zmeier/Backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Backup/_NDGOV_WindowsTeam/ITD.Infra-VMware.Administration/Scripts/VMhostPatching-Synergy.ps1
T
Zack Meier 1d304511b8 update
2026-04-15 15:45:50 -05:00

481 lines
21 KiB
PowerShell
Raw Permalink Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#----------------------------------------------------------------------------------------------------------------------------------------------------
$creds = Get-Credential
#Connect VC1
Connect-VIServer 'itdvmvc1.nd.gov' -Credential $creds
#Connect VC2
Connect-VIServer 'itdvmvc2.nd.gov' -Credential $creds
#Connect VCT1
Connect-VIServer 'itdvmvct1.nd.gov' -Credential $creds
#Connect VCT2
Connect-VIServer 'itdvmvct2.nd.gov' -Credential $creds
#Connect OneView
Connect-HPOVMgmt -Hostname 'itdoneviewp1.nd.gov' -Credential $creds -LoginAcknowledge
#----------------------------------------------------------------------------------------------------------------------------------------------------
#VMHosts to Patch
$VMHostNames = @"
itdvmbiswin19.nd.gov
itdvmbislin10.nd.gov
itdvmbiswas08.nd.gov
itdvmbissql14.nd.gov
itdvmbissql15.nd.gov
itdvmbistel09.nd.gov
itdvmbisvapp04.nd.gov
itdvmbissqla02.nd.gov
itdvmbiswas09.nd.gov
itdvmbiswin08.nd.gov
itdvmbiswin14.nd.gov
itdvmbisps18.nd.gov
"@
$VMHostNames = ConvertTo-Array -MultiLineString $VMHostNames
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Disable Alarms and Disconnect CDROM
foreach ($VMHostName in $VMHostNames) {
Write-Warning -Message ("Start $VMHostName")
$GetVMHost = Get-VMHost $VMHostName
#$VMHostParent = $GetVMHost.Parent
#$HostCluster = Get-Cluster -VMHost $VMHostName
<#$NewSpec = New-Object VMware.Vim.ClusterConfigSpec
$NewSpec.DasConfig = New-Object VMware.Vim.ClusterDasConfigInfo
$NewSpec.DasConfig.AdmissionControlPolicy = New-Object VMware.Vim.ClusterFailoverResourcesAdmissionControlPolicy
$NewSpec.DasConfig.AdmissionControlPolicy.AutoComputePercentages = $true
$HostCluster.ExtensionData.ReconfigureCluster($NewSpec, $true)
#>
$VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0]
$alarmMgr = Get-View AlarmManager -Server $VIServer
$alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled
if ($alarmEnabled -eq $true) {
$alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $false)
}
$VMs = $GetVMHost | Get-VM
#Disconnect CDROM and/or VMtools ISO
foreach ($VM in $VMs) {
$GetVM = Get-VM $VM
$CDDrive = $GetVM | Get-CDDrive
if ($CDDrive | Where-Object { $_.IsoPath -Like "*vmware/isoimages*" }) {
$GetVM | Dismount-Tools
#$CDDrive | Set-CDDrive -NoMedia -Confirm:$false
}
elseif ($CDDrive.HostDevice -Like "*drive*") {
$CDDrive | Set-CDDrive -NoMedia -Confirm:$false
}
}
$GetVMHost = $null
}
#Move Powered Off VMs
foreach ($VMHostName in $VMHostNames) {
$VMHostDetails = Get-VMHost -Name $VMHostName
$VMHostParent = $VMHostDetails.Parent.Name
$VMHostMigrate = Get-Cluster $VMHostParent | Get-VMHost | Where-Object Name -NE $VMHostName | Select-Object -First 1
$VMsPoweredOff = Get-VMHost $VMHostName | Get-VM | Where-Object PowerState -EQ "PoweredOff"
If ($VMsPoweredOff) { Move-VM -VM $VMsPoweredOff -Destination $VMHostMigrate }
}
#Enter Maintenance Mode
