SkylineUtils.psm1
|
function checkfile { $fileuname = '/usr/bin/uname' if (-not(Test-Path -Path $fileuname -PathType Leaf)) { $file = 'c:\skyline\SkylineUtils-config.ps1' } else { $file = './SkylineUtils-config.ps1' } return $file } function getaccesstoken2 { $Header = @{ "Accept" = "application/json" "Content-Type" = "application/x-www-form-urlencoded" } $file = checkfile . $file $Body = @{ refresh_token = "$APITOKEN" } $MYTOKEN = Invoke-RestMethod -method Post -Uri "$APITOKENSERVER" -Headers $Header -Body $Body return $MYTOKEN.access_token } function createsource { $file = checkfile if (-not(Test-Path -Path $file -PathType Leaf)) { try { $null = New-Item -ItemType File -Path $file -Force -ErrorAction Stop } catch { throw $_.Exception.Message } } } function vcenterpatch { plink -ssh root@$VCENTER -no-antispoof 'software-packages stage --iso --acceptEulas' plink -ssh root@$VCENTER -no-antispoof 'software-packages install' #plink -ssh root@$VCENTER -no-antispoof -batch "software-packages stage --iso --acceptEulas ; software-packages install" } function patching { $patches = get-patch $PATCHX $getpatchx = get-patchbaseline $PATCHX if ($getpatchx -lt 1) { new-patchbaseline -name $PATCHX -includepatch $patches -static } get-baseline $PATCHX | attach-baseline -entity $ESX get-inventory $ESX | scan-inventory } #patching function skyline-fixer { [CmdletBinding()] param( [string]$OPTIONX, [string]$CSVFILE, [string]$FIXWORK ) switch ( $OPTIONX ) { "kblist" { '' '' write-host "vSphere" write-host "https://kb.vmware.com/s/article/55650" write-host "https://kb.vmware.com/s/article/58715" write-host "https://kb.vmware.com/s/article/58874" write-host "https://kb.vmware.com/s/article/65207" write-host "https://kb.vmware.com/s/article/67129" write-host "https://kb.vmware.com/s/article/67529" write-host "https://kb.vmware.com/s/article/70737" write-host "https://kb.vmware.com/s/article/70813" write-host "https://kb.vmware.com/s/article/76163" write-host "https://kb.vmware.com/s/article/76372" write-host "https://kb.vmware.com/s/article/76613" write-host "https://kb.vmware.com/s/article/76630" write-host "https://kb.vmware.com/s/article/76755" write-host "https://kb.vmware.com/s/article/79520" write-host "https://kb.vmware.com/s/article/79694" write-host "https://kb.vmware.com/s/article/80703" write-host "https://kb.vmware.com/s/article/81576" write-host "https://kb.vmware.com/s/article/82374" write-host "https://kb.vmware.com/s/article/83829" write-host "https://kb.vmware.com/s/article/1003736" write-host "https://kb.vmware.com/s/article/1025279" write-host "https://kb.vmware.com/s/article/1025757" write-host "https://kb.vmware.com/s/article/2003322" write-host "https://kb.vmware.com/s/article/2136430" write-host "https://kb.vmware.com/s/article/2147959" write-host "https://kb.vmware.com/s/article/2150190" write-host "https://kb.vmware.com/s/article/2150794" write-host "https://kb.vmware.com/s/article/2150353" '' write-host "vSAN" write-host "https://kb.vmware.com/s/article/84209" write-host "https://kb.vmware.com/s/article/50121439" '' '' write-host "horizon" write-host "https://kb.vmware.com/s/article/2144475" '' write-host "vra (VMware Automation)" write-host "https://kb.vmware.com/s/article/1025279" '' '' write-host "vrops (VMware Operations Manager)" write-host "https://kb.vmware.com/s/article/53289" write-host "https://kb.vmware.com/s/article/76154" write-host "https://kb.vmware.com/s/article/2145578" '' '' write-host "VMSA" write-host "https://www.vmware.com/security/advisories/VMSA-2019-0022.html" write-host "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" write-host "https://www.vmware.com/security/advisories/VMSA-2020-0015.html" write-host "https://www.vmware.com/security/advisories/VMSA-2021-0013.html" '' '' createsource } #kblist "csv" { createsource import-csv $CSVFILE | foreach-object { $KB = $_."Reference" $VCENTER = $_."Source Name" $ESX = $_."Object Name" switch ( $KB ) { "https://kb.vmware.com/s/article/1025279" { connect-viserver -server $VCENTER get-vm $ESX | get-snapshot | remove-snapshot -confirm:$false disconnect-viserver -confirm:$false } #1025279 "https://kb.vmware.com/s/article/76372" { connect-viserver -server $VCENTER Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Set-VMHostService -Policy Off -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Set-VMHostService -Policy Off -Confirm:$false disconnect-viserver -confirm:$false } #76372 "https://kb.vmware.com/s/article/50121439" { #NOTE: scp intel-nmve-*.vib into ESX:/tmp plink root@$ESX 'esxcli softwarre vib install -v /tmp/intel-nvme-*.vib' } #50121439 "https://kb.vmware.com/s/article/53289" { #NOTE: ESX = VROPS plink root@$ESX 'service syslog stop' plink root@$ESX 'rm -f /var/log/warn* /var/log/auth.log* /var/log/messages*' plink root@$ESX 'service syslog start' #plink -batch root@$ESX "service syslog stop ; rm -f /var/log/warn* /var/log/auth.log* /var/log/messages* ; service syslog start" } #53289 "https://kb.vmware.com/s/article/76154" { #NOTE: ESX = VROPS plink root@$ESX 'service rsyslog restart' } #76154 "https://kb.vmware.com/s/article/2145578" { #NOTE: ESX = VROPS plink root@$ESX 'find /storage/log/ -mount -type f -mtime +1 -exec echo {} \; -exec truncate -cs 0 {} \; 2>&1 | tee /tmp/files_truncated.txt' } #2145578 "https://kb.vmware.com/s/article/76630" { #NOTE: check to make sure ssh has been enabled on ESX #NOTE: create for loop for multiple ESX server connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { if ($FIXWORK -eq 'fix') {#NOTE: scp QLC_bootbank_q*.vib into ESX:/tmp plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib' plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib' plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib' plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib' #plink -batch root@$ESX "esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib" } else { #NOTE: workaround plink root@$ESX 'esxcfg-module -d qfle3i' plink root@$ESX 'esxcfg-module -d qfle3f' plink root@$ESX 'esxcfg-module -d qcnic' #plink -batch root@$ESX "esxcfg-module -d qfle3i ; esxcfg-module -d qfle3f ; esxcfg-module -d qcnic" } } #6.5.* '6.7.*' { if ($FIXWORK -eq 'fix') {#NOTE: scp QLC_bootbank_q*.vib into ESX:/tmp plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib' plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib' plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib' plink root@$ESX 'esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib' #plink -batch root@$ESX "esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib" } else { #NOTE: workaround plink root@$ESX 'esxcfg-module -d qfle3i' plink root@$ESX 'esxcfg-module -d qfle3f' plink root@$ESX 'esxcfg-module -d qcnic' #plink -batch root@$ESX "esxcli softwarre vib install -v /tmp/QLC_bootbank_qcnic*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3f_*.vib ; esxcli softwarre vib install -v /tmp/QLC_bootbank_qfle3i_*.vib" } } #6.7.0 } #switch-HOSTX #NOTE: does not support v7.0 disconnect-viserver -confirm:$false } #76630 "https://kb.vmware.com/s/article/84209" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '7.0.*' { $PATCHX = "ESXi70U2-17630552" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #84209 "https://kb.vmware.com/s/article/79694" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '7.0.*' { $PATCHX = "ESXi70b-16324942" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #79694 "https://www.vmware.com/security/advisories/VMSA-2021-0013.html" { connect-viserver -server $VCENTER $PATCHX = "TOOLS-17901792" patching disconnect-viserver -confirm:$false } #vmsa-2021-0013 "https://www.vmware.com/security/advisories/VMSA-2020-0002.html" { connect-viserver -server $VCENTER $PATCHX = "TOOLS-15948996" patching disconnect-viserver -confirm:$false } #vmsa-2020-0002 "https://kb.vmware.com/s/article/76163" { connect-viserver -server $VCENTER $PATCHX = "TOOLS-15948996" patching disconnect-viserver -confirm:$false } #76163 "https://kb.vmware.com/s/article/2150794" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-201907201-UG" patching } #6.5.0 '6.7.*' { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #2150794 "https://kb.vmware.com/s/article/76613" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.0.*' { $PATCHX = "ESXi600-201911001" patching } #6.0.0 '6.5.*' { $PATCHX = "ESXi650-201911001" patching } #6.5.0 '6.7.*' { $PATCHX = "ESXi670-201911001" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #76613 "https://kb.vmware.com/s/article/1025757" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-202107001" patching } #6.5.0 '6.7.*' { $PATCHX = "ESXi670-202103001" patching } #6.7.0 '7.0.*' { $PATCHX = "ESXi70U2-17630552" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #1025757 "https://kb.vmware.com/s/article/67129" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-201907201-UG" patching } #6.5.0 '6.7.*' { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } #67129 "https://kb.vmware.com/s/article/70737" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.7.*' { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } #70737 "https://kb.vmware.com/s/article/65207 " { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.7.*' { $PATCHX = "ESXi670-201908201-UG" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } #70813 "https://kb.vmware.com/s/article/80703" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '7.0.*' { $PATCHX = "ESXi70U1-16850804" patching } #6.5.* '6.7.*' { $PATCHX = "ESXi670-202103001" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need v7.0 (ESXi_7.0.0-1.20.16321839) disconnect-viserver -confirm:$false } #80703 "https://www.vmware.com/security/advisories/VMSA-2019-0022.html" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.0.*' { $PATCHX = "ESXi600-201912001" patching } #6.0.* '6.5.*' { $PATCHX = "ESXi650-201912001" patching } #6.5.* '6.7.*' { $PATCHX = "ESXi670-201912001" patching } #6.7.0 } #switch-HOSTX #NOTE: INCOMPLETE - need DAS fix #NOTE: need Workaround disconnect-viserver -confirm:$false } #VMSA-2019-0022 "https://www.vmware.com/security/advisories/VMSA-2020-0015.html" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-202005401-SG" patching } #6.5.* '6.7.*' { $PATCHX = "ESXi670-202004101-SG" patching } #6.7.0 '7.0.*' { $PATCHX = "ESXi70b-16324942" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #VMSA-2020-0015 "https://www.vmware.com/security/advisories/VMSA-2020-0023.html" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-202011001" patching } #6.5.* '6.7.*' { $PATCHX = "ESXi670-202011001" patching } #6.7.0 '7.0.*' { $PATCHX = "ESXi70U1a-17119627" patching } #7.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #VMSA-2020-0023 "https://kb.vmware.com/s/article/58715" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-201810401-BG" patching } #6.5.* '6.7.*' { $PATCHX = "ESXi670-201810401-BG" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #58715 "https://kb.vmware.com/s/article/67529" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.5.*' { $PATCHX = "ESXi650-201912002" patching } #6.5.* '6.7.*' { $PATCHX = "ESXi670-202103001" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #67529 "https://kb.vmware.com/s/article/81576" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '7.0.*' { $PATCHX = "ESXi70U1c-17325551" patching } #7.0.