-
-
Notifications
You must be signed in to change notification settings - Fork 10
/
az_create.ps1
142 lines (122 loc) · 5.59 KB
/
az_create.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
[CmdletBinding()]
Param(
[Parameter(Mandatory=$true)]
[PSCredential] $admin_creds,
[String] $shutdown_email,
[String] $RESOURCE_GROUP="CEFTest",
[String] $LOCATION="West US 2",
[String] $MACHINE_SIZE="Standard_F32s_v2",
[String] $SHUTDOWN_TIME="23:30",
[String] $RANDOM_STR=""
)
$WorkingDir = split-path -parent $MyInvocation.MyCommand.Definition;
. (Join-Path $WorkingDir 'functions.ps1')
Set-StrictMode -version latest
$ErrorActionPreference = "Stop";
$rand_str = $RANDOM_STR;
if (! $rand_str){
$rand_str = -join ((97..122) | Get-Random -Count 5 | % {[char]$_});
}
$VAULT_NAME = "CEFVault-" + $rand_str;
$SECRET_NAME="CEFPSCertSecret"
$CERT_PASS="dummy"
$SHUTDOWN_TIMEZONE="Pacific Standard Time";
$DIAG_STORAGE_ACT="estdiag86" + $rand_str;
try{
Write-Host "RANDOM_STR FOR THIS SESSION: $rand_str"
$CERT_PASS_SEC=ConvertTo-SecureString -AsPlainText -Force $CERT_PASS
$cred = $admin_creds
#Connect-AzureRmAccount
#Set-AzureRmContext -SubscriptionName $SUBSCRIPTION
#Create or check for existing resource group
$resourceGroup = Get-AzureRmResourceGroup -Name $RESOURCE_GROUP -ErrorAction SilentlyContinue
if(!$resourceGroup)
{
Write-Host "Resource group '$RESOURCE_GROUP' does not exist. To create a new resource group, please enter a location.";
if(!$LOCATION) {
$LOCATION = Read-Host "resourceGroupLocation";
}
Write-Host "Creating resource group '$RESOURCE_GROUP' in location '$LOCATION'";
New-AzureRmResourceGroup -Name $RESOURCE_GROUP -Location $LOCATION | Out-Null;
}
else{
Write-Host "Using existing resource group '$RESOURCE_GROUP'";
}
$vault = Get-AzureRmKeyVault -VaultName $VAULT_NAME -ErrorAction SilentlyContinue
if (! $vault){
Write-Host "Creating key vault to store remote powershell certificate in: $VAULT_NAME"
New-AzureRmKeyVault -VaultName $VAULT_NAME -ResourceGroupName $RESOURCE_GROUP -Location $LOCATION -EnabledForDeployment -EnabledForTemplateDeployment | Out-Null
$vault = Get-AzureRmKeyVault -VaultName $VAULT_NAME
}else{
Write-Host "Vault already exists not re-creating"
}
$certificateName = "CEFRemoteCert"
$secretURL = (Get-AzureKeyVaultSecret -VaultName $VAULT_NAME -Name $SECRET_NAME -ErrorAction SilentlyContinue)
if (! $secretURL){
Write-Host "Creating remote PS certificate"
$thumbprint = (New-SelfSignedCertificate -DnsName $certificateName -CertStoreLocation Cert:\CurrentUser\My -KeySpec KeyExchange).Thumbprint
$cert = (Get-ChildItem -Path cert:\CurrentUser\My\$thumbprint)
$fileName = ".\$certificateName.pfx"
Export-PfxCertificate -Cert $cert -FilePath $fileName -Password $CERT_PASS_SEC
#not sure why we can't just call Remove-Item on $cert but does not work
Get-ChildItem -Path cert:\CurrentUser\My\$thumbprint | Remove-Item
$fileContentBytes = Get-Content $fileName -Encoding Byte
$fileContentEncoded = [System.Convert]::ToBase64String($fileContentBytes)
$jsonObject = @"
{
"data": "$filecontentencoded",
"dataType" :"pfx",
"password": "$CERT_PASS"
}
"@
$jsonObjectBytes = [System.Text.Encoding]::UTF8.GetBytes($jsonObject)
$jsonEncoded = [System.Convert]::ToBase64String($jsonObjectBytes)
$secret = ConvertTo-SecureString -String $jsonEncoded -AsPlainText -Force
Write-Host "Going to store certificate in vault"
Set-AzureKeyVaultSecret -VaultName $VAULT_NAME -Name $SECRET_NAME -SecretValue $secret | Out-Null
$secretURL = (Get-AzureKeyVaultSecret -VaultName $VAULT_NAME -Name $SECRET_NAME).Id
}else{
Write-Host "Secure storage for cert already exists reusing"
$secretURL = $secretURL.Id;
}
$json = Get-Content 'AzureTemplateParams.json' | Out-String | ConvertFrom-Json
$hashtable = @{}
$json.parameters.PSObject.Properties | Foreach { $hashtable[$_.Name] = $_.Value.value }
if (! $shutdown_email){
$hashtable.autoShutdownStatus = $hashtable.autoShutdownNotificationStatus = "Disabled";
}
$hashtable.autoShutdownNotificationEmail = $shutdown_email;
$hashtable.PsRemoteSecretVaultID = $vault.ResourceID;
$hashtable.PsRemoteSecretUrl = $secretURL;
$hashtable.adminUsername = $cred.UserName;
$hashtable.adminPassword = $cred.Password;
$hashtable.location = $LOCATION;
$hashtable.diagnosticsStorageAccountName = $DIAG_STORAGE_ACT;
$hashtable.diagnosticsStorageAccountId = "Microsoft.Storage/storageAccounts/" + $DIAG_STORAGE_ACT;
$hashtable.virtualMachineSize = $MACHINE_SIZE;
$hashtable.autoShutdownTimeZone = $SHUTDOWN_TIMEZONE;
$hashtable.autoShutdownTime = $SHUTDOWN_TIME;
$resourceProviders = @("microsoft.network","microsoft.compute","microsoft.storage","microsoft.devtestlab");
Function RegisterRP {
Param(
[string]$ResourceProviderNamespace
)
Write-Host "Registering resource provider '$ResourceProviderNamespace'";
Register-AzureRmResourceProvider -ProviderNamespace $ResourceProviderNamespace | Out-Null;
}
if($resourceProviders.length) {
Write-Host "Registering resource providers";
foreach($resourceProvider in $resourceProviders) {
RegisterRP($resourceProvider);
}
}
# Start the deployment
Write-Host "Starting deployment...";
New-AzureRmResourceGroupDeployment -ResourceGroupName $RESOURCE_GROUP -TemplateParameterObject $hashtable -TemplateFile 'AzureTemplateFile.json' | Out-Null;
$vm = Get-AzureRmVM -Name "CefTestVM" -ResourceGroupName $RESOURCE_GROUP
$ip =Get-AzureRmPublicIpAddress -Name "CefTestVM-ip" -ResourceGroupName $RESOURCE_GROUP
Write-Host "Public IP: " $ip.IpAddress
}catch{
Write-Host -Foreground Yellow "If you get an exception about invalid template make sure you have your quotas high enough to support whatever size machine you are creating. Otherwise use Get-AzureRMLog -DetailedOutput -CorrelationId xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx with the id from the exception to see the issue";
WriteException $_;
}