Set-VMHost -VMHost $VMHostNames -State "Maintenance" -RunAsync
#Monitor
Get-VMHost -Name $VMHostNames | Sort-Object Name | Select-Object Name, ConnectionState, @{Name = "VM.count"; E = { @($_ | Get-VM | Where-Object { $_.ExtensionData.Summary.Config.ManagedBy.Type -NE "placeholderVm" }).Count } }
# Move to HostUpgradesInProgress Folder ??? -- if host is moved out of the cluster, may break affinity rules
#Get-VMHost -Name $VMHostNames | Move-VMHost -Destination "HostUpgradesInProgress"
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Shutdown Host
Stop-VMHost -VMHost $VMHostNames -Confirm:$false
#Monitor
Get-VMHost $VMHostNames | Select-Object -Property Name, ConnectionState, CpuUsageMhz
#----------------------------------------------------------------------------------------------------------------------------------------------------
##Verify OneView Server Profile Power State -EQ Off
#<#foreach ($VMHostName in $VMHostNames){
# $HPOVServerProfile = Get-HPOVServerProfile -Name $VMHostName
# $HPOVServer = $HPOVServerProfile | Get-HPOVServer
# if ($HPOVServer.powerState -EQ "On"){
# $HPOVServer | Update-HPOVServer -Async
# }
# }#>
#
## ensure server power is off
#foreach ($VMHostName in $VMHostNames) {
# $HPOVServerProfile = Get-OVServerProfile -Name $VMHostName.Split('.')[0]
# $HPOVServer = $HPOVServerProfile | Get-OVServer
# if ($HPOVServer.powerState -EQ "On") {
# $HPOVServer | Update-OVServer -Async
# }
#}
##Monitor
#foreach ($VMHostName in $VMHostNames) {
# Get-OVServer -ServerName $VMHostName.split('.')[0] | Select-Object serverName, powerState
#}
##----------------------------------------------------------------------------------------------------------------------------------------------------
##Join OneView Template to Host
#$HPOVtemplates = Get-OVServerProfileTemplate
#foreach ($VMHostName in $VMHostNames) {
# $VMHostDetails = Get-VMHost -Name $VMHostName
# <#$VMHostVIserver = $VMHostDetails.Uid.Split('@')[1].Split(':')[0]
# switch ($VMHostVIserver) {
# itdvmvc1.nd.gov { $HPOVtemplDataCenter = "BIS" }
# Default { $HPOVtemplDataCenter = "MDN" }
# }#>
# $VMHostParent = $VMHostDetails.Parent.Name
# switch ($VMHostParent.substring(0, $VMHostParent.Length - 1)) {
# Avaya { $HPOVtemplType = "Avaya" }
# TEL { $HPOVtemplType = "Avaya" }
# DCN { $HPOVtemplType = "DCN" }
# DES { $HPOVtemplType = "DES" }
# Oracle { $HPOVtemplType = "Oracle" }
# SQL { $HPOVtemplType = "SQL" } # database
# SQL2-D { $HPOVtemplType = "SQL" }
# TEST { $HPOVtemplType = "Test" }
# Default { $HPOVtemplType = "General" }
# }
# $HPOVtemplModel = $VMHostDetails.Model.Split()[2]
# $NewHPOVtempl = $HPOVtemplates | Where-Object { $_.Name -Like "*$HPOVtemplDataCenter*" -and $_.Name -Like "*$HPOVtemplType*" -and $_.Name -Like "*$HPOVtemplModel*" } | Sort-Object Name | Select-Object -Last 1
# Join-OVServerProfileToTemplate -Template $NewHPOVtempl -ServerProfile $VMHostName.Split('.')[0]
#}
##Monitor
#foreach ($VMHostName in $VMHostNames) {
# Get-OVServerProfile -Name $VMHostName.Split('.')[0]
#}
##----------------------------------------------------------------------------------------------------------------------------------------------------
##Check iLO Health Status
