zmeier/Backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Backup/_NDGOV_WindowsTeam/ITD.Infra-VMware.Administration/Scripts/VMhostPatching-BL460.ps1
T
Zack Meier 1d304511b8 update
2026-04-15 15:45:50 -05:00

363 lines
17 KiB
PowerShell
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#----------------------------------------------------------------------------------------------------------------------------------------------------
$creds = Get-Credential
#Connect VC1
Connect-VIServer 'itdvmvc1.nd.gov' -Credential $creds
#Connect VC2
Connect-VIServer 'itdvmvc2.nd.gov' -Credential $creds
#Connect VCT1
Connect-VIServer 'itdvmvct1.nd.gov' -Credential $creds
#Connect VCT2
Connect-VIServer 'itdvmvct2.nd.gov' -Credential $creds
#Connect OneView
Connect-HPOVMgmt -Hostname 'itdoneviewp1.nd.gov' -Credential $creds -LoginAcknowledge
#----------------------------------------------------------------------------------------------------------------------------------------------------
#VMHosts to Patch
$VMHostNames = @"
itdvmmdnav04.nd.gov
itdvmmdnav05.nd.gov
"@
$VMHostNames = ConvertTo-Array -MultiLineString $VMHostNames
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Disable Alarms and Disconnect CDROM
foreach ($VMHostName in $VMHostNames) {
$GetVMHost = Get-VMHost $VMHostName
#$VMHostParent = $GetVMHost.Parent
$HostCluster = Get-Cluster -VMHost $VMHostName
<#$NewSpec = New-Object VMware.Vim.ClusterConfigSpec
$NewSpec.DasConfig = New-Object VMware.Vim.ClusterDasConfigInfo
$NewSpec.DasConfig.AdmissionControlPolicy = New-Object VMware.Vim.ClusterFailoverResourcesAdmissionControlPolicy
$NewSpec.DasConfig.AdmissionControlPolicy.AutoComputePercentages = $true
$HostCluster.ExtensionData.ReconfigureCluster($NewSpec, $true)
#>
$VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0]
$alarmMgr = Get-View AlarmManager -Server $VIServer
$alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled
if ($alarmEnabled -eq $true) {
$alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $false)
}
$VMs = $GetVMHost | Get-VM
#Disconnect CDROM and/or VMtools ISO
foreach ($VM in $VMs) {
$GetVM = Get-VM $VM
$CDDrive = $GetVM | Get-CDDrive
if ($CDDrive | Where-Object { $_.IsoPath -Like "*vmware/isoimages*" }) {
$GetVM | Dismount-Tools
#$CDDrive | Set-CDDrive -NoMedia -Confirm:$false
}
elseif ($CDDrive.HostDevice -Like "*drive*") {
$CDDrive | Set-CDDrive -NoMedia -Confirm:$false
}
}
$GetVMHost = $null
}
#Move Powered Off VMs
foreach ($VMHostName in $VMHostNames) {
$VMHostDetails = Get-VMHost -Name $VMHostName
$VMHostParent = $VMHostDetails.Parent.Name
$VMHostMigrate = Get-Cluster $VMHostParent | Get-VMHost | Where-Object Name -NE $VMHostName | Select-Object -First 1
$VMsPoweredOff = Get-VMHost $VMHostName | Get-VM | Where-Object PowerState -EQ "PoweredOff"
If ($VMsPoweredOff) { Move-VM -VM $VMsPoweredOff -Destination $VMHostMigrate }
}
#Enter Maintenance Mode
Set-VMHost -VMHost $VMHostNames -State "Maintenance" -RunAsync
Start-Sleep -Seconds 10
#Monitor
Get-VMHost -Name $VMHostNames | Select-Object Name, ConnectionState, @{Name = "VM.count"; E = { @($_ | Get-VM | Where-Object { $_.ExtensionData.Summary.Config.ManagedBy.Type -NE "placeholderVm" }).Count } }
# Move to HostUpgradesInProgress Folder
Get-VMHost -Name $VMHostNames | Move-VMHost -Destination "HostUpgradesInProgress"
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Shutdown Host
Stop-VMHost -VMHost $VMHostNames -Confirm:$false
#Monitor
