Today April 30, 2010 is the closing day for Nominations.
VMware vExpert Application Form
Award Benefits
Criteria & Guidelines
If you have not already got your nomination in, the clock is ticking……
Today April 30, 2010 is the closing day for Nominations.
If you have not already got your nomination in, the clock is ticking……
In continuation to my post regarding mistakes, it actually started a very interesting discussion.on Twitter on the subject.
Don't get me wrong - I am not for publicizing information that was under NDA. And if you ask me - if someone does publicize a piece of information that is covered by an NDA - then the publisher should have sanctions taken against them.
But the whole idea of that post was not because someone broke an NDA, not at all.
It was not that someone overheard a conversation that should not have in a Starbucks coffee shop.
The main subject under debate was a planned announcement with a recognized spokesman of the vendor on a pre-planned public webcast.
Saying that though - if an error happened and something did leak out - I do think that common sense should be used. It all depends what your motives are. If you want to be a sensationalist - then by all means - go for it. But as I heard from someone wise - do not bite the hand that feeds you.
Remember information is one of the easiest things to come by in our day and age. If you value your privacy and your company's then you will have to protect that information - in more ways then one.
Small Rant….
Over the last two weeks there have been a numerous amount of occurrences where VMware employees have voiced new announcements in Public, and thereafter several bloggers have posted on their blogs information based on these announcements.
Content here, here, here, here and here.
Now what you will find in common with all of the above posts - is that they either have been pulled, or the content they were pointing to has been removed.
I personally have been asked (in the past and not related to the topics above) to remove content off of my blog because the material was confidential and not for public knowledge - but the source forgot to tell me and 60 other people in the room with me that this information was under NDA.
I mean we all make mistakes - we are all human, but I would like to put in a public request to VMware and to any other vendor as well for that matter. If you do not want something out in the public - do not go and announce it on a public forum! You will have to go around cleaning up your mess after you.
This does not add to your credibility.
VMworld 2010 registration is now open.
A few facts and new introductions to this year's conference
Follow the Experts - New in 2010
This year, VMworld is connecting you directly with subject-matter authorities with our Knowledge Experts Program. These highly respected members of the VMware community - made up of industry-leading customers, bloggers and VMware employees - will be conducting and participating in Breakout sessions and Birds of a Feather discussion groups. Plus, they’ll also be available for one-on-one meetings and more casual discussions as they circulate throughout the conference.
One-on-One Meetings
You can schedule one-on-one meetings with up to 3 Knowledge Experts during the conference. Use these 15-minute sessions to delve into topics that relate specifically to your organization.
Birds of a Feather Discussion Groups
In addition to traditional Breakout Sessions, we’re introducing Birds of a Feather Discussion Groups led by one of the Knowledge Experts. These informative and interactive discussion groups are a great opportunity for you to gain insight from like-minded colleagues in similar industries. Attendance is on a first-come, first-served basis.
Self-Paced Labs - More Options
In 2010, all VMworld Labs will be held in a self-paced environment - allowing us to maximize the number of labs offered and giving you more opportunities to explore how virtualization can make a powerful impact on your organization. Unlike traditional instructor-led labs, self-paced labs create a more interactive and educational environment - one that lets you see, first hand, how the latest in VMware software can help you energize your business.
VMworld will stage more than 18,000 lab seats and conduct up to 400 simultaneous lab sessions during the 4-day event. Plus, we have committed 200,000+ man-hours in lab creation and development to produce over 20 self-paced lab topics - covering everything from SRM to DRS. With over 100 VMware Specialists on hand to answer questions and explore options, you’ll get one-on-one attention when you need it - and still have the flexibility to move at your own pace. Forget pre-registration. With over 40 hours of available lab time throughout the conference, you’re free to experience the latest in VMware offerings when it best fits your schedule.
Breakout Sessions - More Freedom. Less Formality.
This year, we’ve eliminated the need to pre-register for sessions - giving you more freedom and greater control over your conference experience. Forget trying to plan your daily agenda around events you picked weeks ago -use Schedule Builder to view a complete listing of available sessions and then just show up to sessions that work best for you when you’re at the conference. Plus, we’ll be repeating most sessions at least once, so you have ample opportunity to attend your top choices.
