-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathAudit_and_Repair_VMHost_Firewall_netCP.ps1
386 lines (360 loc) · 16.4 KB
/
Audit_and_Repair_VMHost_Firewall_netCP.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
<#
.NOTES
===========================================================================
Created by: Russell Hamker
Date: September 18, 2020
Version: 1.1
Twitter: @butch7903
GitHub: https://github.com/butch7903
===========================================================================
.SYNOPSIS
This script will check a VMHost to see if NetCP is Enabled = True/False.
.DESCRIPTION
Use this script to check if a VMHost can be brought out of Maintenance
Mode or not.
.NOTES
This script requires a VMware PowerCLI minimum version 11.4 or greater.
This Script is based on VMware KB
https://kb.vmware.com/s/article/80607?lang=en_US
.TROUBLESHOOTING
#>
##Check if Modules are installed, if so load them, else install them
if (Get-InstalledModule -Name VMware.PowerCLI -MinimumVersion 11.4) {
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host "PowerShell Module VMware PowerCLI required minimum version was found previously installed"
Write-Host "Importing PowerShell Module VMware PowerCLI"
Import-Module -Name VMware.PowerCLI
Write-Host "Importing PowerShell Module VMware PowerCLI Completed"
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
#CLEAR
} else {
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host "PowerShell Module VMware PowerCLI does not exist"
Write-Host "Setting Micrsoft PowerShell Gallery as a Trusted Repository"
Set-PSRepository -Name PSGallery -InstallationPolicy Trusted
Write-Host "Verifying that NuGet is at minimum version 2.8.5.201 to proceed with update"
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -Confirm:$false
Write-Host "Uninstalling any older versions of the VMware PowerCLI Module"
Get-Module VMware.PowerCLI | Uninstall-Module -Force
Write-Host "Installing Newest version of VMware PowerCLI PowerShell Module"
Install-Module -Name VMware.PowerCLI -Scope AllUsers
Write-Host "Creating a Desktop shortcut to the VMware PowerCLI Module"
$AppLocation = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
$Arguments = '-noe -c "Import-Module VMware.PowerCLI"'
$WshShell = New-Object -ComObject WScript.Shell
$Shortcut = $WshShell.CreateShortcut("$Home\Desktop\VMware PowerCLI.lnk")
$Shortcut.TargetPath = $AppLocation
$Shortcut.Arguments = $Arguments
$ShortCut.Hotkey = "CTRL+SHIFT+V"
$Shortcut.IconLocation = "%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe,1"
$Shortcut.Description ="Launch VMware PowerCLI"
$Shortcut.WorkingDirectory ="C:\"
$Shortcut.Save()
Write-Host "Shortcut Created"
Write-Host "You may use the CTRL+SHIFT+V method to open VMware PowerCLI"
Write-Host "Importing PowerShell Module VMware PowerCLI"
Import-Module -Name VMware.PowerCLI
Write-Host "PowerShell Module VMware PowerCLI Loaded"
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
#Clear
}
##Get Current Path
$pwd = pwd
##Setting CSV File Location
$CSVFILELOCATION = $pwd.path
##Document Start Time
$STARTTIME = Get-Date -format "MMM-dd-yyyy HH-mm-ss"
$STARTTIMESW = [Diagnostics.Stopwatch]::StartNew()
##Select VCSA
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
##Import VCSA File or Create 1
$VCSACSVFILENAME = "VCSAlist.csv"
$VCSACSVFILEGET = Get-Item "$CSVFILELOCATION\$VCSACSVFILENAME" -ErrorAction SilentlyContinue
$VCSACSVFILE = "$CSVFILELOCATION\$VCSACSVFILENAME"
If(!$VCSACSVFILEGET)
{
CLS
Write-Host "VCSA List CSV File not found"
$VCSANAME = @()
$CREATENEWRECORD = "" | Select VCSA
$CREATENEWRECORD.VCSA = "Create New Record"
$VCSANAME += $CREATENEWRECORD
$VCSATEMPLIST = "" | Select VCSA
$VCSATEMPLIST.VCSA = Read-Host "Please provide a VCSA FQDN"
$VCSANAME += $VCSATEMPLIST
$VCSANAME | Export-CSV -NoTypeInformation -PATH $VCSACSVFILE
$VCSA = $VCSATEMPLIST.VCSA
Write-Host "VCSA Selected is $VCSA"
}
If($VCSACSVFILEGET)
{
CLS
Write-Host "VCSA List CSV File found. Importing file..."
