Added windows vm push certificate template
This commit is contained in:
Kay
Родитель
095c4f7102
Коммит
4bb8445453
|
|
@ -0,0 +1,46 @@
|
|||
# Push a certificate onto a VM
|
||||
|
||||
<a href="https://azuredeploy.net" target="_blank">
|
||||
<img src="http://azuredeploy.net/deploybutton.png"/>
|
||||
</a>
|
||||
|
||||
Push a certificate onto a VM. Pass in the URL of the secret in KeyVault.
|
||||
|
||||
Pre-Requisistes - You need a certificate
|
||||
|
||||
These are the steps that need to be followed to upload the certificate into the KeyVault as a secret
|
||||
|
||||
1. base64 encode the cert file
|
||||
2. Paste the base64 value into data field in this JSON object
|
||||
{
|
||||
“data”:”<Base64-encoded-file>”,
|
||||
“dataType” :”<file-format: pfx or cer>”,
|
||||
“password”:”<pfx-file-password>”
|
||||
}
|
||||
|
||||
3. base64 the above JSON object
|
||||
4. Convert the base64 value into a secure string
|
||||
$secret = ConvertTo-SecureString -String 'password' -AsPlainText –Force
|
||||
|
||||
5. Then use the secure string value for the SecretValue in this cmdlet
|
||||
Set-AzureKeyVaultSecret -VaultName 'Contoso' -Name 'ITSecret' –SecretValue $secret
|
||||
|
||||
The following PowerShell script can make these steps easy
|
||||
|
||||
$fileName = "C:\Users\kasing\Desktop\KayTest.pfx"
|
||||
$fileContentBytes = get-content $fileName -Encoding Byte
|
||||
$fileContentEncoded = [System.Convert]::ToBase64String($fileContentBytes)
|
||||
|
||||
$jsonObject = @"
|
||||
{
|
||||
"data": "$filecontentencoded",
|
||||
"dataType" :"pfx",
|
||||
"password": "<fill-in>"
|
||||
}
|
||||
"@
|
||||
|
||||
$jsonObjectBytes = [System.Text.Encoding]::UTF8.GetBytes($jsonObject)
|
||||
$jsonEncoded = [System.Convert]::ToBase64String($jsonObjectBytes)
|
||||
|
||||
$secret = ConvertTo-SecureString -String $jsonEncoded -AsPlainText –Force
|
||||
Set-AzureKeyVaultSecret -VaultName kayvault -Name testkay -SecretValue $secret
|
||||
|
|
@ -0,0 +1,263 @@
|
|||
{
|
||||
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentTemplate.json",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"parameters": {
|
||||
"location": {
|
||||
"type": "string",
|
||||
"allowedValues": [
|
||||
"West US",
|
||||
"East US",
|
||||
"West Europe",
|
||||
"East Asia",
|
||||
"Southeast Asia"
|
||||
],
|
||||
"metadata": {
|
||||
"description": "Location where resources will be deployed"
|
||||
}
|
||||
},
|
||||
"newStorageAccountName": {
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "Name of the storage account"
|
||||
}
|
||||
},
|
||||
"storageAccountType": {
|
||||
"type": "string",
|
||||
"defaultValue": "Standard_LRS",
|
||||
"metadata": {
|
||||
"description": "Type of the storage account"
|
||||
}
|
||||
},
|
||||
"publicIPName": {
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "Name of Public IP"
|
||||
}
|
||||
},
|
||||
"publicIPAddressType": {
|
||||
"type": "string",
|
||||
"defaultValue": "Dynamic",
|
||||
"allowedValues": [
|
||||
"Dynamic"
|
||||
],
|
||||
"metadata": {
|
||||
"description": "Type of Public IP"
|
||||
}
|
||||
},
|
||||
"vmStorageAccountContainerName": {
|
||||
"type": "string",
|
||||
"defaultValue": "vhds",
|
||||
"metadata": {
|
||||
"description": "name of Storage Account container for the VHDs"
|
||||
}
|
||||
},
|
||||
"vmName": {
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "Name of the VM"
|
||||
}
|
||||
},
|
||||
"vmSize": {
|
||||
"type": "string",
|
||||
"defaultValue": "Standard_A2",
|
||||
"metadata": {
|
||||
"description": "Size of the VM"
|
||||
