diff --git a/src/SdnDiagnostics.psm1 b/src/SdnDiagnostics.psm1 index b6565f5b..958c4f65 100644 --- a/src/SdnDiagnostics.psm1 +++ b/src/SdnDiagnostics.psm1 @@ -69,6 +69,15 @@ if (Confirm-IsFailoverClusterNC) { #### CLASSES & ENUMS ##### ########################## +class SdnFabricInfrastructure { + [System.String[]]$NetworkController + [System.String[]]$LoadBalancerMux + [System.String[]]$Gateway + [System.String]$NcUrl + [System.String]$RestApiVersion + [System.String[]]$FabricNodes +} + ########################## #### ARG COMPLETERS ###### ########################## @@ -416,7 +425,7 @@ function Start-SdnCertificateRotation { [Parameter(Position = 1)][SecureString]$param2, [Parameter(Position = 2)][PSCredential]$param3, [Parameter(Position = 3)][String]$param4, - [Parameter(Position = 4)][System.Object]$param5 + [Parameter(Position = 4)][SdnFabricInfrastructure]$param5 ) New-SdnNetworkControllerNodeCertificate -NotAfter $param1 -CertPassword $param2 -Credential $param3 -Path $param4 -FabricDetails $param5 diff --git a/src/modules/SdnDiag.Common.psm1 b/src/modules/SdnDiag.Common.psm1 index b6d55f10..9758a62c 100644 --- a/src/modules/SdnDiag.Common.psm1 +++ b/src/modules/SdnDiag.Common.psm1 @@ -1,6 +1,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. +using module ..\SdnDiagnostics.psm1 Import-Module $PSScriptRoot\SdnDiag.Utilities.psm1 $configurationData = Import-PowerShellDataFile -Path "$PSScriptRoot\SdnDiag.Common.Config.psd1" @@ -90,7 +91,7 @@ function Copy-CertificateToFabric { [Parameter(Mandatory = $true, ParameterSetName = 'NetworkControllerNode')] [Parameter(Mandatory = $true, ParameterSetName = 'LoadBalancerMuxNode')] [Parameter(Mandatory = $true, ParameterSetName = 'ServerNode')] - [System.Object]$FabricDetails, + [SdnFabricInfrastructure]$FabricDetails, [Parameter(Mandatory = $true, ParameterSetName = 'NetworkControllerRest')] [Switch]$NetworkControllerRestCertificate, @@ -312,7 +313,7 @@ function Copy-UserProvidedCertificateToFabric { [System.Security.SecureString]$CertPassword, [Parameter(Mandatory = $true)] - [System.Object]$FabricDetails, + [SdnFabricInfrastructure]$FabricDetails, [Parameter(Mandatory = $false)] [System.Boolean]$RotateNodeCerts = $false, diff --git a/src/modules/SdnDiag.LoadBalancerMux.psm1 b/src/modules/SdnDiag.LoadBalancerMux.psm1 index 64e9e9b5..6bf2815f 100644 --- a/src/modules/SdnDiag.LoadBalancerMux.psm1 +++ b/src/modules/SdnDiag.LoadBalancerMux.psm1 @@ -1,6 +1,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. +using module ..\SdnDiagnostics.psm1 Import-Module $PSScriptRoot\SdnDiag.Common.psm1 Import-Module $PSScriptRoot\SdnDiag.Utilities.psm1 @@ -458,7 +459,7 @@ function New-SdnMuxCertificate { .PARAMETER Path Specifies the file path location where a .cer file is exported automatically. .PARAMETER FabricDetails - The SDN Fabric details derived from Get-SdnInfrastructureInfo. + The EnvironmentInfo derived from Get-SdnInfrastructureInfo. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user .EXAMPLE @@ -474,21 +475,15 @@ function New-SdnMuxCertificate { [System.String]$Path = "$(Get-WorkingDirectory)\MuxCert_{0}" -f (Get-FormattedDateTimeUTC), [Parameter(Mandatory = $false)] - [System.Object]$FabricDetails, + [SdnFabricInfrastructure]$FabricDetails, [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) - $config = Get-SdnModuleConfiguration -Role 'LoadBalancerMux' - $confirmFeatures = Confirm-RequiredFeaturesInstalled -Name $config.windowsFeature - if (-NOT ($confirmFeatures)) { - throw New-Object System.NotSupportedException("The current machine is not a LoadBalancerMux, run this on LoadBalancerMux.") - } - - # ensure that the module is running as local administrator - Confirm-IsAdmin + Confirm-IsAdmin # ensure that the module is running as local administrator + Confirm-IsLoadBalancerMux # ensure that the module is running on a Load Balancer Mux try { if (-NOT (Test-Path -Path $Path -PathType Container)) { @@ -508,14 +503,17 @@ function New-SdnMuxCertificate { [System.String]$cerFilePath = "$(Join-Path -Path $CertPath.FullName -ChildPath $subjectName.ToString().ToLower().Replace('.','_').Replace("=",'_').Trim()).cer" "Exporting certificate to {0}" -f $cerFilePath | Trace-Output $exportedCertificate = Export-Certificate -Cert $certificate -FilePath $cerFilePath -Type CERT - Copy-CertificateToFabric -CertFile $exportedCertificate.FullName -FabricDetails $FabricDetails -LoadBalancerMuxNodeCert -Credential $Credential - $certObject = [PSCustomObject]@{ + # distribute the certificate to the Network Controller(s) in the fabric to be installed in trusted root store + if ($FabricDetails){ + "Distributing certificate to the SDN Fabric" | Trace-Output + Copy-CertificateToFabric -CertFile $exportedCertificate.FullName -FabricDetails $FabricDetails -LoadBalancerMuxNodeCert -Credential $Credential + } + + return [PSCustomObject]@{ Certificate = $certificate FileInfo = $exportedCertificate } - - return $certObject } catch { $_ | Trace-Exception @@ -617,26 +615,27 @@ function Start-SdnMuxCertificateRotation { $restCredParam = @{ NcRestCredential = $NcRestCredential } } - try { - "Starting certificate rotation" | Trace-Output - "Retrieving current SDN environment details" | Trace-Output - - if ([String]::IsNullOrEmpty($CertPath)) { - [System.String]$CertPath = "$(Get-WorkingDirectory)\MuxCert_{0}" -f (Get-FormattedDateTimeUTC) + if ([String]::IsNullOrEmpty($CertPath)) { + [System.String]$CertPath = "$(Get-WorkingDirectory)\MuxCert_{0}" -f (Get-FormattedDateTimeUTC) - if (-NOT (Test-Path -Path $CertPath -PathType Container)) { - $null = New-Item -Path $CertPath -ItemType Directory -Force - } + if (-NOT (Test-Path -Path $CertPath -PathType Container)) { + $null = New-Item -Path $CertPath -ItemType Directory -Force } + } - [System.IO.FileSystemInfo]$CertPath = Get-Item -Path $CertPath -ErrorAction Stop - $sdnFabricDetails = Get-SdnInfrastructureInfo -NetworkController $NetworkController -Credential $Credential @restCredParam -ErrorAction Stop - if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -ine 'ServiceFabric') { - throw New-Object System.NotSupportedException("This function is only supported on Service Fabric clusters.") - } + "Starting certificate rotation" | Trace-Output + "Retrieving current SDN environment details" | Trace-Output - $ncRestParams = $restCredParam.Clone() - $ncRestParams.Add('NcUri', $sdnFabricDetails.NcUrl) + [System.IO.FileSystemInfo]$CertPath = Get-Item -Path $CertPath -ErrorAction Stop + $sdnFabricDetails = Get-SdnInfrastructureInfo -NetworkController $NetworkController -Credential $Credential @restCredParam -ErrorAction Stop + if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -ine 'ServiceFabric') { + throw New-Object System.NotSupportedException("This function is only supported on Service Fabric clusters.") + } + + $ncRestParams = $restCredParam.Clone() + $ncRestParams.Add('NcUri', $sdnFabricDetails.NcUrl) + + try { $loadBalancerMuxes = Get-SdnLoadBalancerMux @ncRestParams -ErrorAction Stop # before we proceed with anything else, we want to make sure that all the Network Controllers and MUXes within the SDN fabric are running the current version @@ -664,7 +663,7 @@ function Start-SdnMuxCertificateRotation { [Parameter(Position = 0)][DateTime]$param1, [Parameter(Position = 1)][PSCredential]$param2, [Parameter(Position = 2)][String]$param3, - [Parameter(Position = 3)][System.Object]$param4 + [Parameter(Position = 3)][SdnFabricInfrastructure]$param4 ) New-SdnMuxCertificate -NotAfter $param1 -Credential $param2 -Path $param3 -FabricDetails $param4 diff --git a/src/modules/SdnDiag.NetworkController.psm1 b/src/modules/SdnDiag.NetworkController.psm1 index dff09193..9f9bdb8b 100644 --- a/src/modules/SdnDiag.NetworkController.psm1 +++ b/src/modules/SdnDiag.NetworkController.psm1 @@ -1,6 +1,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. +using module ..