$VCSALIST = Import-CSV -PATH $VCSACSVFILE
$VCSASITELIST = $VCSALIST | Where {$_.Site -eq $SITE -or $_.Site -eq "NA"}
$countCL = 0
foreach($oC in $VCSASITELIST)
{
$NAME = $oC.VCSA
Write-Output "[$countCL] $NAME"
$countCL = $countCL+1
}
Write-Host " "
$choice = $null
$choice = Read-Host "On which VCSA do you wish to work from"
$CHOICEPICKED = ($VCSASITELIST[$choice]).VCSA
If($CHOICEPICKED -eq "Create New Record")
{
$VCSANAME = $VCSALIST
Write-Host "Creating New Record Selected..."
$VCSATEMPLIST = "" | Select VCSA
$VCSATEMPLIST.VCSA = Read-Host "Please provide a VCSA FQDN"
$VCSANAME += $VCSATEMPLIST
$VCSANAME | Export-CSV -NoTypeInformation -PATH $VCSACSVFILE -Confirm:$false
$VCSA = $VCSATEMPLIST.VCSA
Write-Host "VCSA Selected is $VCSA"
}Else{
$VCSA = $CHOICEPICKED
Write-Host "VCSA Selected is $VCSA"
}
}
Write-Host "VCSA Selected is $VCSA"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Document Selection
Do
{
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "Documenting User Selections"
Write-Host "VCSA: $VCSA"
Write-host "Are the Above Settings Correct?" -ForegroundColor Yellow
$Readhost = Read-Host " ( y / n ) "
Switch ($ReadHost)
{
Y {Write-host "Yes selected"; $VERIFICATION=$true}
N {Write-Host "No selected, Please Close this Window to Stop this Script"; $VERIFICATION=$false; PAUSE; CLS}
Default {Write-Host "Default, Yes"; $VERIFICATION=$true}
}
}Until($VERIFICATION -eq $true)
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Provide Credentials
CLS
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
If(!$MyCredential)
{
Write-Host "Please Provide VCSA Administrator based Credentials for VCSA $VCSA"
$MyCredential = Get-Credential -Message "Please Provide VCSA Creds"
Write-Host "Credential UserName provided is:"$MyCredential.UserName
}
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Disconnect from any open vCenter Sessions,
#This can cause problems if there are any
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "Disconnecting from any Open vCenter Sessions"
TRY
{Disconnect-VIServer * -Confirm:$false}
CATCH
{Write-Host "No Open vCenter Sessions found"}
Write-Host "Disconnecting from any Open NSX Manager Sessions"
if($DefaultNSXConnection.Server)
{
Disconnect-NSXServer * -Confirm:$false
}ELSE{
Write-Host "No Open NSX Server Sessions found"
}
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Connect to vCenter Server
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "Connecting to vCenter $VCSA"
$VISERVER = Connect-VIServer -server $VCSA -Credential $MyCredential
Write-Host "Connected to vCenter "
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Select CLUSTER
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
CLS
Write-Host "Select Cluster on vCenter $VCSA"
$CLUSTER = Get-Cluster | Sort Name
$countCL = 0
Write-Host " "
Write-Host "Clusters: "
Write-Host " "
foreach($oC in $CLUSTER)
{
Write-Output "[$countCL] $oc"
$countCL = $countCL+1
}
Write-Host " "
$choice = Read-Host "On which Cluster do you want to look at?"
$CLUSTER = Get-Cluster $CLUSTER[$choice]
Write-Host "You have selected Cluster $CLUSTER on vCenter $VCSA"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Select VMHost
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
CLS
Write-Host "Select VMHost on vCenter $VCSA"
$VMHOST = Get-Cluster $CLUSTER| Get-VMHost | Sort Name
$countCL = 0
Write-Host " "
Write-Host "VMHost: "
Write-Host " "
foreach($oC in $VMHOST)
{
Write-Output "[$countCL] $oc"
$countCL = $countCL+1
}
Write-Host " "
$choice = Read-Host "Which VMHost do you wish to review?"
$VMHOST = get-vmhost $VMHOST[$choice]
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Get Date Info for Logging
$LOGDATE = Get-Date -format "MMM-dd-yyyy_HH-mm"
##Specify Log File Info
$LOGFILENAME = "Log_" + $VMHOST + "_" + $LOGDATE + ".txt"
#Create Log Folder
$LogFolder = $pwd.path+"\Log"
If (Test-Path $LogFolder){
Write-Host "Log Directory Created. Continuing..."
