Question

Karthick Radhakrishnan on Fri, 16 Jun 2017 08:59:53


Hi,

I'm trying to create Azure HDInsight using Azure Automation Runbook, I have created a PFX certificate and uploaded to Assets and also I'm using it for the scripts. But when i try to create HDInsight via Runbook, The certificate content I get using my local powershell and the one i get from runbook is different. in local the below command works for me
 
     

$certFolder = "F:\RnD\Azure-saml\ms"   

 $certFilePath = "$certFolder\demoesp.pfx"    

 $certPassword = "xxxxxxxxxxxxx"   

 $secureCert = [System.Convert]::ToBase64String((Get-Content $certFilePath -Encoding Byte))




But the same won't work in Automation runbook, I tried below
   

$certificatePFX = Get-AutomationCertificate -Name 'demoesp'   

$bytes = [System.Text.Encoding]::Unicode.GetBytes($certificatePFX)   

$secureCert = [System.Convert]::ToBase64String($bytes)


The same command I used in my local powershell won't work in runbook as there is no physical location to denote $certFilePath

 $secureCert = [System.Convert]::ToBase64String((Get-Content $certFilePath -Encoding Byte))

how to resolve this issue and create HDInsight via Runbook?

Any help Appreciated. Thanks

Sponsored



Replies

Ilavelan Kanniappan (MSFT) on Fri, 16 Jun 2017 12:48:20


1) Please use the below cmdlets to get the cert

# Get the Cert

$CertPath = "C:\demoesp.pfx"

$cert = Get-AutomationCertificate -Name 'demoesp'

$certPassword = "xxxxxxxxxxxxx"  

$PfxCert = $cert.Export("pfx",$certPassword)

Set-Content -Value $PfxCert -Path $CertPath -Force -Encoding Byte | Write-Verbose   

dir $CertPath

2) In Create HDInsight call pass the $CertPath  & $certPassword

New-AzureRmHDInsightCluster `

:

  -CertificateFilePath $CertPath `

-CertificatePassword $certPassword

3) Please set the cert 'demoesp'   exportable to yes in automation cert asset

Karthick Radhakrishnan on Sat, 17 Jun 2017 16:17:36


Illavelan,

Thanks for the reply. I tried as above, but I'm getting the error as shown. 

"System.Byte". Error: "Input string was not in a 
correct format."

