VMware.Community.VSANDP.psm1
Function Connect-VSANDataProtection { <# .NOTES =========================================================================== Created by: William Lam Date: 07/01/2024 Organization: Broadcom Blog: http://www.williamlam.com Twitter: @lamw =========================================================================== .SYNOPSIS Connect to the vSAN Data Protection API endpoint .DESCRIPTION This cmdlet creates $global:vsanDPConnection object containing the vSAN Data Protection URL along with valid vCenter SSO SAML Token .PARAMETER Server IP Address/Hostname of the vSAN Data Protection Appliance .PARAMETER VCenter IP Address/Hostname of the vCenter Server where vSAN Data Protection has been deployed .PARAMETER SSOUsername vCenter SSO Username (default: administrator@vsphere.local) .PARAMETER SSOPassword Password for SSO Username (SecureString) .PARAMETER TokenExpiryInDays Expiry (Days) for requested vCenter SSO SAML Token (default: 1) .EXAMPLE $plainTextPassword = "VMware1!" $secureString = ConvertTo-SecureString -String $plainTextPassword -AsPlainText Connect-VSANDataProtection -Server "snap.primp-industries.local" -VCenter "vcsa.primp-industries.local" -SSOPassword $secureString #> Param ( [Parameter(Mandatory=$true)][String]$Server, [Parameter(Mandatory=$true)][String]$VCenter, [Parameter(Mandatory=$false)][String]$SSOUsername="administrator@vsphere.local", [Parameter(Mandatory=$true)][SecureString]$SSOPassword, [Parameter(Mandatory=$false)][Int]$TokenExpiryInDays=1 ) $DATE_CURRENT=$(Get-Date -format s) $DATE_EXPIRY=$(Get-Date (Get-Date).AddDays($TokenExpiryInDays) -format s) $a,$SSDOMAIN = $SSOUsername.split("@") $STS_URL="https://${VCENTER}/sts/STSService/${SSDOMAIN}" $SSOPasswordPlainText = ConvertFrom-SecureString -SecureString $SSOPassword -AsPlainText $stsRequestBody = @" <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Header xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <ns5:Security xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns2="http://www.w3.org/2005/08/addressing" xmlns:ns3= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns4="http://www.rsa.com/names/2009/12/std-ext/WS-Trust1.4/advice" xmlns:ns5="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <ns3:Timestamp> <ns3:Created>${DATE_CURRENT}.000Z</ns3:Created> <ns3:Expires>${DATE_EXPIRY}.000Z</ns3:Expires> </ns3:Timestamp> <ns5:UsernameToken> <ns5:Username>$SSOUsername</ns5:Username> <ns5:Password>$SSOPasswordPlainText</ns5:Password> </ns5:UsernameToken> </ns5:Security> </SOAP-ENV:Header> <SOAP-ENV:Body xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <RequestSecurityToken xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512" xmlns:ns2="http://www.w3.org/2005/08/addressing" xmlns:ns3= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:ns4="http://www.rsa.com/names/2009/12/std-ext/WS-Trust1.4/advice" xmlns:ns5= "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <TokenType>urn:oasis:names:tc:SAML:2.0:assertion</TokenType> <RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</RequestType> <Renewing Allow="true" OK="false" /> <Delegatable>true</Delegatable> <KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</KeyType> <SignatureAlgorithm>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</SignatureAlgorithm> </RequestSecurityToken> </SOAP-ENV:Body> </SOAP-ENV:Envelope> "@ $stsHeaders = @{ "Content-Type" = 'text/xml; charset="UTF-8"' "SOAPAction" = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue" } $request = Invoke-WebRequest -Method POST -Uri $STS_URL -Headers $stsHeaders -Body $stsRequestBody -SkipCertificateCheck -SkipHeaderValidation if($request.StatusCode -eq 200) { $samlPattern = '<saml2:Assertion.*>(.*?)