* '6.7.0' { $PATCHX = "ESXi670-202011002" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #81576 "https://kb.vmware.com/s/article/79520" { #NOTE:config configs exist on vcenter connect-viserver -server $VCENTER get-advancedsetting -entity $ESX -name "config.task.timeout" | set-advancedsetting -value "7200" -confirm:$false get-advancedsetting -entity $ESX -name "config.vmomi.soapStubAdapter.blockingTimeoutSeconds" | set-advancedsetting -value "18000" -confirm:$false disconnect-viserver -confirm:$false } #79520 "https://kb.vmware.com/s/article/2144475" { #NOTE: ESX is really VM in this context #NOTE: VDI connect-viserver -server $VCENTER get-advancesetting -entity $ESX -name svga.enableScreenDMA | set-advancesetting -value TRUE -confirm:$false disconnect-viserver -confirm:$false } #2144475 "https://kb.vmware.com/s/article/2150190" { vcenterpatch } #2150190 "https://kb.vmware.com/s/article/76755" { vcenterpatch } #76755 "https://kb.vmware.com/s/article/83829" {#NOTE: NEED REVIEW vcenterpatch } #83829 "https://kb.vmware.com/s/article/83829" {#NOTE: NEED REVIEW vcenterpatch } #83829 "https://kb.vmware.com/s/article/82374" {#NOTE: NEED REVIEW 7.x vcenterpatch } #82374 "https://kb.vmware.com/s/article/1025279" { connect-viserver -server $VCENTER get-vm $ESX | get-snapshot | remove-snapshot -confirm:$false disconnect-viserver -confirm:$false } #1025279 "https://kb.vmware.com/s/article/1003736" { $file = checkfile . $file if ($NTPSERVER -eq $null) { $SAMPLENTP = select-string -path $file -pattern NTPSERVER if ($SAMPLENTP.Matches.Count -lt 1) { add-content $file '#NTPSERVER = "NEED-NTP-SERVER"' } write-host '' write-host "ERROR - cannot execute, please update NTPSERVER entry in $file" write-host '' } else { connect-viserver -server $VCENTER add-vmhostntpserver -vmhost $ESX -ntpserver $NTPSERVER get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | start-vmhostservice get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | set-vmhostservice -policy "automatic" disconnect-viserver -confirm:$false } } #1003736 "https://kb.vmware.com/s/article/2147959" { connect-viserver -server $VCENTER $PATCHX = "ESXi600-Update03" patching disconnect-viserver -confirm:$false } #2147959 "https://kb.vmware.com/s/article/58874" { connect-viserver -server $VCENTER $PATCHX = "ESXi670-Update02" patching disconnect-viserver -confirm:$false } #58874 "https://kb.vmware.com/s/article/2150353" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.0.*' { $PATCHX = "ESXi600-201711001" patching } #6.0.0 '6.5.*' { $PATCHX = "ESXi650-201712001" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #2150353 "https://kb.vmware.com/s/article/2136430" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '5.5.*' { $PATCHX = "ESXi550-201608001" patching } #5.5.* '6.0.*' { $PATCHX = "ESXi600-201611401-BG" patching } #6.0.* } #switch-HOSTX disconnect-viserver -confirm:$false } #2136430 "https://kb.vmware.com/s/article/55650" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { '6.7.*' { $PATCHX = "ESXi670-201811401-BG" patching } #6.7.* '6.5.*' { $PATCHX = "ESXi650-201811401-BG" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #55650 "https://kb.vmware.com/s/article/2003322" { $file = checkfile . $file if ($LOGDIR -eq $null) { $SAMPLELOGDIR = select-string -path $file -pattern LOGDIR if ( $SAMPLELOGDIR.Matches.Count -lt 1) { add-content $file '#LOGDIR = "NEED-LOG-DIR"' add-content $file '#LOGHOST = "NEED-LOG-HOST"' } write-host '' write-host "ERROR - cannot execute, please update LOGDIR and LOGHOST entries in $file" write-host '' } else { connect-viserver -server $VCENTER get-advancedsetting -entity $ESX -name "Syslog.global.logDir" | set-advancedsetting -value "[$LOGDIR] /" -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logDirUnique" | set-advancedsetting -value $true -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logHost" | set-advancedsetting -value "udp://$LOGHOST:514" -confirm:$false disconnect-viserver -confirm:$false } } #2003322 default { '' 'ERROR - cannot execute, this KB fix has not been implimented yet. Will be added in the near future.' '' } #default-csvfile } #switch-CSVFILE } #import } #csv default { '' 'USAGE: skyline-fixer ARG VARIABLE' ' kblist' ' csv Finding.csv (fix | workaround)' '' createsource } #default } #switch-OPTIONX } #function function skyline-helper { [CmdletBinding()] param( [string]$CHOICE1, [string]$CHOICE2, [string]$CHOICE3, [string]$CHOICE4, [string]$CHOICE5 ) switch ( $CHOICE1 ) { create-role { connect-viserver -server $CHOICE2 new-virole -name $CHOICE3 -privilege (get-viprivilege -id global.diagnostics, global.health, global.licenses, global.settings, system.anonymous, system.view, system.read) disconnect-viserver -confirm:$false } check-role { connect-viserver -server $CHOICE2 get-virole $CHOICE3 | get-viprivilege | select Id disconnect-viserver -confirm:$false } add-2-role { connect-viserver -server $CHOICE2 new-vipermission -entity (get-folder -norecursion) -principal $CHOICE3 -role $CHOICE4 -propagate:$true disconnect-viserver -confirm:$false } check-account { connect-viserver -server $CHOICE2 get-vipermission -principal $CHOICE3 disconnect-viserver -confirm:$false } stop-ssh { connect-viserver -server $CHOICE2 get-vmhost -name $CHOICE3 | get-vmhostservice | Where Key -EQ "TSM-SSH" | stop-vmhostservice -confirm:$false disconnect-viserver -confirm:$false } start-ssh { connect-viserver -server $CHOICE2 get-vmhost -name $CHOICE3 | get-vmhostservice | Where Key -EQ "TSM-SSH" | start-vmhostservice -confirm:$false disconnect-viserver -confirm:$false } skyline-prep { Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) choco install putty choco install curl } check-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --check" } install-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --install latest --accepteula" } check-version {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli version --appliance" } nsx-prep { install-module PowerNSX -force} reset-adminpw { plink -ssh root@$CHOICE2 -no-antispoof "cp /usr/local/skyline/ccf/config/generated/credentials.json /usr/local/skyline/ccf/config/generated/credentials.old" write-host '' write-host 'Please reboot skyline appliance now. The admin password is now "default"' write-host '' } check-nsxaccount { connect-nsxserver -vCenterServer $CHOICE2 get-nsxuserrole $CHOICE3 disconnect-nsxserver -confirm:$false } vrops-prep { install-module Vmware.VimAutomation.vROps -force} check-vropsaccount { connect-omserver $CHOICE2 get-omuser $CHOICE3 disconnect-omserver -confirm:$false } skyline-vm-check { connect-viserver -server $CHOICE2 get-vm $CHOICE3 disconnect-viserver -confirm:$false } skyline-vm-turnon { connect-viserver -server $CHOICE2 start-vm $CHOICE3 disconnect-viserver -confirm:$false } powercli-prep { install-module vmware.powercli -force Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false -confirm:$false Set-PowerCLIConfiguration -InvalidCertificateAction ignore -confirm:$false } ova-prep { $file = checkfile . $file if ($OVAPATH -eq $null) { $SAMPLEOVAPATH = select-string -path $file -pattern OVAPATH if ( $SAMPLEOVAPATH.Matches.Count -lt 1) { add-content $file '#OVAPATH = "NEED-OVA-PATH"' add-content $file '#OVANAME = "NEED-OVA-NAME"' add-content $file '#OVAIP = "NEED-OVA-IP"' add-content $file '#OVANETMASK = "NEED-OVA-NETMASK"' add-content $file '#OVADNS = "NEED-OVA-DNS"' add-content $file '#OVAGW = "NEED-OVA-GATEWAY"' add-content $file '#OVAPASSWD = "NEED-OVA-PASSWORD"' } } } ova-deploy { $file = checkfile . $file if ($OVAPATH -ne $null) { connect-viserver -server $CHOICE2 $ovfConfig = Get-OvfConfiguration $OVAPATH $ovfConfig.NetworkMapping.Network_1.Value = $CHOICE5 $ovfConfig.vami.VMware_Skyline_Appliance.gateway.value = $OVAGW $ovfConfig.vami.VMware_Skyline_Appliance.DNS.value = $OVADNS $ovfConfig.vami.VMware_Skyline_Appliance.ip0.value = $OVAIP $ovfConfig.vami.VMware_Skyline_Appliance.netmask0.value = $OVANETMASK $ovfConfig.Common.varoot_password.Value = $OVAPASSWD Import-VApp -source $OVAPATH -name $OVANAME -OvfConfiguration $ovfConfig -VMHost $CHOICE3 -datastore $CHOICE4 -diskstorageformat thin start-vm -vm $OVANAME -confirm:$false disconnect-viserver -confirm:$false } else { write-host '' write-host "ERROR - cannot execute, please update OVA entries in $file" write-host '' } } default { '' 'USAGE: skyline-help.ps1 ARG VARIABLE' ' (client arg): [powercli-prep]' ' (vcenter arg): [create-role | check-role | add-2-role | check-account]' ' (esx arg): [start-ssh | stop-ssh]' ' (skyline arg1): [ova-prep | ova-deploy | skyline-prep]' ' (skyline arg2): [check-update | install-update | check-version]' ' (skyline arg3): [skyline-vm-check | skyline-vm-turnon | reset-adminpw]' ' (nsx arg): [nsx-prep | check-nsxaccount]' ' (vrops arg): [vrops-prep | check-vropsaccount]' '' createsource } } } #skyline-helper function skyline-docker { [CmdletBinding()] param( [string]$CHOICE1, [string]$CHOICE2, [string]$CHOICE3, [string]$CHOICE4, [string]$CHOICE5 ) switch ( $CHOICE1 ) { docker-prep { $file = checkfile . $file if ($DOCKERPATH -eq $null) { $SAMPLEDOCKERPATH = select-string -path $file -pattern DOCKERPATH if ( $SAMPLEDOCKERPATH.Matches.Count -lt 1) { add-content $file '#DOCKERPATH = "NEED-OVA-PATH"' add-content $file '#DOCKERNAME = "NEED-OVA-NAME"' add-content $file '#DOCKERIP = "NEED-OVA-IP"' add-content $file '#DOCKERNETMASK = "NEED-OVA-NETMASK"' add-content $file '#DOCKERDNS = "NEED-OVA-DNS"' add-content $file '#DOCKERGW = "NEED-OVA-GATEWAY"' add-content $file '#DOCKERPASSWD = "NEED-OVA-PASSWORD"' } } } docker-deploy { $file = checkfile . $file if ($DOCKERPATH -ne $null) { connect-viserver -server $CHOICE2 $dovfConfig = Get-OvfConfiguration $DOCKERPATH $dovfConfig.NetworkMapping.Network_1.Value = $CHOICE5 $dovfConfig.vami.VMware_Skyline_Appliance.gateway.value = $DOCKERGW $dovfConfig.vami.VMware_Skyline_Appliance.DNS.value = $DOCKDERDNS $dovfConfig.vami.VMware_Skyline_Appliance.ip0.value = $DOCKERIP $dovfConfig.vami.VMware_Skyline_Appliance.netmask0.value = $DOCKERNETMASK $dovfConfig.Common.varoot_password.Value = $DOCKERPASSWD Import-VApp -source $OVAPATH -name $DOCKERNAME -OvfConfiguration $dovfConfig -VMHost $CHOICE3 -datastore $CHOICE4 -diskstorageformat thin start-vm -vm $DOCKERNAME -confirm:$false disconnect-viserver -confirm:$false } else { write-host '' write-host "ERROR - cannot execute, please update DOCKER entries in $file" write-host '' } } docker-install { #NOTE: fix path plink -ssh root@$CHOICE2 -no-antispoof 'mkdir /skyline' pscp "C:\Program Files\WindowsPowerShell\Modules\SkylineUtils\0.2.1\skylineutils-docker2.sh" root@"$CHOICE2":/skyline plink -ssh root@$CHOICE2 -no-antispoof 'chmod +x /skyline/skylineutils-docker2.sh' plink -ssh root@$CHOICE2 -no-antispoof '/skyline/skylineutils-docker2.sh -install' } docker-salt { plink -ssh root@$CHOICE2 -no-antispoof '/skyline/skylineutils-docker2.sh -install-salt' } docker-sftp { plink -ssh root@$CHOICE2 -no-antispoof '/skyline/skylineutils-docker2.sh -install-sftp' } default { '' 'USAGE: skyline-docker ARG VARIABLE' ' (arg1): [docker-prep | docker-deploy | docker-install]' ' (arg2): [docker-salt | docker-sftp]' '' createsource } } } #skyline-docker function skyline-comm { [CmdletBinding()] param( [string]$CHOICE1, [string]$CHOICE2, [string]$CHOICE3, [string]$CHOICE4, [string]$CHOICE5 ) switch ( $CHOICE1 ) { prep { $file = checkfile . $file if ($OVAPATH -eq $null) { $SAMPLEAPITOKEN = select-string -path $file -pattern APITOKEN if ( $SAMPLEAPITOKEN.Matches.Count -lt 1) { add-content $file '#APITOKEN = "NEED-API-TOKEN"' add-content $file '#APITOKENSERVER = "https://console.cloud.vmware.com/csp/gateway/am/api/auth/api-tokens/authorize?grant_type=refresh_token"' add-content $file '#ACCESSSERVER = "https://skyline.vmware.com/public/api/data"' } } } get-access-token { $MYTOKEN2 = getaccesstoken2 write-output $MYTOKEN2 } get-findings { $file = checkfile . $file $MYTOKEN2 = getaccesstoken2 invoke-restmethod -method post -Uri "$ACCESSSERVER" -Headers @{Authorization = "Bearer $MYTOKEN2"} -infile skyline.json -ContentType "application/json" } default { '' 'USAGE: skyline-comm ARG VARIABLE' ' (arg1): [prep]' ' (arg2): [get-access-token]' ' (arg3): [get-findings]' ' (arg4): [convert-2-csv]' ' (arg5): [send-2-slack]' '' createsource } } } #skyline-comm Export-ModuleMember -Function 'skyline-fixer', 'skyline-helper', 'skyline-docker', 'skyline-comm' |