dewyser.net

solutions, scripting and more

Tag: esxi

Certificates (in the home lab) made easy – renewing esxi certificates — 25th Aug 2023

Certificates (in the home lab) made easy – renewing esxi certificates

/Stefaan/Leave a comment

You could do this manually using vCenter GUI:

Select a Host and go to Configure > Certificate. There you have the option to first refresh and then renew the certificate. Now that your vCenter is an issuing certificate authority with our custom certificates it would issue certificate with the template we configured 2 steps back.

Another option, and certainly the preferred one if you have several hosts is to do this with PowerCLI:

$CertificateManager = Get-View -id (Get-View ServiceInstance).Content.CertificateManager

Get-VMHost | ForEach-Object -Process {$CertificateManager.CertMgrRefreshCACertificatesAndCRLs($_.id)}

Get-VMHost | ForEach-Object -Process {$CertificateManager.CertMgrRefreshCertificates($_.id)}

Now you’ll see that if you visit the esxi servers, they also have a valid certificate.

Automate the vlan creation — 13th Feb 2023

Automate the vlan creation

/Stefaan/Leave a comment

Ever had a distributed switch failing and need to roll back to a standard switch, realising that you need to manually create all the vlan on that standard switch?

The following script reads all the vms on a host and creates all the necessary vlan currently on the dvs on a new temporary standard switch. 

# Create a hashed secure password file from the client input
# Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File D:\secure-password.txt

$svc_account_username = "<username>"
$svc_account_password = get-content D:\secure-password.txt | ConvertTo-SecureString

# Parameter input variables
$vcenter = "<FQDN vCenter>"
$vcenter_host = "<FQDN Host>"

$portgroup_check = "dvv" #parameter to look for / name of the distributed switch vlan
$portgroup_replace = "stv" #parameter to replace with / name vlan on the new standard switch

$standard_switch = "<name new standard switch>"

$vms= @()
$dpgs = @()

Function OpenConnection {
    param(
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$username,
     [Parameter()]
     [securestring]$password
    )

    # Create a credential
    $cred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password) -ErrorAction Stop

    # Connect to vCenter
    if ($cred) {
        $connection = Connect-VIServer -Server $vcenter -Credential $cred -Force -ErrorAction Stop
    } else {
        $connection = $null
    }
    
    return $connection
}

Function GetHostVM {
    param(
     [Parameter()]
     [string]$vcenter_host
    )
    $vms = Get-VMHost -Name $vcenter_host -ErrorAction SilentlyContinue | Get-VM -ErrorAction SilentlyContinue | Select-Object -Property Name, @{N='PortGroupName';E={(Get-NetworkAdapter -VM $_).NetworkName -join '|'}}

    return $vms
}

Function GetVM {
    param(
     [Parameter()]
     [string]$vcenter_host
    )
    $vms = Get-VM -ErrorAction SilentlyContinue | Select-Object -Property Name, @{N='HostName';E={$_.VMHost.Name}}, @{N='PortGroupName';E={(Get-NetworkAdapter -VM $_).NetworkName -join '|'}} | Where-Object  {$_.HostName -like @($vcenter_host.Substring(0,7)+"*")}

    return $vms
}

Function CloseConnection {
    param(
     [Parameter()]
     [string]$vcenter
    )
    # Close vCenter connection
    Disconnect-VIServer -Server $vcenter -Confirm:$false
}

Function CheckPortGroup {
    param (
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$vcenter_host,
     [Parameter()]
     [string]$portgroup,
     [Parameter()]
     [string]$portgroup_check,
     [Parameter()]
     [string]$portgroup_replace,
     [Parameter()]
     [string]$standard_switch
    )

    $portgroup = $portgroup -replace $portgroup_check, $portgroup_replace

    $pg = Get-VirtualPortGroup -Server $vcenter -VMHost $vcenter_host -Name $portgroup -VirtualSwitch $standard_switch -ErrorAction SilentlyContinue

    return $pg
}

Function NewPortGroup {
    param (
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$vcenter_host,
     [Parameter()]
     [string]$portgroup,
     [Parameter()]
     [string]$portgroup_check,
     [Parameter()]
     [string]$portgroup_replace,
     [Parameter()]
     [string]$standard_switch,
     [Parameter()]
     [string]$vlan_id
    )

    $portgroup = $portgroup -replace $portgroup_check, $portgroup_replace

    $pg = New-VirtualPortGroup -Server $vcenter -Name $portgroup -VirtualSwitch $standard_switch -VLanId $vlan_id -ErrorAction SilentlyContinue

    return $pg
}

Function CheckStandardSwitch {
    param (
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$vcenter_host,
     [Parameter()]
     [string]$standard_switch
    )

    $svs = Get-VirtualSwitch -VMHost $vcenter_host -Name $standard_switch -Server $vcenter -ErrorAction SilentlyContinue

    return $svs
}

Function NewStandardSwitch {
    param (
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$vcenter_host,
     [Parameter()]
     [string]$standard_switch
    )

    $svs = New-VirtualSwitch -VMHost $vcenter_host -Name $standard_switch -Server $vcenter -ErrorAction SilentlyContinue

    return $svs
}

$connection = OpenConnection -vcenter $vcenter -username $svc_account_username -password $svc_account_password

if ($connection) {
    # Get the vm that are running on a host
    #$vms = GetHostVM -vcenter_host $vcenter_host
    $vms = GetVM -vcenter_host $vcenter_host


    # Get the distinct portgroups for those vm
    $dpgs =  $vms.portgroupname -split {$_ -like "*|*"} | Select-Object $_ -Unique | Sort-Object $_

    # Check if the temporary standard switch exists
    $vs_exists = CheckStandardSwitch -vcenter $vcenter -vcenter_host $vcenter_host -standard_switch $standard_switch

    if (!$vs_exists) {
        # Create the temporary standard switch
        $svs = NewStandardSwitch -vcenter $vcenter -vcenter_host $vcenter_host -standard_switch $standard_switch
    }

    foreach ($dpg in $dpgs) {
        # Check if the standard portgroup exists on the host
        if ($dpg -like @('*'+$portgroup_check+'*')) {
            $pg_exists = CheckPortGroup -vcenter $vcenter -vcenter_host $vcenter_host -portgroup $dpg -portgroup_check $portgroup_check -portgroup_replace $portgroup_replace -standard_switch $standard_switch

            if (!$pg_exists) {
                # Create standard portgroup on the host
                $svpg = NewPortGroup -vcenter $vcenter -vcenter_host $vcenter_host -portgroup $dpg -portgroup_check $portgroup_check -portgroup_replace $portgroup_replace -standard_switch $standard_switch -vlan_id $dpg.Substring($dpg.Length-3,3)
            }
        } else {
            Write-Host "Portgroup" $dpg "out of range." -ForegroundColor Red
        }
    }

    CloseConnection -vcenter $vcenter
}
Upgrading VMware Tools on host — 12th Jun 2022

Upgrading VMware Tools on host

/Stefaan/Leave a comment

In this case because of a CVE.

  • Download the VMware Tools packages from VMware Downloads.
  • Extract the VMware Tools packages
  • Copy the files (contents of folders floppies and vmtools) from the extracted location to the locker partition on the esxi host.

! If you haven’t enabled SSH, do so first.

scp -rp ./* root@<esxi-host>:/locker/packages/vmtoolsRepo

After copying the files the esxi shows that there is an update available.

Expanding the VMware tools information shows the current version.

Open the guest options and choose to Upgrade VMware Tools.

After a reboot the information show the new version information.

If you are not using SSH you can disable it again.