AzStackHciStandaloneObservability/package/bin/ObsDep/content/Powershell/Common/Helpers.psm1
|
<###################################################
# # # Copyright (c) Microsoft. All rights reserved. # # # ##################################################> Import-Module $PSScriptRoot\Tracer.psm1 # Parameters passed to Invoke-ECECommand that are not forwarded to New-PSSession $NonPSSessionParameters = @( "session", "AsJob", "InDisconnectedSession", "SessionName", "HideComputerName", "JobName", "ScriptBlock", "NoNewScope", "FilePath", "InputObject", "ArgumentList", "PreLoadNugetName", "PreLoadScript", "RoleId") # Parameters passed to Invoke-ECECommand which are passed to Invoke-Command $InvokeSpecificParameters = @( "ArgumentList", "InputObject", "FilePath", "ScriptBlock", "JobName", "AsJob", "HideComputerName", "SessionName", "InDisconnectedSession") function Mount-WindowsImageWithRetry { <# .SYNOPSIS Call mount-windowsimage with retries .DESCRIPTION Retries the mount-windowsimage cmdlet to work around Windows regression in detecting system volume, tracked by AzsureStack bug 10566165. .EXAMPLE Mount-WindowsImageWithRetry .PARAMETER ImagePath The path to the image. .PARAMETER Path The mount path to use. .PARAMETER Index The index to use. #> [CmdletBinding()] PARAM ( [Parameter(Mandatory=$true)] [string] $ImagePath, [Parameter(Mandatory=$true)] [string] $Path, [Parameter(Mandatory=$true)] [UInt32] $Index ) PROCESS { $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $isImageMounted = $false $retryAttempt = 0 $maxMountRetry = 4 while (-not($isImageMounted) -and ($retryAttempt -lt $maxMountRetry)) { $retryAttempt++ try { $hName = (hostname) $uName = (whoami) Trace-Execution "Trying to mount windows image at '$ImagePath' to folder path '$Path' with index '$Index' on machine '$hName' using creds of '$uName'. Retry attempt: '$retryAttempt'." $null = Mount-WindowsImage -ImagePath $ImagePath -Path $Path -Index $Index -Verbose:$false $isImageMounted = $true } catch { Trace-Execution "Discarding any partially mounted image. Mount Path: '$Path'" try { Dismount-WindowsImage -Path $Path -Discard -ErrorAction Ignore } catch { # Best effort, Dismount-WindowsImage does not respect ErrorAction # More targeted dismount remediation (e.g. due to failover) will be in global remediation SeedRing:Repair Trace-Execution "Best effort dismount attempt: $_" } if (Test-Path -Path "$ImagePath.DISM.vhdx") { Trace-Execution "Removing '$ImagePath.DISM.vhdx'" Remove-Item -Path "$ImagePath.DISM.vhdx" -Force } if ($retryAttempt -lt $maxMountRetry) { $exceptionMessage = $_.Exception.Message Trace-Execution "Failure during mount attempt: '$exceptionMessage'. Retrying." } else { throw } } } } } function Find-LockedFiles { param ( [Parameter(Mandatory=$true)] [string] $shareRelativePath ) Get-SmbOpenFile | Where-Object path -match $shareRelativePath } function Mount-Wim { param ( [Parameter(Mandatory=$true)] [string] $ImagePath, [Parameter(Mandatory=$true)] [UInt32] $ImageIndex ) $errorActionPreference = "Stop" Trace-Execution "Mount image '$ImagePath', image index $ImageIndex." $mountPath = [IO.Path]::GetTempFileName() Trace-Execution "Create temporary mount folder $mountPath." Remove-Item $mountPath -Recurse -Force $null = New-Item -ItemType Directory $mountPath -Force # At this point in Cloud:Build, there shouldn't be any other mounted images. # If there is anything already mounted, it's debris from a previous run. # Make a best attempt to clean up whatever is found (current or old) and # then try to move on. Failure to clean-up will not fail the run. $mountedImages = Get-WindowsImage -Mounted -Verbose:$false foreach ($mount in $mountedImages) { Trace-Execution "Attempt to discard previously mounted image '$($mount.ImagePath)', MountStatus = '$($mount.MountStatus)', Path = '$($mount.MountPath)'" try { Dismount-WindowsImage -Path $mount.MountPath -Discard -Verbose:$false } catch { Trace-Warning "Failed to dismount '$($mount.MountPath)' - continuing anyway. `r`nError: $_ " Trace-Execution "Attempting to clear possibly corrupt mount points." Clear-WindowsCorruptMountPoint -ErrorAction SilentlyContinue } } Trace-Execution "Mount $ImagePath to $mountPath." Mount-WindowsImageWithRetry -ImagePath $ImagePath -Path $mountPath -Index $ImageIndex return $mountPath } function Dismount-Wim { param ( [Parameter(Mandatory=$true)] [string] $MountPath, [switch] $Discard ) $ImagePath = Get-WindowsImage -Mounted -Verbose:$false | ? Path -eq $MountPath | % ImagePath if (-not $imagePath) { Trace-Error "Image '$ImagePath' is not mounted." } Trace-Execution "Dismount $ImagePath." if ($Discard) { $null = Dismount-WindowsImage -Path $MountPath -Discard -Verbose:$false } else { $null = Dismount-WindowsImage -Path $MountPath -Save -Verbose:$false } } function Wait-Result { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ScriptBlock[]] $ValidationScript, # Time out in seconds. [Int32] $TimeOut = 30, # Time between checks. [Int32] $Interval = 1 ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop # Output all logging streams to a file for debugging $logLocation = "$env:systemdrive\Windows\Temp\WaitResultLogs" if(-not (Test-Path $logLocation)) { $null = New-Item -Path $logLocation -Type Directory } $logFileInstance = $null for ($retryNumber = 0; $retryNumber -lt 10; $retryNumber++) { $logName = "WaitResult-" + (Get-Date).ToString("yyyy-MM-dd-HH-mm-ss-ffff") + ".log" $logfile = Join-Path -Path $logLocation -ChildPath $logName try { $logFileInstance = new-item $logfile -type file break } catch { Write-Verbose "Result log file name $logfile is already in use" Start-Sleep -Milliseconds 50 } } if ($logFileInstance -eq $null) { Trace-Error "Log file could not be created for WaitResult" } $ErrorActionPreference = [System.Management.Automation.ActionPreference]::SilentlyContinue $endTime = [DateTime]::Now.AddSeconds($TimeOut) while ([DateTime]::Now -lt $endTime) { $succeedAll = $true $newValidationScript = @($ValidationScript) foreach ($script in $ValidationScript) { $succeedOne = $false try { Write-Verbose "Validate if the script`n$($script.ToString())`nreturns $true." -Verbose *>>$logfile $errorCountBefore = $global:error.Count $succeedOne = $script.Invoke() Write-Verbose "Script Results:" -Verbose *>>$logfile $succeedOne *>>$logfile $errorCountAfter = $global:error.Count $numberOfNewErrors = $errorCountAfter - $errorCountBefore if ($numberOfNewErrors -gt 0) { $global:error.GetRange(0, $numberOfNewErrors) *>>$logfile $global:error.RemoveRange(0, $numberOfNewErrors) } } catch { $_ *>>$logfile $global:error.RemoveAt(0) } $succeedAll = $succeedAll -and $succeedOne if (-not $succeedOne) { Write-Verbose "-----Validation failed-----" -Verbose *>>$logfile # No need to check all if at least one fails. break } else { Write-Verbose "-----Validation passed-----" *>>$logfile $newValidationScript = $newValidationScript -ne $script } } if ($succeedAll) { Write-Verbose "All validations passed." -Verbose *>>$logfile break } $ValidationScript = $newValidationScript Write-Verbose "Wait for $Interval seconds." -Verbose *>>$logfile Start-Sleep -Seconds $Interval } return $succeedAll } function New-Credential { param ( [Parameter(Mandatory = $true)] [string] $UserName, [string] $Password ) $secureString = ConvertTo-SecureString $Password -AsPlainText -Force New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $secureString } # Creates the registry name value pair only if it does not exists function New-RegistryPropertyNameValue { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $Path, [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $Name, [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $Value, [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $ValueType ) $key = Get-Item -LiteralPath $Path -ErrorAction SilentlyContinue if (-not ($key -and ($null -ne $key.GetValue($Name, $null)))) { $null = New-ItemProperty -Path $Path -Name $Name -Value $Value -PropertyType $ValueType -Force Trace-Execution "Creating registry property key: $Path, Name: $Name with Value: $Value (Type: $ValueType) on $env:COMPUTERNAME." } else { $regValue = Get-ItemPropertyValue -Path $Path -Name $Name if ($regValue -ne $Value) { Set-ItemProperty -Path $Path -Name $Name -Value $Value Trace-Execution "Updating the registry key: $Path, Name: $Name from Value: $regValue to Value: $Value on $env:COMPUTERNAME." } } } function Test-WSmanForCredSSP { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [Bool]$Connect, [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string[]] $ComputerName, [PSCredential] $Credential, [CloudEngine.Configurations.EceInterfaceParameters] $Parameters = $null ) $maxRetries = 5 $credentialParameter = @{} if ($PSBoundParameters.Credential) { $credentialParameter.Credential = $PSBoundParameters.Credential } foreach ($eachComputerName in $ComputerName) { # to ensure reliability, if the call fails, we'll do 3 retries # however, if we have the parameter passed down, we'll start specific tracing to # understand the root cause (parameter needed for PSDirect) $retry = 0 $tracingOnVM = $false do { try { Trace-Execution "Attempt WSMAN connect to $eachComputerName with tracing: $tracingOnVM" Invoke-Command -ComputerName $eachComputerName @credentialParameter -ScriptBlock { Set-Item "wsman:\localhost\Service\Auth\CredSSP" $using:Connect -Force } break } catch { Trace-Execution "Exception while trying to do initial WSMan test. $_" if ($Parameters) { if ($tracingOnVM -eq $true) { # stop any previous tracing $sbTrace = {netsh wfp capture stop} Trace-Execution "Stop Tracing wfp" Invoke-PSDirectOnVM -Parameters $Parameters -VMName $eachComputerName -VMCredential $Credential -ScriptBlock $sbTrace $sbTrace = {netsh trace stop} Trace-Execution "Stop Netsh Tracing" Invoke-PSDirectOnVM -Parameters $Parameters -VMName $eachComputerName -VMCredential $Credential -ScriptBlock $sbTrace $tracingOnVM = $false } # test if the target support internetclient(core server) or internetserver(full server) # the regkey below contains the server roles (only ServerCore for Core, and an array of entries for FullServer) $testServerVersion = {((gci -Path 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Server').Property -imatch "Gui").Count -gt 0} $supportInternetClient = Invoke-PSDirectOnVM -Parameters $Parameters -VMName $eachComputerName -VMCredential $Credential -ScriptBlock $testServerVersion $scenarioToTrace = @{$true = 'InternetClient'; $false = 'InternetServer'}[$supportInternetClient] $enableDisable = @{$true = 'enableCredssp'; $false = 'disableCredssp'}[$Connect] $date = get-date $traceCommand1 = "netsh trace start scenario=$($scenarioToTrace) capture=yes report=disabled tracefile=c:\MASLogs\$($scenarioToTrace)_$($enableDisable)_$($date.year)_$($date.month)_$($date.day)_$($date.hour)_$($date.minute)_$($date.second).etl overwrite=yes" $traceCommand2 = "start-process -filepath c:\windows\system32\netsh.exe -argumentlist `"wfp capture start file=c:\MASLogs\WFPTrace_$($enableDisable)_$($date.year)_$($date.month)_$($date.day)_$($date.hour)_$($date.minute)_$($date.second).cab`"" Trace-Execution "Start Tracing $($scenarioToTrace) $($traceCommand1)" $sbTrace = ([scriptblock]::Create($traceCommand1)) Invoke-PSDirectOnVM -Parameters $Parameters -VMName $eachComputerName -VMCredential $Credential -ScriptBlock $sbTrace Trace-Execution "Start Tracing WFP: $($traceCommand2)" $sbTrace = ([scriptblock]::Create($traceCommand2)) Invoke-PSDirectOnVM -Parameters $Parameters -VMName $eachComputerName -VMCredential $Credential -ScriptBlock $sbTrace $tracingOnVM = $true } else { Trace-Execution "No PS Direct support, retrying..." Sleep 60 } $retry++ } } while ($retry -lt $maxRetries) #ensure no tracing is leaked if ($tracingOnVM -eq $true) { # stop any previous tracing $sbTrace = {netsh wfp capture stop} Trace-Execution "Stop Tracing wfp" Invoke-PSDirectOnVM -Parameters $Parameters -VMName $eachComputerName -VMCredential $Credential -ScriptBlock $sbTrace $sbTrace = {netsh trace stop} Trace-Execution "Stop Netsh Tracing" Invoke-PSDirectOnVM -Parameters $Parameters -VMName $eachComputerName -VMCredential $Credential -ScriptBlock $sbTrace $tracingOnVM = $false } if ($retry -ge $maxRetries) { Trace-Error "Cannot establish a WSMAN session to VM: $eachComputerName" } } } function Enable-CredSSP { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string[]] $ComputerName, [PSCredential] $Credential, [CloudEngine.Configurations.EceInterfaceParameters] $Parameters = $null ) Trace-ECEScript "Enable CredSSP on $($ComputerName -join ', ')" { $credentialParameter = @{} if ($PSBoundParameters.Credential) { $credentialParameter.Credential = $PSBoundParameters.Credential } $displayName = $ComputerName #| % { $CloudBuilder.GetDisplayName($_) } Trace-Execution "Enabling server-side CredSSP on $($displayName -join ', ')." Test-WSmanForCredSSP -Connect $true -ComputerName $ComputerName -Credential $Credential -Parameters $Parameters Trace-Execution "Enabling client-side CredSSP on the local computer." $credsspRegistryKey = "HKLM:\Software\Policies\Microsoft\Windows\CredentialsDelegation" if((Get-Item $credsspRegistryKey -ErrorAction SilentlyContinue) -eq $null) { $null = New-Item -Path $credsspRegistryKey -Force Trace-Execution "Creating $credsspRegistryKey on $env:COMPUTERNAME." } New-RegistryPropertyNameValue -Path $credsspRegistryKey -Name "AllowFreshCredentials" -Value 1 -ValueType Dword New-RegistryPropertyNameValue -Path $credsspRegistryKey -Name "AllowFreshCredentialsWhenNTLMOnly" -Value 1 -ValueType Dword New-RegistryPropertyNameValue -Path $credsspRegistryKey -Name "ConcatenateDefaults_AllowFresh" -Value 1 -ValueType Dword New-RegistryPropertyNameValue -Path $credsspRegistryKey -Name "ConcatenateDefaults_AllowFreshNTLMOnly" -Value 1 -ValueType Dword if((Get-Item -Path "$credsspRegistryKey\AllowFreshCredentials" -ErrorAction SilentlyContinue) -eq $null) { $null = New-Item -Path "$credsspRegistryKey\AllowFreshCredentials" -Force } New-RegistryPropertyNameValue -Path "$credsspRegistryKey\AllowFreshCredentials" -Name 1 -Value wsman/* -ValueType String if((Get-Item -Path "$credsspRegistryKey\AllowFreshCredentialsWhenNTLMOnly" -ErrorAction SilentlyContinue) -eq $null) { $null = New-Item -Path "$credsspRegistryKey\AllowFreshCredentialsWhenNTLMOnly" -Force } New-RegistryPropertyNameValue -Path "$credsspRegistryKey\AllowFreshCredentialsWhenNTLMOnly" -Name 1 -Value wsman/* -ValueType String Set-Item WSMan:\localhost\Client\Auth\CredSSP $true -Force $waitCredSSPEnabled = Wait-Result -ValidationScript { Trace-Execution "Verify that CredSSP is enabled." Invoke-Command { $true } -ComputerName $ComputerName @credentialParameter } -TimeOut 60 -Interval 1 if (-not $waitCredSSPEnabled) { Trace-Error "CredSSP verification has failed on multiple retries." } } } function Disable-CredSSP { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string[]] $ComputerName, [PSCredential] $Credential, [CloudEngine.Configurations.EceInterfaceParameters] $Parameters = $null ) $displayName = $ComputerName #| % { $CloudBuilder.GetDisplayName($_) } Trace-Execution "Disabling server-side CredSSP on $($displayName -join ', ')." Test-WSmanForCredSSP -Connect $false -ComputerName $ComputerName -Credential $Credential -Parameters $Parameters } function Disable-RemoteClientCredSSP { [CmdletBinding()] param ( [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string[]] $ComputerName, [PSCredential] $Credential ) $credentialParameter = @{} if ($PSBoundParameters.Credential) { $credentialParameter.Credential = $PSBoundParameters.Credential } $displayName = $ComputerName Trace-Execution "Disabling client-side CredSSP on $($displayName -join ', ')." foreach ($eachComputerName in $ComputerName) { Invoke-Command -ComputerName $eachComputerName @credentialParameter -ScriptBlock { Set-Item "wsman:\localhost\Client\Auth\CredSSP" $false -Force } } } function Restart-Machine { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact="Medium")] param ( [Parameter(Mandatory = $true, Position=0, ValueFromPipeline=$true, ParameterSetName = 'ComputerName')] [ValidateNotNullOrEmpty()] [string[]] $ComputerName, [PSCredential] $Credential, [UInt32] $MinutesToWait = 10 ) $ErrorActionPreference = [System.Management.Automation.ActionPreference]::Stop $VerbosePreference = [System.Management.Automation.ActionPreference]::SilentlyContinue $startTime = [DateTime]::Now $remoteStartTimes = Invoke-Command -ComputerName $ComputerName -Credential $Credential { [DateTime]::Now } $bootStartTimes = @{} foreach ($remoteStartTime in $remoteStartTimes) { $bootStartTimes.($remoteStartTime.PSComputerName) = $remoteStartTime } foreach ($computer in $ComputerName) { $displayName = $computer if ($Credential) { Trace-Execution "Restart $displayName using $($Credential.UserName) account." $cimSession = New-CimSession -ComputerName $computer -Credential $Credential } else { Trace-Execution "Restart $displayName." $cimSession = New-CimSession -ComputerName $computer } # Invoking Win32Shutdown method with two flags - Reboot and Force (2 + 4 = 6). $shutdownResult = Invoke-CimMethod -ClassName Win32_OperatingSystem -MethodName Win32Shutdown -Arguments @{Flags=[int32]6} -CimSession $cimSession -Verbose:$false if ($shutdownResult.ReturnValue) { Trace-Error "Win32Shutdown method has failed on $($shutdownResult.PSComputerName) with an error code $($shutdownResult.ReturnValue)." } } $endTime = $startTime.AddMinutes($MinutesToWait) $computersToFinishReboot = $ComputerName $computersThatFinishedReboot = @() while ([DateTime]::Now -lt $endTime) { foreach ($computer in $computersToFinishReboot) { $displayName = $computer $originalErrorCount = $global:error.Count $os = $null try { if ($Credential) { $cimSession = New-CimSession -ComputerName $computer -Credential $Credential -Verbose:$false } else { $cimSession = New-CimSession -ComputerName $computer -Verbose:$false } $os = Get-CimInstance -CimSession $cimSession -ClassName Win32_OperatingSystem -ErrorAction SilentlyContinue -Verbose:$false } catch {} $newErrorCount = $global:error.Count - $originalErrorCount if ($newErrorCount) { $global:error.RemoveRange(0, $newErrorCount) } if ($os.LastBootUpTime -gt $bootStartTimes.$computer) { $computersThatFinishedReboot += $computer Trace-Execution "Reboot complete on $displayName." } } $computersToFinishReboot = $computersToFinishReboot | ? {$_ -notin $computersThatFinishedReboot} if (-not $computersToFinishReboot) { break } Start-Sleep -Seconds 5 # 5 seconds between retries } if ($computersToFinishReboot) { $computersToFinishRebootDisplayNames = $computersToFinishReboot Trace-Error "Some computers have not rebooted during the expected time of $MinutesToWait minutes - $($computersToFinishRebootDisplayNames -join ', ')." } else { Trace-Execution "All computers have rebooted successfully." } } # # Helpers used to join the DVM to the domain. # $REG_KEY_PATH = "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" # Enables auto-logon for a given user on the localhost. function Enable-AutoLogon { [CmdletBinding()] param ( [PSCredential] $Credential, [string] $DomainName ) Trace-Execution "Enabling auto-logon for user: '$($Credential.Username)'." Set-ItemProperty -Path $REG_KEY_PATH -Name DefaultDomainName -Value $DomainName -Force Set-ItemProperty -Path $REG_KEY_PATH -Name DefaultUsername -Value $Credential.UserName -Force Set-ItemProperty -Path $REG_KEY_PATH -Name DefaultPassword -Value ([Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Credential.Password))) -Force Set-ItemProperty -Path $REG_KEY_PATH -Name AutoAdminLogon -Value 1 -Force Set-ItemProperty -Path $REG_KEY_PATH -Name ForceAutoLogon -Value 1 -Force Set-ItemProperty -Path $REG_KEY_PATH -Name AutoLogonCount -Value 1 -Force } # Resets the registered callback on the localhost. function Reset-RestartCallback { [CmdletBinding()] param ( [string] $TaskName, [ValidateSet('OnLogin','OnStartup')] [string] $ExecutionTime = 'OnLogin' ) Trace-Execution "Deleting $ExecutionTime scheduled task." $task = Get-ScheduledTask -TaskName $TaskName -ErrorAction SilentlyContinue if ($task) { $task | Unregister-ScheduledTask -Confirm:$false } if ($ExecutionTime -eq 'OnLogin') { Trace-Execution "Disabling auto-logon." Remove-ItemProperty -Path $REG_KEY_PATH -Name DefaultDomainName Remove-ItemProperty -Path $REG_KEY_PATH -Name DefaultUsername Remove-ItemProperty -Path $REG_KEY_PATH -Name DefaultPassword Remove-ItemProperty -Path $REG_KEY_PATH -Name AutoAdminLogon Remove-ItemProperty -Path $REG_KEY_PATH -Name ForceAutoLogon } } # Sets a callback on machine restart on the localhost. function Set-RestartCallback { [CmdletBinding( DefaultParameterSetName='AutoLogonCredential' )] param ( [Parameter( ParameterSetName = 'AutoLogonCredential', Mandatory = $true )] [PSCredential] $AutoLogonCredential, [Parameter( ParameterSetName='GMSA', Mandatory = $true )] [string] $GMSA, [string] $DomainName, [Parameter(Mandatory = $true)] [string] $Callback, [Parameter(Mandatory = $true)] [string] $TaskName, [switch] $Persistent, [ValidateSet('OnLogin','OnStartup')] [string] $ExecutionTime = 'OnLogin', [Microsoft.Management.Infrastructure.CimInstance] $Principal ) $ErrorActionPreference = 'Stop' if ($AutoLogonCredential) { $username = $AutoLogonCredential.UserName # needed incase user name comes in as Domain\User or just User $userNameArray = [Array]$username.Split('\') $usernameOnly = $userNameArray[-1] } else { $usernameOnly = $GMSA } $callbackString = @" Import-Module $PSScriptRoot\..