</saml2:Assertion>' $match = [regex]::Match($request.content, $samlPattern) if($match) { # https://stackoverflow.com/a/76696489 $outstream = [System.IO.MemoryStream]::new() $gzip = [System.IO.Compression.GZipStream]::new( $outstream, [System.IO.Compression.CompressionLevel]::Optimal) $bytes = [System.Text.Encoding]::UTF8.GetBytes($match.Value) $gzip.Write($bytes, 0, $bytes.Length) $gzip.Dispose() $outstream.Dispose() $samlToken = [System.Convert]::ToBase64String($outstream.ToArray()) } else { Write-Error "SAML Token request did not return valid results" } } else { Write-Error "Unable to request SAML Token from vCenter SSO" } $headers = @{ "Authorization"="SIGN token=$SamlToken" "Content-Type"="application/json" "Accept"="application/json" } $global:vsanDPConnection = new-object PSObject -Property @{ 'Server' = "https://${Server}/api/snapservice" 'headers' = $headers } $global:vsanDPConnection | Out-Null } Function Get-VSANDataProtectionVersion { <# .NOTES =========================================================================== Created by: William Lam Date: 07/01/2024 Organization: Broadcom Blog: http://www.williamlam.com Twitter: @lamw =========================================================================== .SYNOPSIS Returns the version of the vSAN Data Protection .DESCRIPTION This cmdlet returns the version of vSAN Data Protection .PARAMETER Troubleshoot Displays additional output showing both HTTP method and URL for vSAN Data Protection API request .EXAMPLE Get-VSANDataProtectionVersion #> Param ( [Switch]$Troubleshoot ) If (-Not $global:vsanDPConnection) { Write-error "No vSAN Data Protection Connection found, please use Connect-VSANDataProtection" } Else { $method = "GET" $versionURL = $global:vsanDPConnection.Server + "/info/about" if($Troubleshoot) { Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$versionURL`n" } try { $requests = Invoke-WebRequest -Uri $versionURL -Method $method -Headers $global:vsanDPConnection.headers -SkipCertificateCheck } catch { Write-Error "Error in retrieving vSAN DP Version" Write-Error "`n($_.Exception.Message)`n" break } if($requests.StatusCode -eq 200) { $requests.Content | ConvertFrom-Json } } } Function Get-VSANDataProtectionGroup { <# .NOTES =========================================================================== Created by: William Lam Date: 07/01/2024 Organization: Broadcom Blog: http://www.williamlam.com Twitter: @lamw =========================================================================== .SYNOPSIS Returns all vSAN Data Protection Groups .DESCRIPTION This cmdlet returns all vSAN Data Protection Groups .PARAMETER Name The name of a specific vSAN Data Protection Group to filter on .PARAMETER ClusterName The name of a vSAN Cluster to list all vSAN Data Protection Groups .PARAMETER Troubleshoot Displays additional output showing both HTTP method and URL for vSAN Data Protection API request .EXAMPLE Get-VSANDataProtectionGroup -ClusterName "vSAN-ESA-Cluster" .EXAMPLE Get-VSANDataProtectionGroup -ClusterName "vSAN-ESA-Cluster" -Name "vSAN-DP-PG-1" #> Param ( [Parameter(Mandatory=$False)]$Name, [Parameter(Mandatory=$True)]$ClusterName, [Switch]$Troubleshoot ) If (-Not $global:vsanDPConnection -or -Not $global:DefaultVIServer) { Write-error "No vSAN Data Protection or VI Server Connection found, please use Connect-VSANDataProtection and/or Connect-VIServer" } Else { $ClusterMoRef = (Get-Cluster -Name $ClusterName).ExtensionData.MoRef.Value if($ClusterMoRef -eq $null) { Write-Error "Unable to find $ClusterName" break } $method = "GET" $pgURL = $global:vsanDPConnection.Server + "/clusters/${ClusterMoRef}/protection-groups" if($Troubleshoot) { Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$pgURL`n" } try { $requests = Invoke-WebRequest -Uri $pgURL -Method $method -Headers $global:vsanDPConnection.headers -SkipCertificateCheck } catch { Write-Error "Error in retrieving vSAN DP Protection Groups for ${ClusterName}" Write-Error "`n($_.Exception.Message)`n" break } if($requests.StatusCode -eq 200) { $originalResults = ($requests.Content | ConvertFrom-Json).items $newResults = @() for($i=0; $i -lt $originalResults.Count; $i++){ # VM output is not user friendly, this converts MoRef ID to human readable labels $newVMs = @() foreach ($moref in $originalResults[$i].info.vms) { $vmRef = New-Object VMware.Vim.ManagedObjectReference $vmRef.Type = "VirtualMachine" $vmRef.Value = $moref $VM = Get-View $vmRef -Property Name $newVMs+=$VM.Name } $tmpResult = $originalResults[$i] $tmpResult.info.target_entities.vms = $newVMs $tmp = [PSCustomObject][ordered]@{ Id = $originalResults[$i].pg Name = $originalResults[$i].info.name