}Else{
New-Item $LogFolder -type directory
}
#Specify Log File
$LOGFILE = $pwd.path+"\Log\"+$LOGFILENAME
##Starting Logging
Start-Transcript -path $LOGFILE -Append
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "Script Logging Started"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Reiderate Information Selected
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "You have selected
VMHost $VMHOST
Cluster $CLUSTER
vCenter $VCSA"
Write-Host "Credential UserName provided is:"$MyCredential.UserName
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
#ESXCLI
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "Connecting to VMHOST $VMHOST"
$esxcli = Get-EsxCli -VMHost $VMHOST -V2
$CLIARGS = $esxcli.network.firewall.ruleset.list.CreateArgs()
$CLIARGS.rulesetid = "netCP"
Write-Host "Checking Enablement status of netCP Service"
$RESPONSE = $esxcli.network.firewall.ruleset.list.Invoke($CLIARGS)
Write-Host "Response from host $VMHOST is:"
$RESPONSE | Out-String | Write-Host
If($RESPONSE.Enabled -eq 'false')
{
Write-Host "Reponse is FALSE!" -ForegroundColor red -BackgroundColor yellow
Write-Host "Restart the netCPA service on the VMHost $VMHOST" -ForegroundColor red -BackgroundColor yellow
Write-Host "To restart netCPA Service do the following:
1. Enable SSH on Host
2. SSH to Host
3. Run command: /etc/init.d/netcpad restart
" -ForegroundColor red
Write-Host "See KB for more info: https://kb.vmware.com/s/article/80607?lang=en_US" -ForegroundColor white
#Attempt Fix
Write-Host "Would you like to attempt to fix this?"
$READHOST = Read-Host " (y / n) "
Switch($READHOST)
{
Y {
Write-Host "Yes Selected. Attempting to Auto Repair"
#Enable SSH
Write-Host "Enabling SSH on VMHost $VMHOST"
Get-VMHost $VMHOST | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} | Start-VMHostService -confirm:$false
#Use plink to restart netcpad
if(plink.exe)
{
Write-Host "Using PLINK utility to attempt to run netcpad restart command on host"
$ROOTPWD = Read-Host "Please provide Root Password to VMHost"
echo y | plink root@$VMHOST -pw $ROOTPWD /etc/init.d/netcpad restart
}ELSE{
Write-Error "PLINK is not installed on this computer! Please install Putty MSI/plink on this computer"
}
#Disable SSH
Write-Host "Disabling SSH on VMHost $VMHOST"
Get-VMHost $VMHOST | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} | Stop-VMHostService -confirm:$false
#Check host again after fix
Write-Host "Checking VMHost $VMHOST again after attempted fix"
$esxcli = Get-EsxCli -VMHost $VMHOST -V2
$CLIARGS = $esxcli.network.firewall.ruleset.list.CreateArgs()
$CLIARGS.rulesetid = "netCP"
Write-Host "Checking Enablement status of netCP Service"
$NEWRESPONSE = $esxcli.network.firewall.ruleset.list.Invoke($CLIARGS)
Write-Host "Response from host $VMHOST is:"
$NEWRESPONSE | Out-String | Write-Host
If($NEWRESPONSE.Enabled -eq 'true')
{
Write-Host "Response is TRUE. VMHost $VMHOST is ready for Service" -ForegroundColor green
}Else{
Write-Host "Reponse is FALSE!" -ForegroundColor red -BackgroundColor yellow
Write-Host "Restart the netCPA service on the VMHost $VMHOST" -ForegroundColor red -BackgroundColor yellow
Write-Host "To restart netCPA Service do the following:
1. Enable SSH on Host
2. SSH to Host
3. Run command: /etc/init.d/netcpad restart
" -ForegroundColor red
Write-Host "See KB for more info: https://kb.vmware.com/s/article/80607?lang=en_US" -ForegroundColor white
}
}
N { Write-Host "No Selected, Exiting"
}
}
}Else{
Write-Host "Response is TRUE. VMHost $VMHOST is ready for Service" -ForegroundColor green
}
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Document Script Total Run time
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
$STARTTIMESW.STOP()
Write-Host "Total Script Time:"$STARTTIMESW.Elapsed.TotalMinutes"Minutes"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Disconnect from vCenter
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "Disconnecting from vCenter"
disconnect-viserver $VCSA -confirm:$false
IF ($NSXSERVER)
{
Write-Host "Disconnecting from NSX Manager"
Disconnect-NSXServer -NSXServer $NSXSERVER -Confirm:$false
}
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Stopping Logging
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "All Processes Completed"
Write-Host "Stopping Transcript"
Stop-Transcript
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
##Script Completed
Write-Host "-----------------------------------------------------------------------------------------------------------------------"
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "Script Completed for $VCSA"
Write-Host "Press Enter to close this PowerShell Script"
PAUSE
Write-Host (Get-Date -format "MMM-dd-yyyy_HH-mm-ss")
Write-Host "-----------------------------------------------------------------------------------------------------------------------"