-
Notifications
You must be signed in to change notification settings - Fork 110
/
Add_New_Cert_To_VMSS.ps1
45 lines (41 loc) · 2.35 KB
/
Add_New_Cert_To_VMSS.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# [AzureRM.ServiceFabric module], latest available @ https://www.powershellgallery.com/packages/AzureRM.ServiceFabric/0.3.8
#
#These new PowerShell commands are the preferred method to add/remove or manage certificates in the cluster
# Cmdlet Add-AzureRmServiceFabricApplicationCertificate 0.2.0 AzureRM.ServiceFabric
# Cmdlet Add-AzureRmServiceFabricClientCertificate 0.2.0 AzureRM.ServiceFabric
# Cmdlet Add-AzureRmServiceFabricClusterCertificate 0.2.0 AzureRM.ServiceFabric
# Cmdlet Remove-AzureRmServiceFabricClientCertificate 0.2.0 AzureRM.ServiceFabric
# Cmdlet Remove-AzureRmServiceFabricClusterCertificate 0.2.0 AzureRM.ServiceFabric
#
#
#The following is a PowerShell Script to Achieve this:
#
# For Windows Cluster this script should run as-is
# For Linux Clusters, remove -CertificateStore "My" parameter from New-AzureRmVmssVaultCertificateConfig function
#
# Certificate Configuration
# Couldn't add or renew certificate
Param(
[string] [Parameter(Mandatory=$true)] $KeyVaultResourceGroupName,
[string] [Parameter(Mandatory=$true)] $VmssResourceGroupName,
[string] [Parameter(Mandatory=$true)] $VaultName,
[string] [Parameter(Mandatory=$true)] $VmssName,
[string] [Parameter(Mandatory=$true)] $SubscriptionId
,[string] [Parameter(Mandatory=$true)] $CertificateUrl
)
Set-StrictMode -Version 3
$ErrorActionPreference = "Stop"
# Login
Login-AzureRmAccount -SubscriptionId $SubscriptionId
$sourceVaultId = "/subscriptions/$SubscriptionId/resourceGroups/$KeyVaultResourceGroupName/providers/Microsoft.KeyVault/vaults/$VaultName"
$sourceVaultId
$certConfig = New-AzureRmVmssVaultCertificateConfig -CertificateUrl $CertificateUrl -CertificateStore "My"
$certConfig
# Get current vmss
$vmss = Get-AzureRmVmss -ResourceGroupName $VmssResourceGroupName -VMScaleSetName $VmssName
$vmss
# add new secret
$vmss = Add-AzureRmVmssSecret -VirtualMachineScaleSet $vmss -SourceVaultId $sourceVaultId -VaultCertificate $certConfig
$vmss
# update VMSS
Update-AzureRmVmss -ResourceGroupName $VmssResourceGroupName -Name $VmssName -VirtualMachineScaleSet $vmss -Verbose