Now a few things here caught my eye.
So what do you all think about the changes? The discussion has already begun.
Do you know the feeling?
You have 40 domain controllers located in 20 different locations - with a multitude of child domains and children of those child domains, on all sides of the globe (yeah I know a globe does not have sides….), with different people at different levels of expertise managing these DC's? Sound familiar?
And for some reason someone went on vacation and forgot to clean up a movie that they put on the DC's C: drive - because they had nowhere else to put it? (well I am joking of course - but the reasons for disk space running out could be for multitude of reasons).
And the C: drive has no more free space.
And therefore the DC's stops responding properly.
And your start getting replication errors between the Domain Controllers.
So do you know the feeling??
Now of course you could have someone (or something monitor your logs for you - but not necessarily would you catch the replication issue - because you would have to monitor more than just one DC).
Well thanks to Microsoft there is small tool which will give you the replication status and if you would like it can do a whole lot more than that, but for this example the replication status will suffice.
Repadmin - and if you have not used it before then I suggest you get to know the tool.
repadmin.exe /showrepl * /csv
Ok .. Whoopee! And now what do I do with that info? Well you could:
That would be nice… but not automated!!
What if you could get the data, filter out to retrieve only what you wanted (which would be all the failures) and send it to an admin by mail. And to make your life complete (just kidding), have this run on a regular schedule?
Here you are.
# ============================================================================================== # NAME: Check-Replication # # AUTHOR: Maish Saidel-Keesing # DATE : 27/04/2010 # # COMMENT: Will check the replication status and if there are failures will send an email to the # Assigned Addresses. # ** Requires Repadmin from the Windows resource Kit accessible in the default path ** # ============================================================================================== $from = "Replication Status<maishsk@gmail.com>" $to = "Maish<maishsk@gmail.com>" #Collect the replication info #Check the Replication with Repadmin $workfile = D:\software\USB_Tool_Kit\Tools\repadmin.exe /showrepl * /csv $results = ConvertFrom-Csv -InputObject $workfile | where {$_.'Number of Failures' -ge 1} #Here you set the tolerance level for the report $results = $results | where {$_.'Number of Failures' -gt 1 } if ($results -ne $null ) { $results = $results | select "Source DC", "Naming Context", "Destination DC" ,"Number of Failures", "Last Failure Time", "Last Success Time", "Last Failure Status" | ConvertTo-Html } else { $results = "There were no Replication Errors" } Send-MailMessage -From $from -To $to -Subject "Daily Forest Replication Status" -SmtpServer "smtp.maishsk.local" -BodyAsHtml ($results | Out-String)
Line 17. Run the command and put it into CSV format
Line 18. Convert the results from the variable into a variable and filter them
Lines 20-24. If the results are not empty (which means you have errors) then apply some formatting to the output and convert that output to HTML. If there were no errors then set the variable to show that fact.
Line 26. Send the results by email
So from going from lines and lines of this
to this - which I can get in my inbox every 4 hours because it is now running as a scheduled task.
or this if all is fine and dandy
Hope this is useful to someone!
--UPDATE--
I updated the script above to remove the use of a temporary file - it was not necessary - everything can be saved into variables and clean up some logic.
Today we will deal with the client and server scripts, and before we start I would like to get the definitions straight.
Client Script: The script that is executed on the ESXi machine (Python)
Server Script:The script running on a Windows host that will configure the ESXi machine after deployment (Powershell)
So let's start. Here is the client script - it was adapted from here
# TCP client example import socket s = socket.socket() s.connect(("192.168.113.1",3333)) s.send("myuniquestring") s.close()
Simple isn't it? - Well for me to understand this took a while so I will try and explain in as much detail as possible.
Line 2. Import the socket module - which will allow us to to create the communication socket
Line 3. Create the variable s as a socket
Line 4. Connect to an "IP","port" - in my case 192.168.113.1 and port 3333 - You can define this to the IP and port of your choice
Line 5. Send a string of text. This again can be anything you would like - but I would define it as something unique so not to have any false positives.
Line 6. Close the connection - and close the script.
And in plain text - the machine will open a communication socket on port 3333 to 192.168.113.1, send myuniquestring and exit.
