Configure ESXi Scratch Config w/ Powershell/PowerCLI and other advanced settings...

Summary:
Needed to script configure all my 100+ ESXi hosts w/ a scratch location.  Having a permanent scratch location configured is helpful when an error such as a purple screen of death (PSOD) occurs on ESXi.  It is not a requirement, but definitely a best practice.

PreRequisites:
  1. Powershell 2.0 +
  2. PowerCLI 5.1 +
  3. vCenter 4.1 +
  4. Local or Shared Datastore
    • Local is easy if you standardize on naming of a local datastore.  
      • I'll focus on this in my script example.
    • Shared Datastore essentially accomplishes a similar goal of a remote syslog server, you'll want to be sure to separate logs to their own individual directory.
      • Scaling may become an issue unless you focus these shared datastores among clusters rather than all hosts.
Details:


Rather than write a single line to just configure the scratch location, I decided to write something that could host my standard build config info for all advanced settings.  This way I could simply add additional advanced settings to this same script.  This is made simply to also cover anything that a scripted pxe build process may fail to apply.  It's not the most elegant solution, so I more than welcome feedback and tips.
So here it is:
# Stuff to capture errors, yes, it is quite useful.

$Date = Get-Date -Format yyyy.MM.dd-hh.mm.ss
$UserName = (Get-ChildItem env:\username).value

$ErrorLog = @()
# This can also be a network share like \\servername\hiddensharename$
$ErrorLogOutPutPath = "C:\somepath\errors\WhateverNameYouWantHere$($Date)-$($Username).txt" 

# Connecting to my vCenter
Connect-viserver myvCenterServerName -ErrorVariable +ErrorLog

# Here I am gather all the hosts connected to my connected vCenter instance. 
$VMHosts = Get-VMHost -ErrorVariable +ErrorLog


# Initial Option will always have $num, every subsequent defined option should be ($Num +1)
# $NumberofOptions should match the amount of options you plan to update.
# I made this number 20, even though I only have 4
# It just makes it easier to add more later w/o remember to change 
# this number each time I add an option.
$Num = 0
$NumberofOptions = 20

 # Any static options that don't have reliance upon data should be defined here.
# These first two options simply define my remote syslog info.
# Key is the important value.  
# To find out what values are available you can use the Get-AdvancedSetting cmdlet
$Options = New-Object VMware.Vim.OptionValue[] ($NumberofOptions)
$Options[$Num]  = New-Object VMWare.Vim.OptionValue
$Options[$Num].Key  = "Syslog.Remote.Hostname"
$Options[$Num].Value  = "192.168.1.5"

 $Options[($Num + 1)]  = New-Object VMWare.Vim.OptionValue
$Options[($Num + 1)].Key  = "Syslog.Remote.Port"
$Options[($Num + 1)].Value  = "514"



 # Additional Options can be found by search for # Additional Options #

# Starting a Loop statement to run commands against each individual 
# ESXi host aka VMHost in API terms
Foreach ($VMHost in $VMHosts)
{
# I need the datacenter node name here so I can create the directory/directories needed for 
# the scratch and local syslog directories.

$DataCenter = Get-Datacenter -VMHost $vmhost -ErrorVariable +ErrorLog
# In my case, my standard local datastore name is formatted as myESXHostName_local
# This is needed so I can get the uuid of the store the scratch directory.
$DS = Get-Datastore "$($VMHost.NetworkInfo.Hostname)_local" -ErrorVariable +ErrorLog

# Additional Options #
# Here is where I am testing whether the local syslog path exists
# If not, the script will create it.  The path is required for the logging to work.

$PathCheck = Test-Path vmstore:\$DataCenter\"$($VMHost.NetworkInfo.Hostname)_local"\"logfiles\" -ErrorVariable +ErrorLog
If ($Pathcheck -ne $true)
{mkdir vmstore:\$DataCenter\"$($VMHost.NetworkInfo.Hostname)_local"\logfiles -ErrorVariable +ErrorLog}

# Here I define the local syslog datastore path

$Options[($Num + 1)]  = New-Object VMWare.Vim.OptionValue
$Options[($Num + 1)].Key = "Syslog.local.datastorepath"
$Options[($Num + 1)].Value = ("[" + $VMHost.NetworkInfo.Hostname + "_local] /logfiles/" + $VMHost.NetworkInfo.Hostname + ".log")

# Here is where I am testing whether the local scratch path exists
# If not, the script will create it.  The path needs to exist prior to configuration.

