SkylineUtils.psm1
|
function createsource { $file = 'c:\skyline\SkylineUtils-config.ps1' if (-not(Test-Path -Path $file -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $file -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } } function patching { $patches = get-patch $PATCHX $getpatchx = get-patchbaseline $PATCHX if ($getpatchx -lt 1) { new-patchbaseline -name $PATCHX -includepatch $patches -static } get-baseline $PATCHX | attach-baseline -entity $ESX get-inventory $ESX | scan-inventory } #patching function skyline-fixer { [CmdletBinding()] param( [string]$OPTIONX, [string]$CSVFILE ) switch ( $OPTIONX ) { "kblist" { '' '' write-host "vSphere" write-host "https://kb.vmware.com/s/article/55650" write-host "https://kb.vmware.com/s/article/58715" write-host "https://kb.vmware.com/s/article/58874" write-host "https://kb.vmware.com/s/article/67529" write-host "https://kb.vmware.com/s/article/76372" write-host "https://kb.vmware.com/s/article/79520" write-host "https://kb.vmware.com/s/article/81576" write-host "https://kb.vmware.com/s/article/82374" write-host "https://kb.vmware.com/s/article/1003736" write-host "https://kb.vmware.com/s/article/1025279" write-host "https://kb.vmware.com/s/article/2003322" write-host "https://kb.vmware.com/s/article/2136430" write-host "https://kb.vmware.com/s/article/2147959" write-host "https://kb.vmware.com/s/article/2150353" '' write-host "horizon" write-host "https://kb.vmware.com/s/article/2144475" '' write-host "vra (VMware Automation)" write-host "https://kb.vmware.com/s/article/1025279" '' '' write-host "VMSA" write-host "https://www.vmware.com/security/advisories/VMSA-2020-0015.html" '' '' createsource } #kblist "csv" { createsource import-csv $CSVFILE | foreach-object { $KB = $_."Reference" $VCENTER = $_."Source Name" $ESX = $_."Object Name" switch ( $KB ) { "https://kb.vmware.com/s/article/1025279" { connect-viserver -server $VCENTER get-vm $ESX | get-snapshot | remove-snapshot -confirm:$false disconnect-viserver -confirm:$false } #76372 "https://kb.vmware.com/s/article/1025279" { connect-viserver -server $VCENTER Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Set-VMHostService -Policy Off -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Set-VMHostService -Policy Off -Confirm:$false disconnect-viserver -confirm:$false } #76372 "https://www.vmware.com/security/advisories/VMSA-2020-0015.html" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-202005401-SG" patching } #6.5.* '6.7.*' { $PATCHX = "ESXi670-202004101-SG" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } #VMSA-2020-0015 "https://kb.vmware.com/s/article/58715" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-201810401-BG" patching } #6.5.* '6.7.*' { $PATCHX = "ESXi670-201810401-BG" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #58715 "https://kb.vmware.com/s/article/67529" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-201912002" patching } #6.5.* '6.7.*' { $PATCHX = "ESXi670-202103001" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #67529 "https://kb.vmware.com/s/article/81576" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '7.0.*' { $PATCHX = "ESXi70U1c-17325551" patching } #7.0.* '6.7.0' { $PATCHX = "ESXi670-202011002" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #81576 "https://kb.vmware.com/s/article/79520" { #NOTE:config configs exist on vcenter connect-viserver -server $VCENTER get-advancedsetting -entity $ESX -name "config.task.timeout" | set-advancedsetting -value "7200" -confirm:$false get-advancedsetting -entity $ESX -name "config.vmomi.soapStubAdapter.blockingTimeoutSeconds" | set-advancedsetting -value "18000" -confirm:$false disconnect-viserver -confirm:$false } #79520 "https://kb.vmware.com/s/article/2144475" { #NOTE: ESX is really VM in this context #NOTE: VDI connect-viserver -server $VCENTER get-advancesetting -entity $ESX -name svga.enableScreenDMA | set-advancesetting -value TRUE -confirm:$false disconnect-viserver -confirm:$false } #2144475 "https://kb.vmware.com/s/article/82374" { plink -ssh root@$VCENTER -no-antispoof 'software-packages stage --iso --acceptEulas' plink -ssh root@$VCENTER -no-antispoof 'software-packages install' } #82374 "https://kb.vmware.com/s/article/1025279" { connect-viserver -server $VCENTER get-vm $ESX | get-snapshot | remove-snapshot -confirm:$false disconnect-viserver -confirm:$false } #1025279 "https://kb.vmware.com/s/article/1003736" { $file = 'c:\skyline\SkylineUtils-config.ps1' . $file if ($NTPSERVER -eq $null) { $SAMPLENTP = select-string -path $file -pattern NTPSERVER if ($SAMPLENTP.Matches.Count -lt 1) { add-content $file '#NTPSERVER = "NEED-NTP-SERVER"' } write-host '' write-host "ERROR - cannot execute, please update NTPSERVER entry in $file" write-host '' } else { connect-viserver -server $VCENTER add-vmhostntpserver -vmhost $ESX -ntpserver $NTPSERVER get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | start-vmhostservice get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | set-vmhostservice -policy "automatic" disconnect-viserver -confirm:$false } } #1003736 "https://kb.vmware.com/s/article/2147959" { connect-viserver -server $VCENTER $PATCHX = "ESXi600-Update03" patching disconnect-viserver -confirm:$false } #2147959 "https://kb.vmware.com/s/article/58874" { connect-viserver -server $VCENTER $PATCHX = "ESXi670-Update02" patching disconnect-viserver -confirm:$false } #58874 "https://kb.vmware.com/s/article/2150353" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.0.*' { $PATCHX = "ESXi600-201711001" patching } #6.0.0 '6.5.*' { $PATCHX = "ESXi650-201712001" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #2150353 "https://kb.vmware.com/s/article/2136430" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '5.5.*' { $PATCHX = "ESXi550-201608001" patching } #5.5.* '6.0.*' { $PATCHX = "ESXi600-201611401-BG" patching } #6.0.* } #switch-HOSTX disconnect-viserver -confirm:$false } #2136430 "https://kb.vmware.com/s/article/55650" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.7.*' { $PATCHX = "ESXi670-201811401-BG" patching } #6.7.* '6.5.*' { $PATCHX = "ESXi650-201811401-BG" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #55650 "https://kb.vmware.com/s/article/2003322" { $file= 'c:\skyline\SkylineUtils-config.ps1' . $file if ($LOGDIR -eq $null) { $SAMPLELOGDIR = select-string -path $file -pattern LOGDIR if ( $SAMPLELOGDIR.Matches.Count -lt 1) { add-content $file '#LOGDIR = "NEED-LOG-DIR"' add-content $file '#LOGHOST = "NEED-LOG-HOST"' } write-host '' write-host "ERROR - cannot execute, please update LOGDIR and LOGHOST entries in $file" write-host '' } else { connect-viserver -server $VCENTER get-advancedsetting -entity $ESX -name "Syslog.global.logDir" | set-advancedsetting -value "[$LOGDIR] /" -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logDirUnique" | set-advancedsetting -value $true -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logHost" | set-advancedsetting -value "udp://$LOGHOST:514" -confirm:$false disconnect-viserver -confirm:$false } } #2003322 } #switch-CSVFILE } #import } #csv default { '' 'USAGE: skyline-fixer ARG VARIABLE' ' kblist' ' csv Finding.csv' '' createsource } #default } #switch-OPTIONX } #function function skyline-helper { [CmdletBinding()] param( [string]$CHOICE1, [string]$CHOICE2, [string]$CHOICE3, [string]$CHOICE4, [string]$CHOICE5 ) switch ( $CHOICE1 ) { create-role { connect-viserver -server $CHOICE2 new-virole -name $CHOICE3 -privilege (get-viprivilege -id global.diagnostics, global.health, global.licenses, global.settings, system.anonymous, system.view, system.read) disconnect-viserver -confirm:$false } check-role { connect-viserver -server $CHOICE2 get-virole $CHOICE3 | get-viprivilege | select Id disconnect-viserver -confirm:$false } add-2-role { connect-viserver -server $CHOICE2 new-vipermission -entity (get-folder -norecursion) -principal $CHOICE3 -role $CHOICE4 -propagate:$true disconnect-viserver -confirm:$false } check-account { connect-viserver -server $CHOICE2 get-vipermission -principal $CHOICE3 disconnect-viserver -confirm:$false } stop-ssh { connect-viserver -server $CHOICE2 get-vmhost -name $CHOICE3 | get-vmhostservice | Where Key -EQ "TSM-SSH" | stop-vmhostservice -confirm:$false disconnect-viserver -confirm:$false } start-ssh { connect-viserver -server $CHOICE2 get-vmhost -name $CHOICE3 | get-vmhostservice | Where Key -EQ "TSM-SSH" | start-vmhostservice -confirm:$false disconnect-viserver -confirm:$false } skyline-prep { Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) choco install putty choco install curl } check-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --check" } install-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --install latest --accepteula" } check-version {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli version --appliance" } nsx-prep { install-module PowerNSX } check-nsxaccount { connect-nsxserver -vCenterServer $CHOICE2 get-nsxuserrole $CHOICE3 disconnect-nsxserver -confirm:$false } vrops-prep { install-module Vmware.VimAutomation.vROps } check-vropsaccount { connect-omserver $CHOICE2 get-omuser $CHOICE3 disconnect-omserver -confirm:$false } skyline-vm-check { connect-viserver -server $CHOICE2 get-vm $CHOICE3 disconnect-viserver -confirm:$false } powercli-prep { install-module vmware.powercli -force Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false -confirm:$false Set-PowerCLIConfiguration -InvalidCertificateAction ignore -confirm:$false } ova-prep { $file= 'c:\skyline\SkylineUtils-config.ps1' . $file if ($OVAPATH -eq $null) { $SAMPLEOVAPATH = select-string -path $file -pattern OVAPATH if ( $SAMPLEOVAPATH.Matches.Count -lt 1) { add-content $file '#OVAPATH = "NEED-OVA-PATH"' add-content $file '#OVANAME = "NEED-OVA-NAME"' add-content $file '#OVAIP = "NEED-OVA-IP"' add-content $file '#OVANETMASK = "NEED-OVA-NETMASK"' add-content $file '#OVADNS = "NEED-OVA-DNS"' add-content $file '#OVAGW = "NEED-OVA-GATEWAY"' add-content $file '#OVAPASSWD = "NEED-OVA-PASSWORD"' } } } ova-deploy { $file= 'c:\skyline\SkylineUtils-config.ps1' . $file if ($OVAPATH -ne $null) { connect-viserver -server $CHOICE2 $ovfConfig = Get-OvfConfiguration $OVAPATH $ovfConfig.NetworkMapping.Network_1.Value = $CHOICE5 $ovfConfig.vami.VMware_Skyline_Appliance.gateway.value = $OVAGW $ovfConfig.vami.VMware_Skyline_Appliance.DNS.value = $OVADNS $ovfConfig.vami.VMware_Skyline_Appliance.ip0.value = $OVAIP $ovfConfig.vami.VMware_Skyline_Appliance.netmask0.value = $OVANETMASK $ovfConfig.Common.varoot_password.Value = $OVAPASSWD Import-VApp -source $OVAPATH -name $OVANAME -OvfConfiguration $ovfConfig -VMHost $CHOICE3 -datastore $CHOICE4 -diskstorageformat thin start-vm -vm $OVANAME -confirm:$false disconnect-viserver -confirm:$false } else { write-host '' write-host "ERROR - cannot execute, please update OVA entries in $file" write-host '' } } default { '' 'USAGE: skyline-help.ps1 ARG VARIABLE' ' (client arg): [powercli-prep]' ' (vcenter arg): [create-role | check-role|add-2-role | check-account]' ' (esx arg): [start-ssh | stop-ssh]' ' (skyline arg): [ova-prep | ova-deploy | skyline-prep | skyline-vm-check | check-update | install-update | check-version]' ' (nsx arg): [nsx-prep | check-nsxaccount]' ' (vrops arg): [vrops-prep | check-vropsaccount]' '' createsource } } } #skyline-helper Export-ModuleMember -Function 'skyline-fixer', 'skyline-helper' |