AzureSerialAccessConsole.psm1
|
enum Enabled { True False } [DscResource()] class AzureSerialAccessConsole { [DscProperty(Key)] [Enabled]$Enabled [void] Set() { # Make sure that we continue only if this is an Azure VM. if ($this.ensure -eq [Enabled]::True -and $this.CheckForAzure -eq $true) { # For SAC to be configured correctly, EMS must be true and debug must be false. # To determine this we look at the results of BCDEdit.exe. $emsEnabled=$false $debugEnabled=$false # See if EMS is enabled. $paf= "" $paf = bcdedit /enum | Select-String "ems Yes" if($paf) { Write-Verbose "EMS enabled is true." $emsEnabled=$true } else { Write-Verbose "EMS enabled is false." $emsEnabled=$false } # See if debug is disabled. $paf= "" $paf = bcdedit /enum | Select-String "debug Yes" if($paf) { Write-Verbose "Debug enabled is true." $debugEnabled=$true } else { Write-Verbose "Debug enabled is false." $debugEnabled=$false } # If debug is enabled, you need to turn it off for EMS to work. if($debugEnabled) { Write-Verbose "Turning debug off with BCDEdit." bcdedit /debug off } # Enable and configure EMS to Azure requirements. if($emsEnabled -eq $false) { Write-Verbose "Configuring EMS with BCDEdit." bcdedit /ems "{current}" on bcdedit /emssettings EMSPORT:1 EMSBAUDRATE:115200 } } } [bool] Test() { $result = $false if ($this.ensure -eq [Enabled]::True -and $this.CheckForAzure -eq $true) { # For SAC to be configured correctly, EMS must be true and debug must be false. # To determine this we look at the results of BCDEdit.exe. $emsEnabled=$false $debugEnabled=$false # See if EMS is enabled. $paf= "" $paf = bcdedit /enum | Select-String "ems Yes" if($paf) { Write-Verbose "EMS enabled is true." $emsEnabled=$true } else { Write-Verbose "EMS enabled is false." $emsEnabled=$false } # See if debug is disabled. $paf= "" $paf = bcdedit /enum | Select-String "debug Yes" if($paf) { Write-Verbose "Debug enabled is true." $debugEnabled=$true } else { Write-Verbose "Debug enabled is false." $debugEnabled=$false } if($debugEnabled -eq $true -or $emsEnabled -eq $false) { Write-Verbose 'Debug is enabled or EMS is not enabled. Failing the test.' $result = $false } else { $result = $true } } else { $result = $true } return $result } [AzureSerialAccessConsole] Get() { return "True" } [bool] CheckForAzure() { $isAzure = $false # If we can get data from the instance metadata API, we'll assume that we're on an Azure VM. try{ $paf=Invoke-RestMethod -Headers @{"Metadata"="true"} -URI "http://169.254.169.254/metadata/instance/compute/vmId?api-version=2017-08-01&format=text" -Method get if($paf) { Write-Verbose "Azure VM" $isAzure = $true } else { Write-Verbose "Not an Azure VM" } } catch { Write-Verbose "Ran into an error while checking to see if this was an Azure VM." } return $isAzure } } |