\CloudDeployment.psd1 Import-Module $PSCommandPath "@ if (-not $Persistent) { $callbackString += @" Reset-RestartCallback -TaskName $TaskName -ExecutionTime $ExecutionTime "@ } $callbackString += @" $Callback "@ $callArgs = "-ExecutionPolicy RemoteSigned -NoExit -Command $callbackString" Trace-Execution "Registering the callback for powershell.exe with argument: '$callArgs'." $action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument $callArgs $registrationParams = @{ TaskName = $TaskName TaskPath = '\' Action = $action Settings = New-ScheduledTaskSettingsSet -Priority 4 Force = $true } if ($ExecutionTime -eq 'OnLogin') { $registrationParams.Trigger = New-ScheduledTaskTrigger -AtLogOn if ($Principal) { $registrationParams.Principal = $Principal } else { $registrationParams.User = "$usernameOnly" $registrationParams.RunLevel = 'Highest' } Enable-AutoLogon -Credential $AutoLogonCredential -DomainName $DomainName } else { $registrationParams.Trigger = New-ScheduledTaskTrigger -AtStartup if ($AutoLogonCredential) { if ($Principal) { $registrationParams.Principal = $Principal } else { $registrationParams.User = $AutoLogonCredential.Username $registrationParams.Password = $AutoLogonCredential.GetNetworkCredential().Password $registrationParams.RunLevel = 'Highest' } } else { $registrationParams.Principal = New-ScheduledTaskPrincipal -UserID $GMSA -LogonType Password -RunLevel Highest } } Trace-Execution "Registering the scheduled task named '$TaskName' under the user '$usernameOnly'." Register-ScheduledTask @registrationParams } function Initialize-ECESession { <# .SYNOPSIS Prepare Infra vm PS Session. .DESCRIPTION Loads all helper functions into a PSSession so that infra vm common functions can be readily used. .EXAMPLE Initialize-ECESession -Session $psSession .PARAMETER Session A PS Session to bootstrap with infra vm helper functions. .PARAMETER RoleId The role id to be used for a transcript recording the operations in this session on the remote machine. .PARAMETER PreLoadNugetName The name of a nuget to preload a script from .PARAMETER PreLoadScript The path of a script to preload into this session. .PARAMETER SuppressVerbose Prevent the redirection of verbose output from the remote session into the current runspace. #> [CmdletBinding()] PARAM ( [Parameter(Mandatory=$true, Position=0)] [System.Management.Automation.Runspaces.PSSession[]] $Session, [Parameter(Mandatory=$false)] [ValidateNotNullOrEmpty()] [string] $RoleId, [Parameter(Mandatory=$false)] [ValidateNotNullOrEmpty()] [string] $PreLoadNugetName, [Parameter(Mandatory=$false)] [ValidateNotNullOrEmpty()] [string] $PreLoadScript, [Parameter(Mandatory=$false)] [switch] $SuppressVerbose ) PROCESS { # function purposely made a no-op and will be refactored away. This functionality is in New-AzsSession directly now. } } function Initialize-NugetScript { <# .SYNOPSIS Dot source a script from a nuget into a ps session. .DESCRIPTION Finds a script from a nuget and loads it into the powershell session so cmdlets from the script can be used. .EXAMPLE Initialize-NugetScript -Session $psSession -PreLoadNugetName TestNuget -PreLoadScript "content\Scripts\Helpers.ps1" .PARAMETER Session A PS Session to bootstrap with infra vm helper functions. .PARAMETER PreLoadNugetName The name of a nuget to preload a script from .PARAMETER PreLoadScript The name of a script to preload into this session. #> [CmdletBinding()] PARAM ( [Parameter(Mandatory=$true, Position=0)] [System.Management.Automation.Runspaces.PSSession[]] $Session, [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $PreLoadNugetName, [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $PreLoadScript ) PROCESS { $ComputerName = $Session.ComputerName Trace-Execution "Initializing remote powershell session on $ComputerName with custom nuget script $PreLoadScript from nuget $PreLoadNugetName." $ScriptBlock = { $nugetPath = Get-ASArtifactPath -NugetName $using:PreLoadNugetName $preLoadScriptPath = Join-Path $nugetPath $using:PreLoadScript Write-Verbose "Loading pre load script $preLoadScriptPath" . $preLoadScriptPath } Invoke-Command -Session $Session -ScriptBlock $ScriptBlock } } function Invoke-ECECommand { <# .SYNOPSIS Runs a command against an infra vm with helper functions and pre loaded script functions automatically available to the command. .DESCRIPTION Uses a PSsession and loads all helper functions into it so that infra vm common functions can be readily used. Optionally loads functions from the provided preLoadScript. Finally runs the command supplied in this session where preloaded functions can be readily used by the command. #> [CmdletBinding(DefaultParameterSetName='InProcess', HelpUri='http://go.microsoft.com/fwlink/?LinkID=135225', RemotingCapability='OwnedByCommand')] PARAM ( [Parameter(ParameterSetName='Session', Position=0)] [Parameter(ParameterSetName='FilePathRunspace', Position=0)] [ValidateNotNullOrEmpty()] [System.Management.Automation.Runspaces.PSSession[]] $Session, [Parameter(ParameterSetName='ComputerName', Position=0)] [Parameter(ParameterSetName='FilePathComputerName', Position=0)] [Alias('Cn')] [ValidateNotNullOrEmpty()] [string[]] $ComputerName, [Parameter(ParameterSetName='ComputerName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='Uri', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathComputerName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathUri', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='VMId', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='VMName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathVMId', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathVMName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [pscredential] [System.Management.Automation.CredentialAttribute()] $Credential, [Parameter(ParameterSetName='FilePathComputerName')] [Parameter(ParameterSetName='ComputerName')] [ValidateRange(1, 65535)] [int] $Port, [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='FilePathComputerName')] [switch] $UseSSL, [Parameter(ParameterSetName='FilePathUri', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='Uri', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathComputerName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ComputerName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ContainerId', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='VMId', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='VMName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathContainerId', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathVMId', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathVMName', ValueFromPipelineByPropertyName=$true)] [string] $ConfigurationName, [Parameter(ParameterSetName='ComputerName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathComputerName', ValueFromPipelineByPropertyName=$true)] [string] $ApplicationName, [Parameter(ParameterSetName='FilePathUri')] [Parameter(ParameterSetName='Session')] [Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='FilePathComputerName')] [Parameter(ParameterSetName='FilePathRunspace')] [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='VMId')] [Parameter(ParameterSetName='VMName')] [Parameter(ParameterSetName='ContainerId')] [Parameter(ParameterSetName='FilePathVMId')] [Parameter(ParameterSetName='FilePathVMName')] [Parameter(ParameterSetName='FilePathContainerId')] [int] $ThrottleLimit, [Parameter(ParameterSetName='FilePathUri', Position=0)] [Parameter(ParameterSetName='Uri', Position=0)] [Alias('URI','CU')] [ValidateNotNullOrEmpty()] [uri[]] $ConnectionUri, [Parameter(ParameterSetName='FilePathRunspace')] [Parameter(ParameterSetName='Session')] [Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='FilePathComputerName')] [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='FilePathUri')] [Parameter(ParameterSetName='VMId')] [Parameter(ParameterSetName='VMName')] [Parameter(ParameterSetName='ContainerId')] [Parameter(ParameterSetName='FilePathVMId')] [Parameter(ParameterSetName='FilePathVMName')] [Parameter(ParameterSetName='FilePathContainerId')] [switch] $AsJob, [Parameter(ParameterSetName='FilePathUri')] [Parameter(ParameterSetName='FilePathComputerName')] [Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='ComputerName')] [Alias('Disconnected')] [switch] $InDisconnectedSession, [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='FilePathComputerName')] [ValidateNotNullOrEmpty()] [string[]] $SessionName, [Parameter(ParameterSetName='VMName')] [Parameter(ParameterSetName='Session')] [Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='FilePathComputerName')] [Parameter(ParameterSetName='FilePathRunspace')] [Parameter(ParameterSetName='FilePathUri')] [Parameter(ParameterSetName='VMId')] [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='ContainerId')] [Parameter(ParameterSetName='FilePathVMId')] [Parameter(ParameterSetName='FilePathVMName')] [Parameter(ParameterSetName='FilePathContainerId')] [Alias('HCN')] [switch] $HideComputerName, [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='Session')] [Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='FilePathComputerName')] [Parameter(ParameterSetName='FilePathRunspace')] [Parameter(ParameterSetName='FilePathUri')] [Parameter(ParameterSetName='ContainerId')] [Parameter(ParameterSetName='FilePathContainerId')] [string] $JobName, [Parameter(ParameterSetName='VMId', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='Session', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='Uri', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='InProcess', Mandatory=$true, Position=0)] [Parameter(ParameterSetName='ComputerName', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='VMName', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='ContainerId', Mandatory=$true, Position=1)] [Alias('Command')] [ValidateNotNull()] [scriptblock] $ScriptBlock, [Parameter(ParameterSetName='InProcess')] [switch] $NoNewScope, [Parameter(ParameterSetName='FilePathVMId', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='FilePathRunspace', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='FilePathUri', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='FilePathComputerName', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='FilePathVMName', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='FilePathContainerId', Mandatory=$true, Position=1)] [Alias('PSPath')] [ValidateNotNull()] [string] $FilePath, [Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='FilePathUri')] [switch] $AllowRedirection, [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='FilePathComputerName')] [Parameter(ParameterSetName='FilePathUri')] [System.Management.Automation.Remoting.PSSessionOption] $SessionOption, [Parameter(ParameterSetName='FilePathComputerName')] [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='FilePathUri')] [System.Management.Automation.Runspaces.AuthenticationMechanism] $Authentication, [Parameter(ParameterSetName='FilePathComputerName')] [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='Uri')] [Parameter(ParameterSetName='FilePathUri')] [switch] $EnableNetworkAccess, [Parameter(ParameterSetName='ContainerId')] [Parameter(ParameterSetName='FilePathContainerId')] [switch] $RunAsAdministrator, [Parameter(ValueFromPipeline=$true)] [psobject] $InputObject, [Alias('Args')] [System.Object[]] $ArgumentList, [Parameter(ParameterSetName='FilePathVMId', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='VMId', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('VMGuid')] [ValidateNotNullOrEmpty()] [guid[]] $VMId, [Parameter(ParameterSetName='VMName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='FilePathVMName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNullOrEmpty()] [string[]] $VMName, [Parameter(ParameterSetName='FilePathContainerId', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ContainerId', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNullOrEmpty()] [string[]] $ContainerId, [Parameter(ParameterSetName='ComputerName')] [Parameter(ParameterSetName='Uri')] [string] $CertificateThumbprint, [Parameter(Mandatory=$false)] [ValidateNotNullOrEmpty()] [string] $PreLoadNugetName, [Parameter(Mandatory=$false)] [ValidateNotNullOrEmpty()] [string] $PreLoadScript, [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $RoleId ) PROCESS { $errorActionPreference = 'stop' $outBuffer = $null if ($PSBoundParameters.TryGetValue('OutBuffer', [ref]$outBuffer)) { $PSBoundParameters['OutBuffer'] = 1 } $sessionParameters = @{} + $PSBoundParameters; foreach ($parameter in $NonPSSessionParameters) { # Remove all parameters which do not get forwarded to New-PSSession. if ($sessionParameters.Contains($parameter)) { $sessionParameters.Remove($parameter) } } $invokeParameters = @{} Trace-Execution "Passing the following parameters:" foreach ($parameter in $InvokeSpecificParameters) { # Add all parameters which should be forwarded to the wrapped Invoke-Command. if ($PSBoundParameters.ContainsKey($parameter)) { $invokeParameters.Add($parameter, $PSBoundParameters[$parameter]) # Trace the Argument List only for now if ($parameter.Equals('ArgumentList')) { Trace-Execution "[$parameter] = [$($PSBoundParameters[$parameter] | ConvertTo-Json -Depth 1)]" } } } if (-not $Session) { Trace-Execution "Creating remote powershell session on $ComputerName" $SessionCreated = $true $Session = & Microsoft.PowerShell.Core\New-PSSession @sessionParameters } $DebuggingCallStack = Get-PSCallStack # Make available Get-ASArtifactPath cmdlet in the session. $ComputerName = $Session.ComputerName Trace-Execution "Initializing remote powershell session on $ComputerName with common functions." $scriptPath = Join-Path $PSScriptRoot "InfraVmHelpers.psm1" Trace-Execution "Loading infra vm helpers ($scriptPath) to session on $ComputerName" Microsoft.PowerShell.Core\Invoke-Command -Session $Session -ScriptBlock { Import-Module CloudCommon } try { $TimeString = Get-Date -Format "yyyyMMdd-HHmmss" $RemoteLOGFILE = "$env:systemdrive\MASLogs\$RoleId_$callingCommand_$TimeString.log" if ($PreLoadNugetName -and $PreLoadScript) { Initialize-NugetScript -Session $Session -PreLoadNugetName $PreLoadNugetName -PreLoadScript $PreLoadScript -Verbose:$VerbosePreference } $invokeParameters.Add("Session", $Session); Trace-Execution "Invoking command on remote session..." $wrappedCmd = $ExecutionContext.InvokeCommand.GetCommand('Microsoft.PowerShell.Core\Invoke-Command', [System.Management.Automation.CommandTypes]::Cmdlet) & $wrappedCmd @invokeParameters } finally { # Cleanup ps session on failure. if ($Session -and $SessionCreated) { Remove-PSSession -ErrorAction Ignore -Session $Session } } } <# .ForwardHelpTargetName Microsoft.PowerShell.Core\Invoke-Command .ForwardHelpCategory Cmdlet #> } function Get-NugetVersions { <# .SYNOPSIS Gets all versions of Nuget packages that exist in a specified source location. .EXAMPLE Get-NugetVersions -NugetName "MyNuget" -SourcePath "content" .PARAMETER NugetName The name of the nuget to filter by. .PARAMETER MostRecent Whether to report the most recent version only .PARAMETER NugetStorePath The path from which the nuget packages should be derived. #> [CmdletBinding()] PARAM ( [Parameter(Mandatory=$true, Position=0)] [ValidateNotNullOrEmpty()] [string[]] $NugetName, [Parameter(Mandatory=$false)] [switch] $MostRecent, [Parameter()] [ValidateNotNullOrEmpty()] [string] $NugetStorePath = "$env:SystemDrive\CloudDeployment\NuGetStore" ) PROCESS { $ErrorActionPreference = "stop" Trace-Execution "Finding nuget package $NugetName from store $NugetStorePath" $nugetPackageList = Find-Package -Source $NugetStorePath -Name $NugetName -ProviderName "nuget" -AllVersions:$(-not $MostRecent) -Verbose -Force if ($nugetPackageList) { $versionArray = $nugetPackageList.Version } else { $versionArray = @() } return $versionArray } } function Expand-NugetContent { <# .SYNOPSIS Expands the content of a nuget to a destination. .DESCRIPTION Copies files or folders from a nuget to destination. Folders are copied excluding the folder name given, that is content under the source folder and not the folder itself. Empty string can be given for the entire nuget. .EXAMPLE Expand-NugetContent -NugetName "MyNuget" -SourcePath "content" -DestinationPath "C:\temp\" .EXAMPLE Expand-NugetContent -NugetName "MyNuget" -SourcePath "content\Folder\MyFile.txt" -DestinationPath "C:\temp\" -SourceIsFile .PARAMETER NugetName The name of the nuget to source the content from. .PARAMETER SourcePath The relative path inside the nuget to a folder or file. If empty string is passed all nuget contents will be expanded. .PARAMETER DestinationPath A destination folder under which all the nuget content will be copied. .PARAMETER NugetStorePath The source path for the nuget package .PARAMETER SourceIsFile A flag indicating the source path represents a file and not a folder and should be copied as an individual file to the destination. .PARAMETER Version The specific version of the nuget package, null if the latest version is required #> [CmdletBinding()] PARAM ( [Parameter(Mandatory=$true, Position=0)] [ValidateNotNullOrEmpty()] [string] $NugetName, [Parameter(Mandatory=$true)] [string] [AllowEmptyString()] $SourcePath, [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $DestinationPath, [Parameter()] [ValidateNotNullOrEmpty()] [string] $NugetStorePath = "$env:SystemDrive\CloudDeployment\NuGetStore", [Parameter()] [switch] $SourceIsFile, [Parameter()] [string] $Version = $null, [Parameter()] [switch] $IsNugetInstall, [Parameter()] [switch] $IsUnc, [Parameter()] [PSCredential] $Credential = $null ) PROCESS { $ErrorActionPreference = "stop" Write-Verbose -Verbose "Finding nuget package $NugetName with version [$Version] from store $NugetStorePath" #Handle the unavailability of Nuget store path gracefully. Avoid throwing exception in this case. Any unwanted error record in the error stream will cause ECE to fail. if ($Version) { $nugetPackage = Find-Package -Source $NugetStorePath -Name $NugetName -ProviderName "nuget" -Verbose -Force -ForceBootstrap:$false -ErrorAction Ignore -RequiredVersion $Version } else { $nugetPackage = Find-Package -Source $NugetStorePath -Name $NugetName -ProviderName "nuget" -Verbose -Force -ForceBootstrap:$false -ErrorAction Ignore } if($nugetPackage) { if(!$IsNugetInstall.IsPresent) { [Reflection.Assembly]::LoadWithPartialName("System.IO.Compression.FileSystem") | Out-Null $nugetPackageFileLocation = Join-Path $NugetStorePath $nugetPackage.PackageFileName Write-Verbose -Verbose "Opening nuget package $nugetPackageFileLocation" $nugetZipFile = [IO.Compression.ZipFile]::OpenRead($nugetPackageFileLocation) try { # Check for an exact file match or for a folder match. # If the source path is empty string we take every entry. # If the source path is a file we take the file. # If the source path is a folder we append a "/" and then pull all items under that folder. $entriesToCopy = $nugetZipFile.Entries if (![string]::IsNullOrEmpty($SourcePath)) { $normalizedSourcePath = [System.IO.Path]::GetFullPath($SourcePath) $exactFileMatch = $entriesToCopy | Where-Object { [string]::Equals([System.IO.Path]::GetFullPath($_.FullName), $normalizedSourcePath, [System.StringComparison]::OrdinalIgnoreCase) } if ($exactFileMatch) { $entriesToCopy = $exactFileMatch } else { if (!$normalizedSourcePath.EndsWith([System.IO.Path]::DirectorySeparatorChar, [System.StringComparison]::Ordinal)) { $normalizedSourcePath += [System.IO.Path]::DirectorySeparatorChar } $entriesToCopy = $entriesToCopy | Where-Object { [System.IO.Path]::GetFullPath($_.FullName).StartsWith($normalizedSourcePath, [System.StringComparison]::OrdinalIgnoreCase) } } } Write-Verbose -Verbose "Copying $($entriesToCopy.Count) files from $SourcePath to $DestinationPath" if ($SourceIsFile.IsPresent) { $SourcePath = [System.IO.Path]::GetDirectoryName($SourcePath) } # if($Credential) # { # Trace-Execution "Creating PS drive 'NugetTempPSDrive' with root $DestinationPath and user $($Credential.UserName)." # New-PSDrive -Name NugetTempPSDrive -PSProvider FileSystem -Root $DestinationPath -Credential $Credential -ErrorAction Stop # } foreach ($entryToCopy in $entriesToCopy) { $finalDestinationPath = $entryToCopy.FullName.SubString($SourcePath.Length) $finalDestinationPath = [uri]::UnescapeDataString($finalDestinationPath) $finalDestinationPath = Join-Path $DestinationPath $finalDestinationPath # create the destination directory structure $finalDestinationPathParent = Split-Path $finalDestinationPath -Parent New-Item -ItemType Directory -Force -Path $finalDestinationPathParent | Out-Null if( -not $IsUnc) { $finalDestinationPath = '\\?\' + $finalDestinationPath } try { [IO.Compression.ZipFileExtensions]::ExtractToFile($entryToCopy, $finalDestinationPath, $true) } catch { Trace-Warning "Failed to extract file to $finalDestinationPath" throw } } } finally { Write-Verbose -Verbose "Closing nuget package" $nugetZipFile.Dispose() } } else { Write-Verbose -Verbose "Installing Nuget package $NugetName with version [$Version] at $DestinationPath" Import-Module $PSScriptRoot\..\Roles\Cloud\Cloud.psm1 -DisableNameChecking Install-Nuget -NugetName $NugetName -NugetSourcePath $NugetStorePath -NugetDestinationPath $DestinationPath -Version $Version | Out-Null } } else { Write-Verbose -Verbose "Could not find package $NugetName with version [$Version] from store $NugetStorePath. Looking for package using Get-ASArtifactPath." $expandedNugetLocation = Get-ASArtifactPath -NugetName $NugetName -Version $Version $fullSourcePath = Join-Path $expandedNugetLocation $SourcePath if((!$SourceIsFile.IsPresent) -and (Test-Path -Path $DestinationPath -PathType Container)) { #Append \* only if the destination is directory and already exists. $fullSourcePath += '\*' } #Enable support for long paths > 260 chars in the source and destination. $fullSourcePath = '\\?\' + $fullSourcePath $DestinationPath = '\\?