Zack Meier
87 lines
3.5 KiB
PowerShell
87 lines
3.5 KiB
PowerShell
|
|
[CmdletBinding()]
|
|
param (
|
|
[switch]
|
|
$IncludeInProgress
|
|
)
|
|
|
|
begin {
|
|
|
|
}
|
|
|
|
process {
|
|
New-ITDServiceNowSession -Credential $Secret:snow_vmcred -Environment Production
|
|
Connect-ITDvCenter -Credential $Secret:ndgov_svcitdvmvcauto
|
|
|
|
If($PSBoundParameters.ContainsKey("IncludeInProgress")){
|
|
$Filter = 'short_descriptionSTARTSWITHLockdown mode is disabled on VMware host^state=1^ORstate=2'
|
|
} Else {
|
|
$Filter = 'state=1^short_descriptionSTARTSWITHLockdown Mode is disabled on VMware host'
|
|
}
|
|
|
|
$Incidents = Get-ITDServiceNowRecord -ItemType Incident -Filter $Filter | Sort-Object {$_.number.value}
|
|
|
|
ForEach ($Incident in $Incidents) {
|
|
# reset variables for each loop
|
|
$VMHostName = $null
|
|
$VMHostStatus = $null
|
|
$VMHostStatusCheck = $null
|
|
$NoChange = $null
|
|
|
|
$VMHostName = $Incident.short_description.display_value.split(' ')[-1]
|
|
|
|
Write-Verbose -Message ("Start " + $Incident.number.display_value + " for host " + $VMHostName) -Verbose
|
|
# confirm ticket is accurate, that host has lockdown mode disabled
|
|
$VMHostStatus = Get-ITDVMwareVMHostStatus -Name $VMHostName
|
|
|
|
# if accurate, enable lockdown
|
|
If ($VMHostStatus.LockdownMode -eq 'lockdowndisabled') {
|
|
Write-Verbose -Message ("Lockdown is still disabled on " + $VMHostName + ", enabling lockdown mode") -Verbose
|
|
Enable-ITDVMwareVMHostFeature -Name $VMHostName -LockdownMode
|
|
}
|
|
Else {
|
|
Write-Verbose -Message ("Lockdown is already enabled on " + $VMHostName + ", no change") -Verbose
|
|
$NoChange = $true
|
|
}
|
|
Start-Sleep -Seconds 5
|
|
|
|
# confirm lockdown is enabled
|
|
$VMHostStatusCheck = Get-ITDVMwareVMHostStatus -Name $VMHostName
|
|
|
|
# update ticket with current status
|
|
If ($VMHostStatusCheck.LockdownMode -eq 'lockdowndisabled') {
|
|
# update work notes if disabled
|
|
Write-Verbose -Message ("Lockdown is still disabled on " + $VMHostName + ", update incident work notes") -Verbose
|
|
$WorkNotesMsg = ("Lockdown is still disabled on " + $VMHostName + " after attempted remediation, manual review required.")
|
|
Update-ITDServiceNowRecord -ItemType Incident -Number $Incident.number.display_value -Values @{
|
|
work_notes = $WorkNotesMsg
|
|
state = 'On Hold'
|
|
}
|
|
}
|
|
Else {
|
|
# close if enabled
|
|
If ($NoChange) {
|
|
Write-Verbose -Message ("Lockdown was already enabled on " + $VMHostName + ", closing incident") -Verbose
|
|
$close_notes = ("Lockdown was already enabled on " + $VMHostName + " when checked, closing incident")
|
|
}
|
|
Else {
|
|
Write-Verbose -Message ("Lockdown successfully enabled on " + $VMHostName + ", closing incident") -Verbose
|
|
$close_notes = ("Lockdown successfully auto-enabled on " + $VMHostName);
|
|
}
|
|
Write-Verbose -Message ("Lockdown successfully enabled on " + $VMHostName + ", closing incident") -Verbose
|
|
Update-ITDServiceNowRecord -ItemType Incident -Number $Incident.number.display_value -Values @{
|
|
close_code = 'Solved (Permanently)'
|
|
close_notes = $close_notes
|
|
u_underlying_cause = 'Configuration';
|
|
state = 'Closed'
|
|
}
|
|
}
|
|
}
|
|
|
|
Disconnect-ITDvCenter
|
|
}
|
|
|
|
end {
|
|
|
|
}
|