#<#
# foreach ($VMHostName in $VMHostNames){
# $iLOHostName = ($VMHostName.split(".")[0])+"lo.nd.gov"
# $iLoConnection = Connect-HPEiLO $iLOHostName -Credential $creds
# Get-HPEiLOHealthSummary -Connection $iLoConnection | Select-Object Hostname,Status
# Disconnect-HPEiLO -Connection $iLoConnection
# }#>
##----------------------------------------------------------------------------------------------------------------------------------------------------
##Update OneView Server Template
#foreach ($VMHostName in $VMHostNames) {
# Get-OVServerProfile -Name $VMHostName.Split('.')[0] | Update-OVServerProfile -Confirm:$false -Async
# Start-Sleep -Seconds 30
#}
##powershell finished in 20m, but continued to run for 36min
##Monitor
#foreach ($VMHostName in $VMHostNames) {
# Get-OVServerProfile -Name $VMHostName | Select-Object Name, State
#}
##----------------------------------------------------------------------------------------------------------------------------------------------------
##Start OneView Server Profile
#foreach ($VMHostName in $VMHostNames) {
# #$wait = $true
# #While ($wait -EQ $true) {
# $HPOVServerProfile = Get-OVServerProfile -Name $VMHostName.split('.')[0]
# #if ($HPOVServerProfile.Status -NE "OK") {
# #$wait = $true
# #Start-Sleep -Seconds 60
# #}
# #else {
# #$wait = $false
# $HPOVServerProfile | Start-OVServer -Async
# Start-Sleep -Seconds 5
# #}
# #}
#}
#
## mount ISO in iLO
#
##Monitor
#foreach ($VMHostName in $VMHostNames) {
# Get-OVServerProfile -Name $VMHostName.Split('.')[0]
#}
##----------------------------------------------------------------------------------------------------------------------------------------------------
## manual full install of v7.0u3 now
#<# ISO connected from workstation via iLO -
# boot @ 9:43
# initial install screen @ 10:00
# ISO connect from vmutil
# boot @ 10:01
# initial install screen @ 10:10
##>
# remove old from vcenter inventory
ForEach ($VMHostName in $VMHostNames) {
Get-VMHost -Name $VMHostNames | Remove-VMHost -Confirm:$false
}
# add to vcenter
$VmDefaultCred = Get-Secret VMDefault
ForEach ($VMHostName in $VMHostNames) {
Add-VMHost -Name $VMHostName -Credential $VmDefaultCred -Location "Secondary Datacenter" -Server $VIServer -Force
}
# license host
Get-VMHost -Name $VMHostNames | Set-VMHost -LicenseKey 'M04W3-FEJ0H-P8J61-LMRKH-C4D1K'
# not avaya '2M63H-8T391-P8YG4-00MR4-ARNP0'
# avaya '3001L-FT19L-28PGX-099A2-2XQNH'
# VDI Desktop 'L56AQ-0VH1K-488GT-0NQU2-ADG64'
Start-Sleep -seconds 3
# set maintenance and disable alarms
Get-VMHost -Name $VMHostNames | Set-VMHost -State "Maintenance" -RunAsync
ForEach ($VMHostName in $VMHostNames) {
$GetVMHost = Get-VMHost -Name $VMHostname
$VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0]
$alarmMgr = Get-View AlarmManager -Server $VIServer
$alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled
if ($alarmEnabled -eq $true) {
$alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $false)
}
}
# Set root password
ForEach ($VMHostName in $VMHostNames) {
$VMHostCred = Get-ITDPassword -Title $VMHostName -UserName root -Credential $PrvCred
Connect-VIServer -Server $VMHostName -Credential $VmDefaultCred
