", $($kpNames))
Write-Warning "For self-signed client certificate, the cmdlet could not be able to establish the trust between the kmip servers and the keyprovider: ($kpnameStr). Write-Warning "For self-signed client certificate, the cmdlet might not be able to establish the trust between the kmip servers and the keyprovider: ($kpnameStr). `nManually try to use followed cmdlets to establish the trust: `n 1. New-TrustAuthorityKeyProviderClientCertificate;`n 2. Get-TrustAuthorityKeyProviderClientCertificate; `n then make the certificate be signed in kmip servers." -WarningAction Inquire
Please manually use these followed cmdlets to establish the trust: New-TrustAuthorityKeyProviderClientCertificate, and Get-TrustAuthorityKeyProviderClientCertificate, then make the certificate be signed in kmip servers." -WarningAction Inquire
} }
} }
} }
Function Is70AboveServer {
Param (
[Parameter(Mandatory=$True)]
[ValidateNotNullOrEmpty()]
[String] $VIServer
)
Process {
if ([String]::IsNullOrWhiteSpace($VIServer)) {
Throw "Please provide a valid vCenter Server!"
}
$SI = Get-View Serviceinstance -Server $VIServer
$apiVersion = [System.Version]$($SI.Content.About.Version)
$MajorVersion = $apiVersion.Major
$MinorVersion = $apiVersion.Minor
$buildNum = $apiVersion.Build
if (($MajorVersion -lt 7) -or ($MajorVersion -eq 7 -And $MinorVersion -eq 0 -And $buildNum -eq 0)) {
return $false
}
return $true
}
}
Function Check-VMHostVersionAndLicense { Function Check-VMHostVersionAndLicense {
[CmdLetBinding()] [CmdLetBinding()]
@@ -743,7 +794,9 @@ Function Check-VMHostVersionAndLicense {
$Credential, $Credential,
[Parameter(Mandatory=$True)] [Parameter(Mandatory=$True)]
[bool]$CheckLicense [bool]$CheckLicense,
[bool]$Allow70Above=$true
) )
Begin { Begin {
@@ -759,9 +812,17 @@ Function Check-VMHostVersionAndLicense {
$MajorVersion = $apiVersion.Major $MajorVersion = $apiVersion.Major
$MinorVersion = $apiVersion.Minor $MinorVersion = $apiVersion.Minor
$buildNum = $apiVersion.Build $buildNum = $apiVersion.Build
if ($MajorVersion -lt 7 -And $MinorVersion -ne 0 -And $buildNum -ne 0) {
Disconnect-VIServer -Server $server -confirm:$false if (!$Allow70Above) {
Throw "VMHost of $apiVersion is not supported, only 7.0.0 is supported...`n" if ($MajorVersion -ne 7 -or $MinorVersion -ne 0 -or $buildNum -ne 0) {
Disconnect-VIServer -Server $server -confirm:$false
Throw "VMHost of $apiVersion is not supported, only 7.0.0 is supported...`n"
}
} else {
if ($MajorVersion -lt 7) {
Disconnect-VIServer -Server $server -confirm:$false
Throw "VMHost of $apiVersion is not supported, only 7.0.0 and above are supported...`n"
}
} }
# Check license # Check license
@@ -814,21 +875,22 @@ Function Check-TrustAuthorityClusterHealth {
# Check TrustAuthorityPrincipal's healthy # Check TrustAuthorityPrincipal's healthy
$principals = Get-TrustAuthorityPrincipal -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc $principals = Get-TrustAuthorityPrincipal -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
foreach ($p in $principals) { $principals | Foreach-Object {
if ($p.Health -ne 'Ok') { if ($_.Health -ne 'Ok') {
Throw "The TrustAuthorityPrincipal $($p.Name) is not healthy, please fix it first!" Throw "The TrustAuthorityPrincipal $($p.Name) is not healthy, please fix it first!"