\' + $DestinationPath Write-Verbose -Verbose "Copy nuget contents from $fullSourcePath to $DestinationPath." Copy-Item -Path $fullSourcePath -Destination $DestinationPath -Recurse -Force -Verbose } } } function Get-NugetStorePath { <# .SYNOPSIS Gets the current Nuget Store. .DESCRIPTION Gets the current Nuget Store which is on the managment share if it has been built or on the DVM directly if its early in deployment. .PARAMETER Parameters This object is based on the customer configuration. It contains the private information of the Key Vault role, as well as public information of all other roles. It is passed down by the deployment engine. #> [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] [CloudEngine.Configurations.EceInterfaceParameters] $Parameters ) Trace-ECEScript "Getting the current Nuget Store" { $virtualMachinesRole = $Parameters.Roles["VirtualMachines"].PublicConfiguration $clusterName = Get-ManagementClusterName $Parameters $nugetStorePath = Get-SharePath $Parameters $virtualMachinesRole.PublicInfo.LibraryShareNugetStoreFolder.Path $clusterName # prefer the library store but if it hasn't been created yet use the local store. if(-not (Test-Path $nugetStorePath)) { $nugetStorePath = "$env:SystemDrive\CloudDeployment\NuGetStore" } } return $nugetStorePath } function ConnectPSSession { <# .SYNOPSIS Start PS session to one of the provided machines. .DESCRIPTION Return the first successful connection. Throw if no PS session can be made. .EXAMPLE $RemoteSession = ConnectPSSession $Machines $Credential .PARAMETER Machines The list of machine names. .PARAMETER Credential The credential used to connect to machines. #> [CmdletBinding()] PARAM ( [Parameter(Position=0, Mandatory=$true)] [string[]] $Machines, [Parameter(Position=1, Mandatory=$true)] [PSCredential] $Credential ) PROCESS { $RemoteSession = $null foreach ($Machine in $Machines) { Trace-Execution "Try to start PS remote session to $Machine with user $($Credential.UserName)" try { $RemoteSession = New-PSSession -ComputerName $Machine -Credential $Credential -Authentication Credssp -ErrorAction Stop if ($RemoteSession) { Trace-Execution "Connection to $Machine was successful." return $RemoteSession } } catch { Trace-Warning "Failed to connect to $Machine with exception $($_ | Out-String)" } } throw "Could not create a PSSession to any of the specified machines." } } # This function works around a bug in PowerShell where cmdlets that # return a CimInstance don't actually stop when $ErrorActionPreference is # set to 'Stop'. You have to specify it on the cmdlet itself. function PublishAndStartDscConfiguration { [CmdletBinding(DefaultParameterSetName='PublishAndStart')] Param( [Parameter(Mandatory=$true, ParameterSetName="PublishOnly")] [Parameter(Mandatory=$true, ParameterSetName="PublishAndStart")] [String]$Path, [Parameter(Mandatory=$true)] [String[]]$ComputerName, [int]$RetryCount = 3, [PSCredential]$Credential = $null, [Parameter(ParameterSetName="PublishOnly")] [switch] $PublishOnly, [Parameter(ParameterSetName="StartOnly")] [switch] $StartOnly, # By default, applied configurations will be validated by running an additional Test-DscConfiguration after # Start-DscConfiguration has completed successfully. However, some configurations use DSC resources with non- # functional Test() implementations (by design). When invoking configs with such resources, callers can pass # this flag to allow all the Set() resources to be executed, but without performing the additional Test check. [switch] $SkipTestDscConfiguration ) Import-Module "$PSScriptRoot\..\Roles\Common\RemoteSessionHelpers.psm1" -DisableNameChecking try { # The DCOM session is necessary because attempting to query DSC state through WSMan while JEA endpoints # are being registered by DSC can result in a deadlock of the WinRM service on the target node. $sessionParams = @{ ComputerName = $ComputerName } if ($Credential) { $sessionParams.Credential = $Credential } $sessionDcom = New-CimSessionWithDcom @sessionParams # Deployment code sometimes compiles DSC configuration mofs for multiple target nodes into the same output directory. # We don't have an easy way to separate these without parsing the MOF, so the wait for LCM state will block until # all nodes have stopped processing existing DSC configs (if any). This can be optimized in the future if we change the # publishing mechanism to target MOFs on a per-node basis. Wait-LCMState -CimSession $sessionDcom -TimeoutMinutes 30 if (-not $StartOnly) { Trace-Execution "Publishing DSC configuration from $Path to the following target nodes: $($ComputerName -join ', ')" $publishParams = @{ Path = $Path ErrorAction = "Stop" Force = $true } if ($Credential) { $publishParams.Credential = $Credential } Publish-DscConfiguration @publishParams } if ($PublishOnly) { Trace-Execution "Publish-only mode specified. Not starting DSC config execution." return } $targetNodesRemaining = $ComputerName for ($i = 1; $i -le $RetryCount; $i++) { Trace-Execution "DSC attempt #$i. Starting DSC configuration on the following target nodes: $($targetNodesRemaining -join ', ')" $jobs = @() $mostRecentExceptions = @{} foreach ($targetNode in $targetNodesRemaining) { # Start-DscConfiguration returns a PS job, which we use to track the progress of the DSC configuration. # We do not pass the -Force parameter, which means that if another DSC configuration has pre-empted this attempt, # the job will be marked as Failed and we will retry on the next pass. $startParams = @{ JobName = $targetNode CimSession = $sessionDcom | where ComputerName -eq $targetNode UseExisting = $true Verbose = $true ErrorAction = "Stop" } $jobs += Start-DscConfiguration @startParams } # Wait for jobs for up to 30 minutes. $timeoutSeconds = 30 * 60 Trace-Execution "Waiting for up to $timeoutSeconds seconds for jobs to complete on $($targetNodesRemaining -join ', ')" $jobs | Wait-Job -Timeout $timeoutSeconds foreach ($job in $jobs) { Trace-Execution "Output from job $($job.Name), which is in state: $($job.State):" $job.ChildJobs[0].Warning | Trace-Warning $job.ChildJobs[0].Verbose | Trace-Execution $job.ChildJobs[0].Error | Trace-Warning if ($job.State -eq "Completed") { $nodeName = $job.Name Trace-Execution "DSC configuration converged successfully on $($nodeName)." if (-not $SkipTestDscConfiguration) { Trace-Execution "Validating DSC configuration on $($nodeName)." $nodeSession = $sessionDcom | where ComputerName -eq $nodeName $result = Test-DscConfiguration -Detailed -CimSession $nodeSession -Verbose if (-not $result -or -not $result.InDesiredState) { $msg = "Even though Start-DscConfiguration completed without errors, Test-DscConfiguration indicates that not all resources have converged on $($nodeName)." $msg += "Resources not in desired state:`r`n$($result.ResourcesNotInDesiredState | Out-String)" Trace-Execution $msg $mostRecentExceptions[$nodeName] = $msg continue } } else { Trace-Execution "Additional validation (Test-DscConfiguration) skipped because -SkipTestDscConfiguration was specified." } Trace-Execution "DSC configuration in desired state on $($nodeName)." $targetNodesRemaining = @( $targetNodesRemaining | where { $_ -ne $nodeName } ) } elseif ($job.State -eq "Running") { Trace-Execution "DSC configuration on $($job.Name) did not complete in $timeoutSeconds seconds. Stopping DSC configuration." $job | Stop-Job } elseif ($job.State -eq "Failed") { # Capturing exception here only. The rest of the output can is already traced above, so piping it to Out-Null. $job | Receive-Job -ErrorVariable "jobError" -ErrorAction SilentlyContinue | Out-Null # Since the session is using DCOM protocol, the detailed error message is not returned. We need to get the message from Windows event logs. # There is no easy way to deterministically map the event with the DSC operation, so a workaround would be getting the latest five error message from the target node. # The events are filtered by Event Id 4097 as this type of event gives us the most complete information of an error. Start-Sleep 5 # give some time for Windows event logs to be processed. $event = Get-WinEvent -LogName "Microsoft-Windows-Dsc/Operational" -ComputerName $job.Name -FilterXPath "*[System[(EventID=4097)]]" $jobError += "`nLatest five DSC errors within $timeoutSeconds seconds in Windows Event logs on $($job.Name):" $jobError += $event | where {$_.TimeCreated.AddSeconds($timeoutSeconds) -ge $job.PSBeginTime} | sort TimeCreated | select TimeCreated, Message -Last 5 | fl | Out-String Trace-Execution "DSC configuration on $($job.Name) failed to converge. Exception from job:`r`n$jobError" $mostRecentExceptions[$job.Name] = $jobError } else { $msg = "Unexpected job state for $($job.Name). Details: $($job | fl * | Out-String)" Trace-Execution $msg $mostRecentExceptions[$job.Name] = $msg } } if (-not $targetNodesRemaining) { Trace-Execution "Completed DSC configuration on all target nodes: $($ComputerName -join ', ')" return } } } catch { $invocationException = $_ } finally { $jobs | Stop-Job -ErrorAction Ignore $jobs | Remove-Job -Force -ErrorAction Ignore $sessionDcom | Remove-CimSession -ErrorAction Ignore } $failureMessage = $null if ($invocationException) { $failureMessage += "$($invocationException | Out-String)" } if ($targetNodesRemaining) { Trace-Execution "The following target nodes have failed to converge DSC configuration: $($targetNodesRemaining -join ',')" $failureMessage += "DSC failures:`r`n" foreach ($targetNode in $targetNodesRemaining) { if ($mostRecentExceptions.$targetNode) { $failureMessage += "$($targetNode): $($mostRecentExceptions.$targetNode)`r`n" } else { $failureMessage += "$($targetNode): DSC did not converge, DSC configuration was cancelled.`r`n" } } } if ($failureMessage) { throw $failureMessage } } <# .SYNOPSIS Wait for LCM at the target session to be in the specified state (Idle by default). If the state is not reached within the specified timeout, this method throws an exception. #> function Wait-LCMState { param ( [Parameter(Mandatory=$true)] [CimSession[]] $CimSession, [int] $TimeoutMinutes = 30 ) function Trace-LCMState ([array] $ConfigManager) { $ConfigManager | % { Trace-Execution "$($_.PSComputerName): $($_.LCMState)" } } Trace-Execution "Waiting up to $TimeoutMinutes minutes for LCM on $($CimSession.ComputerName) to exit the Busy state." $configManager = @( Get-DscLocalConfigurationManager -CimSession $CimSession ) $endTime = (Get-Date).AddMinutes($TimeoutMinutes) while ($configManager.LCMState -contains "Busy" -and ((Get-Date) -lt $endTime)) { Trace-Execution "Waiting for LCM to exit Busy state..." Trace-LCMState $configManager Start-Sleep -Seconds 10 $configManager = Get-DscLocalConfigurationManager -CimSession $CimSession } if ($configManager.LCMState -contains "Busy") { throw "LCM State still busy after $TimeoutMinutes minutes." } Trace-LCMState $configManager } function Test-WSManConnection { <# .SYNOPSIS Tests if WSMan is operational on a machine. .DESCRIPTION Tests if wsmans is operational on a machine using WSMan Identify. This supports retries if there is an expectation that WSMan will come up on a machine after some time. TimeoutMs is the time to wait per attempt for WSMan to be ready. .EXAMPLE Test-WSManConnection -ComputerName $ComputerName -TimeoutMs 1000 -RetryCount 10 .PARAMETER ComputerName The name of the computer(s) on which to test WinRM connectivity .PARAMETER RetryDelaySec The time in seconds to wait between attempts. .PARAMETER RetryCount The number of times to try connecting before giving up. .PARAMETER TimeoutMs The time in milliseconds to wait for WSMan to respond per attempt. #> [CmdletBinding()] PARAM ( [Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)] [string[]] $ComputerName, [Parameter(Mandatory=$false)] [long] $RetryDelaySec = 5, [Parameter(Mandatory=$false)] [int] $RetryCount = 0, [Parameter(Mandatory=$false)] [long] $TimeoutMs = 5 ) $wsMan = New-Object -ComObject "WSMan.Automation" $connectionOptions = $wsMan.CreateConnectionOptions() $sessionFlags = $wsMan.SessionFlagUseNoAuthentication() -bor $wsman.SessionFlagUTF8() $remainingComputers = New-Object System.Collections.ArrayList $remainingComputers.AddRange($ComputerName) | Out-Null $currentTry = 0 $totalTimeoutMs = ($RetryDelaySec * 1000 + $TimeoutMs * $ComputerName.LongLength) * $RetryCount $stopwatch = [System.Diagnostics.Stopwatch]::StartNew() try { while (($currentTry -lt ($RetryCount + 1)) -and ($remainingComputers.Count -gt 0) -and ($stopwatch.ElapsedMilliseconds -le $totalTimeoutMs)) { $testComputers = New-Object System.Collections.ArrayList $testComputers.AddRange($remainingComputers) | Out-Null foreach ($testComputer in $testComputers) { try { $iWSManSession = $wsMan.CreateSession($testComputer, $sessionFlags, $connectionOptions); $iWSManSession.Timeout = $TimeoutMs $iWSManSession.Identify(0) | Out-Null $remainingComputers.Remove($testComputer) } catch [System.Exception] { Trace-Execution "WSMan is not operational on $testComputer. Attempt $($currentTry + 1) of $($RetryCount + 1)." if ( $currentTry -ge $RetryCount ) { Trace-Execution ($_ | Format-List * | Out-String) } } } $currentTry++ if ($remainingComputers.Count -gt 0) { Start-Sleep -Seconds $RetryDelaySec } } return $remainingComputers } finally { if ( $wsMan ) { $null = [System.Runtime.Interopservices.Marshal]::ReleaseComObject($wsMan) $wsMan = $null } } } function Test-PSSessionConnection { <# .SYNOPSIS Test remote PS connectivity to one or more VMs and returns the names of any VMs for which the check failed. .DESCRIPTION Test remote PS connectivity to the VM. Use a PSJob to allow us to set a timeout on the operation as it can hang indefinitely if the VM is in a hung state. .EXAMPLE Test-PSSessionConnection -ComputerName $ComputerName -TimeoutMinutes 10 .PARAMETER ComputerName The name of the computer(s) on which to test PSSession connectivity .PARAMETER TimeoutMinutes The time in minutes to wait for the PSJob to finish before timing out. #> [CmdletBinding()] PARAM ( [Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)] [string[]] $ComputerName, [Parameter(Mandatory=$false)] [int] $TimeoutMinutes = 3, [Parameter(Mandatory=$false)] [int] $Retries = 5 ) $ErrorActionPreference = "Stop" # Invoke-Command tests authentication and process creation. [system.collections.arraylist]$computerNameList = $computerName $attempts = 0 while ($attempts -lt $Retries) { $attempts++ Trace-Execution "Attempt $attempts/$Retries : Testing PSSession connectivity on $computerNameList." $successfulConnections = @() foreach ($name in $computerNameList) { Trace-Execution "Testing remote PS connectivity to $name with a timeout of $TimeoutMinutes minutes." try { $session = New-AzsSession -ComputerName $name -ErrorAction Stop $job = Invoke-Command -Session $session -ScriptBlock { $true } -ErrorAction Stop -AsJob $job | Wait-Job -Timeout ($TimeoutMinutes * 60) | Out-Null $jobDuration = [System.Math]::Ceiling(($job.PSEndTime - $job.PSBeginTime).TotalSeconds) if ($job.State -eq "Completed") { $output = $job | Receive-Job if ($output) { Trace-Execution "Remote PS connection to $name succeeded in $jobDuration seconds." $successfulConnections += $name } else { Trace-Execution "Remote PS job to $name succeeded, but produced no output, so the job will be retried. Expected output: '$true'." } } elseif ($job.State -eq "Failed") { $job | Receive-Job -ErrorAction SilentlyContinue -ErrorVariable "exceptionDetails" Trace-Execution "Remote PS connection to $name failed in $jobDuration seconds. Exception: $exceptionDetails" } else { Trace-Execution "Remote PS connection to $name timed out after $TimeoutMinutes minutes." } } catch { Trace-Execution "Failure to create session or invoke a command to $name. Exception: $_" } finally { $session | Remove-PSSession -ErrorAction "Ignore" } } $successfulConnections | % { $computerNameList.Remove($_) } if ($computerNameList.Count -eq 0) { Trace-Execution "All VMs have PSSession connectivity." return $computerNameList } Start-Sleep -Seconds 30 } Trace-Execution "Some VMs still do not have PSSession connectivity. These are: $computerNameList" return $computerNameList } function Test-HostPhysicalDiskSize([string[]] $PhysicalHostNames, [UInt64] $MinimumDiskSize) { <# .SYNOPSIS Determine if physical hosts have boot disks as large or better than the minimum specified. .DESCRIPTION Certain configurations require sufficient physical disk space to be enabled. All drives are expected to be roughly equivalent, but all are checked anyway. .PARAMETER physicalHostNames The name of the computer(s) to check. Caller is expected to pass in only available nodes. .PARAMETER MinimumDiskSize Minimum disk size in bytes for test to evaluate true. #> [UInt64[]] $sizes = Invoke-Command -ComputerName $physicalHostNames ` { $disk = Get-Disk | Where-Object { $_.BootFromDisk } return $disk.Size } # Compare all the returned sizes from hosts, and if any are smaller than minimum the test will fail. if ($sizes -lt $minimumDiskSize) { Trace-Warning "One or more physical host disks is below $($minimumDiskSize/1GB) GiB." return $false } else { return $true } } function Get-VMWSManDiagnostics { <# .SYNOPSIS Capture diagnostic information after a remote command failure .DESCRIPTION If a caller is unable to reach a VM, this function will capture diagnostics information such as cluster node availablity, VM status and network connectivity from the caller to the VM .PARAMETER VMName The name of the computer to check. This is expected to be a single computer name from within the domain as a string. .PARAMETER HostClusterName The name of the cluster hosting the VM specified #> [CmdletBinding()] Param ( [Parameter(Mandatory=$true)] [string] $VMName, [Parameter(Mandatory=$true)] [string] $HostClusterName ) # Cluster cmdlets and net cmdlets throw a nonterminating error, so we must still explicitly call ErrorAction on each command # This preference captures global powershell failures $ErrorActionPreference = "Stop" # If we fail to retrieve the cluster information, it should not fail ECE try { Trace-Execution "Cluster information for cluster '$HostClusterName' is:" $cluster = Get-Cluster $HostClusterName -ErrorAction Stop Trace-Execution "$($cluster | Format-Table | Out-String)" Trace-Execution "Cluster Node information is:" $clusterNodes = $cluster | Get-ClusterNode -ErrorAction Stop Trace-Execution "$($clusterNodes | Format-Table | Out-String)" Trace-Execution "Cluster Group information is:" $clusterGroups = $cluster | Get-ClusterGroup -ErrorAction Stop Trace-Execution "$($clusterGroups | Format-Table | Out-String)" Trace-Execution "Cluster Resource information is:" $clusterResources = $cluster | Get-ClusterResource -ErrorAction Stop Trace-Execution "$($clusterResources | Format-Table | Out-String)" Trace-Execution "Hyper-V VM information is:" $hypervVM = Get-VM -ComputerName $clusterNodes -ErrorAction Stop Trace-Execution "$($hypervVM | Format-Table | Out-String)" } catch { Trace-Warning "An error occurred while retrieving HostCluster information: $_" } # Likewise, failing to test remote connection should not fail ECE # Note that these commands rely on open ports in the destination VM's firewall (ex, ICMP) that may be disabled in the future # These cmdlets raise them as nonterminating errors, so they will not break execution of the try block try { Trace-Execution "Attempting a ping to $VMName" $pingResult = Test-Connection $VMName -ErrorAction Stop Trace-Execution "$($pingResult | Format-Table | Out-String)" Trace-Execution "Tracing route to $VMName" $traceRouteResult = tracert $VMName -ErrorAction Stop Trace-Execution "$($traceRouteResult | Format-Table | Out-String)" Trace-Execution "Attempting a NetConnection via WinRM" $winRMTestResults = Test-NetConnection -CommonTCPPort WinRM -ComputerName $VMName -ErrorAction Stop Trace-Execution "$($winRMTestResults | Format-Table | Out-String)" } catch { Trace-Warning "An error occurred while testing remote connectivity to '$VMName': $_" } } function Set-DriveLetterForSpecificLabel { <# .SYNOPSIS Sets the specified drive letter for the partition with given file system label. .DESCRIPTION While attaching a VHD to an offline VM, it is not possible to set the default drive letter. This cmdlet could be called from the VM after it comes online to set the drive letter of a partition using the file system label. .PARAMETER FileSystemLabel The file system label for which the drive letter needs to be set. .PARAMETER DriveLetter The new drive letter to be set for the FileSystemLabel. #> [CmdletBinding()] Param ( [Parameter(Mandatory=$true)] [string] $FileSystemLabel, [Parameter(Mandatory=$true)] [string] $DriveLetter ) # List of existing volumes $volumes = Get-Volume Trace-Execution "List of existing volumes: $($volumes | out-string)" # If file system label volume does not exist. $volume = $volumes | Where-Object FileSystemLabel -ieq $FileSystemLabel if([string]::IsNullOrEmpty($volume)) { Trace-Warning "A volume with file system label '$FileSystemLabel' does not exist." return } # If file system label partition does not exist. $partition = $volume | Get-Partition Trace-Execution "Partition with '$FileSystemLabel' file system label: $($partition | out-string)" if([string]::IsNullOrEmpty($partition.DriveLetter)) { Trace-Warning "A partition for file system label '$FileSystemLabel' does not exist." return } # If drive letter is already in use. if (Test-Path -Path "$($DriveLetter + ':')") { Trace-Warning "Drive letter '$DriveLetter' is already in use. Cannot reuse it without removing existing drive." return } # Set new drive letter for partiion with given file system label Trace-Execution "The current partition for file system label '$FileSystemLabel' exists at drive letter '$($partition.DriveLetter)'." Trace-Execution "Setting the partition with file system label '$FileSystemLabel' to drive letter '$DriveLetter'." Set-Partition -DriveLetter $partition.DriveLetter -NewDriveLetter $DriveLetter -Verbose -ErrorAction Stop } <# .Synopsis Stops a service with retry logic. This function first tries to stop a service gracefully and waits for it to exit a pending state with retry logic up to 60 seconds. It also support forcefully stopping it if enabled. #> function Stop-ServiceWithRetries { param ( [parameter(Mandatory = $true)] [ValidateNotNull()] [System.String] $ServiceName, [Switch] $Force ) $retryCount = 0 $ServiceNotStopped = $true while ($retryCount -lt 7 -and $ServiceNotStopped) { try { $service = get-service -Name $ServiceName -ErrorAction Ignore if ($service -eq $null) { Trace-Execution "Service not found." return } Trace-Execution "Found Service in $($service.Status)" switch ($service.Status) { { "Running", "Paused" -contains $_ } { Stop-Service -Name $ServiceName $ServiceNotStopped = $false break } "Stopped" { $ServiceNotStopped = $false