Set-VMHostAccount -Server $VMHostName -UserAccount root -Password $VMHostCred.GetNetworkCredential().Password
Disconnect-VIServer -Server $VMHostname -Confirm:$false
<#
$EsxCli = Get-EsxCli -VMHost $VMHostName
$args = $EsxCli.system.account.set.CreateArgs()
$args.id = "root"
$args.password = $VMHostCred.GetNetworkCredential().Password
$args.passwordconfirmation = $VMHostCred.GetNetworkCredential().Password
$output = $EsxCli.system.account.set.invoke(@{
id = $VMHostCred.UserName;
password = $VMHostCred.GetNetworkCredential().Password;
passwordconfirmation = $VMHostCred.GetNetworkCredential().Password;
})
#>
}
# M.2 drives only, remove datastore1 from vmhost .... will get errors but still work
ForEach($VMHostName in $VMHostNames){
Remove-Datastore -Datastore "datastore1*" -VMHost $VMHostName -Confirm:$false
}
#Patch via Update Manager
#Monitor ConnectionState
foreach ($VMHostName in $VMHostNames) {
$VMHost = Get-VMHost $VMHostName
$VMHost | Select-Object -Property Name, ConnectionState
}
foreach ($VMHostName in $VMHostNames) {
$VMHost = Get-VMHost $VMHostName
$VMHostVIserver = $VMHost.Uid.Split('@')[1].Split(':')[0]
#$VMHostBaseline = Get-Baseline -Server $VMHostVIserver | Where-Object Name -Like "*ESXi 6.5.0*"
$VMHostBaselineUpgrade = Get-Baseline -Server $VMHostVIserver | Where-Object { $_.Name -EQ "vSphere 7.0U3-Synergy" }
$VMHostBaselinePatch = Get-Baseline -Server $VMHostVIserver | Where-Object { $_.Name -EQ "vSphere 7.0U3-Patch" }
$VMHostBaselineTools = Get-Baseline -Server $VMHostVIserver | Where-Object {$_.Name -EQ "VMware Tools"}
$VMHostBaselineAll = Get-Baseline -Server $VMHostVIserver | Where-Object { $_.Name -EQ "vSphere 7.0U3-Synergy" -or $_.Name -EQ "vSphere 7.0U3-Patch" -or $_.Name -EQ "VMware Tools"}
Attach-Baseline -Baseline $VMHostBaselineUpgrade -Entity $VMHost
Attach-Baseline -Baseline $VMHostBaselinePatch -Entity $VMHost
Attach-Baseline -Baseline $VMHostBaselineTools -Entity $VMHost
}
#Remediate Baseline # do manually with VUM on the Host Folder
ForEach($VMHostName in $VMHostNames){
$VMHost = Get-VMHost $VMHostName
Scan-Inventory -Entity $VMHost -RunASync
}
Foreach ($VMHostName in $VMHostNames){
$VMHost = Get-VMHost $VMHostName
#Stage-Patch -Entity $VMHost -Baseline $VMhostBaselineUpgrade -RunAsync
Stage-Patch -Entity $VMHost -Baseline $VMhostBaselinePatch -RunASync
Stage-Patch -Entity $VMHost -Baseline $VMHostBaselineTools -RunASync
}
ForEach ($VMHostName in $VMHostNames){
$VMHost = Get-VMHost $VMHostName
Remediate-Inventory -Entity $VMHost -Baseline $VMHostBaselinePatch -RunAsync -Confirm:$false
}
ForEach ($VMHostName in $VMHostNames){
$VMHost = Get-VMHost $VMHostName
Remediate-Inventory -Entity $VMHost -Baseline $VMHostBaselineTools -RunAsync -Confirm:$false
}#>
ForEach ($VMHostName in $VMHostNames){
$VMHost = Get-VMHost $VMHostName
Remediate-Inventory -Entity $VMHost -Baseline $VMHostBaselineAll -RunAsync -Confirm:$false
}
#Monitor
Get-Task | Where-Object Name -Like "*Remediate*"
#----------------------------------------------------------------------------------------------------------------------------------------------------
<# 2024/07/30 attach, test, invoke that works