Get-VMHost $VMHostNames | Select-Object -Property Name, ConnectionState, CpuUsageMhz
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Verify OneView Server Profile Power State -EQ Off
<#foreach ($VMHostName in $VMHostNames){
$HPOVServerProfile = Get-HPOVServerProfile -Name $VMHostName
$HPOVServer = $HPOVServerProfile | Get-HPOVServer
if ($HPOVServer.powerState -EQ "On"){
$HPOVServer | Update-HPOVServer -Async
}
}#>
# ensure server power is off
foreach ($VMHostName in $VMHostNames) {
$HPOVServerProfile = Get-OVServerProfile -Name $VMHostName
$HPOVServer = $HPOVServerProfile | Get-OVServer
if ($HPOVServer.powerState -EQ "On") {
$HPOVServer | Update-OVServer -Async
}
}
#Monitor
foreach ($VMHostName in $VMHostNames) {
Get-OVServer -ServerName $VMHostName | Select-Object serverName, powerState
}
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Join OneView Template to Host
$HPOVtemplates = Get-OVServerProfileTemplate
foreach ($VMHostName in $VMHostNames) {
$VMHostDetails = Get-VMHost -Name $VMHostName
$VMHostVIserver = $VMHostDetails.Uid.Split('@')[1].Split(':')[0]
switch ($VMHostVIserver) {
itdvmvc1.nd.gov { $HPOVtemplDataCenter = "BIS" }
Default { $HPOVtemplDataCenter = "MDN" }
}
$VMHostParent = $VMHostDetails.Parent.Name
<#switch ($VMHostParent.substring(0, $VMHostParent.Length - 1)) {
Avaya { $HPOVtemplType = "Avaya" }
TEL { $HPOVtemplType = "Avaya" }
DCN { $HPOVtemplType = "DCN" }
DES { $HPOVtemplType = "DES" }
Oracle { $HPOVtemplType = "Oracle" }
SQL { $HPOVtemplType = "SQL" }
SQL2-D { $HPOVtemplType = "SQL" }
TEST { $HPOVtemplType = "Test" }
Default { $HPOVtemplType = "General" }
}#>
If($VMHostName -like "*sql*" -or $VMHostName -like "*ora*"){
$HPOVtemplType = "SQL"
}
Else{
$HPOVtemplType = "General"
}
$HPOVtemplModel = $VMHostDetails.Model.Split()[2]
$NewHPOVtempl = $HPOVtemplates | Where-Object { $_.Name -Like "*$HPOVtemplDataCenter*" -and $_.Name -Like "*$HPOVtemplType*" -and $_.Name -Like "*$HPOVtemplModel*" } | Sort-Object Name | Select-Object -Last 1
Join-OVServerProfileToTemplate -Template $NewHPOVtempl -ServerProfile $VMHostName
}
#Monitor
foreach ($VMHostName in $VMHostNames) {
Get-OVServerProfile -Name $VMHostName
}
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Check iLO Health Status
<#
foreach ($VMHostName in $VMHostNames){
$iLOHostName = ($VMHostName.split(".")[0])+"lo.nd.gov"
$iLoConnection = Connect-HPEiLO $iLOHostName -Credential $creds
Get-HPEiLOHealthSummary -Connection $iLoConnection | Select-Object Hostname,Status
Disconnect-HPEiLO -Connection $iLoConnection
}#>
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Update OneView Server Template
foreach ($VMHostName in $VMHostNames) {
Get-OVServerProfile -Name $VMHostName | Update-OVServerProfile -Confirm:$false -Async
Start-Sleep -Seconds 30
}
#powershell finished in 20m, but continued to run for 36min
#Monitor
foreach ($VMHostName in $VMHostNames) {
Get-OVServerProfile -Name $VMHostName | Select-Object Name, State
}
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Start OneView Server Profile
foreach ($VMHostName in $VMHostNames) {
$wait = $true
While ($wait -EQ $true) {
$HPOVServerProfile = Get-OVServerProfile -Name $VMHostName
if ($HPOVServerProfile.Status -NE "OK") {
$wait = $true
Start-Sleep -Seconds 60
}
else {
$wait = $false
$HPOVServerProfile | Start-OVServer -Async
}
}
}
#Monitor
foreach ($VMHostName in $VMHostNames) {
Get-OVServerProfile -Name $VMHostName
}
#----------------------------------------------------------------------------------------------------------------------------------------------------