break } default { start-sleep -Seconds 10 } } } catch { Trace-Warning "Failed to stop service : $($_.Exception.Message)" } finally { $retryCount++ } } $service = Get-Service -Name $ServiceName if ($service.Status -ne "Stopped" -and $Force) { Write-Log ("Failure stopping service '{0}'" -f $ServiceName) try { Write-Log("Attempting to stop underlying process of service '{0}'" -f $ServiceName) $process = Get-WmiObject -Class Win32_Service -Filter "Name='$ServiceName'" | Select-Object if($process -ne $null) { Stop-Process -Id $process.ProcessId -Force $stoppedProcess = Get-WmiObject -Class Win32_Service -Filter "Name='$ServiceName'" | Select-Object if($stoppedProcess.State -eq "Stopped") { Write-Log ("Process '{0}' with id '{1}' stopped" -f $process.Name,$process.ProcessId) $retries = 0 while($retries -lt 5) { try { # Tell SCM to stop the service again so that it doesn't restart after we kill the underlying process (if startup type is automatic) Stop-Service $ServiceName -Force break } catch { Write-Log("Failure trying to stop service '{0}' after stopping process '{1}'. Retrying..." -f $ServiceName,$process.Name) Start-Sleep -Seconds 3 $retries++ } } Stop-Service $ServiceName -Force $service = Get-Service -Name $ServiceName if($service.Status -ne "Stopped") { throw "Failed to stop service $ServiceName after process stop. Exiting..." } else { Write-Log("Process '{0}' and service '{1}' stopped successfully." -f $process.Name,$ServiceName) } } } else { Write-Log("No underlying process of service '{0}' found. Failured to stop service.") } } catch { Write-Log ("Failure stopping process '{0}'. Message: '{1}'" -f $process.Name,$_.Exception.Message) throw } } } # Helper function to create execution context XML for node-wise operation. # This would mainly be used in conditional action expansion for custom execution context. # Arbitrary custom XML can still be passed directly in the conditional evaluation function if needed. function New-ExecutionContextXmlForNode { [CmdletBinding()] Param ( [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.String[]] $NodeNames, [Parameter(Mandatory = $true)] [ValidateNotNullOrEmpty()] [System.String] $RoleName, [Parameter(Mandatory = $false)] [System.String] $RolePath ) Trace-Execution "Constructing execution context XML with NodeName: '$NodeNames', RoleName: '$RoleName', RolePath: '$RolePath'" $nodesExecutionContext = @" <ExecutionContext> <Roles> <Role RoleName="$RoleName"> <Nodes /> </Role> </Roles> </ExecutionContext> "@ $ecXml = [xml]$nodesExecutionContext if ($RolePath) { # RolePath is not strictly required (also not easily constructed from the script) $ecXml.SelectSingleNode("ExecutionContext/Roles/Role").SetAttribute("RolePath", $RolePath) | Out-Null } foreach ($node in $NodeNames) { $nodeElement = $ecXml.CreateElement("Node") $nodeElement.SetAttribute("Name", $node) | Out-Null $ecXml.SelectSingleNode("ExecutionContext/Roles/Role/Nodes").AppendChild($nodeElement) | Out-Null } return $ecXml.OuterXml } <# .SYNOPSIS Imports certificate from pfx file if it's not installed. #> function Import-PfxCertificateSafe { [CmdletBinding()] Param ( [Parameter(Mandatory=$true)] [string] $FilePath, [Parameter(Mandatory=$true)] [SecureString] $Password, [Parameter(Mandatory=$false)] [string] $CertStoreLocation = "Cert:\LocalMachine\My", [Parameter(Mandatory=$false)] [Switch] $Exportable ) $ErrorActionPreference = "Stop" $certificate = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($FilePath, $Password) if (($existingCert = Get-ChildItem $CertStoreLocation | Where Thumbprint -EQ $certificate.Thumbprint )) { Trace-Execution "Certificate '$CertStoreLocation\$($certificate.Thumbprint)' already imported from location '$FilePath'" -Verbose $existingCert } else { if ($Exportable) { Import-PfxCertificate -FilePath $FilePath -CertStoreLocation $CertStoreLocation -Password $Password -Exportable -Verbose -ErrorAction Stop } else { Import-PfxCertificate -FilePath $FilePath -CertStoreLocation $CertStoreLocation -Password $Password -Verbose -ErrorAction Stop } if (($installedCertificate = Get-ChildItem $CertStoreLocation | Where Thumbprint -EQ $certificate.Thumbprint )) { Trace-Execution "Successfully installed Certificate '$CertStoreLocation\$($installedCertificate.Thumbprint)' from location '$FilePath'" -Verbose } else { throw "Import-PfxCertificate failed to install certificate from location '$FilePath'" } } } function Install-RoleNugetPackages { [CmdletBinding()] Param( [Parameter()] [ValidateNotNullOrEmpty()] [string] $NugetStorePath = "$env:SystemDrive\CloudDeployment\NuGetStore", [Parameter()] [ValidateNotNullOrEmpty()] [string] $Destination = "$env:SystemDrive\NuGetStore" ) if(!(Test-Path $destination)) { md $destination -Force } #Install the ProductNugets manifest package Expand-NugetContent -NugetName 'Microsoft.AzureStack.Solution.Deploy.ProductNugets' -SourcePath '' -DestinationPath $destination -Verbose:$VerbosePreference -IsNugetInstall $productNugetXmlPath = Join-Path -Path (Get-ASArtifactPath -NugetName 'Microsoft.AzureStack.Solution.Deploy.ProductNugets') -ChildPath 'ProductNuGets.xml' if(!(Test-Path -path $productNugetXmlPath)) { #To support backward compatibility for ProductNugets package between Solution-Deploy package and AsZ-Assembly package. $productNugetXmlPath = Join-Path -Path (Get-ASArtifactPath -NugetName 'Microsoft.AzureStack.Solution.Deploy.ProductNugets') -ChildPath 'content\ProductNuGets.xml' } $productNugetXml = [xml](Get-Content -Path $productNugetXmlPath) $roleNugetPackageNames = ($productNugetXml.Manifest.Packages.NuGetPackage| where {$_.ECERole -eq 'true'} ).Name foreach($roleNugetName in $roleNugetPackageNames) { Expand-NugetContent -NugetName $roleNugetName -SourcePath '' -DestinationPath $destination -NugetStorePath $NugetStorePath -Verbose:$VerbosePreference -IsNugetInstall } } function Create-CallBackStringForAsZ { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [CloudEngine.Configurations.EceInterfaceParameters] $Parameters ) # If an end step is specified, propagate that information to the invocation after reboot. $endStepValue = $Parameters.RunInformation.EndStep if ( ($endStepValue) -and ($endStepValue -ne 'MAX') ) { $endStepSpecification = "-End $endStepValue " } $retriesValue = $Parameters.RunInformation.Retries if ( ($retriesValue) ) { $retriesValueSpecification = "-Retries $retriesValue " } $ecEngineModulePath = (Resolve-Path -Path "$PSScriptRoot\..\ECEngine\EnterpriseCloudEngine.psd1").Path $callbackString = @" Import-Module $ecEngineModulePath Invoke-EceAction -RolePath Cloud -ActionType CloudDeployment -Rerun $endStepSpecification $retriesValueSpecification -Verbose "@ return $callbackString } Export-ModuleMember -Function Install-RoleNugetPackages Export-ModuleMember -Function ConnectPSSession Export-ModuleMember -Function Disable-CredSSP Export-ModuleMember -Function Disable-RemoteClientCredSSP Export-ModuleMember -Function Dismount-Wim Export-ModuleMember -Function Enable-AutoLogon Export-ModuleMember -Function Enable-CredSSP Export-ModuleMember -Function Expand-NugetContent Export-ModuleMember -Function Find-LockedFiles Export-ModuleMember -Function Get-NugetStorePath Export-ModuleMember -Function Get-NugetVersions Export-ModuleMember -Function Get-VMWSManDiagnostics Export-ModuleMember -Function Import-PfxCertificateSafe Export-ModuleMember -Function Initialize-ECESession Export-ModuleMember -Function Initialize-NugetScript Export-ModuleMember -Function Invoke-ECECommand Export-ModuleMember -Function Mount-Wim Export-ModuleMember -Function Mount-WindowsImageWithRetry Export-ModuleMember -Function New-Credential Export-ModuleMember -Function New-ExecutionContextXmlForNode Export-ModuleMember -Function New-RegistryPropertyNameValue Export-ModuleMember -Function PublishAndStartDscConfiguration Export-ModuleMember -Function Reset-RestartCallback Export-ModuleMember -Function Restart-Machine Export-ModuleMember -Function Set-DriveLetterForSpecificLabel Export-ModuleMember -Function Set-RestartCallback Export-ModuleMember -Function Stop-ServiceWithRetries Export-ModuleMember -Function Test-HostPhysicalDiskSize Export-ModuleMember -Function Test-PSSessionConnection Export-ModuleMember -Function Test-WSManConnection Export-ModuleMember -Function Test-WSmanForCredSSP Export-ModuleMember -Function Trace-Error Export-ModuleMember -Function Trace-Execution Export-ModuleMember -Function Trace-Warning Export-ModuleMember -Function Wait-Result Export-ModuleMember -Function Create-CallBackStringForAsZ # SIG # Begin signature block # MIInpAYJKoZIhvcNAQcCoIInlTCCJ5ECAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCCRtsVtqKuc2njA # 0zLbxaJynKke9PnufwlsSJBLRulHQqCCDYUwggYDMIID66ADAgECAhMzAAADTU6R # phoosHiPAAAAAANNMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMwMzE2MTg0MzI4WhcNMjQwMzE0MTg0MzI4WjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDUKPcKGVa6cboGQU03ONbUKyl4WpH6Q2Xo9cP3RhXTOa6C6THltd2RfnjlUQG+ # Mwoy93iGmGKEMF/jyO2XdiwMP427j90C/PMY/d5vY31sx+udtbif7GCJ7jJ1vLzd # j28zV4r0FGG6yEv+tUNelTIsFmmSb0FUiJtU4r5sfCThvg8dI/F9Hh6xMZoVti+k # bVla+hlG8bf4s00VTw4uAZhjGTFCYFRytKJ3/mteg2qnwvHDOgV7QSdV5dWdd0+x # zcuG0qgd3oCCAjH8ZmjmowkHUe4dUmbcZfXsgWlOfc6DG7JS+DeJak1DvabamYqH # g1AUeZ0+skpkwrKwXTFwBRltAgMBAAGjggGCMIIBfjAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQUId2Img2Sp05U6XI04jli2KohL+8w # VAYDVR0RBE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJh # dGlvbnMgTGltaXRlZDEWMBQGA1UEBRMNMjMwMDEyKzUwMDUxNzAfBgNVHSMEGDAW # gBRIbmTlUAXTgqoXNzcitW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8v # d3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIw # MTEtMDctMDguY3JsMGEGCCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDov # L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDEx # XzIwMTEtMDctMDguY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIB # ACMET8WuzLrDwexuTUZe9v2xrW8WGUPRQVmyJ1b/BzKYBZ5aU4Qvh5LzZe9jOExD # YUlKb/Y73lqIIfUcEO/6W3b+7t1P9m9M1xPrZv5cfnSCguooPDq4rQe/iCdNDwHT # 6XYW6yetxTJMOo4tUDbSS0YiZr7Mab2wkjgNFa0jRFheS9daTS1oJ/z5bNlGinxq # 2v8azSP/GcH/t8eTrHQfcax3WbPELoGHIbryrSUaOCphsnCNUqUN5FbEMlat5MuY # 94rGMJnq1IEd6S8ngK6C8E9SWpGEO3NDa0NlAViorpGfI0NYIbdynyOB846aWAjN # fgThIcdzdWFvAl/6ktWXLETn8u/lYQyWGmul3yz+w06puIPD9p4KPiWBkCesKDHv # XLrT3BbLZ8dKqSOV8DtzLFAfc9qAsNiG8EoathluJBsbyFbpebadKlErFidAX8KE # usk8htHqiSkNxydamL/tKfx3V/vDAoQE59ysv4r3pE+zdyfMairvkFNNw7cPn1kH # Gcww9dFSY2QwAxhMzmoM0G+M+YvBnBu5wjfxNrMRilRbxM6Cj9hKFh0YTwba6M7z # ntHHpX3d+nabjFm/TnMRROOgIXJzYbzKKaO2g1kWeyG2QtvIR147zlrbQD4X10Ab # rRg9CpwW7xYxywezj+iNAc+QmFzR94dzJkEPUSCJPsTFMIIHejCCBWKgAwIBAgIK # YQ6Q0gAAAAAAAzANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlm # aWNhdGUgQXV0aG9yaXR5IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEw # OTA5WjB+MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE # BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYD # VQQDEx9NaWNyb3NvZnQgQ29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG # 9w0BAQEFAAOCAg8AMIICCgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+la # UKq4BjgaBEm6f8MMHt03a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc # 6Whe0t+bU7IKLMOv2akrrnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4D # dato88tt8zpcoRb0RrrgOGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+ # lD3v++MrWhAfTVYoonpy4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nk # kDstrjNYxbc+/jLTswM9sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6 # A4aN91/w0FK/jJSHvMAhdCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmd # X4jiJV3TIUs+UsS1Vz8kA/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL # 5zmhD+kjSbwYuER8ReTBw3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zd # sGbiwZeBe+3W7UvnSSmnEyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3 # T8HhhUSJxAlMxdSlQy90lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS # 4NaIjAsCAwEAAaOCAe0wggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRI # bmTlUAXTgqoXNzcitW2oynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAL # BgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBD # uRQFTuHqp8cx0SOJNDBaBgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jv # c29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3JsMF4GCCsGAQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFf # MDNfMjIuY3J0MIGfBgNVHSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEF # BQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1h # cnljcHMuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkA # YwB5AF8AcwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn # 8oalmOBUeRou09h0ZyKbC5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7 # v0epo/Np22O/IjWll11lhJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0b # pdS1HXeUOeLpZMlEPXh6I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/ # KmtYSWMfCWluWpiW5IP0wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvy # CInWH8MyGOLwxS3OW560STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBp # mLJZiWhub6e3dMNABQamASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJi # hsMdYzaXht/a8/jyFqGaJ+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYb # BL7fQccOKO7eZS/sl/ahXJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbS # oqKfenoi+kiVH6v7RyOA9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sL # gOppO6/8MO0ETI7f33VtY5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtX # cVZOSEXAQsmbdlsKgEhr/Xmfwb1tbWrJUnMTDXpQzTGCGXUwghlxAgEBMIGVMH4x # CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt # b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01p # Y3Jvc29mdCBDb2RlIFNpZ25pbmcgUENBIDIwMTECEzMAAANNTpGmGiiweI8AAAAA # A00wDQYJYIZIAWUDBAIBBQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQw # HAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEINSd # tsGBTWPj9IDwKIfyi1PTvwGzA8XO6mzpj5hJzkVZMEIGCisGAQQBgjcCAQwxNDAy # oBSAEgBNAGkAYwByAG8AcwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20wDQYJKoZIhvcNAQEBBQAEggEAkJk5mP7hZdxxO7uXRFvpixB0q3ZlJ6j6VX0v # zstHuK6gO0afWgakheSCUnDYwRRgJiHmBqWZ4muCjLixA3MUKbB/AuqSE597I56Z # GhdOkBSzFGSY0j8yEt9rtk13J4n620puWJZ1WXLa4ekcDf+0D8f3b7oVlgx7FwSm # nOnLuDDS2JXQMUxQtE+nmwyI/AAF0aRUNyhY3cxNIzpaxLijHspvaMkdQvT37FLC # ewkqnAlSX42MNG5otSJZrKbuZWfDsGoY5Jd27qpfSt8qbHW8o569K7XCeT9WxetO # bTAf19Kth/D8Y4gf0RzVi6nqw/iOwrficj+7VDzTsEcLOZNJi6GCFv8wghb7Bgor # BgEEAYI3AwMBMYIW6zCCFucGCSqGSIb3DQEHAqCCFtgwghbUAgEDMQ8wDQYJYIZI # AWUDBAIBBQAwggFQBgsqhkiG9w0BCRABBKCCAT8EggE7MIIBNwIBAQYKKwYBBAGE # WQoDATAxMA0GCWCGSAFlAwQCAQUABCDLvkJOmLFXnq3aKKn6R7RXqaxbIujgloJk # uQ0Cvh9xXgIGZIuKJqoHGBIyMDIzMDcxMzE5MjkxOS4xMVowBIACAfSggdCkgc0w # gcoxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS # ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsT # HE1pY3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMxJjAkBgNVBAsTHVRoYWxlcyBU # U1MgRVNOOkVBQ0UtRTMxNi1DOTFEMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1T # dGFtcCBTZXJ2aWNloIIRVzCCBwwwggT0oAMCAQICEzMAAAHDi2/TSL8OkV0AAQAA # AcMwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp # bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw # b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw # HhcNMjIxMTA0MTkwMTI5WhcNMjQwMjAyMTkwMTI5WjCByjELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJp # Y2EgT3BlcmF0aW9uczEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046RUFDRS1FMzE2 # LUM5MUQxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggIi # MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC767zqzdH+r6KSizzRoPjZibbU # 0M5m2V01HEwVTGbij2RVaRKHZzyM4LElfBXYoWh0JPGkZCz2PLmdQj4ur9u3Qda1 # Jg8w8+163jbSDPAzUSxHbqRunCUEfEVjiGTfLcAf7Vgp/1uG8+zuQ9tdsfuB1pyK # 14H4XsWg5G317QP92wF4bzQZkAXbLotYCPoLaYyqVp9eTBt9PJBqe5frli77EynI # nV8BESm5Hvrqt4+uqUTQppp4PSeo6AatORJl4IwM8fo60nTSNczBsgPIfuXh9hF4 # ixN/M3kZ/dRqKuyN5r4oXLbaVTx6WcheOh7LHelx6wf6rlqtjVzoc995KeR4yiT+ # DGcHs/UyO3sj0Qj22FC0y/L/VJSYsbXasFH8N+F4T9Umlyb9Nh6hXXU19BCeX+MF # s9tJEGnQcapMhxYOljoyBJ0GhARPUO+kTg9fiyd00ZzXAbKDjmkfrZkx9QX8LMZn # uJXrftG2dAVcPNPGhIQSR1cx1YMkb6OPGgLXqVGTXEWd+QDi6iZriYqyjuq8Tp3b # v4rrLMhJZDtOO61gsomdLM29+I2K7K//THEIBJIBG85De/1x6C8z+me5T1zqz7iC # Yrf7mOFy+dYZCokTS2lgeaTduaYEvWAeb1OMEnPmb/yu8czdHDc5SFXj/CYAvfYq # Y9HlRtvjDDkc0aK5jQIDAQABo4IBNjCCATIwHQYDVR0OBBYEFBwYvs3Y128BorxN # wuvExOxrxoHWMB8GA1UdIwQYMBaAFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMF8GA1Ud # HwRYMFYwVKBSoFCGTmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2lvcHMvY3Js # L01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAyMDEwKDEpLmNybDBsBggr # BgEFBQcBAQRgMF4wXAYIKwYBBQUHMAKGUGh0dHA6Ly93d3cubWljcm9zb2Z0LmNv # bS9wa2lvcHMvY2VydHMvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIw # MTAoMSkuY3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJ # KoZIhvcNAQELBQADggIBAN3yplscGp0EVEPEYbAOiWWdHJ3RaZSeOqg/7lAIfi8w # 8G3i6YdWEm7J5GQMQuRNZm5aordTXPYecZq1ucRNwdSXLCUf7cjtHt9TTMpjDY8s # D5VrAJyuewgKATfbjYSwQL9nRhTvjQ0n/Fu7Osa1MS1QiJC+vYAI8nKGw+i17wi1 # N/i41bgxujVA/S2NwEoKAR7MgLgNhQzQFgJYKZ5mY3ACXF+lOWI4UQoH1RpKodKz # nVwfwljSCovcvAj0th+MQ7vv74dj+cypcIyL2KFQqginZN+N/N2bk2DlX7LDz7Be # Xb1FxbhDgK8ee018rFP2hDcntgFBAQdYk+DxM1H3DgHzYXOasN3ywvoRO8a7HmEV # zCYX5DatPkxrx1hRJ0JKD+KGgRhQYlmdkv2fIOnWyd+VJVfsWkvIAvMMOUcFbUIm # FhV98lGirPUPiRGiipEE1FowUw+KeDLDBsSCEyF4ko2h1rsAaCr7UcfVp9GUT72p # hb0Uox7PF5CZ/yBy4C6Gv0gBfJoX0MXQ8nl/i6HM5K8gLUGQm3MXqinjlRhojtX7 # 1fx1zBdtkmcggAfVyNU7woQKHEoiSmThCDLQ+hyBTBoZaqYtZG7WFDVYladBe+8F # h5gMZZuP8+1KXLC/qbya6Mt6l8y8lxTbkpaSVI/YW43Hpo5V96N76mBvAhAhVDWd # MIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsF # ADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT # B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UE # AxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcN # MjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEG # A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj # cm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFt # cCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzn # tHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3 # lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFE # yHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+ # jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4x # yDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBc # TyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9 # pSB9fvzZnkXftnIv231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ # 8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pn # ol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYG # NRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cI # FRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEE # AYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E # 7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwr # BgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUF # BwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNV # HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYG # A1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3Js # L3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcB # AQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kv # Y2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUA # A4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2 # P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J # 6Gngugnue99qb74py27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfak # Vqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/AL # aoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtP # u4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5H # LcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEua # bvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvB # QUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb # /wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETR # kPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAs4wggI3AgEB # MIH4oYHQpIHNMIHKMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ # MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u # MSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMSYwJAYDVQQL # Ex1UaGFsZXMgVFNTIEVTTjpFQUNFLUUzMTYtQzkxRDElMCMGA1UEAxMcTWljcm9z # b2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUA8R0v4+z6HTd7 # 5Itd0bO5ju0u7s6ggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz # aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv # cnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAx # MDANBgkqhkiG9w0BAQUFAAIFAOhaSLcwIhgPMjAyMzA3MTMxNzU2MDdaGA8yMDIz # MDcxNDE3NTYwN1owdzA9BgorBgEEAYRZCgQBMS8wLTAKAgUA6FpItwIBADAKAgEA # AgIAvAIB/zAHAgEAAgISVDAKAgUA6FuaNwIBADA2BgorBgEEAYRZCgQCMSgwJjAM # BgorBgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEB # BQUAA4GBABqn2hm54OJwklKA4NA9S4n6NE0Q9UY7+Da7GzaQg7OROR0FySTJRIuC # 3OlCKSFxZZyV3p2w0uZG6BDIMRkmn5f6rB//DXwF8EyJF2e5QtUD7za7Fqqy6PhP # 9MqYp9a6mdcmTYrqFwrxLSlr3YQfF/hJFNAv/3swO12e+6yOjsCaMYIEDTCCBAkC # AQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV # BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG # A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAHDi2/TSL8O # kV0AAQAAAcMwDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG # 9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgFiOLismaH7wrDqte7UvV7lnJCXy/5ATA # P4zt8Lt0ZJEwgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCDS+1Obb5JJ6uHU # qICTCslMAvFN8mi2U9wNnZlKfvwqSTCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0 # YW1wIFBDQSAyMDEwAhMzAAABw4tv00i/DpFdAAEAAAHDMCIEIJet0dPjepNu/t9W # 2fphALwDyW88/kPhZ286Tzrp/h6ZMA0GCSqGSIb3DQEBCwUABIICAC2NOCx0foHe # rmqcrTICQb1f0RW1NBctlXXJbrgc/pXJKpcyoJlh0zeeNwT0HIhqqJ4c0mXIYZ2o # UtFhgShV/59wvdRhrvVJo0el0cBivvTrUKyEVoAGEE8/485UY0IdtQ+sbx+05C2m # ijZ8JX1Vk55qP08ZrC70e4QNgKy1Q9D6tEb/1Wn+qQF01Pkmg0UBQ5ot/f14yX97 # GZI9R3fCc4l6fcbWph54Op1Zs67vm/8hPiEsTVyP7FqFqhuCmq/ajVkLVeaNCO6t # I7GR4ciuGLGrQq5R4Hi+TM9OHJo41m+8HbEHCJCSOFpUDPBV4n1rlXDJUisf1gN+ # r09n7aMdP0C5DIZHsN8FXyhzjtEOJBNBx33OX8Z0FAtNZKV36noWuO7/SYeVf4Et # xKye4QbBPL2NMFfQyDlepomackVhk48/CfYC4mKO7FZR3o7WSRpYzKgBaz1q5puC # /CDCFlt7BI/1ikhcG89U3ipYnvjLGS0pSdHWvPJDpSiPMM6u+6ZWKd50hGEUsdrd # 68cEk8JanTj+U+WXsDXi/6d43a0fBVnbmXodVvmBQ/qmI7McPNdoA9bT0974dO1+ # mY0jE931nGegoYp9NKBqDFA9MzL1/UuiDt7TB1ZVonMU17vcSuQN2c6CJFuF8bOE # aemfD2tpJLlV0T/d1xKn5tgWFgAJwmaE # SIG # End signature block |