Please refer attached Error Snippet below for more reference,

New-AzureRmHDInsightCluster : Cannot bind parameter 'CertificateFileContents'. Cannot convert value "MIIJsQIBAzCCCXEGCSq
GSIb3DQEHAaCCCWIEggleMIIJWjCCBhsGCSqGSIb3DQEHAaCCBgwEggYIMIIGBDCCBgAGCyqGSIb3DQEMCgECoIIE/jCCBPowHAYKKoZIhvcNAQwBAzAOBAh
+acDX+OuvJAICB9AEggTY9IFaervcRjtf+yaP96HkQmVdyKZGeDnbHr22GjIEX6uj6y2kpvp8XoFJzNdscKh5ZV78WjvFulEX5HP4bxfs0y01MSDyVtx2dOn
Ghb2zJsFVXYB0pC6l6qTj2GgIJro17pPtgjDjIFqeWhANaclb3JokFgAp6Kzua+tLPLWLrmhtFiQDwvFIPW2AuPjtHTeleGEj8d1p467PhGWQszIw0ZiSKU5
3zyTqbZSINUAoGQ2Si7ufn6AZJtFVkJDVCYFkc4m3LgE0+J376wuOTvaAMRfyK3bcwpCqBOVNP0wP16ZlHWqGmXamihybPozbliwZ0yV1gYMRMZy5oIVIVvz
syiqL/R64eStbqvhsqxptzYW9PIbKoceLoh9ZQ1b2aCWdOsespgL/gbEmUBsfkkeztoDEZ6nl1SGqjhtA5ukMZukNvMjN9eK+H2i1QAIoPvDrqH2T9lYW6X2
o18HX2/k/mYeAmDFUQD+CrV1Rn34wlhpnoyKWN0DgVIL3UDmb6SkkVr8GD6lkDG+CKwxqDFJKiuDfpd7t5o/EanjLbePmwL8jMv2tjb4UB4vlm1Ul8GsvRkB
gecVVM7dhWVEGCu8mM6x5TSgJbNiaROKnrTcC/VzJoaI48lkuMTwRrOwYPRNnLmrzQO05PBn6E5w5mWy/RXIWzhg3OsMV/VOX2lWenOWUXciqMSnmdlrLOIr
oVcWixewramvg02xaT5k8DhOzsS62sXoKaycdOXDap1/MsbmSqUTpZdlKPhg2DIkfegWLpcc5nkvqWYVXXlpVSnIRvJSoNekC9OegrHqAAdeus6tDLkQGtq8
bKgpkMf9h3NYLaFLBvgePXYmix+53mTzxL1DrDKTdt5a6iGrK6Ygn3amiEmWXHdLUabjqp286yBpiGg6d3mxnItVLmUY6SUR7ORog0mEbXcys2XsQXKxbahb
/zuJLNKBpOPCvcL7E3zoGntuTMtIDFFEPrcQWLg2meRayNz8e2IsO34AYjYeptk8vviRSwrZvTkEuPLQO48Bpa094d0giETKsBPXnbvCa8/ToDVZdht6C7Wq
zv6puRVO2NTWFR7mDjNwfiiqAivKemcVWv0dtd6Ftw4b4fv9yTW6cL5VSdeEvFjcHNUVtt7f0eVjVWtamfdwvgzNeDyTW+MevO+J7MJN+J2eaMdWtoV7rx6M
tMGkm8FxQKtQ4D2kTc6mfzK5Cw9nlTEgzYHAIcAvLXmsRSUyQRBprnsjSIQdqWXeQgC4oF+FungD5hBYFjhXzC/gKvvAZaFyw6RohmEWhi+F315PzaRbrKDe
D4paZ+FXByFJQejmv1/jByqTYlS045MeQm4CknIZ7AysXUCi0DlMoAoOjBPZA2b3vgLTl8fk0HGrmjUrcO/wXtISSaqMu/Tx6GZLcGIZLQpZNZJUunMnn2Cq
BF+Vv5Zcl9lo8qh15AbyrJhfgXE2UDFznJQ7P/t7uUMyZka6kj3NvbkJQ3uDakJtLllAq7PRgljgqHXuCQBZxHhcxR5cch8Ux+sfsfEZ05Qx90QTA9IgPMIl
YH9CsncTqUYDVRIS/5KkMi2XksRfnxeJuYNyA8htX3EKHmu2srtoQJkk0ubifRE1cO1QnqHmGM/tTMzB+aWvZkXllOf7an23ZH9IGTCn5+Ssi5ApmijGB7jA
NBgkrBgEEAYI3EQIxADATBgkqhkiG9w0BCRUxBgQEAQAAADBbBgkqhkiG9w0BCRQxTh5MAHsAMgA0ADkANgA4AEYARQBBAC0AOQBEAEEANgAtADQANgAyADk
ALQA5ADIAMAAxAC0AOQA2ADUAQwA0ADkAQwA2ADkARgAwADEAfTBrBgkrBgEEAYI3EQExXh5cAE0AaQBjAHIAbwBzAG8AZgB0ACAARQBuAGgAYQBuAGMAZQB
kACAAQwByAHkAcAB0AG8AZwByAGEAcABoAGkAYwAgAFAAcgBvAHYAaQBkAGUAcgAgAHYAMQAuADAwggM3BgkqhkiG9w0BBwagggMoMIIDJAIBADCCAx0GCSq
GSIb3DQEHATAcBgoqhkiG9w0BDAEGMA4ECJFNEKEU1JARAgIH0ICCAvBXrhTR15ZINIPgizKC78lsyPd/Gm1EvwLpZxxn9HkRk/4orfF04VR8HM0K6Wqo536
GCAAGsoIJtZUxISd6j/wbhbhJ6WVw7k/NkXD/MQLrW0VA73tLKhLuaXu79qqsF8tOjubZQF0mX+8Ge1OPvb0V4+BUCjS30JOpaWD9zfMYHP7KjZyBQWKoJYH
ODjkQA2UjVbBoRg+jUPrl3h4aMDboHz0g0Mr45SpVi2lQEXpW/l39Cn+MPyBC+nHlkg9SKLWzi/jJ63O24E3Ybyt/EwGrM0uzjTFbbg8Y4oiADGrB3jnZJIf
J9Wd+Ko1XJ/T6o3oO3PlyIxTzJIPKpjlpWcCKE0xWj1M5ni657Wq4YSGzGNFoRmdo07VwHSq/Ez3yTlR8hTe8ORz6XxUtna54BQIe0mzNzyBUL8XnuHK+hkb
10DwNGmHRJbDuM4v7hh46GJggRIoKfTAbs+3e2KxCgeetkW5YmuaXueO5tYooVwyNhBaVXa/xz29hgKTerXvRlhgeidWxgT1ZWlZFBzbSkG0YsBJUJTa4Q/n
7zP57DxfM41MRue99WES7vyv3jjncWNFmY3MeZAy5b+4QTKzBYlbdGU1+ZODoDqKquGNmSlxZHf/dIGLSDAMYX414S22kKhWLIHgmAoIsVg/TbAXLJOh0Tgh
NFch3ZW8aLS/rEP9ErO/kbhHwuWe/w0BkTofScHw9I5fCFozkD75ibgaOnGa+31iSbzcvUrf+ueJbuRNbGOLXw3bTVeWfyYWAOS7LimwJecgRuabD/nZPI5T
UW5iTOYrA6M8rorMFLcJODApteurZnNA8K9FvjtBgIM1lan2QuF9NJTXA5rt72Tjf7mrOWrrsDSr8F36G5bX96PPiE5OTcBvaE8/FvD6FE7bjTO0BmMi2fd0
tCv/K+6FQiIm+WUqXhXhLGuSFLEvg3w59+ho8HxaF9fEks+pGMUnzVrvI2aoaFo+phnntCUHjXA4n5W6payWuu10z6ZandByoDDA3MB8wBwYFKw4DAhoEFIe
zu5cAn4rpsmPoKv2B1BQoMNbLBBRKxayzZhfd99NZYcj3dHDpjoHKIg==" to type "System.Byte". Error: "Input string was not in a 
correct format."
At line:66 char:501
+ ... Path -ObjectId $ObjectId -CertificateFileContents $secureCert -Certif ...
+                                                       ~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (:) [New-AzureRmHDInsightCluster], ParameterBindingException
    + FullyQualifiedErrorId : 
CannotConvertArgumentNoMessage,Microsoft.Azure.Commands.HDInsight.NewAzureHDInsightClusterCommand