$VMHosts = Get-Datacenter -Name Primary* | Get-VMHost | where-object Name -notlike "*av*"
ForEach($VMHost in $VMHosts){
Write-Warning -Message ("Start" + $VMHost.Name)
$VMHost | Invoke-VMHostProfile -Profile $HostProfile -AssociateOnly -Confirm:$false
$VMHost | Test-VMHostProfileCompliance
}
ForEach($VMHost in $VMHosts){
$VMHost | Invoke-VMHostProfile -Confirm:$false
}
#>
#Attach Host Profile and Test Compliance
foreach ($VMHostName in $VMHostNames) {
$CurrentHostProfiles = Get-VMHostProfile
$VMHostDetails = Get-VMHost -Name $VMHostName
$VMHostVIserver = $VMHostDetails.Uid.Split('@')[1].Split(':')[0]
switch ($VMHostVIserver) {
itdvmvc1.nd.gov { $VMHostVIserver = "BIS" }
Default { $VMHostVIServer = "MDN" }
}
$VMHostParent = $VMHostDetails.Parent.Name
switch ($VMHostParent.substring(0, $VMHostParent.Length - 1)) {
Avaya { $VMHostProfile = "Avaya" }
TEL { $VMHostProfile = "TEL" }
Default { $VMHostProfile = "General" }
}
#$VMHostBuild = $VMHostDetails.Build
#$VMHostVersion = $VMHostDetails.Version
#$VMHostProfileName = $CurrentHostProfiles | Where-Object {$_.Name -Like "*$VMHostVIserver*" -and $_.Name -Like "*$VMHostVersion*" -and $_.Name -Like "*$VMHostBuild*" -and $_.Name -Like "*$VMHostProfile*"} | Sort-Object Name | Select-Object -First 1
$VMHostProfileName = $CurrentHostProfiles | Where-Object { $_.Name -like "*$VMHostVIserver*" -and $_.Name -Like "*7.0.3*" -and $_.Name -like "*$VMHostProfile*" -and $_.Name -like "*Synergy*" } | Sort-Object -Descending Name | Select -First 1
Invoke-VMHostProfile -Entity $VMHostDetails -Profile $VMHostProfileName -AssociateOnly -Confirm:$false
}
# import host customization csv now
# then continue
foreach ($VMHostName in $VMHostNames) {
Get-VMHost -Name $VMHostName | Test-VMHostProfileCompliance
}
#Remediate Host Profile
foreach ($VMHostName in $VMHostNames) {
$VMHostDetails = Get-VMHost -Name $VMHostName
$VMHostProfileCompliance = $VMhostDetails | Test-VMHostProfileCompliance #### ???????
if ($VMHostProfileCompliance.ExtensionData.ComplianceStatus -Like "*non*") {
Invoke-VMHostProfile -Entity $VMhostDetails -Confirm:$false
}
$VMhostDetails | Test-VMHostProfileCompliance
}
#Test Host Profile Compliance
foreach ($VMHostName in $VMHostNames) {
Get-VMHost $VMHostName | Test-VMHostProfileCompliance
}
# Host requires reboot before previously applied configuration changes will take effect
Get-VMHost -Name $VMHostNames | Restart-VMHost -Confirm:$false
#Test Host Profile Compliance again
foreach ($VMHostName in $VMHostNames) {
Get-VMHost $VMHostName | Test-VMHostProfileCompliance
}
# move hosts back to their clusters
ForEach($VMHostName in $VMHostNames){
switch ($VMHostName.substring(8).split('.')[0].substring(0,2)){
'ps' {$ClusterStr = "PS"}
}
switch ($VMHostVIserver){
'itdvmvc1.nd.gov' {$ClusterInt = 1}
'itdvmvc2.nd.gov' {$ClusterInt = 2}
}
$ClusterName = $ClusterStr + $ClusterInt
Move-VMHost -VMHost $VMHostName -Destination (Get-Cluster -Name $ClusterName)
}
# restart again because HA is being weird
Get-VMHost -Name $VMHostNames | Restart-VMHost -Confirm:$false
# monitor
Get-VMHost -Name $VMHostNames
#----------------------------------------------------------------------------------------------------------------------------------------------------