Now on to the Server script - adapted from here
############################################################################################### ## TCP port Listener + Connect to ESXi ## Author: Maish Saidel-Keesing ## http://technodrone.blogspot.com ## Date: April 15, 2010 ## Version: 1.0 ## Synopsis: This script will configure a TCP listener that will recive a string ## It will then connect to a ESXi machine ready to configure the instance ############################################################################################### #Define parameters with setting default port function Trace-Port { param ([int]$port=3333, [string]$IPAdress="192.168.113.1", [switch]$Echo=$false) #create a new .net listener object $listener = new-object System.Net.Sockets.TcpListener([System.Net.IPAddress]::Parse($IPAdress), $port) $listener.start() [byte[]]$bytes = 0..255|%{0} write-debug "Waiting for a connection on port $port..." $client = $listener.AcceptTcpClient() $script:remoteIP = $client.Client.RemoteEndPoint $stream = $client.GetStream() while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { $bytes[0..($i-1)]|%{$_} if ($Echo){$stream.Write($bytes,0,$i)} } $client.Close() $listener.Stop() write-debug "Connection closed." } #end Trace-Port Function ####entry point to script #set Parameters $result = $null $script:string = "myuniquestring" trace-port | foreach { $script:output = ([char]$_) $script:result += $output } if ($result -eq $string) { Connect-VIServer -Server $remoteIP.Address.IPAddressToString -User root -Password "" }
Line 12. Two Parameters are passed by default to the script, IP and Port
Line 15. Create the listener object using the two parameters above
Line 16. Start the listener
Line 19. Open the TCP Client connection
Line 20. Assign the incoming IP to the remoteIP variable. The variable is in the Script Scope - so that I can use it again outside the function.
Line 22-26. In essence the input is translated into characters until the connection is closed
Line 27-28. Close the connection and then close the listener.
Line 35-36. Clear the results variable and define my unique string variable
Line 38-40. Get each character that is sent to the listener, and put it in the result string
Line 43.44. If the string that is sent matches the string I defined - then connect to the ESXi server with the remoteIP variable. The username is always root and password is always empty. This is the default of an ESXi installation.
And in Plain text - wait for a connection on port 3333. Once received - check the string that is sent through this connection matches the string that is have predefined. If so that means it is a connection from an ESXi machine and that a connection should be opened to the ESXi server.
Now of course this is just a proof of concept for the script - but you should understand that once you can connect to the ESXi machine with root privileges you can configure what ever you would like.
Now of course to run the Server script, all you need is Powershell and the PowerCLI Cmdlets installed,
Next up is how to get the script into the ESXi installation process.
Now I am happy to say that I have completed the VCDX Design Exam today - and if you did not know that will probably be because you missed my announcement on Twitter this afternoon.
OK so first what did I use to prepare for this exam?
Duncan Epping's Post has a great list.
Jason Boche's post on his experience.
Joep Piscaer's review as well.
Jon posted a review of the process as well.
I think that the posts above have done a wonderful job of providing the proper resources to prepare and describing the process. I spent the last month going over more than 1,000 pages of manuals, Whitepapers, articles, best practices etc.
You cannot study for the VCDX from a book. There are no brain dumps and no just going over a list of multiple choice questions and memorizing the correct answer.
The VCDX process will test your experience and your knowledge of Enterprise infrastructures. The Admin Exam will test your technical knowledge and the Design Exam will see if you are capable of making the correct design decisions.
If the VCDX was the next level Certification (up until the VCAP was announced - and pulled not so long after that) - then us VMware Admins had no choice but to go for the VCDX as the next Level.
But now that there will be a VCAP intermediate Certification, the full VCDX is not for everyone.
What I can advise is the following:
3. From what I hear, the easy part is over, now starts the real work - submitting a design and the defense.
I would like to thank 2vcps, FrankDenneman, jpiscaer and DuncanYB for all there assistance along the process so far.
Wish me luck!
Today we will be dealing with some details of the parts involved. In my previous post - I explained the rationale behind the whole process.
So let us get into the schematics.