} }
} }
# Check TrustAuthorityKeyProvider's healthy # Check TrustAuthorityKeyProvider's healthy
$kp = Get-TrustAuthorityKeyProvider -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc $kp = Get-TrustAuthorityKeyProvider -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
foreach ($k in $kp) { $kp | Foreach-Object {
$k = $_
if ($k.Status.Health -ne 'Ok') { if ($k.Status.Health -ne 'Ok') {
Throw "TrustAuthorityKeyProvider $($k.Name) is not healthy, please fix it first!" Throw "TrustAuthorityKeyProvider $($k.Name) is not healthy, please fix it first!"
} }
foreach ($status in $k.Status.ServerStatus) { $k.Status.ServerStatus | Foreach-Object {
if ($status.Health -ne 'Ok') { if ($_.Health -ne 'Ok') {
Throw "The ServerStatus $($status.Name) in TrustAuthorityKeyProvider $($k.Name) is not healthy, please fix it first!" Throw "The ServerStatus $($status.Name) in TrustAuthorityKeyProvider $($k.Name) is not healthy, please fix it first!"
} }
} }
@@ -843,8 +905,8 @@ Function Check-TrustAuthorityClusterHealth {
# Check tpm2Ek healthy # Check tpm2Ek healthy
$tpm2Eks = Get-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc $tpm2Eks = Get-TrustAuthorityTpm2EndorsementKey -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
if ($tpm2Eks -ne $null) { if ($tpm2Eks -ne $null) {
foreach ($ek in $tpm2Eks) { $tpm2Eks | Foreach-Object {
if ($ek.Health -ne 'Ok') { if ($_.Health -ne 'Ok') {
Throw "TrustAuthorityTpm2EndorsementKey $($ek.Name) is not healthy, please fix it first!" Throw "TrustAuthorityTpm2EndorsementKey $($ek.Name) is not healthy, please fix it first!"
} }
} }
@@ -853,8 +915,8 @@ Function Check-TrustAuthorityClusterHealth {
# Check tpm2CA healthy # Check tpm2CA healthy
$tpm2cas = Get-TrustAuthorityTpm2CACertificate -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc $tpm2cas = Get-TrustAuthorityTpm2CACertificate -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
if ($tpm2cas -ne $null) { if ($tpm2cas -ne $null) {
foreach ($ca in $tpm2cas) { $tpm2cas | Foreach-Object {
if ($ca.Health -ne 'Ok') { if ($_.Health -ne 'Ok') {
Throw "TrustAuthorityTpm2CACertificate $($ca.Name) is not healthy, please fix it first!" Throw "TrustAuthorityTpm2CACertificate $($ca.Name) is not healthy, please fix it first!"
} }
} }
@@ -863,8 +925,8 @@ Function Check-TrustAuthorityClusterHealth {
# Check BaseImage healthy # Check BaseImage healthy
$baseImages = Get-TrustAuthorityVMHostBaseImage -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc $baseImages = Get-TrustAuthorityVMHostBaseImage -TrustAuthorityCluster $TrustAuthorityCluster -Server $bluevc
if ($baseImages -ne $null) { if ($baseImages -ne $null) {
foreach ($img in $baseImages) { $baseImages | Foreach-Object {
if ($img.Health -ne 'Ok') { if ($_.Health -ne 'Ok') {
Throw "TrustAuthorityVMHostBaseImage $($img.Name) is not healthy, please fix it first!" Throw "TrustAuthorityVMHostBaseImage $($img.Name) is not healthy, please fix it first!"
} }
} }
@@ -907,7 +969,7 @@ Function GetViServer {
} }
} }
Function ConfirmIsVCenter{ Function ConfirmIsVCenter {
<# <#
.SYNOPSIS .SYNOPSIS
This function confirms the connected VI server is vCenter Server. This function confirms the connected VI server is vCenter Server.