# manual full install of v7.0u3 now
<# ISO connected from workstation via iLO -
boot @ 9:43
initial install screen @ 10:00
ISO connect from vmutil
boot @ 10:01
initial install screen @ 10:10
#>
# remove old from vcenter inventory
ForEach ($VMHostName in $VMHostNames) {
Get-VMHost -Name $VMHostName | Remove-VMHost -Confirm:$false
start-sleep -Seconds 3
}
# add to vcenter
$VmDefaultCred = Get-Secret VMDefault
ForEach ($VMHostName in $VMHostNames) {
Add-VMHost -Name $VMHostName -Credential $VmDefaultCred -Location "HostUpgradesInProgress" -Force -Server $ViServer
Start-Sleep -Seconds 3
}
# license host
Get-VMHost -Name $VMHostNames | Set-VMHost -LicenseKey '2M63H-8T391-P8YG4-00MR4-ARNP0'
# set maintenance and disable alarms
Get-VMHost -Name $VMHostNames | Set-VMHost -State "Maintenance" -RunAsync
ForEach ($VMHostName in $VMHostNames) {
$GetVMHost = Get-VMHost -Name $VMHostname
$VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0]
$alarmMgr = Get-View AlarmManager -Server $VIServer
$alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled
if ($alarmEnabled -eq $true) {
$alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $false)
}
}
# Set root password
ForEach ($VMHostName in $VMHostNames) {
$VMHostCred = Get-ITDPassword -Title $VMHostName -UserName root -Credential $PrvCred
Connect-VIServer -Server $VMHostName -Credential $VmDefaultCred
Set-VMHostAccount -Server $VMHostName -UserAccount root -Password $VMHostCred.GetNetworkCredential().Password
Disconnect-VIServer -Server $VMHostname -Confirm:$false
<#$EsxCli = Get-EsxCli -VMHost $VMHostName
/vmfs/volumes/5a737d2f-b45bb27d-7f74-e0071befea78/Scratch/itdbisvm-dcn01
$args = $EsxCli.system.account.set.CreateArgs()
$args.id = "root"
$args.password = $VMHostCred.GetNetworkCredential().Password
$args.passwordconfirmation = $VMHostCred.GetNetworkCredential().Password
$output = $EsxCli.system.account.set.invoke(@{
id = $VMHostCred.UserName;
password = $VMHostCred.GetNetworkCredential().Password;
passwordconfirmation = $VMHostCred.GetNetworkCredential().Password;
})#>
}
#Patch via Update Manager
#Monitor ConnectionState
foreach ($VMHostName in $VMHostNames) {
$VMHost = Get-VMHost $VMHostName
$VMHost | Select-Object -Property Name, ConnectionState
}
foreach ($VMHostName in $VMHostNames) {
$VMHost = Get-VMHost $VMHostName
$VMHostVIserver = $VMHost.Uid.Split('@')[1].Split(':')[0]
#$VMHostBaseline = Get-Baseline -Server $VMHostVIserver | Where-Object Name -Like "*ESXi 6.5.0*"
$VMHostBaselineUpgrade = Get-Baseline -Server $VMHostVIserver | Where-Object { $_.Name -EQ "vSphere 7.0U3-ProLiant" }
$VMHostBaselinePatch = Get-Baseline -Server $VMHostVIserver | Where-Object { $_.Name -EQ "vSphere 7.0U3 Patch" }
$VMHostBaselineAll = Get-Baseline -Server $VMHostVIserver | Where-Object { $_.Name -EQ "vSphere 7.0U3-ProLiant" -or $_.Name -EQ "7.0U3 Patch"}
Attach-Baseline -Baseline $VMHostBaselineUpgrade -Entity $VMHost
Attach-Baseline -Baseline $VMHostBaselinePatch -Entity $VMHost
}
#Remediate Baseline --- Do this in the GUI with all hosts in the same folder
<#
ForEach($VMHostName in $VMHostNames){
$VMHost = Get-VMHost $VMHostName
Scan-Inventory -Entity $VMHost
}
ForEach($VMHostName in $VMHostNames){
$VMHost = Get-VMHost $VMHostName
Stage-Patch -Entity $VMHost -Baseline $VMhostBaselineUpgrade
Stage-Patch -Entity $VMHost -Baseline $VMhostBaselinePatch -RunASync
}
ForEach($VMHostName in $VMHostNames){
$VMHost = Get-VMHost $VMHostName