An ESX server can be installed with a kickstart script. There are multiple posts all over the web on how to configure this and customize the process. In a nutshell - most of the additional customization is performed in the %post section
%post (optional)
Executes the specified script after package installation has been completed. If you specify multiple %post sections, they are executed in the order they appear in the installation script.
As I said in my previous post - one of the reasons for doing this was because there is no kickstart for ESXi, it is whole different process. Two of the best posts I have read are on this here and here
The way it works is that ESXi boot into a full ESXi environment from the ISO image. It then kicks off an install process to ask you for input:
It then formats the disk with VMFS and configures the boot partition to start off the ESX Kernel on the next boot. Andrew gives a much better explanation than I do so read the posts above.
Ok then what? you cannot perform any customization.
So the options (as I saw them) were:
Ok so how?
The solution I came up with was based on the solution provided by Lance Berc.
What Lance did was to provide a parameter to the PXE boot parameters including a variable called PBHOST which is an IP address
# # This code assumes that an argument has been passed via PXE which points # pbconnect to the configuration service. The format is PBHOST=<host:port> # and it goes just after the vmkernel.gz argument in the configuration line, # for example: # append vmkernel.gz PBHOST=192.168.2.253:3333--- binmod.tgz --- environ.tgz --- cim.tgz --- oem.tgz --- lance-boot.tgz # The vsish line is for compatibility with VI4. It should be conditional based on uname -a awk -f /sbin/pbconnect.awk /var/log/messages > /tmp/pb.tmp vsish -e get /system/bootCmdLine | awk -f /sbin/pbconnect.awk >> /tmp/pb.tmp #cat /tmp/pb.tmp source /tmp/pb.tmp if [ x$PBHOST != "x" ] ; then (pbconnect $PBHOST &) ; fi
What the process would do is look in the boot log. If it found the PBHOST in then it would fire-off a connection script. called pbconnect which is part of the lance-boot.tgz that was passed in the PXE boot.
Ok first my issues with the process:
On the other side there was a midwife script. This script consisted of Perl script that would listen for connections and once connected would fire off the customizations process (which is was a Powershell process)
I also had a few problems with this:
So to recap slightly - the process was to run a script after installation, connect to a listener on another host and once the connection is made the "midwife would configure the machine.
This is I guess the was that VMware are moving forward seeing that they put this into Stateless VMware ESXi Server Version 3.5 Update 4 Using PXE Booting
This is already built into the VMkernel in starting from ESXi 3.5 U4 and in an ESX4i as you can see from the log of the ESXi host. This in the /var/log/messages
Apr 23 05:33:16 vmkernel: sysboot: Getting 'PBHOST' parameter from kernel boot line
Next post up - The Client and Server scripts.
This one has nothing to do with Virtualization as such.
All new IBM servers from the M2 series and up have a IMM IBM Integrated Management Module. For you HP'ers - it is the same as ILO.
The same as ILO the IMM comes in two modes - the free integrated version which does not allow Remote Presence (remote console control) and the full version which requires a Virtual Media Key (a physical component on the Motherboard) at an additional cost
By default the IMM comes up with with a DHCP Address.
Default Credentials - USERID/PASSW0RD (the 0 is a ZERO)
So instead of creating a local user for each and every user that was supposed to connect I wanted to configure it for AD authentication. I wanted to allow a group of users to manage the server.
So here is the process.
First we go to the Login Profiles Section and change the default from Local only to
LDAP first, then local. Don't forget to save the settings..
We then choose the Network Protocols Section
and go to the Lightweight Directory Access Protocol (LDAP) Client section
Lets go through each of the the Sections
Here you put in the FQDN of you domain controller and the port that DC is listening on.
For example: dc1.maishsk.local - 389
Root DN - here you will set the DN where you will search for your group.
UID Search Attribute - What attribute you will use to search on.
Binding Method - This will use the sAMAccountName Attribute
Enhanced role-based security - This I left disabled because the use of this feature requires a lot more intense configuration
Group Filter - Here you use the name of the group that you want to grant access
The format should be CN=<groupname> (and yes - it does not have to be a security group - DG's work as well)
Group Search Attribute - memberOf - this is to see that the user is a member of the group.
Hope you can all make some use of this.
I posted a small preview about a new ESXi Deployment Solution.