@@ -945,12 +1007,12 @@ Function ConvertFrom-X509Chain {
) )
Process { Process {
$certStr = $null $certStr = $null
foreach ($c in $($CertChain.ChainElements)) { $($CertChain.ChainElements) | Foreach-Object {
if ($certStr -eq $null) { if ($certStr -eq $null) {
$certStr = [System.Convert]::ToBase64String($($c.Certificate.GetRawCertData())) $certStr = [System.Convert]::ToBase64String($($_.Certificate.GetRawCertData()))
} else { } else {
$certStr = $certStr, [System.Convert]::ToBase64String($($c.Certificate.GetRawCertData())) $certStr = $certStr, [System.Convert]::ToBase64String($($_.Certificate.GetRawCertData()))
} }
} }
@@ -965,18 +1027,18 @@ Function ConvertTo-X509Chain {
) )
Process { Process {
$chain = new-object System.Security.Cryptography.X509Certificates.X509Chain $chain = New-Object System.Security.Cryptography.X509Certificates.X509Chain
if ($certString.Length -gt 0) { if ($certString.Length -gt 0) {
for ($i = 0; $i -lt $certString.Length - 1; $i++ ) { for ($i = 0; $i -lt $certString.Length - 1; $i++ ) {
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import([System.Text.Encoding]::Default.GetBytes($certString[$i].replace("\n", [Environment]::NewLine))) $cert.Import([System.Text.Encoding]::Default.GetBytes($certString[$i].replace("\n", [Environment]::NewLine)))
$silent = $chain.ChainPolicy.ExtraStore.Add($cert) $chain.ChainPolicy.ExtraStore.Add($cert) | Out-Null
} }
} }
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cert.Import([System.Text.Encoding]::Default.GetBytes($certString[-1].replace("\n", [Environment]::NewLine))) $cert.Import([System.Text.Encoding]::Default.GetBytes($certString[-1].replace("\n", [Environment]::NewLine)))
$silent = $chain.Build($cert) $chain.Build($cert) | Out-Null
return $chain return $chain
} }
@@ -984,12 +1046,11 @@ Function ConvertTo-X509Chain {
Export-ModuleMember Add-TrustAuthorityVMHost, Add-TrustedVMHost Export-ModuleMember Add-TrustAuthorityVMHost, Add-TrustedVMHost
# SIG # Begin signature block # SIG # Begin signature block
# MIIi9AYJKoZIhvcNAQcCoIIi5TCCIuECAQExDzANBglghkgBZQMEAgEFADB5Bgor # MIIi9AYJKoZIhvcNAQcCoIIi5TCCIuECAQExDzANBglghkgBZQMEAgEFADB5Bgor
# BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG
# KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCwMEx3Ndpn/K5N # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDicYU2iA+clsiG
# T9PigHlgbfEAXX20xwVouOnKKMD48KCCD8swggTMMIIDtKADAgECAhBdqtQcwalQ # VfuCJGR5GCDk63j+8YRckQvxLcD5yKCCD8swggTMMIIDtKADAgECAhBdqtQcwalQ
# C13tonk09GI7MA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAlVTMR0wGwYDVQQK # C13tonk09GI7MA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNVBAYTAlVTMR0wGwYDVQQK
# ExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3Qg # ExRTeW1hbnRlYyBDb3Jwb3JhdGlvbjEfMB0GA1UECxMWU3ltYW50ZWMgVHJ1c3Qg
# TmV0d29yazEwMC4GA1UEAxMnU3ltYW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBT # TmV0d29yazEwMC4GA1UEAxMnU3ltYW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBT
@@ -1079,18 +1140,18 @@ Export-ModuleMember Add-TrustAuthorityVMHost, Add-TrustedVMHost
# YW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBTaWduaW5nIENBAhBdqtQcwalQC13t # YW50ZWMgQ2xhc3MgMyBTSEEyNTYgQ29kZSBTaWduaW5nIENBAhBdqtQcwalQC13t
# onk09GI7MA0GCWCGSAFlAwQCAQUAoIGWMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3 # onk09GI7MA0GCWCGSAFlAwQCAQUAoIGWMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3
# AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMCoGCisGAQQBgjcCAQwx # AgEEMBwGCisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMCoGCisGAQQBgjcCAQwx
# HDAaoRiAFmh0dHA6Ly93d3cudm13YXJlLmNvbS8wLwYJKoZIhvcNAQkEMSIEIL6r # HDAaoRiAFmh0dHA6Ly93d3cudm13YXJlLmNvbS8wLwYJKoZIhvcNAQkEMSIEIEIQ
# SvvCSJpAoQz4YvtfQH11/WevM1ULBbGfNUE3j37RMA0GCSqGSIb3DQEBAQUABIIB # y4E7C63SmxSxEC+1DBchnh7DW24QhvnHyMjCEuJ+MA0GCSqGSIb3DQEBAQUABIIB
# AKUHXKwZcvP2g8/l7dqWyaG7h4q/yJDxaWpk9r1mnUSw1MBR+0AOCm1mquTlpFVH # ADwK/sQPu5Vv+Jink4WM/Bf3CvrNgyfZD13TPDsMlt+tSEjghyHQ5/Xz4asgQuKB
# ZD1KMQWtu1rJDz5A7XAm8/n6LpyqCCHcgMm+hiEjA8r02oTA8vMFch3OR6Z1/aad # CSUgh0bJDaDaz9FF1oY9VUHHsonuB4sVhMKevKbXsYVuvUU65tBZ0RN+74RP/3iS
# tOBkeln18M9kVkQ//uociG89A2LkfE35UKAhnDVcOBNlU0g43n9vSgakNdOOc0ZI # rQAADQdIGuKBX1pmOmyE65A6pLWmJ+j05XCagPFboiXdiEcVxfCqRctK8MSyvtzd
# VC2FD/tn9QPJXtcZ0LAFrCPuiIya+gvQ1aQCALUYi+aLuARNN01KBMRFG9za/JwX # HOa2miNTIPEPUTVvqo/9nZCUwFhNN8TwaaOwrkMZv0NOFGk9AaGyQJuHb/IP1y2r
# L6rwInitQt/BRNDINiuuTI96xBEMq3JjzW9AE8jF1rVqr1ISBgf8ZZUHdnNHiE91 # cgFGtWA+WgPKftWq1s9Evk7W3WXV/nlKu55zg8K/no2Ug6+7KE0jNGUJJHg/yp6b
# HxLh4zvDq7SEh2ne6UhOJg6hghAjMIIQHwYKKwYBBAGCNwMDATGCEA8wghALBgkq # gO/kfYj4sIwd5RJvOkk45QChghAjMIIQHwYKKwYBBAGCNwMDATGCEA8wghALBgkq
# hkiG9w0BBwKggg/8MIIP+AIBAzEPMA0GCWCGSAFlAwQCAQUAMIHmBgsqhkiG9w0B # hkiG9w0BBwKggg/8MIIP+AIBAzEPMA0GCWCGSAFlAwQCAQUAMIHmBgsqhkiG9w0B
# CRABBKCB1gSB0zCB0AIBAQYJKwYBBAGgMgIDMDEwDQYJYIZIAWUDBAIBBQAEIII1 # CRABBKCB1gSB0zCB0AIBAQYJKwYBBAGgMgIDMDEwDQYJYIZIAWUDBAIBBQAEIMSa
# T46qC5Scv1JNpvu1aNNVzRq4lB1M9EZlbgeSsNYJAg4BbKiJKXgAAAAAAKUUzBgT # 32tGkSO0MHzDIAL+rOzowJzdf7nOyZAYmKBTXDbnAg4BbKiJKXgAAAAAAjyk+xgT
# MjAyMDA0MDIxMDI5MTguNjc5WjADAgEBoGOkYTBfMQswCQYDVQQGEwJKUDEcMBoG # MjAyMDEwMTIxMDE3MTEuOTY0WjADAgEBoGOkYTBfMQswCQYDVQQGEwJKUDEcMBoG
# A1UEChMTR01PIEdsb2JhbFNpZ24gSy5LLjEyMDAGA1UEAxMpR2xvYmFsU2lnbiBU # A1UEChMTR01PIEdsb2JhbFNpZ24gSy5LLjEyMDAGA1UEAxMpR2xvYmFsU2lnbiBU
# U0EgZm9yIEFkdmFuY2VkIC0gRzMgLSAwMDMtMDGgggxqMIIE6jCCA9KgAwIBAgIM # U0EgZm9yIEFkdmFuY2VkIC0gRzMgLSAwMDMtMDGgggxqMIIE6jCCA9KgAwIBAgIM
# M5Agd2HEJt2UUAMNMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAkJFMRkwFwYD # M5Agd2HEJt2UUAMNMA0GCSqGSIb3DQEBCwUAMFsxCzAJBgNVBAYTAkJFMRkwFwYD
@@ -1162,15 +1223,15 @@ Export-ModuleMember Add-TrustAuthorityVMHost, Add-TrustedVMHost
# ggKFAgEBMGswWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt # ggKFAgEBMGswWzELMAkGA1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYt
# c2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMjU2 # c2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0YW1waW5nIENBIC0gU0hBMjU2
# IC0gRzICDDOQIHdhxCbdlFADDTANBglghkgBZQMEAgEFAKCB8DAaBgkqhkiG9w0B # IC0gRzICDDOQIHdhxCbdlFADDTANBglghkgBZQMEAgEFAKCB8DAaBgkqhkiG9w0B
# CQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIA4jXM836yg3wGdHIpch # CQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZIhvcNAQkEMSIEIJ1Mp8MoZoM8GN+RvFGW
# UiliyMiFAI2ifPJZqDcXgJ1ZMIGgBgsqhkiG9w0BCRACDDGBkDCBjTCBijCBhwQU # kxLQOL4htvdgNS1G5j3jevwAMIGgBgsqhkiG9w0BCRACDDGBkDCBjTCBijCBhwQU
# rmsC2QsljAmRsRYSid62aVY5HW8wbzBfpF0wWzELMAkGA1UEBhMCQkUxGTAXBgNV # rmsC2QsljAmRsRYSid62aVY5HW8wbzBfpF0wWzELMAkGA1UEBhMCQkUxGTAXBgNV
# BAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0 # BAoTEEdsb2JhbFNpZ24gbnYtc2ExMTAvBgNVBAMTKEdsb2JhbFNpZ24gVGltZXN0
# YW1waW5nIENBIC0gU0hBMjU2IC0gRzICDDOQIHdhxCbdlFADDTANBgkqhkiG9w0B # YW1waW5nIENBIC0gU0hBMjU2IC0gRzICDDOQIHdhxCbdlFADDTANBgkqhkiG9w0B
# AQEFAASCAQB89B/P9T38HdPsMvwHePaxCuxvcVOb0tWYORy4h/6961Hr8+uJi3g8 # AQEFAASCAQCw0o79lMBljtr86gcDxeF2/v1wLaLJaxTvwLJ3bYLabHR5wZUv42aO
# oPQl5tMvsUObcO+hMG8YyXfRpQRr5YrHeWpUGdQzMMHb+gC540P+r3jm6iWoKtpR # 3KEMzeIvLN9/mMSn7rq6vcWGZSAZVvWecDntZE9OYU7i4cQdRucXctFGpoTN6MKF
# 1WGSnQQUqKaB7a4wZtQoizzSm9a7hB4JEcDtb2Qh2jmSr4yhMx7XmFMLo7NVlEnW # yeX3vMbe7YfBPGJkNB6HfYp4qWy6CkWWlWXgK1MOKo+HQFORkZtDqqpoUa3soqVl
# lS6kTYR9kE4qTagRIOZW5iIUjcAaVn/uhNAOZUjatErU8c/a8vJ7TxtPj4YSaK0J # IeCMCcJjJIrSd3LA8NFYtOUfPXRmdhcn10xke3vTBO4T7pTLdymcm3x909UN+0cE
# IeC+HeUYNRrjwtSgmnU+j/xg1Jo9zUoCGJHBIEJ9iwzgCeRLJuqHKUZiAGBZm09F # xIe2wMG3D3XxSN+Rx5+iz9thPISgVdOgJLP4FxQ5fU1ci56k35wXQeDnHQFyQTO+
# EzycbyZmxfS5ui4MX5wSMdO1ETnvkbRc # uF+EWBmAiBQ6cGTiYvDOZSG2Ody3NSPn
# SIG # End signature block # SIG # End signature block