dewyser.net

solutions, scripting and more

Tag: vcenter

Certificates (in the home lab) made easy – creating the (full)chain — 24th Aug 2023

Certificates (in the home lab) made easy – creating the (full)chain

/Stefaan/Leave a comment

The next part is copying and pasting in a text editor. We want to create a text file consisting of all the relevant certificate authorities certificates, chained together.

Important: The order of the certificates in the file. First comes the issuing, then the intermediate and last the root certificate authority.

If you need to create a full chain file for an appliance where the certificate was issued by the issuing certificate authority, that certificate would come before the issuing authority.

The result would look something like the example below:

-----BEGIN CERTIFICATE-----
MIIGpTCCBI2gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnDEtMCsGA1UEAxMkZGV3
eXNlci5sYWIgaW50ZXJuYWwgaW50ZXJtZWRpYXRlIGNhMQswCQYDVQQGEwJCRTEY
MBYGA1UECBMPV2VzdC1WbGFhbmRlcmVuMRIwEAYDVQQHEwlEaWtzbXVpZGUxFDAS
/teZKPvfY0A+CFssJv7J1KMXW4ZalB/P/g==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGuDCCBKCgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDElMCMGA1UEAxMcZGV3
eXNlci5sYWIgaW50ZXJuYWwgcm9vdCBjYTELMAkGA1UEBhMCQkUxGDAWBgNVBAgT
D1dlc3QtVmxhYW5kZXJlbjESMBAGA1UEBxMJRGlrc211aWRlMRQwEgYDVQQKEwtk
8Pnnih0eCUNHTcEAbzUkS7M2PYfl0GSbmo+FrADNmiltv8+MJHgefYz2cmI=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIGtzCCBJ+gAwIBAgIIXD+frbdXLCowDQYJKoZIhvcNAQELBQAwgZQxJTAjBgNV
BAMTHGRld3lzZXIubGFiIGludGVybmFsIHJvb3QgY2ExCzAJBgNVBAYTAkJFMRgw
FgYDVQQIEw9XZXN0LVZsYWFuZGVyZW4xEjAQBgNVBAcTCURpa3NtdWlkZTEUMBIG
pNldtiW4TxAfR24faPQ5e0h9xC8MolGiXESI9OJNCepMGCnFBRznmmyFoA==
-----END CERTIFICATE-----

Save this as chain.pem for the next part(s).

Automate the vlan creation — 13th Feb 2023

Automate the vlan creation

/Stefaan/Leave a comment

Ever had a distributed switch failing and need to roll back to a standard switch, realising that you need to manually create all the vlan on that standard switch?

The following script reads all the vms on a host and creates all the necessary vlan currently on the dvs on a new temporary standard switch. 

# Create a hashed secure password file from the client input
# Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File D:\secure-password.txt

$svc_account_username = "<username>"
$svc_account_password = get-content D:\secure-password.txt | ConvertTo-SecureString

# Parameter input variables
$vcenter = "<FQDN vCenter>"
$vcenter_host = "<FQDN Host>"

$portgroup_check = "dvv" #parameter to look for / name of the distributed switch vlan
$portgroup_replace = "stv" #parameter to replace with / name vlan on the new standard switch

$standard_switch = "<name new standard switch>"

$vms= @()
$dpgs = @()

Function OpenConnection {
    param(
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$username,
     [Parameter()]
     [securestring]$password
    )

    # Create a credential
    $cred = New-Object System.Management.Automation.PSCredential -ArgumentList ($username, $password) -ErrorAction Stop

    # Connect to vCenter
    if ($cred) {
        $connection = Connect-VIServer -Server $vcenter -Credential $cred -Force -ErrorAction Stop
    } else {
        $connection = $null
    }
    
    return $connection
}

Function GetHostVM {
    param(
     [Parameter()]
     [string]$vcenter_host
    )
    $vms = Get-VMHost -Name $vcenter_host -ErrorAction SilentlyContinue | Get-VM -ErrorAction SilentlyContinue | Select-Object -Property Name, @{N='PortGroupName';E={(Get-NetworkAdapter -VM $_).NetworkName -join '|'}}

    return $vms
}

Function GetVM {
    param(
     [Parameter()]
     [string]$vcenter_host
    )
    $vms = Get-VM -ErrorAction SilentlyContinue | Select-Object -Property Name, @{N='HostName';E={$_.VMHost.Name}}, @{N='PortGroupName';E={(Get-NetworkAdapter -VM $_).NetworkName -join '|'}} | Where-Object  {$_.HostName -like @($vcenter_host.Substring(0,7)+"*")}

    return $vms
}

Function CloseConnection {
    param(
     [Parameter()]
     [string]$vcenter
    )
    # Close vCenter connection
    Disconnect-VIServer -Server $vcenter -Confirm:$false
}