Locked = $originalResults[$i].info.locked Status = $originalResults[$i].info.status Snapshots = $originalResults[$i].info.snapshots SnapshotPolicies = $originalResults[$i].info.snapshot_policies Entities = $tmpResult.info.target_entities VMs = $newVMs } $newResults+=$tmp } if ($PSBoundParameters.ContainsKey("Name")){ $newResults | where {$_.Name -eq $Name} } else { $newResults } } } } Function New-VSANDataProtectionGroup { <# .NOTES =========================================================================== Created by: William Lam Date: 07/01/2024 Organization: Broadcom Blog: http://www.williamlam.com Twitter: @lamw =========================================================================== .SYNOPSIS Creates a new vSAN Data Protection Groups .DESCRIPTION This cmdlet creates a vSAN Data Protection Groups .PARAMETER ClusterName The name of a vSAN Cluster to list all vSAN Data Protection Groups .PARAMETER Name The name of the vSAN Data Protection Group .PARAMETER VMNames List of VMs to place in vSAN Data Protection Group .PARAMETER VMPatterns Regular expression pattern for VMs to place in vSAN Data Protection Group .PARAMETER PolicyName The name of the protection policy (e.g. Weekly) (Only applicable for a single protection policy) .PARAMETER PolicyScheduleInterval The interval in which the protection policy should run (Only applicable for a single protection policy) .PARAMETER PolicyScheduleUnit The unit for the protection policy schedule (e.g. HOUR, DAY, WEEK or MONTH) .PARAMETER PolicyRetentionInterval The interval in which the protection policy should retain snapshots (Only applicable for a single protection policy) .PARAMETER PolicyRetentionUnit The unit for the protection policy retention (e.g. HOUR, DAY, WEEK or MONTH) .PARAMETER PolicySpec List of protection policies (see EXAMPLE for more details) .PARAMETER ImmutabilityMode Enable or Disable vSAN Data Protection Immutability Mode (default: false) .PARAMETER Troubleshoot Displays additional output showing both HTTP method and URL for vSAN Data Protection API request .EXAMPLE Create vSAN Data Protection Group using specific VMs and a single protection policy New-VSANDataProtectionGroup -ClusterName "vSAN-ESA-Cluster" -Name "VSAN-DP-1" -VMNames @("photon-01") -PolicyName "Daily" -PolicyScheduleInterval 30 -PolicyScheduleUnit MINUTE -PolicyRetentionInterval 1 -PolicyRetentionUnit HOUR .EXAMPLE Create vSAN Data Protection Group using a VM pattern and a single protection policy New-VSANDataProtectionGroup -ClusterName "vSAN-ESA-Cluster" -Name "VSAN-DP-2" -VMPatterns @("photon-02*","photon-03*") -PolicyName "Weekly" -PolicyScheduleInterval 1 -PolicyScheduleUnit WEEK -PolicyRetentionInterval 1 -PolicyRetentionUnit MONTH .EXAMPLE Create vSAN Data Protection Group using a VM pattern and multiple protection policies $policySpec = @( @{ "Name" = "Daily" "Schedule" = @{ "Interval" = 30 "Unit" = "MINUTE" } "Retention" = @{ "Interval" = 1 "Unit" = "DAY" } } @{ "Name" = "Weekly" "Schedule" = @{ "Interval" = 1 "Unit" = "WEEK" } "Retention" = @{ "Interval" = 1 "Unit" = "MONTH" } } @{ "Name" = "Monthly" "Schedule" = @{ "Interval" = 1 "Unit" = "MONTH" } "Retention" = @{ "Interval" = 6 "Unit" = "MONTH" } } ) New-VSANDataProtectionGroup -ClusterName "vSAN-ESA-Cluster" -Name "VSAN-DP-3" -VMPatterns @("photon-04*") -PolicySpec $policySpec #> Param ( [Parameter(Mandatory=$True)]$ClusterName, [Parameter(Mandatory=$True)][String]$Name, [Parameter(Mandatory=$False)][String[]]$VMNames, [Parameter(Mandatory=$False)][String[]]$VMPatterns, [Parameter(Mandatory=$False)][String]$PolicyName, [Parameter(Mandatory=$False)][Int]$PolicyScheduleInterval, [Parameter(Mandatory=$False)][ValidateSet("MINUTE","HOUR","DAY","WEEK","MONTH")][String]$PolicyScheduleUnit, [Parameter(Mandatory=$False)][Int]$PolicyRetentionInterval, [Parameter(Mandatory=$False)][ValidateSet("MINUTE","HOUR","DAY","WEEK","MONTH")][String]$PolicyRetentionUnit, [Parameter(Mandatory=$False)][Object[]]$PolicySpec, [Parameter(Mandatory=$False)][Boolean]$ImmutabilityMode=$false, [Switch]$Troubleshoot ) If (-Not $global:vsanDPConnection -or -Not $global:DefaultVIServer) { Write-error "No vSAN Data Protection or VI Server