modules/SdnDiag.NetworkController/SdnDiag.NetworkController.psm1
# Copyright (c) Microsoft Corporation. # Licensed under the MIT License. Using module .\SdnDiag.NetworkController.Helper.psm1 Import-Module $PSScriptRoot\SdnDiag.NetworkController.Helper.psm1 Import-Module $PSScriptRoot\..\SdnDiag.Common\SdnDiag.Common.psm1 Import-Module $PSScriptRoot\..\SdnDiag.Utilities\SdnDiag.Utilities.psm1 Import-Module $PSScriptRoot\..\SdnDiag.NetworkController.FC\SdnDiag.NetworkController.FC.psm1 Import-Module $PSScriptRoot\..\SdnDiag.NetworkController.SF\SdnDiag.NetworkController.SF.psm1 # create local variable to store configuration data $configurationData = Import-PowerShellDataFile -Path $PSScriptRoot\SdnDiag.NetworkController.Config.psd1 New-Variable -Name 'SdnDiagnostics_NC' -Scope 'Script' -Force -Value @{ Config = $configurationData } ##### FUNCTIONS AUTO-POPULATED BELOW THIS LINE DURING BUILD ##### function Connect-SlbManager { [CmdletBinding()] param( [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) $slbClient = Get-SlbClient -ErrorAction Stop # we need identify the current primary replica for the slbmanager service # if the primary replica is on the local node, then we will use the loopback address $slbManagerPrimary = Get-SdnServiceFabricReplica -ServiceTypeName 'SlbManagerService' -Primary -Credential $Credential -ErrorAction Stop if ($null -ieq $slbManagerPrimary) { throw "Unable to return primary replica of SlbManagerService" } $slbManagerPrimaryNodeName = $slbManagerPrimary.ReplicaAddress.Split(':')[0] if (Test-ComputerNameIsLocal -ComputerName $slbManagerPrimaryNodeName) { $useLoopback = $true } # if we have already detected that we are using the loopback address, then we can just use that # otherwise we will test to check if the SlbManagerPrimary is an IP address or a hostname # if it is a hostname, then we will resolve it to an IP address if ($useLoopback) { $ipAddress = [System.Net.IPAddress]::Loopback } else { $isIpAddress = ($slbManagerPrimaryNodeName -as [IPAddress]) -as [Bool] if (!$isIpAddress) { [IPAddress]$ipAddress = [System.Net.Dns]::GetHostAddresses($slbManagerPrimaryNodeName)[0].IPAddressToString "Resolved {0} to {1}" -f $slbManagerPrimaryNodeName, $ipAddress.IPAddressToString | Trace-Output -Level:Verbose } else { [IPAddress]$ipAddress = $slbManagerPrimaryNodeName } } # create IPEndPoint object for the SlbManagerPrimary address and port 49001 $endpoint = New-Object System.Net.IPEndPoint($ipAddress, 49001) $networkControllerNode = Get-SdnNetworkControllerSFNode -Name $env:COMPUTERNAME # check to see if we have a node certificate that will be used for establishing connectivity # otherwise if not using x509 between the NC nodes we can just use $null if ($networkControllerNode.NodeCertificate.Thumbprint) { $slbmConnection = $slbClient.ConnectToSlbManager($endpoint, $networkControllerNode.NodeCertificate.Thumbprint, $null) } else { $slbmConnection = $slbClient.ConnectToSlbManager($endpoint, $null, $null) } return $slbmConnection } function Get-ManagementAddress { param ( $ManagementAddress ) $uniqueFQDN = @() $uniqueIPAddress = @() foreach ($ma in $ManagementAddress) { $isIpAddress = ($ma -as [IPAddress]) -as [Bool] if ($isIpAddress) { $uniqueIPAddress += $ma } else { $uniqueFQDN += $ma.ToLower() } } # if we have a mix of FQDN and IPAddress, defer to FQDN # use Sort-Object -Unique to remove duplicates from the list (case insensitive) if ($uniqueFQDN) { return ($uniqueFQDN | Sort-Object -Unique) } else { return ($uniqueIPAddress | Sort-Object -Unique) } } function Get-NetworkControllerConfigState { <# .SYNOPSIS Outputs a set of configuration state files for the network controller role. .PARAMETER OutputDirectory Specifies a specific path and folder in which to save the files. .EXAMPLE PS> Get-NetworkControllerConfigState -OutputDirectory "C:\Temp\CSS_SDN" #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.IO.FileInfo]$OutputDirectory ) $currentErrorActionPreference = $ErrorActionPreference $ProgressPreference = 'SilentlyContinue' $ErrorActionPreference = 'SilentlyContinue' try { $config = Get-SdnModuleConfiguration -Role 'NetworkController' [string]$outDir = Join-Path -Path $OutputDirectory.FullName -ChildPath "ConfigState" [string]$regDir = Join-Path -Path $OutputDirectory.FullName -ChildPath "Registry" [string]$ncAppDir = Join-Path $OutputDirectory.FullName -ChildPath "NCApp" if (-NOT (Initialize-DataCollection -Role $config.Name -FilePath $outDir -MinimumMB 100)) { "Unable to initialize environment for data collection" | Trace-Output -Level:Error return } "Collect configuration state details for role {0}" -f $config.Name | Trace-Output Export-RegistryKeyConfigDetails -Path $config.properties.regKeyPaths -OutputDirectory $regDir Get-CommonConfigState -OutputDirectory $outDir # enumerate dll binary version for NC application $ncAppDirectories = Get-ChildItem -Path "$env:SystemRoot\NetworkController" -Directory foreach($directory in $ncAppDirectories){ [string]$fileName = "FileInfo_{0}" -f $directory.BaseName Get-Item -Path "$($directory.FullName)\*" -Include *.dll,*.exe | Export-ObjectToFile -FilePath $ncAppDir -Name $fileName -FileType txt -Format List } switch ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType) { 'ServiceFabric' { Get-NetworkControllerSFConfigState @PSBoundParameters } 'FailoverCluster' { Get-NetworkControllerFCConfigState @PSBoundParameters } } } catch { $_ | Trace-Exception $_ | Write-Error } $ProgressPreference = 'Continue' $ErrorActionPreference = $currentErrorActionPreference } function Get-PublicIpReference { <##> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [uri]$NcUri, [Parameter(Mandatory = $true)] [System.Object]$IpConfiguration, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) try { # check for an instance-level public IP address that is directly associated # with the ipconfiguration and return back to calling function if ($IpConfiguration.properties.publicIPAddress) { "Located {0} associated with {1}" -f $IpConfiguration.properties.publicIPAddress.resourceRef, $IpConfiguration.resourceRef | Trace-Output -Level:Verbose return ($IpConfiguration.properties.publicIPAddress.resourceRef) } else { "Unable to locate an instance-level public IP address associated with {0}" -f $IpConfiguration.resourceRef | Trace-Output -Level:Verbose } # NIC is connected to a load balancer with public IP association # or NIC is not associated to a public IP by any means and instead is connected via implicit load balancer attached to a virtual network "Checking for any backend address pool associated with {0}" -f $IpConfiguration.resourceRef | Trace-Output -Level:Verbose if ($IpConfiguration.properties.loadBalancerBackendAddressPools) { "Located backend address pool associations for {0}" -f $IpConfiguration.resourceRef | Trace-Output -Level:Verbose $loadBalancers = Get-SdnResource -NcUri $NcUri.AbsoluteUri -Resource:LoadBalancers -Credential $Credential $allBackendPoolRefs = @($IpConfiguration.properties.loadBalancerBackendAddressPools.resourceRef) $backendHash = [System.Collections.Hashtable]::new() foreach ($group in $loadBalancers.properties.backendAddressPools | Group-Object resourceRef) { [void]$backendHash.Add($group.Name, $group.Group) } foreach ($backendPoolRef in $allBackendPoolRefs) { "Checking for outboundNatRules for {0}" -f $backendPoolRef | Trace-Output -Level:Verbose $bePool = $backendHash[$backendPoolRef] if ($bePool.properties.outboundNatRules) { "Located outboundNatRule associated with {0}" -f $bePool.resourceRef | Trace-Output -Level:Verbose $obRuleRef = $bePool.properties.outboundNatRules[0].resourceRef break } } if ($obRuleRef) { $natRule = $loadBalancers.properties.outboundNatRules | Where-Object { $_.resourceRef -eq $obRuleRef } $frontendConfig = $loadBalancers.properties.frontendIPConfigurations | Where-Object { $_.resourceRef -eq $natRule.properties.frontendIPConfigurations[0].resourceRef } "Located {0} associated with {0}" -f $frontendConfig.resourceRef, $natRule.resourceRef | Trace-Output -Level:Verbose return ($frontendConfig.properties.publicIPAddress.resourceRef) } else { "Unable to locate outboundNatRules associated with {0}" -f $IpConfiguration.properties.loadBalancerBackendAddressPools.resourceRef | Trace-Output -Level:Verbose } } else { "Unable to locate any backend pools associated with {0}" -f $IpConfiguration.resourceRef | Trace-Output -Level:Verbose } return $null } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnClusterType { <# .SYNOPSIS Determines the cluster type of the Network Controller .PARAMETER NetworkController Specifies the name of the network controller node on which this cmdlet operates. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .EXAMPLE PS> Get-SdnClusterType .EXAMPLE PS> Get-SdnClusterType -NetworkController 'NC01' -Credential (Get-Credential) #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.String]$NetworkController, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) $sb = { # with failover cluster, the ApiService will run as a service within windows # so we can check if the service exists to determine if it is a failover cluster configuration regardless if running $service = Get-Service -Name 'ApiService' -ErrorAction Ignore if ($service) { return 'FailoverCluster' } return 'ServiceFabric' } if (Test-ComputerNameIsLocal -ComputerName $NetworkController) { [string]$result = Invoke-Command -ScriptBlock $sb } else { [string]$result = Invoke-PSRemoteCommand -ComputerName $NetworkController -ScriptBlock $sb -Credential $Credential } "Cluster Type: $result" | Trace-Output -Level:Verbose return $result } function Get-SdnDipProbeInfoFromHost { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [IPAddress[]]$HostIPAddress, [Parameter(Mandatory = $false)] [System.String]$ProbeID = $null ) $slbManager = Connect-SlbManager -ErrorAction Stop if ($slbManager) { $dipProbeInfo = $slbManager.GetDipProbeInfoFromHost($HostIPAddress, $ProbeID) return $dipProbeInfo } } function Get-SdnDiscovery { <# .SYNOPSIS Calls to the Discovery API endpoint to determine versioning and feature details .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [Uri]$NcUri, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) try { $result = Get-SdnResource -NcUri $NcUri -Resource 'Discovery' -Credential $Credential return $result } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnNetworkControllerRestURL { <# .SYNOPSIS Queries Network Controller to identify the Rest URL endpoint that can be used to query the north bound API endpoint. #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [String]$NetworkController = $env:COMPUTERNAME, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) # if already populated into the cache, return the value if (-NOT ([System.String]::IsNullOrEmpty($Global:SdnDiagnostics.EnvironmentInfo.NcUrl))) { return $Global:SdnDiagnostics.EnvironmentInfo.NcUrl } try { switch ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType) { 'FailoverCluster' { $result = Get-SdnNetworkControllerFC @PSBoundParameters -ErrorAction Stop if ($result) { $endpoint = $result.RestCertificateSubjectName } } 'ServiceFabric' { $result = Get-SdnNetworkControllerSF @PSBoundParameters -ErrorAction Stop if ($result) { $endpoint = $result.ServerCertificate.Subject.Split('=')[1] } } } } catch { $_ | Trace-Exception throw $_ } if (-NOT [string]::IsNullOrEmpty($endpoint)) { $ncUrl = 'https://{0}' -f $endpoint return $ncUrl } else { throw New-Object System.NullReferenceException("Failed to retrieve Network Controller Rest URL.") } } function Get-SdnVipState { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [IPAddress]$VirtualIPAddress ) $slbManager = Connect-SlbManager -ErrorAction Stop if ($slbManager) { $vipState = $slbManager.GetVipState($VirtualIPAddress) return $vipState } } function Get-SdnVirtualServer { <# .SYNOPSIS Returns virtual server of a particular resource Id from network controller. