Tag Archives: powershell

test-ESXi-Network

I was lucky enough to take delivery of some new ESXi hosts recently. After installing them in the datacentre, I wanted to test that the network had been patched correctly. This environment is going to have Distributed vSwitches configured, but I wanted to test the physical connectivity before joining them to vCenter- have the physical NICs been patched to the correct networks?

PowerCLI to the rescue! I put together some code which automates this process. Provided with a hostname and a list of NICs and targets which should respond, the code fires off a ping for each interface in turn and reports back with success/fail messages.

Code
For each NIC it creates a temporary switch, portgroup, and VMkernel interface:

#Create Virtual Switches
$Switch1=New-VirtualSwitch -Name "sw_Connectivity_Test" -Nic $Nic
#Create PortGroups
$Portgroup1=New-VirtualPortGroup -Name "pg_Connectivity_Test" -VirtualSwitch $Switch1
#Create VMK Adapter
$vmk1=New-VMHostNetworkAdapter -PortGroup $Portgroup1 -VirtualSwitch $Switch1 -IP $HostIP -SubnetMask $SubnetMask

Then the esxcli functionality is used to ping a given target address:

#Test the connection
$esxcli= get-esxcli -V2                              #Use the ESXCLI to run the ping from the host
$arguments = $esxcli.network.diag.ping.CreateArgs()
$arguments.host=$TargetIP                            #Set IP Address to Ping
$arguments.count="2"                                 #How Many Times to Ping
$arguments.interface=$vmk1                           #Use the configured VMKernel Interface
$Result=($esxcli.network.diag.ping.Invoke($arguments)).Summary.Recieved

Once the test is complete, the temporary virtual network components are removed.

#Tidy up- delete all the Networking Components created
Remove-VMHostNetworkAdapter $vmk1 -Confirm:$false
Remove-VirtualPortGroup $PortGroup1 -Confirm:$false
Remove-VirtualSwitch $Switch1 -Confirm:$false

The full code is available for download (and potential improvement) on GitHub.

 

 

Using PowerShell and REST-API to create a VM in vCenter

VMware vSphere 6.5 comes with a RESTful API implementation and there’s some great documentation out there- starting with the API Explorer (http://my.vcenter.name/apiexplorer ). Here’s a quick piece on how to use this API to create a VM from the PowerShell command line. This is intentionally not using PowerCLI,  just the native PowerShell cmdlets- partly as a REST learning experience for me, and partly so the API code can be transferred to another language at a later date.

Step 1- Authenticate with the Server.

This step is well documented by Chris Wahl. I’ve borrowed some of his code here, and accompanied it with a section to get around the lack of trusted certificates on my homelab. 192.168.0.240 is the IP of my VCSA, so if you’re reusing this anywhere remember to replace that hard coded value where it appears.

#----------------------------------------------------------------------------------------------
#Step 1- Authenticate with the Server
#Ignore Server Certs- This is on my not-very-well-certified home lab.
if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
{
$certCallback=@"
using System;
using System.Net;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
public class ServerCertificateValidationCallback
{
public static void Ignore()
{
if(ServicePointManager.ServerCertificateValidationCallback ==null)
{
ServicePointManager.ServerCertificateValidationCallback +=
delegate
(
Object obj,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors errors
)
{
return true;
};
}
}
}
"
@
Add-Type $certCallback
}
[ServerCertificateValidationCallback]::Ignore();

#Get Some Credentials and Determine Authorisation Methods
$Credential = Get-Credential
$auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($Credential.UserName+':'+$Credential.GetNetworkCredential().Password))
$head = @{
'Authorization' = "Basic $auth"
}

#Authenticate against vCenter
$r = Invoke-WebRequest -Uri https://192.168.0.240/rest/com/vmware/cis/session -Method Post -Headers $head
$token = (ConvertFrom-Json $r.Content).value
$session = @{'vmware-api-session-id' = $token}

Now we have the Session ($session) we can test this by retrieving a list of VMs.

#----------------------------------------------------------------------------------------------
#Get a List of VMs
$r1 = Invoke-WebRequest -Uri https://192.168.0.240/rest/vcenter/vm -Method Get -Headers $session
$vms = (ConvertFrom-Json $r1.Content).value
$vms

Step 2- Construct the JSON specification

To create a new VM we need to provide a minimal spec for the machine, in JSON format. We need to tell it the intended Guest OS, what datastore is going to hold the VM, and where the VM will be placed in the resource/folder structure. To complete this we need to establish what options are available- just sticking in the display names of a datastore or folder from the Web Client will not work and will likely generate 404 responses to the API call.

