#---------------------------------------------------------------------------------------------------------------------------------------------------- $creds = Get-Credential #Connect VC1 Connect-VIServer 'itdvmvc1.nd.gov' -Credential $creds #Connect VC2 Connect-VIServer 'itdvmvc2.nd.gov' -Credential $creds #Connect VCT1 Connect-VIServer 'itdvmvct1.nd.gov' -Credential $creds #Connect VCT2 Connect-VIServer 'itdvmvct2.nd.gov' -Credential $creds #Connect OneView Connect-HPOVMgmt -Hostname 'itdoneviewp1.nd.gov' -Credential $creds -LoginAcknowledge #---------------------------------------------------------------------------------------------------------------------------------------------------- #VMHosts to Patch $VMHostNames = @" itdvmbiswin19.nd.gov itdvmbislin10.nd.gov itdvmbiswas08.nd.gov itdvmbissql14.nd.gov itdvmbissql15.nd.gov itdvmbistel09.nd.gov itdvmbisvapp04.nd.gov itdvmbissqla02.nd.gov itdvmbiswas09.nd.gov itdvmbiswin08.nd.gov itdvmbiswin14.nd.gov itdvmbisps18.nd.gov "@ $VMHostNames = ConvertTo-Array -MultiLineString $VMHostNames #---------------------------------------------------------------------------------------------------------------------------------------------------- #Disable Alarms and Disconnect CDROM foreach ($VMHostName in $VMHostNames) { Write-Warning -Message ("Start $VMHostName") $GetVMHost = Get-VMHost $VMHostName #$VMHostParent = $GetVMHost.Parent #$HostCluster = Get-Cluster -VMHost $VMHostName <#$NewSpec = New-Object VMware.Vim.ClusterConfigSpec $NewSpec.DasConfig = New-Object VMware.Vim.ClusterDasConfigInfo $NewSpec.DasConfig.AdmissionControlPolicy = New-Object VMware.Vim.ClusterFailoverResourcesAdmissionControlPolicy $NewSpec.DasConfig.AdmissionControlPolicy.AutoComputePercentages = $true $HostCluster.ExtensionData.ReconfigureCluster($NewSpec, $true) #> $VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0] $alarmMgr = Get-View AlarmManager -Server $VIServer $alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled if ($alarmEnabled -eq $true) { $alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $false) } $VMs = $GetVMHost | Get-VM #Disconnect CDROM and/or VMtools ISO foreach ($VM in $VMs) { $GetVM = Get-VM $VM $CDDrive = $GetVM | Get-CDDrive if ($CDDrive | Where-Object { $_.IsoPath -Like "*vmware/isoimages*" }) { $GetVM | Dismount-Tools #$CDDrive | Set-CDDrive -NoMedia -Confirm:$false } elseif ($CDDrive.HostDevice -Like "*drive*") { $CDDrive | Set-CDDrive -NoMedia -Confirm:$false } } $GetVMHost = $null } #Move Powered Off VMs foreach ($VMHostName in $VMHostNames) { $VMHostDetails = Get-VMHost -Name $VMHostName $VMHostParent = $VMHostDetails.Parent.Name $VMHostMigrate = Get-Cluster $VMHostParent | Get-VMHost | Where-Object Name -NE $VMHostName | Select-Object -First 1 $VMsPoweredOff = Get-VMHost $VMHostName | Get-VM | Where-Object PowerState -EQ "PoweredOff" If ($VMsPoweredOff) { Move-VM -VM $VMsPoweredOff -Destination $VMHostMigrate } } #Enter Maintenance Mode Set-VMHost -VMHost $VMHostNames -State "Maintenance" -RunAsync #Monitor Get-VMHost -Name $VMHostNames | Sort-Object Name | Select-Object Name, ConnectionState, @{Name = "VM.count"; E = { @($_ | Get-VM | Where-Object { $_.ExtensionData.Summary.Config.ManagedBy.Type -NE "placeholderVm" }).Count } } # Move to HostUpgradesInProgress Folder ??? -- if host is moved out of the cluster, may break affinity rules #Get-VMHost -Name $VMHostNames | Move-VMHost -Destination "HostUpgradesInProgress" #---------------------------------------------------------------------------------------------------------------------------------------------------- #Shutdown Host Stop-VMHost -VMHost $VMHostNames -Confirm:$false #Monitor Get-VMHost $VMHostNames | Select-Object -Property Name, ConnectionState, CpuUsageMhz #---------------------------------------------------------------------------------------------------------------------------------------------------- ##Verify OneView Server Profile Power State -EQ Off #<#foreach ($VMHostName in $VMHostNames){ # $HPOVServerProfile = Get-HPOVServerProfile -Name $VMHostName # $HPOVServer = $HPOVServerProfile | Get-HPOVServer # if ($HPOVServer.powerState -EQ "On"){ # $HPOVServer | Update-HPOVServer -Async # } # }#> # ## ensure server power is off #foreach ($VMHostName in $VMHostNames) { # $HPOVServerProfile = Get-OVServerProfile -Name $VMHostName.Split('.')[0] # $HPOVServer = $HPOVServerProfile | Get-OVServer # if ($HPOVServer.powerState -EQ "On") { # $HPOVServer | Update-OVServer -Async # } #} ##Monitor #foreach ($VMHostName in $VMHostNames) { # Get-OVServer -ServerName $VMHostName.split('.')[0] | Select-Object serverName, powerState #} ##---------------------------------------------------------------------------------------------------------------------------------------------------- ##Join OneView Template to Host #$HPOVtemplates = Get-OVServerProfileTemplate #foreach ($VMHostName in $VMHostNames) { # $VMHostDetails = Get-VMHost -Name $VMHostName # <#$VMHostVIserver = $VMHostDetails.Uid.Split('@')[1].Split(':')[0] # switch ($VMHostVIserver) { # itdvmvc1.nd.gov { $HPOVtemplDataCenter = "BIS" } # Default { $HPOVtemplDataCenter = "MDN" } # }#> # $VMHostParent = $VMHostDetails.Parent.Name # switch ($VMHostParent.substring(0, $VMHostParent.Length - 1)) { # Avaya { $HPOVtemplType = "Avaya" } # TEL { $HPOVtemplType = "Avaya" } # DCN { $HPOVtemplType = "DCN" } # DES { $HPOVtemplType = "DES" } # Oracle { $HPOVtemplType = "Oracle" } # SQL { $HPOVtemplType = "SQL" } # database # SQL2-D { $HPOVtemplType = "SQL" } # TEST { $HPOVtemplType = "Test" } # Default { $HPOVtemplType = "General" } # } # $HPOVtemplModel = $VMHostDetails.Model.Split()[2] # $NewHPOVtempl = $HPOVtemplates | Where-Object { $_.Name -Like "*$HPOVtemplDataCenter*" -and $_.Name -Like "*$HPOVtemplType*" -and $_.Name -Like "*$HPOVtemplModel*" } | Sort-Object Name | Select-Object -Last 1 # Join-OVServerProfileToTemplate -Template $NewHPOVtempl -ServerProfile $VMHostName.Split('.')[0] #} ##Monitor #foreach ($VMHostName in $VMHostNames) { # Get-OVServerProfile -Name $VMHostName.Split('.')[0] #} ##---------------------------------------------------------------------------------------------------------------------------------------------------- ##Check iLO Health Status #<# # foreach ($VMHostName in $VMHostNames){ # $iLOHostName = ($VMHostName.split(".")[0])+"lo.nd.gov" # $iLoConnection = Connect-HPEiLO $iLOHostName -Credential $creds # Get-HPEiLOHealthSummary -Connection $iLoConnection | Select-Object Hostname,Status # Disconnect-HPEiLO -Connection $iLoConnection # }#> ##---------------------------------------------------------------------------------------------------------------------------------------------------- ##Update OneView Server Template #foreach ($VMHostName in $VMHostNames) { # Get-OVServerProfile -Name $VMHostName.Split('.')[0] | Update-OVServerProfile -Confirm:$false -Async # Start-Sleep -Seconds 30 #} ##powershell finished in 20m, but continued to run for 36min ##Monitor #foreach ($VMHostName in $VMHostNames) { # Get-OVServerProfile -Name $VMHostName | Select-Object Name, State #} ##---------------------------------------------------------------------------------------------------------------------------------------------------- ##Start OneView Server Profile #foreach ($VMHostName in $VMHostNames) { # #$wait = $true # #While ($wait -EQ $true) { # $HPOVServerProfile = Get-OVServerProfile -Name $VMHostName.split('.')