Function CheckPortGroup {
    param (
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$vcenter_host,
     [Parameter()]
     [string]$portgroup,
     [Parameter()]
     [string]$portgroup_check,
     [Parameter()]
     [string]$portgroup_replace,
     [Parameter()]
     [string]$standard_switch
    )

    $portgroup = $portgroup -replace $portgroup_check, $portgroup_replace

    $pg = Get-VirtualPortGroup -Server $vcenter -VMHost $vcenter_host -Name $portgroup -VirtualSwitch $standard_switch -ErrorAction SilentlyContinue

    return $pg
}

Function NewPortGroup {
    param (
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$vcenter_host,
     [Parameter()]
     [string]$portgroup,
     [Parameter()]
     [string]$portgroup_check,
     [Parameter()]
     [string]$portgroup_replace,
     [Parameter()]
     [string]$standard_switch,
     [Parameter()]
     [string]$vlan_id
    )

    $portgroup = $portgroup -replace $portgroup_check, $portgroup_replace

    $pg = New-VirtualPortGroup -Server $vcenter -Name $portgroup -VirtualSwitch $standard_switch -VLanId $vlan_id -ErrorAction SilentlyContinue

    return $pg
}

Function CheckStandardSwitch {
    param (
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$vcenter_host,
     [Parameter()]
     [string]$standard_switch
    )

    $svs = Get-VirtualSwitch -VMHost $vcenter_host -Name $standard_switch -Server $vcenter -ErrorAction SilentlyContinue

    return $svs
}

Function NewStandardSwitch {
    param (
     [Parameter()]
     [string]$vcenter,
     [Parameter()]
     [string]$vcenter_host,
     [Parameter()]
     [string]$standard_switch
    )

    $svs = New-VirtualSwitch -VMHost $vcenter_host -Name $standard_switch -Server $vcenter -ErrorAction SilentlyContinue

    return $svs
}

$connection = OpenConnection -vcenter $vcenter -username $svc_account_username -password $svc_account_password

if ($connection) {
    # Get the vm that are running on a host
    #$vms = GetHostVM -vcenter_host $vcenter_host
    $vms = GetVM -vcenter_host $vcenter_host


    # Get the distinct portgroups for those vm
    $dpgs =  $vms.portgroupname -split {$_ -like "*|*"} | Select-Object $_ -Unique | Sort-Object $_

    # Check if the temporary standard switch exists
    $vs_exists = CheckStandardSwitch -vcenter $vcenter -vcenter_host $vcenter_host -standard_switch $standard_switch

    if (!$vs_exists) {
        # Create the temporary standard switch
        $svs = NewStandardSwitch -vcenter $vcenter -vcenter_host $vcenter_host -standard_switch $standard_switch
    }

    foreach ($dpg in $dpgs) {
        # Check if the standard portgroup exists on the host
        if ($dpg -like @('*'+$portgroup_check+'*')) {
            $pg_exists = CheckPortGroup -vcenter $vcenter -vcenter_host $vcenter_host -portgroup $dpg -portgroup_check $portgroup_check -portgroup_replace $portgroup_replace -standard_switch $standard_switch

            if (!$pg_exists) {
                # Create standard portgroup on the host
                $svpg = NewPortGroup -vcenter $vcenter -vcenter_host $vcenter_host -portgroup $dpg -portgroup_check $portgroup_check -portgroup_replace $portgroup_replace -standard_switch $standard_switch -vlan_id $dpg.Substring($dpg.Length-3,3)
            }
        } else {
            Write-Host "Portgroup" $dpg "out of range." -ForegroundColor Red
        }
    }

    CloseConnection -vcenter $vcenter
}