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER ResourceRef Specifies Resource Ref of virtual server. #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [Uri]$NcUri, [Parameter(Mandatory = $true)] [String]$ResourceRef, [Parameter(Mandatory = $false)] [switch]$ManagementAddressOnly, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) try { $result = Get-SdnResource -NcUri $NcUri.AbsoluteUri -ResourceRef $ResourceRef -Credential $Credential foreach ($obj in $result) { if ($obj.properties.provisioningState -ne 'Succeeded') { "{0} is reporting provisioningState: {1}" -f $obj.resourceId, $obj.properties.provisioningState | Trace-Output -Level:Warning } } if ($ManagementAddressOnly) { $connections = (Get-ManagementAddress -ManagementAddress $result.properties.connections.managementAddresses) return $connections } else { return $result } } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SlbClient { [CmdletBinding()] param() # as we are dependent on the assemblies contained on Network Controller # we need to ensure we are running on Network Controller $config = Get-SdnModuleConfiguration -Role 'NetworkController' $confirmFeatures = Confirm-RequiredFeaturesInstalled -Name $config.windowsFeature if (-NOT ($confirmFeatures)) { throw New-Object System.NotSupportedException("The current machine is not a NetworkController, run this on NetworkController.") } $rootDir = "$env:SystemRoot\NetworkController" $null = [Reflection.Assembly]::LoadFrom("$rootDir\SharedAssemblies\Microsoft.CloudNet.Slb.Utilities.SlbClient.dll"); $null = [Reflection.Assembly]::LoadFrom("$rootDir\Framework\Microsoft.NetworkController.Utilities.dll"); $null = [Reflection.Assembly]::LoadFrom("$rootDir\Framework\Microsoft.NetworkController.ServiceModule.dll"); [Microsoft.Cloudnet.Slb.Utilities.SlbClient.SlbManagerConnectionFactory]::SlbClientInitializeWithDefaultSettings(); [Microsoft.Cloudnet.Slb.Utilities.SlbClient.SlbManagerConnectionFactory]::UseInteractiveLogon = $false [Microsoft.Cloudnet.Slb.Utilities.SlbClient.SlbManagerConnectionFactory]::EnableBlockingNotifications = $true; $slbClient = [Microsoft.Cloudnet.Slb.Utilities.SlbClient.SlbClient]::new() return $slbClient } function Invoke-SdnNetworkControllerStateDump { <# .SYNOPSIS Executes a PUT operation against REST API endpoint for Network Controller to trigger a IMOS dump of Network Controller services. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER ExecutionTimeout Specify the execution timeout (seconds) on how long you want to wait for operation to complete before cancelling operation. If omitted, defaults to 300 seconds. #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [uri]$NcUri, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false)] [int]$ExecutionTimeOut = 300, [Parameter(Mandatory = $false)] [int]$PollingInterval = 1 ) try { $stopWatch = [system.diagnostics.stopwatch]::StartNew() [System.String]$uri = Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ResourceRef 'diagnostics/networkControllerState' # trigger IMOS dump "Generate In Memory Object State (IMOS) dump by executing PUT operation against {0}" -f $uri | Trace-Output $null = Invoke-WebRequestWithRetry -Method 'Put' -Uri $uri -Credential $Credential -Body "{}" -UseBasicParsing ` -Headers @{"Accept"="application/json"} -Content "application/json; charset=UTF-8" # monitor until the provisionState for the object is not in 'Updating' state while ($true) { Start-Sleep -Seconds $PollingInterval if ($stopWatch.Elapsed.TotalSeconds -gt $ExecutionTimeOut) { throw New-Object System.TimeoutException("Operation did not complete within the specified time limit") } $result = Get-SdnResource -NcUri $NcUri.AbsoluteUri -ResourceRef 'diagnostics/networkControllerState' -Credential $Credential if ($result.properties.provisioningState -ine 'Updating') { break } } $stopWatch.Stop() if ($result.properties.provisioningState -ine 'Succeeded') { $msg = "Unable to generate IMOS dump. ProvisioningState: {0}" -f $result.properties.provisioningState throw New-Object System.Exception($msg) } return $true } catch { $_ | Trace-Exception $_ | Write-Error } } function Remove-PropertiesFromObject { <# .SYNSOPSIS Removes properties from a PSObject. #> param( [Parameter(Mandatory=$true)] [PSObject]$Object, [Parameter(Mandatory=$true)] [string[]]$PropertiesToRemove ) # Loop through each property of the object foreach ($property in $Object.PSObject.Properties) { # If the property is in the list of properties to remove, remove it if ($property.Name -in $PropertiesToRemove) { $Object.PSObject.Properties.Remove($property.Name) } } return $Object } function Test-NetworkControllerIsHealthy { try { $null = Get-NetworkController -ErrorAction 'Stop' return $true } catch { "Network Controller is not healthy" | Trace-Output -Level:Error return $false } } function Update-NetworkControllerCertificateAcl { <# .SYNOPSIS Update the Network Controller Certificate to grant Network Service account read access to the private key. .PARAMETER NcNodeList The NcNodeList that retrieved via Get-SdnNetworkControllerInfoOffline. .PARAMETER CertRotateConfig The Config generated by New-SdnCertificateRotationConfig to include NC REST certificate thumbprint and node certificate thumbprint. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. #> param ( [Parameter(Mandatory = $true)] [PSCustomObject[]] $NcNodeList, [Parameter(Mandatory = $true)] [hashtable] $CertRotateConfig, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) try { $NcRestCertThumbprint = $CertRotateConfig["NcRestCert"] foreach ($ncNode in $NcNodeList) { $ncNodeCertThumbprint = $CertRotateConfig[$ncNode.NodeName.ToLower()] Invoke-PSRemoteCommand -ComputerName $ncNode.IpAddressOrFQDN -Credential $Credential -ScriptBlock { param([Parameter(Position = 0)][String]$param1, [Parameter(Position = 1)][String]$param2) Set-SdnCertificateAcl -Path $param1 -Thumbprint $param2 } -ArgumentList @('Cert:\LocalMachine\My', $NcRestCertThumbprint) if ($CertRotateConfig["ClusterCredentialType"] -ieq "X509") { Invoke-PSRemoteCommand -ComputerName $ncNode.IpAddressOrFQDN -Credential $Credential -ScriptBlock { param([Parameter(Position = 0)][String]$param1, [Parameter(Position = 1)][String]$param2) Set-SdnCertificateAcl -Path $param1 -Thumbprint $param2 } -ArgumentList @('Cert:\LocalMachine\My', $ncNodeCertThumbprint) } } } catch { $_ | Trace-Exception $_ | Write-Error } } function Update-NetworkControllerCredentialResource { <# .SYNOPSIS Update the Credential Resource in Network Controller with new certificate. .PARAMETER NcUri The Network Controller REST URI. .PARAMETER NewRestCertThumbprint The new Network Controller REST Certificate Thumbprint to be used by credential resource. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. #> param ( [Parameter(Mandatory = $true)] [System.String] $NcUri, [Parameter(Mandatory = $true)] [System.String] $NewRestCertThumbprint, [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) $headers = @{"Accept"="application/json"} $content = "application/json; charset=UTF-8" $timeoutInMinutes = 10 $array = @() $servers = Get-SdnServer -NcUri $NcUri -Credential $Credential foreach ($object in $servers) { "Processing X509 connections for {0}" -f $object.resourceRef | Trace-Output foreach ($connection in $servers.properties.connections | Where-Object { $_.credentialType -ieq "X509Certificate" -or $_.credentialType -ieq "X509CertificateSubjectName" }) { $stopWatch = [System.Diagnostics.Stopwatch]::StartNew() $cred = Get-SdnResource -NcUri $NcUri -ResourceRef $connection.credential.resourceRef -Credential $Credential # if for any reason the certificate thumbprint has been updated, then skip the update operation for this credential resource if ($cred.properties.value -ieq $NewRestCertThumbprint) { "{0} has already updated to {1}" -f $cred.resourceRef, $NewRestCertThumbprint | Trace-Output continue } "{0} will be updated from {1} to {2}" -f $cred.resourceRef, $cred.properties.value, $NewRestCertThumbprint | Trace-Output $cred.properties.value = $NewRestCertThumbprint $credBody = $cred | ConvertTo-Json -Depth 100 [System.String]$uri = Get-SdnApiEndpoint -NcUri $NcUri -ResourceRef $cred.resourceRef $null = Invoke-WebRequestWithRetry -Method 'Put' -Uri $uri -Credential $Credential -UseBasicParsing ` -Headers $headers -ContentType $content -Body $credBody while ($true) { if ($stopWatch.Elapsed.TotalMinutes -ge $timeoutInMinutes) { $stopWatch.Stop() throw New-Object System.TimeoutException("Update of $($cred.resourceRef) did not complete within the alloted time") } $result = Invoke-RestMethodWithRetry -Method 'Get' -Uri $uri -Credential $Credential -UseBasicParsing if ($result.properties.provisioningState -ieq 'Updating') { "Status: {0}" -f $result.properties.provisioningState | Trace-Output Start-Sleep -Seconds 15 } elseif ($result.properties.provisioningState -ieq 'Failed') { $stopWatch.Stop() throw New-Object System.Exception("Failed to update $($cred.resourceRef)") } elseif ($result.properties.provisioningState -ieq 'Succeeded') { "Successfully updated {0}" -f $cred.resourceRef | Trace-Output break } else { $stopWatch.Stop() throw New-Object System.Exception("Failed to update $($cred.resourceRef) with $($result.properties.provisioningState)") } } $array += $result } } return $array } function Get-SdnApiEndpoint { <# .SYNOPSIS Used to construct the URI endpoint for Network Controller NB API .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER ApiVersion The API version to use when invoking against the NC REST API endpoint. By default, reads from $Global:SdnDiagnostics.EnvironmentInfo.RestApiVersion which defaults to 'v1' unless explicity overwritten, or 'Get-SdnInfrastructureInfo' is called. .PARAMETER ResourceName Network Controller resource exposed via NB API interface of Network Controller, as defined under https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ncnbi/6dbabf43-0fcd-439c-81e2-7eb794f7c140. .PARAMETER OperationId Operation ID for diagnostics operation. This is optional and only used for certain resources. .PARAMETER ResourceRef The exact resource reference in format of /resourceName/{resourceId}/childObject/{resourceId} .EXAMPLE PS> Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ResourceName 'VirtualNetworks' .EXAMPLE PS> Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ResourceName '/virtualnetworks/contoso-vnet01' #> [CmdletBinding()] param( [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [Parameter(Mandatory = $true, ParameterSetName = 'ResourceName')] [Uri]$NcUri, [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceName')] [System.String]$ApiVersion = $Global:SdnDiagnostics.EnvironmentInfo.RestApiVersion, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceName')] [System.String]$ResourceName, [Parameter(Mandatory = $false, ParameterSetName = 'ResourceName')] [System.String]$OperationId, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [System.String]$ResourceRef ) switch ($PSCmdlet.ParameterSetName) { 'ResourceRef' { $ResourceRef = $ResourceRef.TrimStart('/') if ($resourceRef -ilike "Discovery*") { [System.String]$endpoint = "{0}/networking/{1}" -f $NcUri.AbsoluteUri.TrimEnd('/'), $ResourceRef } else { [System.String]$endpoint = "{0}/networking/{1}/{2}" -f $NcUri.AbsoluteUri.TrimEnd('/'), $ApiVersion, $ResourceRef } } 'ResourceName' { $apiEndpointProperties = $Script:SdnDiagnostics_NC.Config.Properties.ApiResources[$ResourceName] if ([string]::IsNullOrEmpty($apiEndpointProperties.minVersion)) { [System.String]$endpoint = "{0}/networking/{1}" -f $NcUri.AbsoluteUri.TrimEnd('/'), $apiEndpointProperties.uri } else { [System.String]$endpoint = "{0}/networking/{1}/{2}" -f $NcUri.AbsoluteUri.TrimEnd('/'), $ApiVersion, $apiEndpointProperties.uri } if ($apiEndpointProperties.operationId -and (-NOT ([System.String]::IsNullOrEmpty($OperationId)))) { $endpoint = "{0}/{1}" -f $endpoint, $OperationId } } } $endpoint = $endpoint.TrimEnd('/') "Endpoint: {0}" -f $endpoint | Trace-Output -Level:Verbose return $endpoint } function Get-SdnAuditLog { <# .SYNOPSIS Collects the audit logs for Network Security Groups (NSG) from the hypervisor hosts .PARAMETER OutputDirectory Directory the results will be saved to. If ommitted, will default to the current working directory. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER NCRestCredential Specifies a user account that has permission to access the northbound NC API interface. The default is the current user. .PARAMETER ComputerName Type the NetBIOS name, an IP address, or a fully qualified domain name of one or more remote compute .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.String]$OutputDirectory = "$(Get-WorkingDirectory)\AuditLogs", [Parameter(Mandatory = $true)] [Uri]$NcUri, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $NcRestCredential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false, ValueFromPipeline)] [System.String[]]$ComputerName, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) # verify that the environment we are on supports at least v3 API and later # as described in https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-ncnbi/dc23b547-9ec4-4cb3-ab20-a6bfe01ddafb $currentRestVersion = (Get-SdnResource -NcUri $NcUri.AbsoluteUri -Resource 'Discovery' -Credential $NcRestCredential).properties.currentRestVersion [int]$currentRestVersionInt = $currentRestVersion.Replace('V','').Replace('v','').Trim() if ($currentRestVersionInt -lt 3) { "Auditing requires API version 3 or later. Network Controller supports version {0}" -f $currentRestVersionInt | Trace-Output -Level:Warning return } # check to see that auditing has been enabled $auditSettingsConfig = Get-SdnResource -NcUri $NcUri.AbsoluteUri -Resource 'AuditingSettingsConfig' -ApiVersion $currentRestVersion -Credential $NcRestCredential if ([string]::IsNullOrEmpty($auditSettingsConfig.properties.outputDirectory)) { "Audit logging is not enabled" | Trace-Output return } else { "Audit logging location: {0}" -f $auditSettingsConfig.properties.outputDirectory | Trace-Output } # if $ComputerName was not specified, then attempt to locate the servers within the SDN fabric # only add the servers where auditingEnabled has been configured as 'Firewall' if ($null -eq $ComputerName) { $sdnServers = Get-SdnResource -Resource Servers -NcUri $NcUri.AbsoluteUri -Credential $NcRestCredential -ApiVersion $currentRestVersion ` | Where-Object {$_.properties.auditingEnabled -ieq 'Firewall'} $ComputerName = ($sdnServers.properties.connections | Where-Object {$_.credentialType -ieq 'UsernamePassword'}).managementAddresses } $ComputerName | ForEach-Object { "Collecting audit logs from {0}" -f $_ | Trace-Output $outputDir = Join-Path -Path $OutputDirectory -ChildPath $_.ToLower() Copy-FileFromRemoteComputer -ComputerName $_ -Credential $Credential -Path $auditSettingsConfig.properties.outputDirectory -Destination $outputDir -Recurse -Force } } function Get-SdnGateway { <# .SYNOPSIS Returns a list of gateways from network controller. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER ResourceId Specifies the unique identifier for the resource. .PARAMETER ResourceRef Specifies the resource reference for the resource. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .PARAMETER ManagementAddressOnly Optional parameter to only return back the Management Address value. .EXAMPLE PS> Get-SdnGateway -NcUri 'https://NC.FQDN' -Credential (Get-Credential) .EXAMPLE PS> Get-SdnGateway -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ManagementAddressOnly .EXAMPLE PS> Get-SdnGateway -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceId 'f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' .EXAMPLE PS> Get-SdnGateway -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceRef 'gateways/f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' .EXAMPLE PS> Get-SdnGateway -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceId 'f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' -ManagementAddressOnly .EXAMPLE PS> Get-SdnGateway -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceRef 'gateways/f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' -ManagementAddressOnly #> [CmdletBinding(DefaultParameterSetName = 'Default')] param ( [Parameter(Mandatory = $true, ParameterSetName = 'Default')] [Parameter(Mandatory = $true, ParameterSetName = 'ResourceId')] [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [Uri]$NcUri, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceId')] [String]$ResourceId, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [String]$ResourceRef, [Parameter(Mandatory = $false, ParameterSetName = 'Default')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceId')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false, ParameterSetName = 'Default')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceId')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [switch]$ManagementAddressOnly ) $params = @{ NcUri = $NcUri Credential = $Credential } switch ($PSCmdlet.ParameterSetName) { 'ResourceId' { $params.Add('Resource', 'Gateways') $params.Add('ResourceId', $ResourceId) } 'ResourceRef' { $params.Add('ResourceRef', $ResourceRef) } default { $params.Add('Resource', 'Gateways') } } try { $result = Get-SdnResource @params if ($result) { foreach($obj in $result){ if($obj.properties.provisioningState -ne 'Succeeded'){ "{0} is reporting provisioningState: {1}" -f $obj.resourceId, $obj.properties.provisioningState | Trace-Output -Level:Warning } } if($ManagementAddressOnly){ $connections = @() foreach ($resource in $result) { $virtualServerMgmtAddress = Get-SdnVirtualServer -NcUri $NcUri.AbsoluteUri -ResourceRef $resource.properties.virtualserver.ResourceRef -ManagementAddressOnly -Credential $Credential $connections += $virtualServerMgmtAddress } return $connections } else { return $result } } } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnInfrastructureInfo { <# .SYNOPSIS Get the SDN infrastructure information from network controller. The function will update the $Global:SdnDiagnostics.EnvironmentInfo variable. .PARAMETER NetworkController Specifies the name or IP address of the network controller node on which this cmdlet operates. The parameter is optional if running on network controller node. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .PARAMETER NcRestCredential Specifies a user account that has permission to perform this action. The default is the current user. .PARAMETER Force Switch parameter to force a refresh of the environment cache details .EXAMPLE PS> Get-SdnInfrastructureInfo .EXAMPLE PS> Get-SdnInfrastructureInfo -NetworkController 'NC01' -Credential (Get-Credential) -NcRestCredential (Get-Credential) #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [String]$NetworkController = $env:COMPUTERNAME, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false)] [ValidateScript({ if ($_.Scheme -ne "http" -and $_.Scheme -ne "https") { throw New-Object System.FormatException("Parameter is expected to be in http:// or https:// format.") } return $true })] [Uri]$NcUri, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $NcRestCredential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false)] [Switch]$Force ) if (Test-ComputerNameIsLocal -ComputerName $NetworkController) { Confirm-IsNetworkController } try { # if force is defined, purge the cache to force a refresh on the objects if ($PSBoundParameters.ContainsKey('Force')) { $Global:SdnDiagnostics.EnvironmentInfo.NcUrl = $null $global:SdnDiagnostics.EnvironmentInfo.NetworkController = $null $global:SdnDiagnostics.EnvironmentInfo.LoadBalancerMux = $null $Global:SdnDiagnostics.EnvironmentInfo.Gateway = $null $Global:SdnDiagnostics.EnvironmentInfo.Server = $null $Global:SdnDiagnostics.EnvironmentInfo.FabricNodes = $null } # get cluster type $clusterType = Get-SdnClusterType -NetworkController $NetworkController -Credential $Credential if ($clusterType) { $Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType = $clusterType } # get the cluster name if we using a failover cluster if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -eq 'FailoverCluster') { if ([System.String]::IsNullOrEmpty($Global:SdnDiagnostics.EnvironmentInfo.FailoverClusterConfig.Name)) { $Global:SdnDiagnostics.EnvironmentInfo.FailoverClusterConfig.Name = Get-SdnClusterName -NetworkController $NetworkController -Credential $Credential } } # get the NC Northbound API endpoint if ($NcUri) { $Global:SdnDiagnostics.EnvironmentInfo.NcUrl = $NcUri.AbsoluteUri } elseif ([System.String]::IsNullOrEmpty($Global:SdnDiagnostics.EnvironmentInfo.NcUrl)) { $result = Get-SdnNetworkControllerRestURL -NetworkController $NetworkController -Credential $Credential if ([string]::IsNullOrEmpty($result)) { throw New-Object System.NullReferenceException("Unable to locate REST API endpoint for Network Controller. Please specify REST API with -RestUri parameter.") } $Global:SdnDiagnostics.EnvironmentInfo.NcUrl = $result } # get the supported rest API versions from network controller # as we default this to v1 on module import within $Global.SdnDiagnostics, will not check to see if null first $currentRestVersion = (Get-SdnDiscovery -NcUri $Global:SdnDiagnostics.EnvironmentInfo.NcUrl -Credential $NcRestCredential).properties.currentRestVersion if (-NOT [String]::IsNullOrEmpty($currentRestVersion)) { $Global:SdnDiagnostics.EnvironmentInfo.RestApiVersion = $currentRestVersion } # get the network controllers if ([System.String]::IsNullOrEmpty($global:SdnDiagnostics.EnvironmentInfo.NetworkController)) { [System.Array]$global:SdnDiagnostics.EnvironmentInfo.NetworkController = Get-SdnNetworkControllerNode -NetworkController $NetworkController -ServerNameOnly -Credential $Credential -ErrorAction Continue } # get the load balancer muxes if ([System.String]::IsNullOrEmpty($global:SdnDiagnostics.EnvironmentInfo.LoadBalancerMux)) { [System.Array]$global:SdnDiagnostics.EnvironmentInfo.LoadBalancerMux = Get-SdnLoadBalancerMux -NcUri $Global:SdnDiagnostics.EnvironmentInfo.NcUrl -ManagementAddressOnly -Credential $NcRestCredential -ErrorAction Continue } # get the gateways if ([System.String]::IsNullOrEmpty($Global:SdnDiagnostics.EnvironmentInfo.Gateway)) { [System.Array]$Global:SdnDiagnostics.EnvironmentInfo.Gateway = Get-SdnGateway -NcUri $Global:SdnDiagnostics.EnvironmentInfo.NcUrl -ManagementAddressOnly -Credential $NcRestCredential -ErrorAction Continue } # get the hypervisor hosts if ([System.String]::IsNullOrEmpty($Global:SdnDiagnostics.EnvironmentInfo.Server)) { [System.Array]$Global:SdnDiagnostics.EnvironmentInfo.Server = Get-SdnServer -NcUri $Global:SdnDiagnostics.EnvironmentInfo.NcUrl -ManagementAddressOnly -Credential $NcRestCredential -ErrorAction Continue } # populate the global cache that contains the names of the nodes for the roles defined above $fabricNodes = @() $fabricNodes += $global:SdnDiagnostics.EnvironmentInfo.NetworkController if($null -ne $Global:SdnDiagnostics.EnvironmentInfo.Server){ $fabricNodes += $Global:SdnDiagnostics.EnvironmentInfo.Server } if($null -ne $Global:SdnDiagnostics.EnvironmentInfo.Gateway){ $fabricNodes += $Global:SdnDiagnostics.EnvironmentInfo.Gateway } if($null -ne $Global:SdnDiagnostics.EnvironmentInfo.LoadBalancerMux){ $fabricNodes += $Global:SdnDiagnostics.EnvironmentInfo.LoadBalancerMux } $Global:SdnDiagnostics.EnvironmentInfo.FabricNodes = $fabricNodes } catch { # Remove any cached info in case of exception as the cached info might be incorrect $Global:SdnDiagnostics.EnvironmentInfo.NcUrl = $null $global:SdnDiagnostics.EnvironmentInfo.NetworkController = $null $global:SdnDiagnostics.EnvironmentInfo.LoadBalancerMux = $null $Global:SdnDiagnostics.EnvironmentInfo.Gateway = $null $Global:SdnDiagnostics.EnvironmentInfo.Server = $null $Global:SdnDiagnostics.EnvironmentInfo.FabricNodes = $null $_ | Trace-Exception $_ | Write-Error } return $Global:SdnDiagnostics.EnvironmentInfo } Set-Alias -Name "Get-SdnEnvironmentInfo" -Value "Get-SdnInfrastructureInfo" -Force function Get-SdnInternalLoadBalancer { <# .SYNOPSIS Performs lookups and joins between OVSDB resources, load balancers and virtual networks to create internal load balancer object mappings .PARAMETER NcUri Specifies the Network Controller URI to connect to. .PARAMETER IPAddress Specify the private IP address of the Internal Load Balancer. .PARAMETER ProviderAddress Specify the provider address IP that is associated with the Internal Load Balancer. .PARAMETER Credential Specifies a