And this is my cmdlets

//To Obtain Certificate Contents
$CertPath = "C:\demoesp.pfx"
$cert = Get-AutomationCertificate -Name 'demoesp'
$certPassword = "xxxxxxxxxxx"  
$PfxCert = $cert.Export("pfx",$certPassword)
Set-Content -Value $PfxCert -Path $CertPath -Force -Encoding Byte | Write-Verbose   
dir $CertPath
$secureCert = [System.Convert]::ToBase64String((Get-Content $CertPath -Encoding Byte))
$credential = [System.Convert]::ToBase64String($cert.GetRawCertData())
Write-Output $secureCert


//To Create HDInsight

New-AzureRmHDInsightCluster 
-AadTenantId $servicePrincipalConnection.TenantId 
-ClusterType $ClusterType 
-OSType Linux 
-ClusterSizeInNodes $ClusterSizeInNodes 
-ResourceGroupName $resourceGroupName  
-ClusterName $clusterName  
-HttpCredential $HttpCredential 
-SshCredential $SshCredential 
-Location $location 
-DefaultStorageAccountType AzureDataLakeStore 
-DefaultStorageAccountName $DefaultStorageAccountName 
-DefaultStorageRootPath $DefaultStorageRootPath 
-ObjectId $ObjectId 
-CertificateFileContents $secureCert 
-CertificatePassword $certPassword

My Service Principal creation and data lake store permission assignments are working fine other than this.

Regards,

Karthick


Ilavelan Kanniappan (MSFT) on Mon, 19 Jun 2017 13:09:25


Could u please try the below one? 

//To Obtain Certificate Contents
$CertPath = "C:\demoesp.pfx"
$cert = Get-AutomationCertificate -Name 'demoesp'
$certPassword = "xxxxxxxxxxx" 
$PfxCert = $cert.Export("pfx",$certPassword)
Set-Content -Value $PfxCert -Path $CertPath -Force -Encoding Byte | Write-Verbose  
dir $CertPath

//To Create HDInsight
New-AzureRmHDInsightCluster
-AadTenantId $servicePrincipalConnection.TenantId
-ClusterType $ClusterType
-OSType Linux
-ClusterSizeInNodes $ClusterSizeInNodes
-ResourceGroupName $resourceGroupName 
-ClusterName $clusterName 
-HttpCredential $HttpCredential
-SshCredential $SshCredential
-Location $location
-DefaultStorageAccountType AzureDataLakeStore
-DefaultStorageAccountName $DefaultStorageAccountName
-DefaultStorageRootPath $DefaultStorageRootPath
-ObjectId $ObjectId
-CertificateFilePath $CertPath
-CertificatePassword $certPassword

Karthick Radhakrishnan on Mon, 19 Jun 2017 17:43:28


Thanks much Illavelan. It worked like a charm. :)