Remediate-Inventory -Entity $VMHost -Baseline $VMHostBaselineAll -RunAsync -Confirm:$false
}#>
#Monitor
Get-Task | Where-Object Name -Like "*Remediate*"
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Attach Host Profile and Test Compliance
foreach ($VMHostName in $VMHostNames) {
$CurrentHostProfiles = Get-VMHostProfile
$VMHostDetails = Get-VMHost -Name $VMHostName
$VMHostVIserver = $VMHostDetails.Uid.Split('@')[1].Split(':')[0]
switch ($VMHostVIserver) {
itdvmvc1.nd.gov { $VMHostVIserver = "BIS" }
Default { $VMHostVIServer = "MDN" }
}
$VMHostParent = $VMHostDetails.Parent.Name
switch ($VMHostParent.substring(0, $VMHostParent.Length - 1)) {
Avaya { $VMHostProfile = "Avaya" }
TEL { $VMHostProfile = "TEL" }
Default { $VMHostProfile = "General" }
}
#$VMHostBuild = $VMHostDetails.Build
#$VMHostVersion = $VMHostDetails.Version
#$VMHostProfileName = $CurrentHostProfiles | Where-Object {$_.Name -Like "*$VMHostVIserver*" -and $_.Name -Like "*$VMHostVersion*" -and $_.Name -Like "*$VMHostBuild*" -and $_.Name -Like "*$VMHostProfile*"} | Sort-Object Name | Select-Object -First 1
$VMHostProfileName = $CurrentHostProfiles | Where-Object { $_.Name -like "*$VMHostVIserver*" -and $_.Name -Like "*7.0.3*" -and $_.Name -like "*$VMHostProfile*" -and $_.Name -like "*BL460c*" }
Invoke-VMHostProfile -Entity $VMHostDetails -Profile $VMHostProfileName -AssociateOnly -Confirm:$false
}
# import host customization csv
foreach ($VMHostName in $VMHostNames) {
Get-VMHost -Name $VMHostName | Test-VMHostProfileCompliance
}
#Remediate Host Profile
foreach ($VMHostName in $VMHostNames) {
$VMHostDetails = Get-VMHost -Name $VMHostName
$VMHostProfileCompliance = $VMhostDetails | Test-VMHostProfileCompliance #### ???????
if ($VMHostProfileCompliance.ExtensionData.ComplianceStatus -Like "*non*") {
Invoke-VMHostProfile -Entity $VMhostDetails -Confirm:$false
}
$VMhostDetails | Test-VMHostProfileCompliance
}
# reboot hosts 0_Offline, Before Upgrade v7.0U3h
Get-VMHost -Name $VMHostNames | Restart-VMHost -Confirm:$false
#Test Host Profile Compliance
foreach ($VMHostName in $VMHostNames) {
Get-VMHost $VMHostName | Test-VMHostProfileCompliance
}
# maybe reboot again sometimes maybe
Get-VMHost -Name $VMHostNames | Restart-VMHost -Confirm:$false
#Exit Maintenance Mode and Enable Alarms
Set-VMHost -VMHost $VMHostNames -State "Connected" -RunAsync
Start-Sleep -Seconds 30
foreach ($VMHostName in $VMHostNames) {
$GetVMHost = Get-VMHost $VMHostName
$VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0]
$alarmMgr = Get-View AlarmManager -Server $VIServer
$alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled
if ($alarmEnabled -eq $false) {
$alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $true)
}
$GetVMHost = $null
}
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#$VMCluster = Get-Cluster $VMHostParent #| Set-Cluster -HAAdmissionControlEnabled:$false -Confirm:$false
#$HAFailoverHost = Get-VMHost | Where-Object {$_.Id -Match ((Get-Cluster $VMHostParent).extensiondata.configuration.dasconfig.admissioncontrolpolicy.failoverhosts.value)}
#get-vmhost | where-object {$_.id -eq ($vmcluster.extensiondata.configuration.dasconfig.admissioncontrolpolicy.failoverhosts.value)}
<#
foreach ($VMHostProfile in $VMHostProfiles){
Export-VMHostProfile -FilePath $FilePath$Profile".xml" -Profile $VMHostProfile
}
Import-VMHostProfile -FilePath $FilePath"TestHostProfile.xml" -Name "Test Scripting"
#>
Reference in New Issue View Git Blame Copy Permalink