First question I would like to answer is why?
So the answers were:
Next Question is - what?
And the Answers:
And now for the open topic questions:
The Answers:
So when will we see how this works?
I will be posting in the next upcoming posts, the process of setting up this system.
Comments and questions are always welcome.
Well after cursing more than once at Python on Twitter over the past week or so - I finally got managed to overcome
This is a sneak preview of my ESXi Deployment Solution
How exactly it works - will come in the next few days with a detailed explanation.
I can tell you it is made up of several components including:
Here is a video of the process below.
Powershell v2.0 has a cmdlet that allows you to send an email
NAME
Send-MailMessage
SYNOPSIS
Sends an e-mail message.
SYNTAX
Send-MailMessage [-To] <string[]> [-Subject] <string> -From <string> [[-Body] <string>] [[-SmtpServer] <string>] [-Attachments <string[
]>] [-Bcc <string[]>] [-BodyAsHtml] [-Cc <string[]>] [-Credential <PSCredential>] [-DeliveryNotificationOption {None | OnSuccess | OnFa
ilure | Delay | Never}] [-Encoding <Encoding>] [-Priority {Normal | Low | High}] [-UseSsl] [<CommonParameters>]
DESCRIPTION
The Send-MailMessage cmdlet sends an e-mail message from within Windows PowerShell.
RELATED LINKS
Online version: http://go.microsoft.com/fwlink/?LinkID=135256
REMARKS
To see the examples, type: "get-help Send-MailMessage -examples".
For more information, type: "get-help Send-MailMessage -detailed".
For technical information, type: "get-help Send-MailMessage -full".
Ok so today I has a collection that I had stored in a variable
[12:39:03] ~> $myvar | gm TypeName: Selected.System.Management.Automation.PSCustomObject
And when I tried this:
[12:40:18] ~> Send-MailMessage –From "maishsk@maishsk.local" -To "maishsk@maishsk.local" -Subject "test" -SmtpServer smtp.maishsk.local -Body ($myvar)
I was presented with this:
Send-MailMessage : Cannot convert 'System.Object[]' to the type 'System.String' required by parameter 'Body'. Specified method is not supported.
At line:1 char:114
+ Send-MailMessage –From “maishsk@maishsk.local” –To “maishsk@maishsk.local” -Subject "test" -SmtpServer smtp.maishsk.local -Body <<<< ($myvar)
+ CategoryInfo : InvalidArgument: (:) [Send-MailMessage], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgument,Microsoft.PowerShell.Commands.SendMailMessage
Thanks to my trusted friend Shay Levy (who always has the time to help out and is never tired of my questions - “I hope…” ) he explained to me why this was happening.
The object that is expected in the Body parameter is a TypeName: System.String object. I also could have seen that if I had looked properly in the help of the cmdllet -- [[-Body] <string>] --
So the solution was very simple. Out-String
[12:49:11] ~> $myvar | Out-String | gm TypeName: System.String
And with that it was not a problem to send the mail
[12:50:18] ~> Send-MailMessage –From "maishsk@maishsk.local" -To "maishsk@maishsk.local" -Subject "test" -SmtpServer smtp.maishsk.local -Body ( $myvar | out-string )
Is it not wonderful that you learn something new every day!
Back to work….
Small Edit:
<------ RANT -------->
Just clarify this is not a Powershell problem – it does exactly what it is supposed to.
Tthe annoying part is that it takes a while to figure out the problem is.
<------ END RANT----->
I was trying something last night to compare the speed of the two Cmdlets here.
I noticed something though.
While running the command I wanted to check against how many machines I was running the command against.
Get-View -ViewType VirtualMachine | Measure-Object Count : 371
And compared to
get-vm | Measure-Object Count : 356
And as you can see they are not the same! The reason for that being that Get-VM does not retrieve any templates only virtual machines. To get the Template you need to get them specifically
Get-Template | Measure-Object Count : 15
And adding the results from above to the ones from Get-VM will give me the same amount of machines that I got from the first Command.
So how would you get only the Virtual Machines (and not templates)? You can add a filter to the command
Get-View -ViewType VirtualMachine -Filter @{"Config.Template"="false"} | Measure-Object Count : 356
But so that you know, the filtering adds some overhead to the time it takes to run the command.