[0] # #if ($HPOVServerProfile.Status -NE "OK") { # #$wait = $true # #Start-Sleep -Seconds 60 # #} # #else { # #$wait = $false # $HPOVServerProfile | Start-OVServer -Async # Start-Sleep -Seconds 5 # #} # #} #} # ## mount ISO in iLO # ##Monitor #foreach ($VMHostName in $VMHostNames) { # Get-OVServerProfile -Name $VMHostName.Split('.')[0] #} ##---------------------------------------------------------------------------------------------------------------------------------------------------- ## manual full install of v7.0u3 now #<# ISO connected from workstation via iLO - # boot @ 9:43 # initial install screen @ 10:00 # ISO connect from vmutil # boot @ 10:01 # initial install screen @ 10:10 ##> # remove old from vcenter inventory ForEach ($VMHostName in $VMHostNames) { Get-VMHost -Name $VMHostNames | Remove-VMHost -Confirm:$false } # add to vcenter $VmDefaultCred = Get-Secret VMDefault ForEach ($VMHostName in $VMHostNames) { Add-VMHost -Name $VMHostName -Credential $VmDefaultCred -Location "Secondary Datacenter" -Server $VIServer -Force } # license host Get-VMHost -Name $VMHostNames | Set-VMHost -LicenseKey 'M04W3-FEJ0H-P8J61-LMRKH-C4D1K' # not avaya '2M63H-8T391-P8YG4-00MR4-ARNP0' # avaya '3001L-FT19L-28PGX-099A2-2XQNH' # VDI Desktop 'L56AQ-0VH1K-488GT-0NQU2-ADG64' Start-Sleep -seconds 3 # set maintenance and disable alarms Get-VMHost -Name $VMHostNames | Set-VMHost -State "Maintenance" -RunAsync ForEach ($VMHostName in $VMHostNames) { $GetVMHost = Get-VMHost -Name $VMHostname $VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0] $alarmMgr = Get-View AlarmManager -Server $VIServer $alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled if ($alarmEnabled -eq $true) { $alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $false) } } # Set root password ForEach ($VMHostName in $VMHostNames) { $VMHostCred = Get-ITDPassword -Title $VMHostName -UserName root -Credential $PrvCred Connect-VIServer -Server $VMHostName -Credential $VmDefaultCred Set-VMHostAccount -Server $VMHostName -UserAccount root -Password $VMHostCred.GetNetworkCredential().Password Disconnect-VIServer -Server $VMHostname -Confirm:$false <# $EsxCli = Get-EsxCli -VMHost $VMHostName $args = $EsxCli.system.account.set.CreateArgs() $args.id = "root" $args.password = $VMHostCred.GetNetworkCredential().Password $args.passwordconfirmation = $VMHostCred.GetNetworkCredential().Password $output = $EsxCli.system.account.set.invoke(@{ id = $VMHostCred.UserName; password = $VMHostCred.GetNetworkCredential().Password; passwordconfirmation = $VMHostCred.GetNetworkCredential().Password; }) #> } # M.2 drives only, remove datastore1 from vmhost .... will get errors but still work ForEach($VMHostName in $VMHostNames){ Remove-Datastore -Datastore "datastore1*" -VMHost $VMHostName -Confirm:$false } #Patch via Update Manager #Monitor ConnectionState foreach ($VMHostName in $VMHostNames) { $VMHost = Get-VMHost $VMHostName $VMHost | Select-Object -Property Name, ConnectionState } foreach ($VMHostName in $VMHostNames) { $VMHost = Get-VMHost $VMHostName $VMHostVIserver = $VMHost.Uid.Split('@')[1].Split(':')[0] #$VMHostBaseline = Get-Baseline -Server $VMHostVIserver | Where-Object Name -Like "*ESXi 6.5.0*" $VMHostBaselineUpgrade = Get-Baseline -Server $VMHostVIserver | Where-Object { $_.Name -EQ "vSphere 7.0U3-Synergy" } $VMHostBaselinePatch = Get-Baseline -Server $VMHostVIserver | Where-Object { $_.Name -EQ "vSphere 7.0U3-Patch" } $VMHostBaselineTools = Get-Baseline -Server $VMHostVIserver | Where-Object {$_.Name -EQ "VMware Tools"} $VMHostBaselineAll = Get-Baseline -Server $VMHostVIserver | Where-Object { $_.Name -EQ "vSphere 7.0U3-Synergy" -or $_.Name -EQ "vSphere 7.0U3-Patch" -or $_.Name -EQ "VMware Tools"} Attach-Baseline -Baseline $VMHostBaselineUpgrade -Entity $VMHost Attach-Baseline -Baseline $VMHostBaselinePatch -Entity $VMHost Attach-Baseline -Baseline $VMHostBaselineTools -Entity $VMHost } #Remediate Baseline # do manually with VUM on the Host Folder ForEach($VMHostName in $VMHostNames){ $VMHost = Get-VMHost $VMHostName Scan-Inventory -Entity $VMHost -RunASync } Foreach ($VMHostName in $VMHostNames){ $VMHost = Get-VMHost $VMHostName #Stage-Patch -Entity $VMHost -Baseline $VMhostBaselineUpgrade -RunAsync Stage-Patch -Entity $VMHost -Baseline $VMhostBaselinePatch -RunASync Stage-Patch -Entity $VMHost -Baseline $VMHostBaselineTools -RunASync } ForEach ($VMHostName in $VMHostNames){ $VMHost = Get-VMHost $VMHostName Remediate-Inventory -Entity $VMHost -Baseline $VMHostBaselinePatch -RunAsync -Confirm:$false } ForEach ($VMHostName in $VMHostNames){ $VMHost = Get-VMHost $VMHostName Remediate-Inventory -Entity $VMHost -Baseline $VMHostBaselineTools -RunAsync -Confirm:$false }#> ForEach ($VMHostName in $VMHostNames){ $VMHost = Get-VMHost $VMHostName Remediate-Inventory -Entity $VMHost -Baseline $VMHostBaselineAll -RunAsync -Confirm:$false } #Monitor Get-Task | Where-Object Name -Like "*Remediate*" #---------------------------------------------------------------------------------------------------------------------------------------------------- <# 2024/07/30 attach, test, invoke that works $VMHosts = Get-Datacenter -Name Primary* | Get-VMHost | where-object Name -notlike "*av*" ForEach($VMHost in $VMHosts){ Write-Warning -Message ("Start" + $VMHost.Name) $VMHost | Invoke-VMHostProfile -Profile $HostProfile -AssociateOnly -Confirm:$false $VMHost | Test-VMHostProfileCompliance } ForEach($VMHost in $VMHosts){ $VMHost | Invoke-VMHostProfile -Confirm:$false } #> #Attach Host Profile and Test Compliance foreach ($VMHostName in $VMHostNames) { $CurrentHostProfiles = Get-VMHostProfile $VMHostDetails = Get-VMHost -Name $VMHostName $VMHostVIserver = $VMHostDetails.Uid.Split('@')[1].Split(':')[0] switch ($VMHostVIserver) { itdvmvc1.nd.gov { $VMHostVIserver = "BIS" } Default { $VMHostVIServer = "MDN" } } $VMHostParent = $VMHostDetails.Parent.Name switch ($VMHostParent.substring(0, $VMHostParent.Length - 1)) { Avaya { $VMHostProfile = "Avaya" } TEL { $VMHostProfile = "TEL" } Default { $VMHostProfile = "General" } } #$VMHostBuild = $VMHostDetails.Build #$VMHostVersion = $VMHostDetails.Version #$VMHostProfileName = $CurrentHostProfiles | Where-Object {$_.Name -Like "*$VMHostVIserver*" -and $_.Name -Like "*$VMHostVersion*" -and $_.Name -Like "*$VMHostBuild*" -and $_.Name -Like "*$VMHostProfile*"} | Sort-Object Name | Select-Object -First 1 $VMHostProfileName = $CurrentHostProfiles | Where-Object { $_.Name -like "*$VMHostVIserver*" -and $_.Name -Like "*7.0.3*" -and $_.Name -like "*$VMHostProfile*" -and $_.Name -like "*Synergy*" } | Sort-Object -Descending Name | Select -First 1 Invoke-VMHostProfile -Entity $VMHostDetails -Profile $VMHostProfileName -AssociateOnly -Confirm:$false } # import host customization csv now # then continue foreach ($VMHostName in $VMHostNames) { Get-VMHost -Name $VMHostName | Test-VMHostProfileCompliance } #Remediate Host Profile foreach ($VMHostName in $VMHostNames) { $VMHostDetails = Get-VMHost -Name $VMHostName $VMHostProfileCompliance = $VMhostDetails | Test-VMHostProfileCompliance #### ??????? if ($VMHostProfileCompliance.ExtensionData.ComplianceStatus -Like "*non*") { Invoke-VMHostProfile -Entity $VMhostDetails -Confirm:$false } $VMhostDetails | Test-VMHostProfileCompliance } #Test Host Profile Compliance foreach ($VMHostName in $VMHostNames) { Get-VMHost $VMHostName | Test-VMHostProfileCompliance } # Host requires reboot before previously applied configuration changes will take effect Get-VMHost -Name $VMHostNames | Restart-VMHost -Confirm:$false #Test Host Profile Compliance again foreach ($VMHostName in $VMHostNames) { Get-VMHost $VMHostName | Test-VMHostProfileCompliance } # move hosts back to their clusters ForEach($VMHostName in $VMHostNames){ switch ($VMHostName.substring(8).split('.')