\SdnDiagnostics.psm1 Import-Module $PSScriptRoot\SdnDiag.Common.psm1 Import-Module $PSScriptRoot\SdnDiag.Utilities.psm1 Import-Module $PSScriptRoot\SdnDiag.NetworkController.FC.psm1 @@ -15,15 +16,6 @@ New-Variable -Name 'SdnDiagnostics_NC' -Scope 'Script' -Force -Value @{ #### CLASSES & ENUMS ##### ########################## -class SdnFabricInfrastructure { - [System.String[]]$NetworkController - [System.String[]]$LoadBalancerMux - [System.String[]]$Gateway - [System.String]$NcUrl - [System.String]$RestApiVersion - [System.String[]]$FabricNodes -} - enum SdnApiResource { AccessControlLists AuditingSettingsConfig @@ -2500,7 +2492,12 @@ function New-SdnNetworkControllerNodeCertificate { Specifies the date and time, as a DateTime object, that the certificate expires. To obtain a DateTime object, use the Get-Date cmdlet. The default value for this parameter is one year after the certificate was created. .PARAMETER CertPassword Specifies the password for the exported PFX file in the form of a secure string. + .PARAMETER Path + Specifies the directory path to save the exported certificate file. + .PARAMETER FabricDetails + The EnvironmentInfo derived from Get-SdnInfrastructureInfo. .PARAMETER Credential + Specifies a user account that has permission to perform this action. The default is the current user .EXAMPLE #> @@ -2516,33 +2513,20 @@ function New-SdnNetworkControllerNodeCertificate { [System.String]$Path = "$(Get-WorkingDirectory)\Cert_{0}" -f (Get-FormattedDateTimeUTC), [Parameter(Mandatory = $false)] - [System.Object]$FabricDetails, + [SdnFabricInfrastructure]$FabricDetails, [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) - $config = Get-SdnModuleConfiguration -Role 'NetworkController' - $confirmFeatures = Confirm-RequiredFeaturesInstalled -Name $config.windowsFeature - if (-NOT ($confirmFeatures)) { - throw New-Object System.NotSupportedException("The current machine is not a NetworkController, run this on NetworkController.") - } - + Confirm-IsAdmin # ensure that the module is running as local administrator + Confirm-IsNetworkController # ensure that the module is running on Network Controller if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -ine 'ServiceFabric') { throw New-Object System.NotSupportedException("This function is only supported on Service Fabric clusters.") } - # ensure that the module is running as local administrator - Confirm-IsAdmin - try { - if ($null -eq $FabricDetails) { - $FabricDetails = [SdnFabricInfrastructure]@{ - NetworkController = (Get-SdnNetworkControllerSFNode).Server - } - } - if (-NOT (Test-Path -Path $Path -PathType Container)) { "Creating directory {0}" -f $Path | Trace-Output $CertPath = New-Item -Path $Path -ItemType Directory -Force @@ -2560,15 +2544,18 @@ function New-SdnNetworkControllerNodeCertificate { [System.String]$pfxFilePath = "$(Join-Path -Path $CertPath.FullName -ChildPath $nodeCertSubject.ToString().ToLower().Replace('.','_').Replace("=",'_').Trim()).pfx" "Exporting pfx certificate to {0}" -f $pfxFilePath | Trace-Output $exportedCertificate = Export-PfxCertificate -Cert $certificate -FilePath $pfxFilePath -Password $CertPassword -CryptoAlgorithmOption AES256_SHA256 - $null = Import-SdnCertificate -FilePath $exportedCertificate.FullName -CertStore 'Cert:\LocalMachine\Root' -CertPassword $CertPassword - Copy-CertificateToFabric -CertFile $exportedCertificate.FullName -CertPassword $CertPassword -FabricDetails $FabricDetails ` - -NetworkControllerNodeCert -Credential $Credential + # distribute the certificate to the Network Controller(s) in the fabric to be installed in trusted root store + if ($FabricDetails) { + "Distributing certificate to the SDN Fabric" | Trace-Output + Copy-CertificateToFabric -CertFile $exportedCertificate.FullName -CertPassword $CertPassword -FabricDetails $FabricDetails ` + -NetworkControllerNodeCert -Credential $Credential + } - return ([PSCustomObject]@{ + return [PSCustomObject]@{ Certificate = $certificate FileInfo = $exportedCertificate - }) + } } catch { $_ | Trace-Exception @@ -2601,7 +2588,7 @@ function New-SdnNetworkControllerRestCertificate { [System.String]$Path = "$(Get-WorkingDirectory)\Cert_{0}" -f (Get-FormattedDateTimeUTC), [Parameter(Mandatory = $false)] - [System.Object]$FabricDetails, + [SdnFabricInfrastructure]$FabricDetails, [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] diff --git a/src/modules/SdnDiag.Server.psm1 b/src/modules/SdnDiag.Server.psm1 index ef5e7e45..f65ca299 100644 --- a/src/modules/SdnDiag.Server.psm1 +++ b/src/modules/SdnDiag.Server.psm1 @@ -1,6 +1,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. +using module ..