}
|
||||
},
|
||||
"imagePublisher": {
|
||||
"type": "string",
|
||||
"defaultValue": "MicrosoftWindowsServer",
|
||||
"metadata": {
|
||||
"description": "Image Publisher"
|
||||
}
|
||||
},
|
||||
"imageOffer": {
|
||||
"type": "string",
|
||||
"defaultValue": "WindowsServer",
|
||||
"metadata": {
|
||||
"description": "Image Offer"
|
||||
}
|
||||
},
|
||||
"imageSKU": {
|
||||
"type": "string",
|
||||
"defaultValue": "2012-R2-Datacenter",
|
||||
"metadata": {
|
||||
"description": "Image SKU"
|
||||
}
|
||||
},
|
||||
"adminUsername": {
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "Admin Username"
|
||||
}
|
||||
},
|
||||
"adminPassword": {
|
||||
"type": "securestring",
|
||||
"metadata": {
|
||||
"description": "Admin Password"
|
||||
}
|
||||
},
|
||||
"virtualNetworkName": {
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "TName of Virtual Network"
|
||||
}
|
||||
},
|
||||
"addressPrefix": {
|
||||
"type": "string",
|
||||
"defaultValue": "10.0.0.0/16",
|
||||
"metadata": {
|
||||
"description": "VNET address prefix in CIDR format"
|
||||
}
|
||||
},
|
||||
"subnet1Name": {
|
||||
"type": "string",
|
||||
"defaultValue": "Subnet-1",
|
||||
"metadata": {
|
||||
"description": "Subnet 1 Name"
|
||||
}
|
||||
},
|
||||
"subnet1Prefix": {
|
||||
"type": "string",
|
||||
"defaultValue": "10.0.0.0/24",
|
||||
"metadata": {
|
||||
"description": "Subnet 1 address prefix in CIDR format"
|
||||
}
|
||||
},
|
||||
"nicName": {
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "Network Interface name"
|
||||
}
|
||||
},
|
||||
"vaultName": {
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "Name of Key Vault that has a secret"
|
||||
}
|
||||
},
|
||||
"vaultResourceGroup": {
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "Resource Group of Key Vault that has a secret"
|
||||
}
|
||||
},
|
||||
"secretUrlWithVersion": {
|
||||
"type": "string",
|
||||
"metadata": {
|
||||
"description": "Url of the certificate in Key Vault"
|
||||
}
|
||||
}
|
||||
},
|
||||
"variables": {
|
||||
"vnetID": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]",
|
||||
"subnet1Ref": "[concat(variables('vnetID'),'/subnets/',parameters('subnet1Name'))]"
|
||||
},
|
||||
"resources": [{
|
||||
"type": "Microsoft.Storage/storageAccounts",
|
||||
"name": "[parameters('newStorageAccountName')]",
|
||||
"apiVersion": "2015-05-01-preview",
|
||||
"location": "[parameters('location')]",
|
||||
"properties": {
|
||||
"accountType": "[parameters('storageAccountType')]"
|
||||
}
|
||||
}, {
|
||||
"apiVersion": "2015-05-01-preview",
|
||||
"type": "Microsoft.Network/publicIPAddresses",
|
||||
"name": "[parameters('publicIPName')]",
|
||||
"location": "[parameters('location')]",
|
||||
"properties": {
|
||||
"publicIPAllocationMethod": "[parameters('publicIPAddressType')]"
|
||||
}
|
||||
}, {
|
||||
"apiVersion": "2015-05-01-preview",
|
||||
"type": "Microsoft.Network/virtualNetworks",
|
||||
"name": "[parameters('virtualNetworkName')]",
|
||||
"location": "[parameters('location')]",
|
||||
"properties": {
|
||||
"addressSpace": {
|
||||
"addressPrefixes": [
|
||||
"[parameters('addressPrefix')]"
|
||||
]
|
||||
},
|
||||
"subnets": [{
|
||||
"name": "[parameters('subnet1Name')]",
|
||||
"properties": {
|
||||
"addressPrefix": "[parameters('subnet1Prefix')]"
|
||||
}
|
||||
}]
|
||||
}
|
||||
}, {
|
||||
"apiVersion": "2015-05-01-preview",
|
||||
"type": "Microsoft.Network/networkInterfaces",
|
||||
"name": "[parameters('nicName')]",
|
||||