user account that has permission to the Hyper-V Hosts within the SDN Fabric. The default is the current user. .PARAMETER NcRestCredential Specifies a user account that has permission to query the Network Controller NB API endpoint. The default is the current user. .EXAMPLE Get-SdnInternalLoadBalancer -NcUri https://nc.contoso.com -IPAddress 10.10.0.50 .EXAMPLE Get-SdnInternalLoadBalancer -NcUri https://nc.contoso.com -Credential (Get-Credential) #> [CmdletBinding(DefaultParameterSetName = 'Default')] param ( [Parameter(Mandatory = $true, ParameterSetName = 'Default')] [Parameter(Mandatory = $true, ParameterSetName = 'IPAddress')] [Parameter(Mandatory = $true, ParameterSetName = 'ProviderAddress')] [Uri]$NcUri, [Parameter(Mandatory = $true, ParameterSetName = 'IPAddress')] [IPAddress]$IPAddress, [Parameter(Mandatory = $true, ParameterSetName = 'ProviderAddress')] [IPAddress]$ProviderAddress, [Parameter(Mandatory = $false, ParameterSetName = 'Default')] [Parameter(Mandatory = $false, ParameterSetName = 'IPAddress')] [Parameter(Mandatory = $false, ParameterSetName = 'ProviderAddress')] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false, ParameterSetName = 'Default')] [Parameter(Mandatory = $false, ParameterSetName = 'IPAddress')] [Parameter(Mandatory = $false, ParameterSetName = 'ProviderAddress')] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $NcRestCredential = [System.Management.Automation.PSCredential]::Empty ) $array = @() $subnetHash = [System.Collections.Hashtable]::new() $frontendHash = [System.Collections.Hashtable]::new() try { $servers = Get-SdnServer -NcUri $NcUri -Credential $NcRestCredential -ManagementAddressOnly $ovsdbAddressMappings = Get-SdnOvsdbAddressMapping -ComputerName $servers -Credential $Credential | Where-Object {$_.mappingType -eq 'learning_disabled'} $loadBalancers = Get-SdnResource -NcUri $NcUri -Credential $NcRestCredential -Resource LoadBalancers $virtualNetworks = Get-SdnResource -NcUri $NcUri -Credential $NcRestCredential -Resource VirtualNetworks # if this returns null, this is due to no tenant internal load balancers have been provisioned on the system # in which case all the further processing is not needed if($null -eq $ovsdbAddressMappings){ "No tenant Internal Load Balancer references found within OVSDB" | Trace-Output -Level:Verbose return $null } "Located {0} address mappings from OVSDB" -f $ovsdbAddressMappings.Count | Trace-Output -Level:Verbose # create a hash table based on the subnet instanceId contained within the virtual networks foreach($group in $virtualNetworks.properties.subnets | Group-Object InstanceID){ [void]$subnetHash.Add($group.Name, $group.Group) } "Located {0} subnets" -f $subnetHash.Count | Trace-Output -Level:Verbose # create a hash table based on the resourceRef of the frontendIPConfigurations within the load balancers foreach($group in $loadBalancers.properties.frontendIPConfigurations | Group-Object resourceRef){ [void]$frontendHash.Add($group.Name, $group.Group) } "Located {0} frontendIPConfigurations" -f $frontendHash.Count | Trace-Output -Level:Verbose foreach($ovsdbObject in $ovsdbAddressMappings){ # leveraging the routing domain ID taken from the OVSDB objects we need to # do a lookup against the virtual network subnets to locate the associated ip configurations # once we have the ipconfiguration, we want to enumerate each load balancer to match on the customer ip address $tenantSubnet = $subnetHash[$ovsdbObject.RoutingDomainID.Guid] if($tenantSubnet){ $loadBalancerResourceRef = $tenantSubnet.properties.ipConfigurations | Where-Object {$_.ResourceRef -like "/loadBalancers/*"} if($loadBalancerResourceRef){ foreach($resource in $loadBalancerResourceRef){ $internalLoadBalancer = $frontendHash[$resource.resourceRef] # if the customer ip address does not match between load balancer and ovsdb then skip it as # this is not the load balancer you are looking for if($internalLoadBalancer){ if($internalLoadBalancer.properties.privateIPAddress -ne $ovsdbObject.CustomerAddress){ continue } # create a new object to add to the array list as we now have all the mappings we want $array += [PSCustomObject]@{ ResourceRef = [String]$internalLoadBalancer.resourceRef CustomerAddress = [IPAddress]$internalLoadBalancer.properties.privateIPAddress ProviderAddress = [IPAddress]$ovsdbObject.ProviderAddress } } else { "Unable to locate Load Balancer Frontend IP Configuration for {0}" -f $resource.resourceRef | Trace-Output -Level:Warning } } } else { "Unable to locate any Load Balancer objects within IP configurations for {0}" -f $tenantSubnet.resourceRef | Trace-Output -Level:Warning } } else { "Unable to locate Virtual Network Subnet related to Routing Domain ID {0}" -f $ovsdbObject.RoutingDomainID | Trace-Output -Level:Warning } } if ($IPAddress) { return ($array | Where-Object {$_.CustomerAddress -eq $IPAddress}) } if ($ProviderAddress) { return ($array | Where-Object {$_.ProviderAddress -eq $ProviderAddress}) } return ($array | Sort-Object CustomerAddress -Unique) } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnLoadBalancerMux { <# .SYNOPSIS Returns a list of load balancer muxes from network controller .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER ResourceId Specifies the unique identifier for the resource. .PARAMETER ResourceRef Specifies the resource reference for the resource. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .PARAMETER ManagementAddressOnly Optional parameter to only return back the Management Address value. .EXAMPLE PS> Get-SdnLoadBalancerMux -NcUri 'https://NC.FQDN' -Credential (Get-Credential) .EXAMPLE PS> Get-SdnLoadBalancerMux -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ManagementAddressOnly .EXAMPLE PS> Get-SdnLoadBalancerMux -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceId 'f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' .EXAMPLE PS> Get-SdnLoadBalancerMux -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceRef '/LoadBalancerMuxes/f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' .EXAMPLE PS> Get-SdnLoadBalancerMux -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceId 'f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' -ManagementAddressOnly .EXAMPLE PS> Get-SdnLoadBalancerMux -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceRef '/LoadBalancerMuxes/f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' -ManagementAddressOnly #> [CmdletBinding(DefaultParameterSetName = 'Default')] param ( [Parameter(Mandatory = $true, ParameterSetName = 'Default')] [Parameter(Mandatory = $true, ParameterSetName = 'ResourceId')] [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [Uri]$NcUri, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceId')] [String]$ResourceId, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [String]$ResourceRef, [Parameter(Mandatory = $false, ParameterSetName = 'Default')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceId')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false, ParameterSetName = 'Default')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceId')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [switch]$ManagementAddressOnly ) $params = @{ NcUri = $NcUri Credential = $Credential } switch ($PSCmdlet.ParameterSetName) { 'ResourceId' { $params.Add('Resource', 'LoadBalancerMuxes') $params.Add('ResourceId', $ResourceId) } 'ResourceRef' { $params.Add('ResourceRef', $ResourceRef) } default { $params.Add('Resource', 'LoadBalancerMuxes') } } try { $result = Get-SdnResource @params if ($result) { foreach($obj in $result){ if($obj.properties.provisioningState -ne 'Succeeded'){ "{0} is reporting provisioningState: {1}" -f $obj.resourceId, $obj.properties.provisioningState | Trace-Output -Level:Warning } } if($ManagementAddressOnly){ $connections = @() foreach ($resource in $result) { $virtualServerMgmtAddress = Get-SdnVirtualServer -NcUri $NcUri.AbsoluteUri -ResourceRef $resource.properties.virtualserver.ResourceRef -ManagementAddressOnly -Credential $Credential $connections += $virtualServerMgmtAddress } return $connections } else { return $result } } } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnNetworkController { <# .SYNOPSIS Gets network controller application settings from the network controller. .PARAMETER NetworkController Specifies the name or IP address of the network controller node on which this cmdlet operates. The parameter is optional if running on network controller node. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .EXAMPLE PS> Get-SdnNetworkController .EXAMPLE PS> Get-SdnNetworkController -NetworkController 'NC01' -Credential (Get-Credential) #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.String]$NetworkController = $env:COMPUTERNAME, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) switch ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType) { 'FailoverCluster' { Get-SdnNetworkControllerFC @PSBoundParameters } 'ServiceFabric' { Get-SdnNetworkControllerSF @PSBoundParameters } } } function Get-SdnNetworkControllerClusterInfo { <# .SYNOPSIS Gather the Network Controller cluster wide info from one of the Network Controller .PARAMETER NetworkController Specifies the name of the network controller node on which this cmdlet operates. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .PARAMETER OutputDirectory Directory location to save results. It will create a new sub-folder called NetworkControllerClusterInfo that the files will be saved to .EXAMPLE PS> Get-SdnNetworkControllerClusterInfo .EXAMPLE PS> Get-SdnNetworkControllerClusterInfo -NetworkController 'NC01' -Credential (Get-Credential) #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.String]$NetworkController, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $true)] [System.IO.FileInfo]$OutputDirectory ) switch ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType) { 'FailoverCluster' { Get-SdnNetworkControllerFCClusterInfo @PSBoundParameters } 'ServiceFabric' { Get-SdnNetworkControllerSFClusterInfo @PSBoundParameters } } } function Get-SdnNetworkControllerNode { <# .SYNOPSIS Returns a list of servers from network controller. .PARAMETER Name Specifies the friendly name of the node for the network controller. If not provided, settings are retrieved for all nodes in the deployment. .PARAMETER NetworkController Specifies the name or IP address of the network controller node on which this cmdlet operates. The parameter is optional if running on network controller node. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .EXAMPLE PS> Get-SdnNetworkControllerNode .EXAMPLE PS> Get-SdnNetworkControllerNode -NetworkController 'NC01' -Credential (Get-Credential) #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [System.String]$Name, [Parameter(Mandatory = $false)] [System.String]$NetworkController = $env:COMPUTERNAME, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false)] [switch]$ServerNameOnly ) switch ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType) { 'FailoverCluster' { Get-SdnNetworkControllerFCNode @PSBoundParameters } 'ServiceFabric' { Get-SdnNetworkControllerSFNode @PSBoundParameters } } } function Get-SdnNetworkControllerNodeCertificate { <# .SYNOPSIS Returns the current Network Controller node certificate .