\SdnDiagnostics.psm1 Import-Module $PSScriptRoot\SdnDiag.Common.psm1 Import-Module $PSScriptRoot\SdnDiag.Utilities.psm1 @@ -2657,7 +2658,7 @@ function New-SdnServerCertificate { .PARAMETER Path Specifies the file path location where a .cer file is exported automatically. .PARAMETER FabricDetails - The SDN Fabric details derived from Get-SdnInfrastructureInfo. + The EnvironmentInfo derived from Get-SdnInfrastructureInfo. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user .EXAMPLE @@ -2673,7 +2674,7 @@ function New-SdnServerCertificate { [System.String]$Path = "$(Get-WorkingDirectory)\ServerCert_{0}" -f (Get-FormattedDateTimeUTC), [Parameter(Mandatory = $false)] - [System.Object]$FabricDetails, + [SdnFabricInfrastructure]$FabricDetails, [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] @@ -2727,14 +2728,17 @@ function New-SdnServerCertificate { [System.String]$cerFilePath = "$(Join-Path -Path $CertPath.FullName -ChildPath $subjectName.ToString().ToLower().Replace('.','_').Replace("=",'_').Trim()).cer" "Exporting certificate to {0}" -f $cerFilePath | Trace-Output $exportedCertificate = Export-Certificate -Cert $certificate -FilePath $cerFilePath -Type CERT - Copy-CertificateToFabric -CertFile $exportedCertificate.FullName -FabricDetails $FabricDetails -ServerNodeCert -Credential $Credential - $certObject = [PSCustomObject]@{ + # distribute the certificate to the Network Controller(s) in the fabric to be installed in trusted root store + if ($FabricDetails) { + "Distributing certificate to SDN Fabric" | Trace-Output + Copy-CertificateToFabric -CertFile $exportedCertificate.FullName -FabricDetails $FabricDetails -ServerNodeCert -Credential $Credential + } + + return [PSCustomObject]@{ Certificate = $certificate FileInfo = $exportedCertificate } - - return $certObject } catch { $_ | Trace-Exception @@ -3057,26 +3061,27 @@ function Start-SdnServerCertificateRotation { $restCredParam = @{ NcRestCredential = $NcRestCredential } } - try { - "Starting certificate rotation" | Trace-Output - "Retrieving current SDN environment details" | Trace-Output + "Starting certificate rotation" | Trace-Output + "Retrieving current SDN environment details" | Trace-Output - if ([String]::IsNullOrEmpty($CertPath)) { - [System.String]$CertPath = "$(Get-WorkingDirectory)\ServerCert_{0}" -f (Get-FormattedDateTimeUTC) + if ([String]::IsNullOrEmpty($CertPath)) { + [System.String]$CertPath = "$(Get-WorkingDirectory)\ServerCert_{0}" -f (Get-FormattedDateTimeUTC) - if (-NOT (Test-Path -Path $CertPath -PathType Container)) { - $null = New-Item -Path $CertPath -ItemType Directory -Force - } + if (-NOT (Test-Path -Path $CertPath -PathType Container)) { + $null = New-Item -Path $CertPath -ItemType Directory -Force } + } - [System.IO.FileSystemInfo]$CertPath = Get-Item -Path $CertPath -ErrorAction Stop - $sdnFabricDetails = Get-SdnInfrastructureInfo -NetworkController $NetworkController -Credential $Credential @restCredParam -ErrorAction Stop - if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -ine 'ServiceFabric') { - throw New-Object System.NotSupportedException("This function is only supported on Service Fabric clusters.") - } + [System.IO.FileSystemInfo]$CertPath = Get-Item -Path $CertPath -ErrorAction Stop + $sdnFabricDetails = Get-SdnInfrastructureInfo -NetworkController $NetworkController -Credential $Credential @restCredParam -ErrorAction Stop + if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -ine 'ServiceFabric') { + throw New-Object System.NotSupportedException("This function is only supported on Service Fabric clusters.") + } - $ncRestParams = $restCredParam.Clone() - $ncRestParams.Add('NcUri', $sdnFabricDetails.NcUrl) + $ncRestParams = $restCredParam.Clone() + $ncRestParams.Add('NcUri', $sdnFabricDetails.NcUrl) + + try { $servers = Get-SdnServer @ncRestParams -ErrorAction Stop # before we proceed with anything else, we want to make sure that all the Network Controllers and Servers within the SDN fabric are running the current version @@ -3103,7 +3108,7 @@ function Start-SdnServerCertificateRotation { [Parameter(Position = 0)][DateTime]$param1, [Parameter(Position = 1)][PSCredential]$param2, [Parameter(Position = 2)][String]$param3, - [Parameter(Position = 3)][System.Object]$param4 + [Parameter(Position = 3)][SdnFabricInfrastructure]$param4 ) New-SdnServerCertificate -NotAfter $param1 -Credential $param2 -Path $param3 -FabricDetails $param4