[0].substring(0,2)){ 'ps' {$ClusterStr = "PS"} } switch ($VMHostVIserver){ 'itdvmvc1.nd.gov' {$ClusterInt = 1} 'itdvmvc2.nd.gov' {$ClusterInt = 2} } $ClusterName = $ClusterStr + $ClusterInt Move-VMHost -VMHost $VMHostName -Destination (Get-Cluster -Name $ClusterName) } # restart again because HA is being weird Get-VMHost -Name $VMHostNames | Restart-VMHost -Confirm:$false # monitor Get-VMHost -Name $VMHostNames #---------------------------------------------------------------------------------------------------------------------------------------------------- #Monitor Get-VMHost -Name $VMHostNames | Sort-Object Name | Select-Object Name, ConnectionState, @{Name = "VM.count"; E = { @($_ | Get-VM | Where-Object { $_.ExtensionData.Summary.Config.ManagedBy.Type -NE "placeholderVm" }).Count } } #Exit Maintenance Mode and Enable Alarms ForEach($VMHostName in $VMHostNames){ Set-VMHost -VMHost $VMHostName -State "Connected" -RunAsync Start-Sleep -Seconds 2 } foreach ($VMHostName in $VMHostNames) { $GetVMHost = Get-VMHost $VMHostName $VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0] $alarmMgr = Get-View AlarmManager -Server $VIServer $alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled if ($alarmEnabled -eq $false) { $alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $true) } $GetVMHost = $null } #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #---------------------------------------------------------------------------------------------------------------------------------------------------- #$VMCluster = Get-Cluster $VMHostParent #| Set-Cluster -HAAdmissionControlEnabled:$false -Confirm:$false #$HAFailoverHost = Get-VMHost | Where-Object {$_.Id -Match ((Get-Cluster $VMHostParent).extensiondata.configuration.dasconfig.admissioncontrolpolicy.failoverhosts.value)} #get-vmhost | where-object {$_.id -eq ($vmcluster.extensiondata.configuration.dasconfig.admissioncontrolpolicy.failoverhosts.value)} <# foreach ($VMHostProfile in $VMHostProfiles){ Export-VMHostProfile -FilePath $FilePath$Profile".xml" -Profile $VMHostProfile } Import-VMHostProfile -FilePath $FilePath"TestHostProfile.xml" -Name "Test Scripting" #> #Get-OVServer -ov x #$x | select Name,processorType,processorCount,processorCoreCount,serialnumber,memorymb,generation ## disable alarms entire datacenter $VMHostNames=(Get-Datacenter primary* | Get-VMHost).Name foreach ($VMHostName in $VMHostNames) { Write-Warning -Message ("Start $VMHostName") $GetVMHost = Get-VMHost $VMHostName #$VMHostParent = $GetVMHost.Parent #$HostCluster = Get-Cluster -VMHost $VMHostName <#$NewSpec = New-Object VMware.Vim.ClusterConfigSpec $NewSpec.DasConfig = New-Object VMware.Vim.ClusterDasConfigInfo $NewSpec.DasConfig.AdmissionControlPolicy = New-Object VMware.Vim.ClusterFailoverResourcesAdmissionControlPolicy $NewSpec.DasConfig.AdmissionControlPolicy.AutoComputePercentages = $true $HostCluster.ExtensionData.ReconfigureCluster($NewSpec, $true) #> $VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0] $alarmMgr = Get-View AlarmManager -Server $VIServer $alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled if ($alarmEnabled -eq $true) { $alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $false) } } ## enable alarms for entire datacenter $VMHostNames = (Get-VMHost).Name foreach ($VMHostName in $VMHostNames) { $GetVMHost = Get-VMHost $VMHostName $VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0] $alarmMgr = Get-View AlarmManager -Server $VIServer $alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled if ($alarmEnabled -eq $false) { $alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $true) } $GetVMHost = $null }