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. #> [CmdletBinding()] param( [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -ine 'ServiceFabric') { throw New-Object System.NotSupportedException("This function is only supported on Service Fabric clusters.") } Confirm-IsNetworkController try { $networkControllerNode = Get-SdnNetworkControllerSFNode -Name $env:ComputerName -Credential $Credential # check to see if FindCertificateBy property exists as this was added in later builds # else if does not exist, default to Thumbprint for certificate if ($null -ne $networkControllerNode.FindCertificateBy) { "Network Controller is currently configured for FindCertificateBy: {0}" -f $networkControllerNode.FindCertificateBy | Trace-Output -Level:Verbose switch ($networkControllerNode.FindCertificateBy) { 'FindBySubjectName' { "`tFindBySubjectName: {0}" -f $networkControllerNode.NodeCertSubjectName | Trace-Output -Level:Verbose $certificate = Get-SdnCertificate -Path 'Cert:\LocalMachine\My' -Subject $networkControllerNode.NodeCertSubjectName } 'FindByThumbprint' { "`FindByThumbprint: {0}" -f $networkControllerNode.NodeCertificateThumbprint | Trace-Output -Level:Verbose $certificate = Get-SdnCertificate -Path 'Cert:\LocalMachine\My' -Thumbprint $networkControllerNode.NodeCertificateThumbprint } } } else { $certificate = Get-SdnCertificate -Path 'Cert:\LocalMachine\My' -Thumbprint $networkControllerNode.NodeCertificateThumbprint } if ($null -eq $certificate) { throw New-Object System.NullReferenceException("Unable to locate Network Controller Certificate") } return $certificate } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnNetworkControllerRestCertificate { <# .SYNOPSIS Returns the current Network Controller REST Certificate .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. #> [CmdletBinding()] param( [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -ine 'ServiceFabric') { throw New-Object System.NotSupportedException("This function is only supported on Service Fabric clusters.") } Confirm-IsNetworkController try { $networkController = Get-SdnNetworkControllerSF -NetworkController $env:COMPUTERNAME -Credential $Credential $ncRestCertThumprint = $($networkController.ServerCertificate.Thumbprint).ToString() $certificate = Get-SdnCertificate -Path 'Cert:\LocalMachine\My' -Thumbprint $ncRestCertThumprint if ($null -eq $certificate) { throw New-Object System.NullReferenceException("Unable to locate Network Controller Rest Certificate") } return $certificate } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnNetworkControllerState { <# .SYNOPSIS Gathers the Network Controller State dump files (IMOS) from each of the Network Controllers .PARAMETER NetworkController The computer name of the Network Controller used to retrieve Infrastructure Info and trigger IMOS generation. .PARAMETER OutputDirectory Directory location to save results. By default it will create a new sub-folder called NetworkControllerState that the files will be copied to .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .PARAMETER NcRestCredential Specifies a user account that has permission to access the northbound NC API interface. The default is the current user. .PARAMETER ExecutionTimeout Specify the execution timeout (seconds) on how long you want to wait for operation to complete before cancelling operation. If omitted, defaults to 300 seconds. .EXAMPLE PS> Get-SdnNcImosDumpFiles -NcUri "https://nc.contoso.com" -NetworkController $NetworkControllers -OutputDirectory "C:\Temp\CSS_SDN" #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.String]$NetworkController, [Parameter(Mandatory = $true)] [System.IO.FileInfo]$OutputDirectory, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $NcRestCredential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false)] [int]$ExecutionTimeOut = 300 ) try { "Collecting In Memory Object State (IMOS) for Network Controller" | Trace-Output $config = Get-SdnModuleConfiguration -Role:NetworkController [System.IO.FileInfo]$netControllerStatePath = $config.properties.netControllerStatePath [System.IO.FileInfo]$outputDir = Join-Path -Path $OutputDirectory.FullName -ChildPath 'NetworkControllerState' if (!(Test-Path -Path $outputDir.FullName -PathType Container)) { $null = New-Item -Path $outputDir.FullName -ItemType Directory -Force } $scriptBlock = { param([Parameter(Position = 0)][String]$param1) try { if (Test-Path -Path $param1 -PathType Container) { Get-Item -Path $param1 | Remove-Item -Recurse -Confirm:$false -Force -ErrorAction SilentlyContinue } $null = New-Item -Path $param1 -ItemType Container -Force } catch { $_ | Write-Error } } $infraInfo = Get-SdnInfrastructureInfo -NetworkController $NetworkController -Credential $Credential -NcRestCredential $NcRestCredential # invoke scriptblock to clean up any stale NetworkControllerState files Invoke-PSRemoteCommand -ComputerName $infraInfo.NetworkController -Credential $Credential -ScriptBlock $scriptBlock -ArgumentList $netControllerStatePath.FullName # invoke the call to generate the files # once the operation completes and returns true, then enumerate through the Network Controllers defined to collect the files $result = Invoke-SdnNetworkControllerStateDump -NcUri $infraInfo.NcUrl -Credential $NcRestCredential -ExecutionTimeOut $ExecutionTimeOut if ($result) { foreach ($ncVM in $infraInfo.NetworkController) { Copy-FileFromRemoteComputer -Path "$($config.properties.netControllerStatePath)\*" -ComputerName $ncVM -Destination $outputDir.FullName } } } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnNetworkInterfaceOutboundPublicIPAddress { <# .SYNOPSIS Gets the outbound public IP address that is used by a network interface. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER ResourceId Specifies the unique identifier for the networkinterface resource. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .EXAMPLE PS> Get-SdnNetworkInterfaceOutboundPublicIPAddress -NcUri "https://nc.contoso.com" -ResourceId '8f9faf0a-837b-43cd-b4bf-dbe996993514' .EXAMPLE PS> Get-SdnNetworkInterfaceOutboundPublicIPAddress -NcUri "https://nc.contoso.com" -ResourceId '8f9faf0a-837b-43cd-b4bf-dbe996993514' -Credential (Get-Credential) #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [uri]$NcUri, [Parameter(Mandatory = $true)] [System.String]$ResourceId, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) try { $arrayList = [System.Collections.ArrayList]::new() $networkInterface = Get-SdnResource -NcUri $NcUri.AbsoluteUri -Resource:NetworkInterfaces -Credential $Credential | Where-Object { $_.resourceId -ieq $ResourceId } if ($null -eq $networkInterface) { throw New-Object System.NullReferenceException("Unable to locate network interface within Network Controller") } foreach ($ipConfig in $networkInterface.properties.ipConfigurations) { $publicIpRef = Get-PublicIpReference -NcUri $NcUri.AbsoluteUri -IpConfiguration $ipConfig -Credential $Credential if ($publicIpRef) { $publicIpAddress = Get-SdnResource -NcUri $NcUri.AbsoluteUri -Credential $Credential -ResourceRef $publicIpRef if ($publicIpAddress) { [void]$arrayList.Add( [PSCustomObject]@{ IPConfigResourceRef = $ipConfig.resourceRef IPConfigPrivateIPAddress = $ipConfig.properties.privateIPAddress PublicIPResourceRef = $publicIpAddress.resourceRef PublicIPAddress = $publicIpAddress.properties.ipAddress } ) } } } return $arrayList } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnPublicIPPoolUsageSummary { <# .SYNOPSIS Returns back the IP addresses associated with the public logical subnet IP pools within the Network Controller environment. .DESCRIPTION This function returns back a list of IP addresses that are consumed by the PublicIPAddresses and LoadBalancer resources that are derived from the public IP pools. This helps operators quickly locate which resources are associated with a public IP address, in addition to identify available vs non-available IP addresses. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER NcRestCredential Specifies a user account that has permission to access the northbound NC API interface. The default is the current user. #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [Uri]$NcUri, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $NcRestCredential = [System.Management.Automation.PSCredential]::Empty ) $array = @() try { $logicalNetworks = Get-SdnResource -NcUri $NcUri -Resource LogicalNetworks -Credential $NcRestCredential | Where-Object {$_.properties.subnets.properties.isPublic -ieq $true} $loadBalancers = Get-SdnResource -NcUri $NcUri -Resource LoadBalancers -Credential $NcRestCredential $publicIpAddresses = Get-SdnResource -NcUri $NcUri -Resource PublicIPAddresses -Credential $NcRestCredential foreach ($subnet in $logicalNetworks.properties.subnets) { foreach ($ipPool in $subnet.properties.ipPools) { # check to see if there was any loadbalancer frontend resources on the system and cross compare with the logical subnet ipPool # if they address falls within the ipPool range, then add to the array if ($loadBalancers) { foreach ($loadBalancer in $loadBalancers) { foreach ($frontEndConfig in $loadBalancer.properties.frontendIPConfigurations) { if ($frontEndConfig.properties.privateIPAddress) { if (Confirm-IpAddressInRange -IpAddress $frontEndConfig.properties.privateIPAddress -StartAddress $ipPool.properties.startIpAddress -EndAddress $ipPool.properties.EndIpAddress) { $object = [PSCustomObject]@{ IPPool = $ipPool.ResourceId IPAddress = $frontEndConfig.properties.privateIPAddress ProvisioningState = $frontEndConfig.properties.provisioningState AllocationMethod = $frontEndConfig.properties.privateIPAllocationMethod ResourceType = 'FrontEndIpConfiguration' ResourceId = $frontEndConfig.resourceId InstanceId = $frontEndConfig.instanceId AssociatedResource = $loadBalancer.resourceRef } $array += $object } } } } } # check to see if there was any public IP address resources on the system and cross compare with the logical subnet ipPool # if they address falls within the ipPool range, then add to the array if ($publicIpAddresses) { foreach ($publicIp in $publicIpAddresses) { if (Confirm-IpAddressInRange -IpAddress $publicIp.properties.IpAddress -StartAddress $ipPool.properties.startIpAddress -EndAddress $ipPool.properties.EndIpAddress) { $object = [PSCustomObject]@{ IPPool = $ipPool.ResourceId IPAddress = $publicIp.properties.ipAddress ProvisioningState = $publicIp.properties.provisioningState AllocationMethod = $publicIp.properties.publicIPAllocationMethod ResourceType = 'PublicIpAddress' ResourceId = $publicIp.resourceId InstanceId = $publicIp.instanceId AssociatedResource = $publicIp.properties.ipConfiguration.resourceRef } $array += $object } } } } } return ($array | Sort-Object -Property 'IpAddress') } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnResource { <# .SYNOPSIS Invokes a web request to SDN API for the requested resource. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER ResourceRef The resource ref of the object you want to perform the operation against. .PARAMETER Resource The resource type you want to perform the operation against. .PARAMETER ResourceId Specify the unique ID of the resource. .PARAMETER InstanceID Specify the unique Instance ID of the resource. .PARAMETER ApiVersion The API version to use when invoking against the NC REST API endpoint. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .EXAMPLE PS> Get-SdnResource -NcUri "https://nc.$env:USERDNSDOMAIN" -Resource PublicIPAddresses .EXAMPLE PS> Get-SdnResource -NcUri "https://nc.$env:USERDNSDOMAIN" -Resource PublicIPAddresses -ResourceId "d9266251-a3ba-4ac5-859e-2c3a7c70352a" .EXAMPLE PS> Get-SdnResource -NcUri "https://nc.$env:USERDNSDOMAIN" -ResourceRef "/publicIPAddresses/d9266251-a3ba-4ac5-859e-2c3a7c70352a" .EXAMPLE PS> Get-SdnResource -NcUri "https://nc.