"location": "[parameters('location')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Network/publicIPAddresses/', parameters('publicIPName'))]",
|
||||
"[concat('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
|
||||
],
|
||||
"properties": {
|
||||
"ipConfigurations": [{
|
||||
"name": "ipconfig1",
|
||||
"properties": {
|
||||
"privateIPAllocationMethod": "Dynamic",
|
||||
"publicIPAddress": {
|
||||
"id": "[resourceId('Microsoft.Network/publicIPAddresses',parameters('publicIPName'))]"
|
||||
},
|
||||
"subnet": {
|
||||
"id": "[variables('subnet1Ref')]"
|
||||
}
|
||||
}
|
||||
}]
|
||||
}
|
||||
}, {
|
||||
"apiVersion": "2015-05-01-preview",
|
||||
"type": "Microsoft.Compute/virtualMachines",
|
||||
"name": "[parameters('vmName')]",
|
||||
"location": "[parameters('location')]",
|
||||
"dependsOn": [
|
||||
"[concat('Microsoft.Storage/storageAccounts/', parameters('newStorageAccountName'))]",
|
||||
"[concat('Microsoft.Network/networkInterfaces/', parameters('nicName'))]"
|
||||
],
|
||||
"properties": {
|
||||
"hardwareProfile": {
|
||||
"vmSize": "[parameters('vmSize')]"
|
||||
},
|
||||
"osProfile": {
|
||||
"computername": "[parameters('vmName')]",
|
||||
"adminUsername": "[parameters('adminUsername')]",
|
||||
"adminPassword": "[parameters('adminPassword')]",
|
||||
"secrets": [{
|
||||
"sourceVault": {
|
||||
"id": "[resourceId('vaultrg', 'Microsoft.KeyVault/vaults', 'kayvault')]"
|
||||
},
|
||||
"vaultCertificates": [{
|
||||
"certificateUrl": "[parameters('secretUrlWithVersion')]",
|
||||
"certificateStore": "My"
|
||||
}]
|
||||
}],
|
||||
},
|
||||
"storageProfile": {
|
||||
"imageReference": {
|
||||
"publisher": "[parameters('imagePublisher')]",
|
||||
"offer": "[parameters('imageOffer')]",
|
||||
"sku" : "[parameters('imageSKU')]",
|
||||
"version":"latest"
|
||||
},
|
||||
"osDisk" : {
|
||||
"name": "osdisk",
|
||||
"vhd": {
|
||||
"uri": "[concat('http://',parameters('newStorageAccountName'),'.blob.core.windows.net/vhds/','osdisk.vhd')]"
|
||||
},
|
||||
"caching": "ReadWrite",
|
||||
"createOption": "FromImage"
|
||||
}
|
||||
},
|
||||
"networkProfile": {
|
||||
"networkInterfaces": [{
|
||||
"id": "[resourceId('Microsoft.Network/networkInterfaces',parameters('nicName'))]"
|
||||
}]
|
||||
}
|
||||
}
|
||||
}]
|
||||
}
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
{
|
||||
"$schema": "http://schema.management.azure.com/schemas/2014-04-01-preview/deploymentParameters.json#",
|
||||
"contentVersion": "1.0.0.0",
|
||||
"parameters": {
|
||||
"newStorageAccountName": {
|
||||
"value": ""
|
||||
},
|
||||
"location": {
|
||||
"value": "East US"
|
||||
},
|
||||
"publicIPName": {
|
||||
"value": ""
|
||||
},
|
||||
"publicIPAddressType": {
|
||||
"value": "Dynamic"
|
||||
},
|
||||
"vmName": {
|
||||
"value": ""
|
||||
},
|
||||
"vmSize": {
|
||||
"value": "Standard_A2"
|
||||
},
|
||||
"adminUserName": {
|
||||
"value": ""
|
||||
},
|
||||
"adminPassword": {
|
||||
"value": ""
|
||||
},
|
||||
"virtualNetworkName": {
|
||||
"value": ""
|
||||
},
|
||||
"nicName": {
|
||||
"value": ""
|
||||
},
|
||||
"vaultName": {
|
||||
"value": ""
|
||||
},
|
||||
"vaultResourceGroup": {
|
||||
"value": ""
|
||||
},
|
||||
"secretUrlWithVersion": {
|
||||
"value": ""
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
"itemDisplayName": "Push a certificate onto a Windows VM",
|
||||
"description": "Push a certificate onto a Windows VM",
|
||||
"summary": "Push a certificate onto a Windows VM",
|
||||
"githubUsername": "singhkay",
|
||||
"dateUpdated": "2015-04-27"
|
||||
}
|
||||
Загрузка…
Ссылка в новой задаче