$filtered = (Measure-command {Get-View -ViewType VirtualMachine -Filter @{"Config.Template"="false"} | Measure-Object}).TotalSeconds $filtered 8.3746321 $notfiltered = (Measure-command {Get-View -ViewType VirtualMachine}).TotalSeconds $notfiltered 8.03360323
As you can see the filtered query is slower even though it processes less objects. Now you might say this is negligible - it is. But the bigger your environment is the more substantial this can become.
So sometimes even though you want to make your life easier by filtering to get only what you would like - it does not always optimize your scripts.
It is a known fact that using PowerCLI there are more than one way to skin a cat - or more than one way to access the SDK and the properties that you would like to get.
Take for example getting all the VM's - their Name, their Memory and CPU count
Measure-command {get-vm | ForEach-Object { Write-host $_.Name $_.MemoryMB $_.NumCpu } } | select TotalSeconds TotalSeconds ------------ 5.402703
You can also get the same thing with the Get-View cmdlet
measure-command {Get-View -ViewType VirtualMachine | ForEach-Object { Write-host $_.Name $_.Config.Hardware.memoryMB $_.Config.Hardware.numCPU }} | select TotalSeconds TotalSeconds ------------ 11.1451083
Now of course you can speed this up with only getting the attributes you want like this
Measure-command {get-vm | select Name, MemoryMB, NumCPU | ForEach-Object { Write-host $_.Name $_.MemoryMB $_.NumCpu } } | select TotalSeconds TotalSeconds ------------ 5.0431041
But you can also get the same with get-view but this time running the query only getting the properties that you want
measure-command {Get-View -ViewType VirtualMachine -property Name,Config.Hardware | ForEach-Object { Write-host $_.Name $_.Config.Hardware.memoryMB $_.Config.Hardware.numCPU }} | select TotalSeconds TotalSeconds ------------ 3.8932184
Whoa - that was 1.5094846 seconds difference or 38.77% faster.
Lessons learned from this one?
Thanks to LucD and Keshav Attrey for the info from this forum thread
As I posted a few weeks ago - I entered the ESXi Script-0-Mania Contest.Unfortunately, my entry was not chosen as one of the top entries, but hey - I don't do this for the money - I enjoy what I do - I feel that the contribution back to the virtualization community is the least I can do - seeing the amount of info and help that I receive from you all.
So - Deploy-ESXi.ps1 v1.0 - My entry. As you can deduct from the script name this script does what it says.
The need for the script? I find that I am deploying more and more systems with ESXi - be it the free version - or a fully-licensed system. Now of course to install ESXi is really, really simple!
I mean F11 -> Enter -> Enter … and Bob's your uncle - or you have an ESXi server deployed - that's it. But then you have the mundane tasks of configuring the installation according to your requirements. Removing Default port groups, changing the Management IP, set NTP settings. I guess you understand what I am talking about. Now of course all of this can be scripted with a Kickstart script - but guess what ?? No Kickstart script for ESXi!! So either you have to do this manually - or if you some of the Enterprise customers - you can utilize Host Profiles to do all of this for you.
Or you can use this script as a base for your environment.
You might say that this will not work with the free version of ESXi because the API is read-only in this version. Well that is true - but by default the new installation is deployed with a fully functional evaluation license which makes the API read-write and allows you to make the changes you need
The script is commented within.