Connection found, please use Connect-VSANDataProtection and/or Connect-VIServer" } Else { $ClusterMoRef = (Get-Cluster -Name $ClusterName).ExtensionData.MoRef.Value if($ClusterMoRef -eq $null) { Write-Error "Unable to find $ClusterName" break } $method = "POST" $pgURL = $global:vsanDPConnection.Server + "/clusters/${ClusterMoRef}/protection-groups?vmw-task=true" $vmMoRefs = @() foreach ($vm in $VMNames) { $vmMoRefs+=(Get-VM $vm).ExtensionData.MoRef.Value } if($PolicySpec) { $snapshotPolicies = @() foreach ($policy in $PolicySpec) { $tmp = @{ "name" = $policy.Name "schedule" = @{ "unit" = $policy.Schedule.Unit "interval" = $policy.Schedule.Interval } "retention" = @{ "unit" = $policy.Retention.Unit "duration" = $policy.Retention.Interval } } $snapshotPolicies+=$tmp } $payload = @{ "locked" = $ImmutabilityMode "name" = $Name "snapshot_policies" = $snapshotPolicies } } else { $payload = @{ "locked" = $ImmutabilityMode "name" = $Name "snapshot_policies" = @( @{ "name" = $PolicyName "schedule" = @{ "unit" = $PolicyScheduleUnit "interval" = $PolicyScheduleInterval } "retention" = @{ "duration" = $PolicyRetentionInterval "unit" = $PolicyRetentionUnit } } ) } } if($VMNames) { $payload.add("target_entities",@{"vms" = $vmMoRefs}) } else { $payload.add("target_entities",@{"vm_name_patterns" = $VMPatterns}) } $body = $payload | ConvertTo-Json -depth 4 if($Troubleshoot) { Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$pgURL`n" Write-Host -ForegroundColor cyan "[DEBUG]`n$body`n" } try { $requests = Invoke-WebRequest -Uri $pgURL -Method $method -Headers $global:vsanDPConnection.headers -SkipCertificateCheck -Body $body } catch { Write-Error "Error in creating vSAN DP Group for ${ClusterName}" Write-Error "`n($_.Exception.Message)`n" break } if($requests.StatusCode -eq 202) { Write-Host -ForegroundColor Cyan "Creating vSAN DP Group ${Name}" } } } Function Remove-VSANDataProtectionGroup { <# .NOTES =========================================================================== Created by: William Lam Date: 07/01/2024 Organization: Broadcom Blog: http://www.williamlam.com Twitter: @lamw =========================================================================== .SYNOPSIS Removes a vSAN Data Protection Group .DESCRIPTION This cmdlet removes a vSAN Data Protection Group .PARAMETER Name The name of a specific vSAN Data Protection Group to remove .PARAMETER ClusterName The name of a vSAN Cluster to list all vSAN Data Protection Groups .PARAMETER DeleteAllSnapshots Delete all vSAN Data Protection Snapshots (default: false) .PARAMETER Troubleshoot Displays additional output showing both HTTP method and URL for vSAN Data Protection API request .EXAMPLE Get-VSANDataProtectionGroup -ClusterName "vSAN-ESA-Cluster" .EXAMPLE Get-VSANDataProtectionGroup -ClusterName "vSAN-ESA-Cluster" -Name "vSAN-DP-PG-1" #> Param ( [Parameter(Mandatory=$True)]$Name, [Parameter(Mandatory=$True)]$ClusterName, [Parameter(Mandatory=$False)][Boolean]$DeleteAllSnapshots=$false, [Switch]$Troubleshoot ) If (-Not $global:vsanDPConnection -or -Not $global:DefaultVIServer) { Write-error "No vSAN Data Protection or VI Server Connection found, please use Connect-VSANDataProtection and/or Connect-VIServer" } Else { $ClusterMoRef = (Get-Cluster -Name $ClusterName).ExtensionData.MoRef.Value if($ClusterMoRef -eq $null) { Write-Error "Unable to find $ClusterName" break } $vsanDP = (Get-VSANDataProtectionGroup -ClusterName $ClusterName -Name $Name).Id $method = "DELETE" if($DeleteAllSnapshots) { $pgURL = $global:vsanDPConnection.Server + "/clusters/${ClusterMoRef}/protection-groups/${vsanDP}?force=true&vmw-task=true" } else { $pgURL = $global:vsanDPConnection.Server + "/clusters/${ClusterMoRef}/protection-groups/${vsanDP}?vmw-task=true" } if($Troubleshoot) { Write-Host -ForegroundColor cyan "`n[DEBUG] - $method`n$pgURL`n" } try { $requests = Invoke-WebRequest -Uri $pgURL -Method $method -Headers $global:vsanDPConnection.headers -SkipCertificateCheck } catch { Write-Error "Error in deleting vSAN DP Group ${Name}" Write-Error "`n($_.Exception.Message)`n" break } if($requests.StatusCode -eq 202) { Write-Host -ForegroundColor Cyan "Removing vSAN DP Group ${Name}" } } } |