#Monitor
Get-VMHost -Name $VMHostNames | Sort-Object Name | Select-Object Name, ConnectionState, @{Name = "VM.count"; E = { @($_ | Get-VM | Where-Object { $_.ExtensionData.Summary.Config.ManagedBy.Type -NE "placeholderVm" }).Count } }
#Exit Maintenance Mode and Enable Alarms
ForEach($VMHostName in $VMHostNames){
Set-VMHost -VMHost $VMHostName -State "Connected" -RunAsync
Start-Sleep -Seconds 2
}
foreach ($VMHostName in $VMHostNames) {
$GetVMHost = Get-VMHost $VMHostName
$VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0]
$alarmMgr = Get-View AlarmManager -Server $VIServer
$alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled
if ($alarmEnabled -eq $false) {
$alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $true)
}
$GetVMHost = $null
}
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#----------------------------------------------------------------------------------------------------------------------------------------------------
#$VMCluster = Get-Cluster $VMHostParent #| Set-Cluster -HAAdmissionControlEnabled:$false -Confirm:$false
#$HAFailoverHost = Get-VMHost | Where-Object {$_.Id -Match ((Get-Cluster $VMHostParent).extensiondata.configuration.dasconfig.admissioncontrolpolicy.failoverhosts.value)}
#get-vmhost | where-object {$_.id -eq ($vmcluster.extensiondata.configuration.dasconfig.admissioncontrolpolicy.failoverhosts.value)}
<#
foreach ($VMHostProfile in $VMHostProfiles){
Export-VMHostProfile -FilePath $FilePath$Profile".xml" -Profile $VMHostProfile
}
Import-VMHostProfile -FilePath $FilePath"TestHostProfile.xml" -Name "Test Scripting"
#>
#Get-OVServer -ov x
#$x | select Name,processorType,processorCount,processorCoreCount,serialnumber,memorymb,generation
## disable alarms entire datacenter
$VMHostNames=(Get-Datacenter primary* | Get-VMHost).Name
foreach ($VMHostName in $VMHostNames) {
Write-Warning -Message ("Start $VMHostName")
$GetVMHost = Get-VMHost $VMHostName
#$VMHostParent = $GetVMHost.Parent
#$HostCluster = Get-Cluster -VMHost $VMHostName
<#$NewSpec = New-Object VMware.Vim.ClusterConfigSpec
$NewSpec.DasConfig = New-Object VMware.Vim.ClusterDasConfigInfo
$NewSpec.DasConfig.AdmissionControlPolicy = New-Object VMware.Vim.ClusterFailoverResourcesAdmissionControlPolicy
$NewSpec.DasConfig.AdmissionControlPolicy.AutoComputePercentages = $true
$HostCluster.ExtensionData.ReconfigureCluster($NewSpec, $true)
#>
$VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0]
$alarmMgr = Get-View AlarmManager -Server $VIServer
$alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled
if ($alarmEnabled -eq $true) {
$alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $false)
}
}
## enable alarms for entire datacenter
$VMHostNames = (Get-VMHost).Name
foreach ($VMHostName in $VMHostNames) {
$GetVMHost = Get-VMHost $VMHostName
$VIServer = $GetVMHost.Uid.Split('@')[1].Split(':')[0]
$alarmMgr = Get-View AlarmManager -Server $VIServer
$alarmEnabled = $GetVMHost.ExtensionData.AlarmActionsEnabled
if ($alarmEnabled -eq $false) {
$alarmMgr.EnableAlarmActions($GetVMHost.ExtensionData.MoRef, $true)
}
$GetVMHost = $null
}
Reference in New Issue View Git Blame Copy Permalink