To find these names we can use the API, API explorer gives us the following urls

Datastore:       /rest/vcenter/datastore
Folder:              /rest/vcenter/folder
Resource Pool: /rest/vcenter/resource-pool

So we can use PowerShell to retrieve a list of Datastores using this line of code

(Invoke-RestMethod -Uri https://192.168.0.240/rest/vcenter/datastore -Method Get -Headers $session ).value

which will produce a list of datastores, each looking something like this:

datastore  : datastore-11
name       : Datastore2
type       : VMFS
free_space : 100553195520
capacity   : 249913409536

From this example we want the value of the “datastore” field, e.g “datastore-11”.

Once we have this information we can combine it all to create a JSON spec file. My example looks like this:

{
"spec": {
"guest_OS": "RHEL_7_64",
"placement" : {
"datastore": "datastore-11",
"folder": "group-v224",
"resource_pool": "resgroup-182"
}
}
}

Step 3- Create the Virtual Machine.

Now we’ve done all this prep work, creating a Virtual Machine comes down to a single line of PowerShell pointing at the data.txt file containing the JSON code from Step 2.

Invoke-WebRequest -Uri https://192.168.0.240/rest/vcenter/vm -Method Post -Headers $session -ContentType "application/json" -Body (Get-Content data.txt)

Example Output:

StatusCode        : 200
StatusDescription : OK
Content           : {"value":"vm-462"}
RawContent        : HTTP/1.1 200 OK
Transfer-Encoding: chunked
Content-Type: application/json
Date: Mon, 27 Mar 2017 09:41:34 GMT

{"value":"vm-462"}
Forms             : {}
Headers           : {[Transfer-Encoding, chunked], [Content-Type, application/json], [Date, Mon, 27 Mar 2017 09:41:34 GMT]}
Images            : {}
InputFields       : {}
Links             : {}
ParsedHtml        : mshtml.HTMLDocumentClass
RawContentLength  : 18

The VM is created and we can check this from the vSphere Client:

2017-03-27 (10)

So, to summarise. Native PowerShell, with a little bit of JSON, can be used to communicate with the vSphere APIs and create new Virtual Machines. Depending on your use case there may be better ways of implementing automation processes through this API (PowerCLI is a good start) but if you want to drop to the raw RESTful API, possibly as a stepping stone to a larger project, PowerShell provides a handy method to get started down that path.

PowerShell Quick Tip- Letter Frequency

With a list of Surnames in a text file I wanted to see how many start with A, how many with B, and so on. This is my PowerShell solution:

(Get-Content .\surnames.txt).Substring(0,1).ToUpper() |
  Sort-Object | Group-Object |Select-Object Name, Count

Example Input (surnames.txt file):

Adams
Smith
Jones
Bloggs
...

Example Output:

Name Count
---- -----
A      162
B      372
C      365
D      193
E      187
F      198
G      154
H      321
...

Checking Encryption Status of Remote Windows Computers

Using the manage-bde command you can check the Bitlocker encryption status on both the local Windows computer but also remote devices on the local area network. For example, to check the encryption status of the C: drive on the computer “WS12345” the following command could be used

manage-bde -status -computername WS12345 C:

and the results might look something like this:

BitLocker Drive Encryption: Configuration Tool version 10.0.14393
Copyright (C) 2013 Microsoft Corporation. All rights reserved.

Computer Name: WS12345

Volume C: [OSDisk]
[OS Volume]

Size:                 237.99 GB
BitLocker Version:    2.0
Conversion Status:    Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method:    AES 256 with Diffuser
Protection Status:    Protection On
Lock Status:          Unlocked
Identification Field: None
Key Protectors:
    Numerical Password
    TPM

Expanding on this we could wrap some PowerShell around the command and read in a list of hostnames from a text file and report on the encryption status of each.

Firstly we need to format the output of manage-bde to only show us the value of the “Conversion Status” field- PowerShell’s string manupulation can come in handy here- we can locate the “Conversion Status” line, check that it is present (if the computer is not on the network, or access is denied the manage-bde command will not return a status), and then trim back the line so we only have the value of the field. For example:

#Check the Encryption Status of the C: drive, filter to the Conversion Status line
$EncryptionStatus=(manage-bde -status -computername "$hostname" C: | where {$_ -match 'Conversion Status'})
#Check a status was returned.
if ($EncryptionStatus)
{
  #Status was returned, tidy up the formatting
  $EncryptionStatus=$EncryptionStatus.Split(":")[1].trim()
}
else
{
  #Status was not returned. Explain why in the output
  $EncryptionStatus="Not Found On Network (or access denied)"
}

Once this is working, it’s just a case of reading in the text file using the get-content cmdlet and outputting a result. The full code (Get-EncryptionStatus.ps1) I used is available for downloading and/or improving on GitHub here- https://github.com/isjwuk/get-encryptionstatus