############################################################################ ## ESXi Deployment script ## Author: Maish Saidel-Keesing ## http://technodrone.blogspot.com ## Date: March 15, 2010 ## Synopsis: This script will configure an ESXi server ## that has been installed with several basic settings ############################################################################ # #When an ESXi machine is installed there are basic default settings that we will define # #1. Connect to host with default credentials (root,<empty>) #2. Remove Default VM Network Portgoup #3. Add VM Portgroup named Virtual Machines and raise the number of port on the virtual Switch #4. Set NTP Servers #5. Adding a new root user #6. Change Management IP and DNS #7. Backup configuration to a network share #8. Change Default password #9. Reboot the Host after all the changes #10. Send email to admin of installation particulars #Set Default variables $defaultuser = "root" $defaultpwd = "" $esxi = Read-Host Please enter the IP of the ESXi server #connect to ESXi Write-Host -ForegroundColor Green Connecting to ESXi server Connect-VIServer $esxi -User $defaultuser -Password $defaultpwd ##2. Remove Default VM Network Portgoup Write-Host -ForegroundColor Green Remove Default VM Network Portgoup Get-VirtualPortGroup -Name "VM Network" | Remove-VirtualPortGroup -Confirm:$false ##3. Add VM Portgroup named Virtual Machines and raise the number of port on the virtual Switch Write-Host -ForegroundColor Green Changing Portgroup and Default vSwitch settings Get-VirtualSwitch -name vSwitch0 | New-VirtualPortGroup -Name "Virtual Machines" -Confirm:$false Get-VirtualSwitch -Name vSwitch0 | Set-VirtualSwitch -NumPorts 120 -Confirm:$false ##4. Set NTP Servers Write-Host -ForegroundColor Green NTP Settings Add-VmHostNtpServer -NtpServer "pool.ntp.org" -Confirm:$false ##5. Adding a new root user Write-Host -ForegroundColor Green Adding new root user New-VMHostAccount -ID User1 -Password "Qwer$#@1" -UserAccount:$true Set-VMHostAccount -GroupAccount root -AssignUsers User1 Set-VMHostAccount -GroupAccount localadmin -AssignUsers User1 Set-VMHostAccount -UserAccount User1 -UnassignGroups users ##6. Change Management IP and DNS Write-Host -ForegroundColor Green Changing Mgmt IP and settings $mgmtip = Read-Host Please Enter the Management IP address $mgmsm = Read-Host Please Enter the Management Subnet Mask $hostname = Read-Host Please Enter the ESXi Hostname $domainname = Read-Host Please Enter the ESXi Domain Name $dns1 = Read-Host Please Enter the DNS Server IP Get-VMHostNetworkAdapter | Where-Object {$_.PortGroupName -eq "Management Network" } | ` Set-VMHostNetworkAdapter -IP $mgmtip -SubnetMask $mgmsm Get-VMHostNetwork | Set-VMHostNetwork -HostName $hostname -DomainName $domainname -DnsFromDhcp:$false -DnsAddress $dns1 ##7. Backup configuration to a network share Write-Host -ForegroundColor Green Backing up configuration $share = Read-Host Please enter the network share you would like to save the configuration to Set-VMHostFirmware -BackupConfiguration -DestinationPath $share ##8. Change Default password Write-Host -ForegroundColor Green Changing Default Password $newpasswd = "Qwer$#@!" Set-VMHostAccount root -Password $newpasswd ##9. Reboot the Host after all the changes Write-Host -ForegroundColor Green Rebooting Host Set-VMHost -state "Maintenance" Restart-VMHost -Force:$true -Confirm:$false sleep 60 ##10. Send email to admin of installation particulars #Wait for the host to come up Connect-VIServer -Server $mgmtip -User root -Password $newpasswd while ($? -ne $true ) { sleep 30; write-host -ForegroundColor Red Still Waiting for Host to come back up; Connect-VIServer -Server $mgmtip -User root -Password $newpasswd } Write-Host -ForegroundColor Green Host is available $body = @" Management IP address: $mgmtip Management Subnet Mask: $mgmsm ESXi Hostname: $hostname ESXi Domain Name: $domainname DNS Server IP: $dns1 "@ Send-mailmessage -From "esxideploy@maishsk.local" -To "maish@maishsk.local" -Subject "New ESXi Server installed" -bodyasHTML $body -SmtpServer "smtp.maishsk.local"
Annotations:
23-26. Setting the default variables. All ESXi servers are set with a blank password on first configuration.
47-52. Here I created a another Admin User on the ESXi host - an additional Admin account for troubleshooting - if needed.
66=69. After configuration is completed - configuration is backed up to share - in case it is needed for restore.
71-74. We of course do not want to leave the default blank password
86-89. Check that the server has come up
92-100. Send Email to Administrator with new host details.
Things that will be added in future versions:
I have plans for this script - and the development further so stay tuned for this spot
You can download the script below
A demo of how the script works below