$env:USERDNSDOMAIN" -ResourceRef "/publicIPAddresses/d9266251-a3ba-4ac5-859e-2c3a7c70352a" -Credential (Get-Credential) #> [CmdletBinding()] param ( [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [Parameter(Mandatory = $true, ParameterSetName = 'Resource')] [Parameter(Mandatory = $true, ParameterSetName = 'InstanceID')] [Uri]$NcUri, [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [System.String]$ResourceRef, [Parameter(Mandatory = $true, ParameterSetName = 'Resource')] [SdnApiResource]$Resource, [Parameter(Mandatory = $false, ParameterSetName = 'Resource')] [System.String]$ResourceId, [Parameter(Mandatory = $true, ParameterSetName = 'InstanceID')] [System.String]$InstanceId, [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [Parameter(Mandatory = $false, ParameterSetName = 'Resource')] [System.String]$ApiVersion = $Global:SdnDiagnostics.EnvironmentInfo.RestApiVersion, [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [Parameter(Mandatory = $false, ParameterSetName = 'Resource')] [Parameter(Mandatory = $false, ParameterSetName = 'InstanceID')] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) switch ($PSCmdlet.ParameterSetName) { 'InstanceId' { [System.String]$uri = Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ApiVersion $ApiVersion -ResourceName 'internalResourceInstances' [System.String]$uri = "{0}/{1}" -f $uri, $InstanceId.Trim() } 'ResourceRef' { [System.String]$uri = Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ApiVersion $ApiVersion -ResourceRef $ResourceRef } 'Resource' { [System.String]$uri = Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ApiVersion $ApiVersion -ResourceName $Resource if ($ResourceID) { [System.String]$uri = "{0}/{1}" -f $uri, $ResourceId.Trim() } } } "{0} {1}" -f $method, $uri | Trace-Output -Level:Verbose # gracefully handle System.Net.WebException responses such as 404 to throw warning # anything else we want to throw terminating exception and capture for debugging purposes try { $result = Invoke-RestMethodWithRetry -Uri $uri -Method 'GET' -UseBasicParsing -Credential $Credential -ErrorAction Stop } catch [System.Net.WebException] { if ($_.Exception.Response.StatusCode -eq 'NotFound') { # if the resource is iDNSServer configuration, we want to return null instead of throwing a warning # as this may be expected behavior if the iDNSServer is not configured if ($_.Exception.Response.ResponseUri.AbsoluteUri -ilike '*/idnsserver/configuration') { return $null } else { "{0} ({1})" -f $_.Exception.Message, $_.Exception.Response.ResponseUri.AbsoluteUri | Write-Warning return $null } } else { throw $_ } } # if multiple objects are returned, they will be nested under a property called value # so we want to do some manual work here to ensure we have a consistent behavior on data returned back if ($result.value) { return $result.value } # in some instances if the API returns empty object, we will see it saved as 'nextLink' which is a empty string property # we need to return null instead otherwise the empty string will cause calling functions to treat the value as it contains data elseif ($result.PSObject.Properties.Name -ieq "nextLink" -and $result.PSObject.Properties.Name.Count -eq 1) { return $null } return $result } function Get-SdnServer { <# .SYNOPSIS Returns a list of servers from network controller. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER ResourceId Specifies the unique identifier for the resource. .PARAMETER ResourceRef Specifies the resource reference for the resource. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .PARAMETER ManagementAddressOnly Optional parameter to only return back the Management Address value. .EXAMPLE PS> Get-SdnServer -NcUri 'https://NC.FQDN' -Credential (Get-Credential) .EXAMPLE PS> Get-SdnServer -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ManagementAddressOnly .EXAMPLE PS> Get-SdnServer -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceId 'f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' .EXAMPLE PS> Get-SdnServer -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceRef 'Servers/f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' .EXAMPLE PS> Get-SdnServer -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceId 'f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' -ManagementAddressOnly .EXAMPLE PS> Get-SdnServer -NcUri 'https://NC.FQDN' -Credential (Get-Credential) -ResourceRef 'Servers/f5e3b3e0-1b7a-4b9e-8b9e-5b5e3b3e0f5e' -ManagementAddressOnly #> [CmdletBinding(DefaultParameterSetName = 'Default')] param ( [Parameter(Mandatory = $true, ParameterSetName = 'Default')] [Parameter(Mandatory = $true, ParameterSetName = 'ResourceId')] [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [Uri]$NcUri, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceId')] [String]$ResourceId, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [String]$ResourceRef, [Parameter(Mandatory = $false, ParameterSetName = 'Default')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceId')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false, ParameterSetName = 'Default')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceId')] [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [switch]$ManagementAddressOnly ) $params = @{ NcUri = $NcUri Credential = $Credential } switch ($PSCmdlet.ParameterSetName) { 'ResourceId' { $params.Add('Resource', 'Servers') $params.Add('ResourceId', $ResourceId) } 'ResourceRef' { $params.Add('ResourceRef', $ResourceRef) } default { $params.Add('Resource', 'Servers') } } try { $result = Get-SdnResource @params if ($result) { foreach($obj in $result){ if($obj.properties.provisioningState -ne 'Succeeded'){ "{0} is reporting provisioningState: {1}" -f $obj.resourceId, $obj.properties.provisioningState | Trace-Output -Level:Warning } } if($ManagementAddressOnly){ $connections = (Get-ManagementAddress -ManagementAddress $result.properties.connections.managementAddresses) return $connections } else { return $result } } } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnSlbStateInformation { <# .SYNOPSIS Generates an aggregated report of Virtual IPs (VIPs) in the environment and their current status as reported by Software Load Balancer and MUXes. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER VirtualIPAddress Specifies the VIP address to return information for. If omitted, returns all VIPs. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .PARAMETER ExecutionTimeout Specify the timeout duration to wait before automatically terminated. If omitted, defaults to 600 seconds. .PARAMETER PollingInterval Interval in which to query the state of the request to determine completion. .EXAMPLE Get-SdnSlbStateInformation -NcUri "https://nc.contoso.com" .EXAMPLE Get-SdnSlbStateInformation -NcUri "https://nc.contoso.com" -VirtualIPAddress 41.40.40.1 .EXAMPLE Get-SdnSlbStateInformation -NcUri "https://nc.contoso.com" -Credential (Get-Credential) .EXAMPLE Get-SdnSlbStateInformation -NcUri "https://nc.contoso.com" -ExecutionTimeout 1200 #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [uri]$NcUri, [Parameter(Mandatory = $false)] [IPAddress]$VirtualIPAddress, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false)] [int]$ExecutionTimeOut = 600, [Parameter(Mandatory = $false)] [int]$PollingInterval = 5 ) try { [System.String]$uri = Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ResourceName 'SlbState' "Gathering SLB state information from {0}" -f $uri | Trace-Output -Level:Verbose $stopWatch = [system.diagnostics.stopwatch]::StartNew() $putResult = Invoke-WebRequestWithRetry -Method 'Put' -Uri $uri -Credential $Credential -Body "{}" -UseBasicParsing ` -Content "application/json; charset=UTF-8" -Headers @{"Accept" = "application/json"} $resultObject = ConvertFrom-Json $putResult.Content "Response received $($putResult.Content)" | Trace-Output -Level:Verbose [System.String]$operationURI = Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ResourceName 'SlbStateResults' -OperationId $resultObject.properties.operationId while ($true) { if ($stopWatch.Elapsed.TotalSeconds -gt $ExecutionTimeOut) { $msg = "Unable to get results for OperationId: {0}. Operation timed out" -f $operationId throw New-Object System.TimeoutException($msg) } Start-Sleep -Seconds $PollingInterval $stateResult = Invoke-WebRequestWithRetry -Uri $operationURI -UseBasicParsing -Credential $Credential $stateResult = $stateResult.Content | ConvertFrom-Json if ($stateResult.properties.provisioningState -ine 'Updating') { break } } $stopWatch.Stop() if ($stateResult.properties.provisioningState -ine 'Succeeded') { $msg = "Unable to get results for OperationId: {0}. {1}" -f $operationId, $stateResult.properties throw New-Object System.Exception($msg) } # if a VIP address is specified, return only the details for that VIP # must do some processing to get into the raw data if ($VirtualIPAddress) { $tenantDetails = $stateResult.properties.output.datagroups | Where-object { $_.name -eq 'Tenant' } $vipDetails = $tenantDetails.dataSections.dataunits | Where-object { $_.name -eq $VirtualIPAddress.IPAddressToString } return $vipDetails.value } return $stateResult.properties.output } catch { $_ | Trace-Exception $_ | Write-Error } } function Get-SdnVipConfig { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [System.String]$VirtualIPAddress ) $slbManager = Connect-SlbManager -ErrorAction Stop if ($slbManager) { $vipConfig = $slbManager.GetVipConfiguration($VirtualIPAddress) return $vipConfig } } function Invoke-SdnResourceDump { <# .SYNOPSIS Performs API request to all available northbound endpoints for NC and dumps out the resources to json file. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .EXAMPLE PS> Invoke-SdnResourceDump .EXAMPLE PS> Invoke-SdnResourceDump -NcUri "https://nc.contoso.com" .EXAMPLE PS> Invoke-SdnResourceDump -NcUri "https://nc.contoso.com" -Credential (Get-Credential) #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [Uri]$NcUri, [Parameter(Mandatory = $true)] [System.IO.FileInfo]$OutputDirectory, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) try { "Generating resource dump for Network Controller NB API endpoints" | Trace-Output [System.IO.FileInfo]$outputDir = Join-Path -Path $OutputDirectory.FullName -ChildPath 'SdnApiResources' if (!(Test-Path -Path $outputDir.FullName -PathType Container)) { $null = New-Item -Path $outputDir.FullName -ItemType Directory -Force } $apiVersion = (Get-SdnDiscovery -NcUri $NcUri.AbsoluteUri -Credential $Credential).currentRestVersion if ($null -ieq $apiVersion) { $apiVersion = 'v1' } # objects returned from the apiResourse property are a hashtable, so need to work in key/value pairs $config = Get-SdnModuleConfiguration -Role:NetworkController [int]$apiVersionInt = $ApiVersion.Replace('v','').Replace('V','') foreach ($key in $config.properties.apiResources.Keys) { $value = $config.Properties.apiResources[$key] # skip any resources that are not designed to be exported if ($value.includeInResourceDump -ieq $false) { continue } [int]$minVersionInt = $value.minVersion.Replace('v','').Replace('V','') if ($minVersionInt -le $apiVersionInt) { $sdnResource = Get-SdnResource -NcUri $NcUri.AbsoluteUri -ResourceRef $value.uri -Credential $Credential if ($sdnResource) { # parse the value if we are enumerating credentials property as we # will be redacting the value to ensure we do not compromise credentials if ($key -ieq 'Credentials') { $sdnResource | ForEach-Object { if ($_.properties.type -ieq 'UserNamePassword') { $_.properties.value = "removed_for_security_reasons" } } } $sdnResource | Export-ObjectToFile -FilePath $outputDir.FullName -Name $key -FileType json -Depth 10 } } } } catch { $_ | Trace-Exception $_ | Write-Error } } function New-SdnNetworkControllerNodeCertificate { <# .SYNOPSIS Generate new Self-Signed Certificate to be used by Network Controller node. .PARAMETER NotAfter Specifies the date and time, as a DateTime object, that the certificate expires. To obtain a DateTime object, use the Get-Date cmdlet. The default value for this parameter is one year after the certificate was created. .PARAMETER CertPassword Specifies the password for the exported PFX file in the form of a secure string. .PARAMETER Credential .EXAMPLE #> [CmdletBinding()] param ( [Parameter(Mandatory = $false)] [datetime]$NotAfter = (Get-Date).AddYears(1), [Parameter(Mandatory = $true)] [System.Security.SecureString]$CertPassword, [Parameter(Mandatory = $false)] [System.String]$Path = "$(Get-WorkingDirectory)\Cert_{0}" -f (Get-FormattedDateTimeUTC), [Parameter(Mandatory = $false)] [System.Object]$FabricDetails, [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) $config = Get-SdnModuleConfiguration -Role 'NetworkController' $confirmFeatures = Confirm-RequiredFeaturesInstalled -Name $config.windowsFeature if (-NOT ($confirmFeatures)) { throw New-Object System.NotSupportedException("The current machine is not a NetworkController, run this on NetworkController.") } if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -ine 'ServiceFabric') { throw New-Object System.NotSupportedException("This function is only supported on Service Fabric clusters.") } # ensure that the module is running as local administrator $elevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (-NOT $elevated) { throw New-Object System.Exception("This function requires elevated permissions. Run PowerShell as an Administrator and import the module again.") } try { if ($null -eq $FabricDetails) { $FabricDetails = [SdnFabricInfrastructure]@{ NetworkController = (Get-SdnNetworkControllerSFNode).Server } } if (-NOT (Test-Path -Path $Path -PathType Container)) { "Creating directory {0}" -f $Path | Trace-Output $CertPath = New-Item -Path $Path -ItemType Directory -Force } else { $CertPath = Get-Item -Path $Path } $nodeCertSubject = (Get-SdnNetworkControllerNodeCertificate).Subject $certificate = New-SdnCertificate -Subject $nodeCertSubject -NotAfter $NotAfter # after the certificate has been generated, we want to export the certificate using the $CertPassword provided by the operator # and save the file to directory. This allows the rest of the function to pick up these files and perform the steps as normal [System.String]$pfxFilePath = "$(Join-Path -Path $CertPath.FullName -ChildPath $nodeCertSubject.ToString().ToLower().Replace('.','_').Replace("=",'_').Trim()).pfx" "Exporting pfx certificate to {0}" -f $pfxFilePath | Trace-Output $exportedCertificate = Export-PfxCertificate -Cert $certificate -FilePath $pfxFilePath -Password $CertPassword -CryptoAlgorithmOption AES256_SHA256 $null = Import-SdnCertificate -FilePath $exportedCertificate.FullName -CertStore 'Cert:\LocalMachine\Root' -CertPassword $CertPassword Copy-CertificateToFabric -CertFile $exportedCertificate.FullName -CertPassword $CertPassword -FabricDetails $FabricDetails ` -NetworkControllerNodeCert -Credential $Credential return ([PSCustomObject]@{ Certificate = $certificate FileInfo = $exportedCertificate }) } catch { $_ | Trace-Exception $_ | Write-Error } } function New-SdnNetworkControllerRestCertificate { <# .SYNOPSIS Generate new Self-Signed Certificate to be used by Network Controller. .PARAMETER NotAfter Specifies the date and time, as a DateTime object, that the certificate expires. To obtain a DateTime object, use the Get-Date cmdlet. The default value for this parameter is one year after the certificate was created. .PARAMETER CertPassword Specifies the password for the imported PFX file in the form of a secure string. #> [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [String]$RestName, [Parameter(Mandatory = $false)] [datetime]$NotAfter = (Get-Date).AddYears(1), [Parameter(Mandatory = $true)] [System.Security.SecureString]$CertPassword, [Parameter(Mandatory = $false)] [System.String]$Path = "$(Get-WorkingDirectory)\Cert_{0}" -f (Get-FormattedDateTimeUTC), [Parameter(Mandatory = $false)] [System.Object]$FabricDetails, [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) if ($Global:SdnDiagnostics.EnvironmentInfo.ClusterConfigType -ine 'ServiceFabric') { throw New-Object System.NotSupportedException("This function is only supported on Service Fabric clusters.") } $config = Get-SdnModuleConfiguration -Role 'NetworkController' $confirmFeatures = Confirm-RequiredFeaturesInstalled -Name $config.windowsFeature if (-NOT ($confirmFeatures)) { throw New-Object System.NotSupportedException("The current machine is not a NetworkController, run this on NetworkController.") } # ensure that the module is running as local administrator $elevated = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator) if (-NOT $elevated) { throw New-Object System.Exception("This function requires elevated permissions. Run PowerShell as an Administrator and import the module again.") } try { if ($FabricDetails) { if ($FabricDetails.LoadBalancerMux -or $FabricDetails.Server) { $installToSouthboundDevices = $true } else { $installToSouthboundDevices = $false } } else { $installToSouthboundDevices = $false $FabricDetails = [SdnFabricInfrastructure]@{ NetworkController = (Get-SdnNetworkControllerSFNode).Server } } if (-NOT (Test-Path -Path $Path -PathType Container)) { "Creating directory {0}" -f $Path | Trace-Output $CertPath = New-Item -Path $Path -ItemType Directory -Force } else { $CertPath = Get-Item -Path $Path } [System.String]$formattedSubject = "CN={0}" -f $RestName.Trim() $certificate = New-SdnCertificate -Subject $formattedSubject -NotAfter $NotAfter # after the certificate has been generated, we want to export the certificate using the $CertPassword provided by the operator # and save the file to directory. This allows the rest of the function to pick up these files and perform the steps as normal [System.String]$pfxFilePath = "$(Join-Path -Path $CertPath.FullName -ChildPath $RestName.ToLower().Replace('.','_').Replace('=','_').Trim()).pfx" "Exporting pfx certificate to {0}" -f $pfxFilePath | Trace-Output $exportedCertificate = Export-PfxCertificate -Cert $certificate -FilePath $pfxFilePath -Password $CertPassword -CryptoAlgorithmOption AES256_SHA256 $null = Import-SdnCertificate -FilePath $exportedCertificate.FullName -CertStore 'Cert:\LocalMachine\Root' -CertPassword $CertPassword Copy-CertificateToFabric -CertFile $exportedCertificate.FullName -CertPassword $CertPassword -FabricDetails $FabricDetails ` -NetworkControllerRestCertificate -InstallToSouthboundDevices:$installToSouthboundDevices -Credential $Credential return ([PSCustomObject]@{ Certificate = $certificate FileInfo = $exportedCertificate }) } catch { $_ | Trace-Exception $_ | Write-Error } } function Set-SdnResource { <# .SYNOPSIS Invokes a web request to SDN API for the requested resource. .PARAMETER NcUri Specifies the Uniform Resource Identifier (URI) of the network controller that all Representational State Transfer (REST) clients use to connect to that controller. .PARAMETER ResourceRef The resource ref of the object you want to perform the operation against. .PARAMETER Resource The resource type you want to perform the operation against. .PARAMETER ResourceId Specify the unique ID of the resource. .PARAMETER ApiVersion The API version to use when invoking against the NC REST API endpoint. .PARAMETER Credential Specifies a user account that has permission to perform this action. The default is the current user. .EXAMPLE PS> Set-SdnResource -NcUri "https://nc.$env:USERDNSDOMAIN" -ResourceRef "/networkInterfaces/contoso-nic1" -Object $object .EXAMPLE PS> Set-SdnResource -NcUri "https://nc.$env:USERDNSDOMAIN" -Resource "networkInterfaces" -ResourceId "contoso-nic1" -Object $object #> [CmdletBinding(SupportsShouldProcess = $true, ConfirmImpact = 'High')] param ( [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [Parameter(Mandatory = $true, ParameterSetName = 'Resource')] [Uri]$NcUri, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [System.String]$ResourceRef, [Parameter(Mandatory = $true, ParameterSetName = 'Resource')] [SdnApiResource]$Resource, [Parameter(Mandatory = $true, ParameterSetName = 'Resource')] [System.String]$ResourceId, [Parameter(Mandatory = $true, ParameterSetName = 'ResourceRef')] [Parameter(Mandatory = $true, ParameterSetName = 'Resource')] [System.Object]$Object, [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [Parameter(Mandatory = $false, ParameterSetName = 'Resource')] [System.String]$ApiVersion = $Global:SdnDiagnostics.EnvironmentInfo.RestApiVersion, [Parameter(Mandatory = $false, ParameterSetName = 'ResourceRef')] [Parameter(Mandatory = $false, ParameterSetName = 'Resource')] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty ) $restParams = @{ Uri = $null Method = 'Get' Credential = $Credential UseBasicParsing = $true ErrorAction = 'Stop' } try { switch ($PSCmdlet.ParameterSetName) { 'ResourceRef' { [System.String]$uri = Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ApiVersion $ApiVersion -ResourceRef $ResourceRef } 'Resource' { [System.String]$uri = Get-SdnApiEndpoint -NcUri $NcUri.AbsoluteUri -ApiVersion $ApiVersion -ResourceName $Resource [System.String]$uri = "{0}/{1}" -f $uri, $ResourceId.Trim() } } $restParams.Uri = $uri # perform a query against the resource to ensure it exists # as we only support operations against existing resources within this function try { $null = Invoke-RestMethodWithRetry @restParams } catch [System.Net.WebException] { if ($_.Exception.Response.StatusCode -eq "NotFound") { throw New-Object System.NotSupportedException("Resource was not found. Ensure the resource exists before attempting to update it.") } else { throw $_ } } catch { throw $_ } $modifiedObject = Remove-PropertiesFromObject -Object $Object -PropertiesToRemove @('ConfigurationState','ProvisioningState') $jsonBody = $modifiedObject | ConvertTo-Json -Depth 100 $restParams.Method = 'Put' $restParams.Add('Body', $jsonBody ) $restParams.Add('Headers', @{"Accept"="application/json"}) $restParams.Add('ContentType', "application/json; charset=UTF-8") if ($PSCmdlet.ShouldProcess($uri, "Invoke-RestMethod will be called with PUT to configure the properties of $uri`n`t$jsonBody")) { $null = Invoke-RestMethodWithRetry @restParams $resourceState = Confirm-ProvisioningStateSucceeded -Uri $restParams.Uri -Credential $restParams.Credential -TimeoutInSec 300 -UseBasicParsing -ErrorAction Stop return $resourceState } } catch [System.Net.WebException] { $_ | Trace-Exception Write-Error "Error: $($_.ErrorDetails.Message)" } catch { $_ | Trace-Exception $_ | Write-Error } finally { if ($streamReader) { $streamReader.Dispose() } } } function Show-SdnVipState { [CmdletBinding()] param ( [Parameter(Mandatory = $true)] [IPAddress]$VirtualIPAddress, [Parameter(Mandatory = $false)] [System.Management.Automation.PSCredential] [System.Management.Automation.Credential()] $Credential = [System.Management.Automation.PSCredential]::Empty, [Parameter(Mandatory = $false)] [Switch]$Detailed ) try { $slbManager = Connect-SlbManager -Credential $Credential -ErrorAction Stop if ($slbManager) { $consolidatedVipState = $slbManager.GetConsolidatedVipState($VirtualIPAddress, $Detailed) return $consolidatedVipState } } catch { $_ | Trace-Exception $_ | Write-Error } } # SIG # Begin signature block # MIInvwYJKoZIhvcNAQcCoIInsDCCJ6wCAQExDzANBglghkgBZQMEAgEFADB5Bgor # BgEEAYI3AgEEoGswaTA0BgorBgEEAYI3AgEeMCYCAwEAAAQQH8w7YFlLCE63JNLG # KX7zUQIBAAIBAAIBAAIBAAIBADAxMA0GCWCGSAFlAwQCAQUABCDheS5RW1PPUL2y # hFZiHrwcgWYMJu2ZZasx+UsrJo73paCCDXYwggX0MIID3KADAgECAhMzAAADrzBA # DkyjTQVBAAAAAAOvMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNVBAYTAlVTMRMwEQYD # VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNpZ25p # bmcgUENBIDIwMTEwHhcNMjMxMTE2MTkwOTAwWhcNMjQxMTE0MTkwOTAwWjB0MQsw # CQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9u # ZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMR4wHAYDVQQDExVNaWNy # b3NvZnQgQ29ycG9yYXRpb24wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB # AQDOS8s1ra6f0YGtg0OhEaQa/t3Q+q1MEHhWJhqQVuO5amYXQpy8MDPNoJYk+FWA # hePP5LxwcSge5aen+f5Q6WNPd6EDxGzotvVpNi5ve0H97S3F7C/axDfKxyNh21MG # 0W8Sb0vxi/vorcLHOL9i+t2D6yvvDzLlEefUCbQV/zGCBjXGlYJcUj6RAzXyeNAN # xSpKXAGd7Fh+ocGHPPphcD9LQTOJgG7Y7aYztHqBLJiQQ4eAgZNU4ac6+8LnEGAL # go1ydC5BJEuJQjYKbNTy959HrKSu7LO3Ws0w8jw6pYdC1IMpdTkk2puTgY2PDNzB # tLM4evG7FYer3WX+8t1UMYNTAgMBAAGjggFzMIIBbzAfBgNVHSUEGDAWBgorBgEE # AYI3TAgBBggrBgEFBQcDAzAdBgNVHQ4EFgQURxxxNPIEPGSO8kqz+bgCAQWGXsEw # RQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEW # MBQGA1UEBRMNMjMwMDEyKzUwMTgyNjAfBgNVHSMEGDAWgBRIbmTlUAXTgqoXNzci # tW2oynUClTBUBgNVHR8ETTBLMEmgR6BFhkNodHRwOi8vd3d3Lm1pY3Jvc29mdC5j # b20vcGtpb3BzL2NybC9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3JsMGEG # CCsGAQUFBwEBBFUwUzBRBggrBgEFBQcwAoZFaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNDb2RTaWdQQ0EyMDExXzIwMTEtMDctMDguY3J0 # MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggIBAISxFt/zR2frTFPB45Yd # mhZpB2nNJoOoi+qlgcTlnO4QwlYN1w/vYwbDy/oFJolD5r6FMJd0RGcgEM8q9TgQ # 2OC7gQEmhweVJ7yuKJlQBH7P7Pg5RiqgV3cSonJ+OM4kFHbP3gPLiyzssSQdRuPY # 1mIWoGg9i7Y4ZC8ST7WhpSyc0pns2XsUe1XsIjaUcGu7zd7gg97eCUiLRdVklPmp # XobH9CEAWakRUGNICYN2AgjhRTC4j3KJfqMkU04R6Toyh4/Toswm1uoDcGr5laYn # TfcX3u5WnJqJLhuPe8Uj9kGAOcyo0O1mNwDa+LhFEzB6CB32+wfJMumfr6degvLT # e8x55urQLeTjimBQgS49BSUkhFN7ois3cZyNpnrMca5AZaC7pLI72vuqSsSlLalG # OcZmPHZGYJqZ0BacN274OZ80Q8B11iNokns9Od348bMb5Z4fihxaBWebl8kWEi2O # PvQImOAeq3nt7UWJBzJYLAGEpfasaA3ZQgIcEXdD+uwo6ymMzDY6UamFOfYqYWXk # ntxDGu7ngD2ugKUuccYKJJRiiz+LAUcj90BVcSHRLQop9N8zoALr/1sJuwPrVAtx # HNEgSW+AKBqIxYWM4Ev32l6agSUAezLMbq5f3d8x9qzT031jMDT+sUAoCw0M5wVt # CUQcqINPuYjbS1WgJyZIiEkBMIIHejCCBWKgAwIBAgIKYQ6Q0gAAAAAAAzANBgkq # hkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5 # IDIwMTEwHhcNMTEwNzA4MjA1OTA5WhcNMjYwNzA4MjEwOTA5WjB+MQswCQYDVQQG # EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG # A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSgwJgYDVQQDEx9NaWNyb3NvZnQg # Q29kZSBTaWduaW5nIFBDQSAyMDExMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC # CgKCAgEAq/D6chAcLq3YbqqCEE00uvK2WCGfQhsqa+laUKq4BjgaBEm6f8MMHt03 # a8YS2AvwOMKZBrDIOdUBFDFC04kNeWSHfpRgJGyvnkmc6Whe0t+bU7IKLMOv2akr # rnoJr9eWWcpgGgXpZnboMlImEi/nqwhQz7NEt13YxC4Ddato88tt8zpcoRb0Rrrg # OGSsbmQ1eKagYw8t00CT+OPeBw3VXHmlSSnnDb6gE3e+lD3v++MrWhAfTVYoonpy # 4BI6t0le2O3tQ5GD2Xuye4Yb2T6xjF3oiU+EGvKhL1nkkDstrjNYxbc+/jLTswM9 # sbKvkjh+0p2ALPVOVpEhNSXDOW5kf1O6nA+tGSOEy/S6A4aN91/w0FK/jJSHvMAh # dCVfGCi2zCcoOCWYOUo2z3yxkq4cI6epZuxhH2rhKEmdX4jiJV3TIUs+UsS1Vz8k # A/DRelsv1SPjcF0PUUZ3s/gA4bysAoJf28AVs70b1FVL5zmhD+kjSbwYuER8ReTB # w3J64HLnJN+/RpnF78IcV9uDjexNSTCnq47f7Fufr/zdsGbiwZeBe+3W7UvnSSmn # Eyimp31ngOaKYnhfsi+E11ecXL93KCjx7W3DKI8sj0A3T8HhhUSJxAlMxdSlQy90 # lfdu+HggWCwTXWCVmj5PM4TasIgX3p5O9JawvEagbJjS4NaIjAsCAwEAAaOCAe0w # ggHpMBAGCSsGAQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRIbmTlUAXTgqoXNzcitW2o # ynUClTAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD # VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBRyLToCMZBDuRQFTuHqp8cx0SOJNDBa # BgNVHR8EUzBRME+gTaBLhklodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny # bC9wcm9kdWN0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3JsMF4GCCsG # AQUFBwEBBFIwUDBOBggrBgEFBQcwAoZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29t # L3BraS9jZXJ0cy9NaWNSb29DZXJBdXQyMDExXzIwMTFfMDNfMjIuY3J0MIGfBgNV # HSAEgZcwgZQwgZEGCSsGAQQBgjcuAzCBgzA/BggrBgEFBQcCARYzaHR0cDovL3d3 # dy5taWNyb3NvZnQuY29tL3BraW9wcy9kb2NzL3ByaW1hcnljcHMuaHRtMEAGCCsG # AQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAHAAbwBsAGkAYwB5AF8AcwB0AGEAdABl # AG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQBn8oalmOBUeRou09h0ZyKb # C5YR4WOSmUKWfdJ5DJDBZV8uLD74w3LRbYP+vj/oCso7v0epo/Np22O/IjWll11l # hJB9i0ZQVdgMknzSGksc8zxCi1LQsP1r4z4HLimb5j0bpdS1HXeUOeLpZMlEPXh6 # I/MTfaaQdION9MsmAkYqwooQu6SpBQyb7Wj6aC6VoCo/KmtYSWMfCWluWpiW5IP0 # wI/zRive/DvQvTXvbiWu5a8n7dDd8w6vmSiXmE0OPQvyCInWH8MyGOLwxS3OW560 # STkKxgrCxq2u5bLZ2xWIUUVYODJxJxp/sfQn+N4sOiBpmLJZiWhub6e3dMNABQam # ASooPoI/E01mC8CzTfXhj38cbxV9Rad25UAqZaPDXVJihsMdYzaXht/a8/jyFqGa # J+HNpZfQ7l1jQeNbB5yHPgZ3BtEGsXUfFL5hYbXw3MYbBL7fQccOKO7eZS/sl/ah # XJbYANahRr1Z85elCUtIEJmAH9AAKcWxm6U/RXceNcbSoqKfenoi+kiVH6v7RyOA # 9Z74v2u3S5fi63V4GuzqN5l5GEv/1rMjaHXmr/r8i+sLgOppO6/8MO0ETI7f33Vt # Y5E90Z1WTk+/gFcioXgRMiF670EKsT/7qMykXcGhiJtXcVZOSEXAQsmbdlsKgEhr # /Xmfwb1tbWrJUnMTDXpQzTGCGZ8wghmbAgEBMIGVMH4xCzAJBgNVBAYTAlVTMRMw # EQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVN # aWNyb3NvZnQgQ29ycG9yYXRpb24xKDAmBgNVBAMTH01pY3Jvc29mdCBDb2RlIFNp # Z25pbmcgUENBIDIwMTECEzMAAAOvMEAOTKNNBUEAAAAAA68wDQYJYIZIAWUDBAIB # BQCgga4wGQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEO # MAwGCisGAQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIBPivAcg0IxL52W6WYlpy6iV # vCAfD4a8j+Qj1qnNFHVKMEIGCisGAQQBgjcCAQwxNDAyoBSAEgBNAGkAYwByAG8A # cwBvAGYAdKEagBhodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20wDQYJKoZIhvcNAQEB # BQAEggEAtBaseNYComaVzGVExW9xuLy45/Bo4z1/VIcCYaWe9TPi9n8h4BtkC6Yi # lWkSD4lgr9axQ3xJGQBDj2uMWVZ9Ydq1k5xY+WVven46xE6EirdBBXS1fF8iStDk # ANNlJR7CmzXtLod9WcnI/bs9z511pIxlhDK3tFxYK1rKKFD6GuReN7YuxlbLexMQ # 2D6uk4t/CSeolVUCUpJe/1cz4i1t3bYfKfwwQITS/TJ/+P6DvTK6fXkQv+M5Q9w1 # XJow9vqz6SmApYNzrjfC4hoD27ppoJiu2lUHhZkQuP+SJ1OQcktsvVQR88v27n9V # gJ7MaqqYqgQW/SiukYHfu+q9sL9pFaGCFykwghclBgorBgEEAYI3AwMBMYIXFTCC # FxEGCSqGSIb3DQEHAqCCFwIwghb+AgEDMQ8wDQYJYIZIAWUDBAIBBQAwggFZBgsq # hkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFl # AwQCAQUABCDLxPKUjDvOiQQRE6IEdbK7hR6xv1Z0yhoDfUt6M7aJFAIGZsYePfNj # GBMyMDI0MDgyNjIxMjkxOC41NTJaMASAAgH0oIHYpIHVMIHSMQswCQYDVQQGEwJV # UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE # ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQLEyRNaWNyb3NvZnQgSXJl # bGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNO # OkZDNDEtNEJENC1EMjIwMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT # ZXJ2aWNloIIReDCCBycwggUPoAMCAQICEzMAAAHimZmV8dzjIOsAAQAAAeIwDQYJ # KoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x # EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv # bjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMjMx # MDEyMTkwNzI1WhcNMjUwMTEwMTkwNzI1WjCB0jELMAkGA1UEBhMCVVMxEzARBgNV # BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv # c29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxhbmQgT3Bl # cmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpGQzQxLTRC # RDQtRDIyMDElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZTCC # AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALVjtZhV+kFmb8cKQpg2mzis # DlRI978Gb2amGvbAmCd04JVGeTe/QGzM8KbQrMDol7DC7jS03JkcrPsWi9WpVwsI # ckRQ8AkX1idBG9HhyCspAavfuvz55khl7brPQx7H99UJbsE3wMmpmJasPWpgF05z # ZlvpWQDULDcIYyl5lXI4HVZ5N6MSxWO8zwWr4r9xkMmUXs7ICxDJr5a39SSePAJR # IyznaIc0WzZ6MFcTRzLLNyPBE4KrVv1LFd96FNxAzwnetSePg88EmRezr2T3HTFE # lneJXyQYd6YQ7eCIc7yllWoY03CEg9ghorp9qUKcBUfFcS4XElf3GSERnlzJsK7s # /ZGPU4daHT2jWGoYha2QCOmkgjOmBFCqQFFwFmsPrZj4eQszYxq4c4HqPnUu4hT4 # aqpvUZ3qIOXbdyU42pNL93cn0rPTTleOUsOQbgvlRdthFCBepxfb6nbsp3fcZaPB # fTbtXVa8nLQuMCBqyfsebuqnbwj+lHQfqKpivpyd7KCWACoj78XUwYqy1HyYnStT # me4T9vK6u2O/KThfROeJHiSg44ymFj+34IcFEhPogaKvNNsTVm4QbqphCyknrwBy # qorBCLH6bllRtJMJwmu7GRdTQsIx2HMKqphEtpSm1z3ufASdPrgPhsQIRFkHZGui # hL1Jjj4Lu3CbAmha0lOrAgMBAAGjggFJMIIBRTAdBgNVHQ4EFgQURIQOEdq+7Qds # lptJiCRNpXgJ2gUwHwYDVR0jBBgwFoAUn6cVXQBeYl2D9OXSZacbUzUZ6XIwXwYD # VR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9j # cmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUyMDIwMTAoMSkuY3JsMGwG # CCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDovL3d3dy5taWNyb3NvZnQu # Y29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIw # MjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNVHSUBAf8EDDAKBggrBgEFBQcD # CDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQADggIBAORURDGrVRTbnulf # sg2cTsyyh7YXvhVU7NZMkITAQYsFEPVgvSviCylr5ap3ka76Yz0t/6lxuczI6w7t # Xq8n4WxUUgcj5wAhnNorhnD8ljYqbck37fggYK3+wEwLhP1PGC5tvXK0xYomU1nU # +lXOy9ZRnShI/HZdFrw2srgtsbWow9OMuADS5lg7okrXa2daCOGnxuaD1IO+65E7 # qv2O0W0sGj7AWdOjNdpexPrspL2KEcOMeJVmkk/O0ganhFzzHAnWjtNWneU11WQ6 # Bxv8OpN1fY9wzQoiycgvOOJM93od55EGeXxfF8bofLVlUE3zIikoSed+8s61NDP+ # x9RMya2mwK/Ys1xdvDlZTHndIKssfmu3vu/a+BFf2uIoycVTvBQpv/drRJD68eo4 # 01mkCRFkmy/+BmQlRrx2rapqAu5k0Nev+iUdBUKmX/iOaKZ75vuQg7hCiBA5xIm5 # ZIXDSlX47wwFar3/BgTwntMq9ra6QRAeS/o/uYWkmvqvE8Aq38QmKgTiBnWSS/uV # PcaHEyArnyFh5G+qeCGmL44MfEnFEhxc3saPmXhe6MhSgCIGJUZDA7336nQD8fn4 # y6534Lel+LuT5F5bFt0mLwd+H5GxGzObZmm/c3pEWtHv1ug7dS/Dfrcd1sn2E4gk # 4W1L1jdRBbK9xwkMmwY+CHZeMSvBMIIHcTCCBVmgAwIBAgITMwAAABXF52ueAptJ # mQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgT # Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m # dCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNh # dGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1WhcNMzAwOTMwMTgzMjI1 # WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCCAiIwDQYJKoZIhvcNAQEB # BQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O1YLT/e6cBwfSqWxOdcjK # NVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZnhUYjDLWNE893MsAQGOhg # fWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t1w/YJlN8OWECesSq/XJp # rx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxqD89d9P6OU8/W7IVWTe/d # vI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmPfrVUj9z6BVWYbWg7mka9 # 7aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSWrAFKu75xqRdbZ2De+JKR # Hh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv231fgLrbqn427DZM9itu # qBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zbr17C89XYcz1DTsEzOUyO # ArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYctenIPDC+hIK12NvDMk2ZItb # oKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQcxWv2XFJRXRLbJbqvUAV6 # bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17aj54WcmnGrnu3tz5q4i6t # AgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQW # BBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQUn6cVXQBeYl2D9OXSZacb # UzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEwQTA/BggrBgEFBQcCARYz # aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9Eb2NzL1JlcG9zaXRvcnku # aHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQBgjcUAgQMHgoAUwB1AGIA # QwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNX2 # VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwu # bWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1dF8yMDEw # LTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93 # d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYt # MjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3hLB9nATEkW+Geckv8qW/q # XBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x5MKP+2zRoZQYIu7pZmc6 # U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74py27YP0h1AdkY3m2CDPVt # I1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1AoL8ZthISEV09J+BAljis # 9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbCHcNhcy4sa3tuPywJeBTp # kbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB9s7GdP32THJvEKt1MMU0 # sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNtyo4JvbMBV0lUZNlz138e # W0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3rsjoiV5PndLQTHa1V1QJ # sWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcVv7TOPqUxUYS8vwLBgqJ7 # Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A245oyZ1uEi6vAnQj0llOZ0 # dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lwY1NNje6CbaUFEMFxBmoQ # tB1VM1izoXBm8qGCAtQwggI9AgEBMIIBAKGB2KSB1TCB0jELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9zb2Z0IElyZWxh # bmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpG # QzQxLTRCRDQtRDIyMDElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2Vy # dmljZaIjCgEBMAcGBSsOAwIaAxUAFpuZafp0bnpJdIhfiB1d8pTohm+ggYMwgYCk # fjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH # UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQD # Ex1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIF # AOp3M/0wIhgPMjAyNDA4MjcwMTAzNTdaGA8yMDI0MDgyODAxMDM1N1owdDA6Bgor # BgEEAYRZCgQBMSwwKjAKAgUA6ncz/QIBADAHAgEAAgIPYzAHAgEAAgISkzAKAgUA # 6niFfQIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIBAAID # B6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBAEgggc5OgYvV/kdZScvE # uQpZU38a5DNfABe6eNkaNqQSQuwRu9+JfYza4rN3+G4JIVPF7MTDPO/nDv2DSXb1 # FE1HIzMNA3SlMJaXCn5Bo57dy87gT4taClwV3VbiDkKUL/uoQr56c8gyRiloarCT # ukWB5vZsjlScKAFcoVXnafbhMYIEDTCCBAkCAQEwgZMwfDELMAkGA1UEBhMCVVMx # EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT # FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUt # U3RhbXAgUENBIDIwMTACEzMAAAHimZmV8dzjIOsAAQAAAeIwDQYJYIZIAWUDBAIB # BQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQx # IgQgn/bo9YL2+dXn4Jfk8ThdacrkqQvug7OU7kjPkUXRzu4wgfoGCyqGSIb3DQEJ # EAIvMYHqMIHnMIHkMIG9BCAriSpKEP0muMbBUETODoL4d5LU6I/bjucIZkOJCI9/ # /zCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw # DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x # JjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAB4pmZ # lfHc4yDrAAEAAAHiMCIEII4DiD8qp9owrL2AU+CxXoVeOr99aeI7YisRTWOkq1Jc # MA0GCSqGSIb3DQEBCwUABIICAJ46dZhND/aDI8rhDofD5+t9cAxDtpkNu5yAG6x/ # QySxO/wrzWyHxn+HOUXWegMOGLdmswO+y0Xmey5jBs/EB2S/QsKm52a4GKRYMb9J # F1P2p0igwMEl+uNDSK+GNiyVjU4PRJJkIcFTHy2S7gcK57x3R44Uu8Tq69RTUT5N # nQ1ETlDrKFY1RZdo3ehpmK+Mfwk4sCeMGHZlapQvW0RBVs31ea7qQgyiL976cbbT # qDKHe4lih4Br708dtZpTf4YIC7bE+VTnI5Xvv3IeQ1KcAiFr359IMBspflzyQXob # yLvUpUFuezuh6kEZ791nwPas3nM7bzacFhh8fmI4qCNkT2J/BtVGHdCa1i9/pSfx # h5LWacGUP4Fnu8bn6GIxrIJ+bkEyHdeMF02ApdBskrN3FXAMY03xJCHSgUhzTK/U # m98YpYK4JXYwE7XJQG2TtK+DaVe2rvTwo08hzHoSJmYHU3bo8w2wUU0SvA2avwTP # +GF+YKdvuTrACBQaqx+DUdJJ1E702Jr8ywgFXLoKsKdLxaMh6myj1h91l4UWVPyu # m9HA39vrJmRSmc2M7YF1eVVfZO8GKtTc8ZW4NKnLMH30s0yF0YLv/RHAtZB2/kcS # GJqcIkJ0LkZHANR/pZXghLQm6qkuk3pr7oxP2K85Da3hRpXQyCuDUdiExqZM5pg5 # hqyu # SIG # End signature block |