-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathVsan-EncryptionRekey.ps1
84 lines (66 loc) · 2.22 KB
/
Vsan-EncryptionRekey.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
<#==========================================================================
Script Name: Vsan-EncryptionRekey.ps1
Created on: 5/2/2017
Created by: Jase McCarty
Github: http://www.github.com/jasemccarty
Twitter: @jasemccarty
Website: http://www.jasemccarty.com
===========================================================================
.DESCRIPTION
This script will initiate a ReKey of a vSAN Cluster.
Shallow ReKeying (KEK Only) or Deep ReKeying (DEK Also) are supported, as well as Reduced Redundancy if necessary.
This requires PowerCLI 6.5.1 and has been tested on vSAN 6.6
.SYNTAX
Vsan-EncryptionRekey.ps1 -vCenter <VCENTER> -ClusterName <CusterName> -ReKey <shallow,deep> -ReducedRedundancy <enable>
#>
# Set our Parameters
[CmdletBinding()]Param(
[Parameter(Mandatory=$True)]
[string]$vCenter,
[Parameter(Mandatory = $True)]
[String]$ClusterName,
[Parameter(Mandatory = $False)]
[String]$User,
[Parameter(Mandatory = $False)]
[String]$Password,
[Parameter(Mandatory = $True)]
[ValidateSet('shallow','deep')]
[String]$ReKey,
[Parameter(Mandatory = $false)]
[ValidateSet('enable')]
[String]$ReducedRedundancy
)
# Make sure that the ReKey action is specified
Switch ($ReKey) {
"shallow" {
$RekeyAction = $false
$RR = $false
}
"deep" {
$RekeyAction = $true
If ($ReducedRedundancy -eq "enabled") {
$RR = $true }
else {
$RR = $false
}
}
default {
write-host "Please include the parameter -REKEY shallow or -REKEY deep"
exit
}
}
# Connect to vCenter Server
Connect-VIServer $vCenter -user $User -password $Password
# Get the Cluster
$Cluster = Get-Cluster -Name $ClusterName
# Get the vSAN Cluster Configuration
$VsanVcClusterConfig = Get-VsanView -Id "VsanVcClusterConfigSystem-vsan-cluster-config-system"
# Get Encryption State
$EncryptedVsan = $VsanVcClusterConfig.VsanClusterGetConfig($Cluster.ExtensionData.MoRef).DataEncryptionConfig
# If vSAN is enabled and it is Encrypted
If($Cluster.vSanEnabled -And $EncryptedVsan.EncryptionEnabled){
# Echo task being performed
Write-Host "Starting $ReKey ReKey of vSAN Cluster $Cluster"
# Execute the rekeying task
$ReKeyTask = $VsanVcClusterConfig.VsanEncryptedClusterRekey_Task($Cluster.ExtensionData.MoRef,$ReKeyAction,$RR)
}