I am setting up a VM restoration pipeline. It looks like this:
I Copy the OS disk
$diskConfig = New-AzureRmDiskConfig -AccountType $storageType `
-Location $snapshot.Location -SourceResourceId $snapshot.Id -CreateOption Copy
$disk = New-AzureRmDisk -Disk $diskConfig -ResourceGroupName $resourceGroupName `
-DiskName $diskName
I then Attach it to my VM like so:
$vmConfig = New-AzureRmVMConfig -VMName $virtualMachineName `
-VMSize $virtualMachineSize
$vmConfig = Set-AzureRmVMOSDisk -VM `
$vmConfig -ManagedDiskId $disk.Id -CreateOption Attach -Windows
However I also want to indirectly modify the OSProfile property of the VM by binding a certificate to it as I am following this guide by Microsoft. I do:
$vmConfig = Add-AzureRmVMSecret -VM $vmConfig -SourceVaultId $vaultId `
-CertificateStore $certificateStore -CertificateUrl $certificateUrl
And now when I try to finalize the creation by
New-AzureRmVM -VM $vmConfig -ResourceGroupName $resourceGroupName -Location $location
I get an error:
New-AzureRmVM : Parameter 'osProfile' is not allowed.
I am aware that it modifies OSProfile.Secrets (that is - adds a new record to the list), but there is a restriction that I cannot edit it whatsover. I also tried doing it by creating a VM first and then adding those Secrets, but it gives me the almost the same error
Update-AzureRmVM : Changing property 'osProfile' is not allowed.
By the way, if I use FromImage instead of Attach, I get error:
New-AzureRmVM : Cannot specify user image overrides for a disk already defined in the specified image reference.
How can I solve this?
I ended up creating a powershell script that executes a powershell command (using Invoke-AzureRmVMRunCommand) on the VM which:
Retrieves certificates
Get-AzureKeyVaultSecret -VaultName $keyVaultName -name (Get-AzureKeyVaultSecret -VaultName $keyVaultName).name
Creates an ssl binding and assigns it to https binding
Get-ChildItem cert:\localmachine\My | New-Item -Path IIS:\SslBindings\!443