$PathCheck = Test-Path vmstore:\$DataCenter\"$($VMHost.NetworkInfo.Hostname)_local"\".locker-$($VMHost.NetworkInfo.Hostname)" -ErrorVariable +ErrorLog
If ($Pathcheck -ne $true)
{mkdir vmstore:\$DataCenter\"$($VMHost.NetworkInfo.Hostname)_local"\".locker-$($VMHost.NetworkInfo.Hostname)" -ErrorVariable +ErrorLog}

 # Here I define the scratch directory location using the datastore information
$Options[($Num + 1)] = New-Object VMWare.Vim.OptionValue
$Options[($Num + 1)].Key = "ScratchConfig.ConfiguredScratchLocation"
$Options[($Num + 1)].Value = ("/vmfs/volumes/$($DS.ExtensionData.info.vmfs.uuid)/.locker-$($VMHost.NetworkInfo.Hostname)")

 # End Additional Options #

 ## Here is where we now apply all those defined advanced settings ##
# Begin loop statement to apply each $Option / Advanced Setting, skipping $null entries

Foreach ($Option in ($Options | where {$_ -ne $null}))
{
Write-Host "Checking if $($Option.Key) equals $($Option.Value)"
# Here I'm simply checking to see if the advanced setting is already is configured.
IF ((Get-AdvancedSetting -Name $Option.Key -ErrorAction:SilentlyContinue -ErrorVariable +ErrorLog).Value -ne $Option.Value )
{Write-Host "It doesn't so I'm changing it."
# If it's not configured, then I'm changing it.
Get-AdvancedSetting -Name $Option.Key | Set-AdvancedSetting -Value $Option.Value -ErrorAction:SilentlyContinue -ErrorVariable +ErrorLog
}
# If it is configured, then this simply lets you know that it is.
Else {Write-Host "It does!?  That's weird, moving on."}
}
}
# Outputs an error txt file if any were recorded.

If ($errorLog.Count -gt 0)
{
$ErrorLog | Out-File $LogPath
}

 Managing Vmware Infrastructure with Windows Powershell Tfm (Google Affiliate Ad)

Comments

Post a Comment

Popular posts from this blog

NSX-T: Release associated invalid node ID from certificate

Image
Summary: Basically had an expiring certificate registered in NSX-T that was associated to a node_id that is no longer valid.  Long story short, there wasn't anything obvious in API to delete or disassociate a certificate from a node_id for 3.2.2.  Not sure how things got in this state, but annotating for future reference.  This may change in future revisions, so always check API for latest. Details: Effectively had a stale node associated w/ a certificate that was expiring.  Could not delete certificate until that node was disassociated from the certificate. To get certificate details and associated node_id's, you can use the following curl call (UI works too): curl -k -X GET -H "Content-Type: application/json" -u admin https://<manager ip>/api/v1/trust-management/certificates/<cert UUID> Above will return something like this: Below must be run from one of the manager nodes via elevation to root: ONLY RUN THIS IF YOU ARE ABSOLUTELY SURE OF WHAT YOU ARE DO...
Read more

NSX-T: vCenter and NSX-T Inventory out of Sync (Hosts in vSphere not showing up in NSX-T)

Image
Summary: NSX-T loses synch w/ vCenter inventory, but statuses don't appear to show an issue.  Basically, you add a host to a vCenter cluster, NSX-T bits should start to automatically installing on new host.  Assuming you've created a Transport Node Profile and associated w/ the cluster.  The problem is that NSX-T doesn't see the new host and its link to the compute manager (vCenter) looks fine. Looks fine, Y U NO WORK!? So what's going on here?  This appears to affect NSX-T 2.5 and 2.5.1.  Cause is unknown. Workaround: Restart the cm-inventory service on each NSX-T mgmt/controller node using API or CLI. Details: If you were to query the status of the cm-inventory via API or CLI, you could query all 3 manager/controller nodes and get a status of running.  Even if the primary node associated w/ the VIP, if configured, is not necessarily in charge of inventory.  So you could restart the cm-inventory service till you are blue in the face ...
Read more

MacOS: AnyConnect VPN client was unable to successfully verify the IP forwarding table modifications.

Image
The VPN client was unable to successfully verify the IP forwarding table modification.  A VPN connection will not be established. Summary: I started running into issue utilizing Cisco AnyConnect on my Mac basically complaining about not able to overwrite IP forwarding tables.  This was on 4.6.x.  Since my VPN endpoints were not providing me w/ an updated client and w/ no access to Cisco Anyconnect downloads, my only option was to try openconnect.  It was totally worth it, here is why and how to set it up. PreReqs: Homebrew Installing OpenConnect: Launch MacOS Terminal brew install openconnect Getting VPN IP's/DNS Endpoints from AnyConnect: The information is typically located in your profile xml files located here: /opt/cisco/anyconnect/profile/somethingsomething.xml In the xml file, you are looking for "<HostAddress>typicallyaDNSName.com</HostAddress>" entry.  These are your VPN endpoints that you would need to pass to openconnec...
Read more