SkylineUtils.psm1
function patching { $patches = get-patch $PATCHX $getpatchx = get-patchbaseline $PATCHX if ($getpatchx -lt 1) { new-patchbaseline -name $PATCHX -includepatch $patches -static } get-baseline $PATCHX | attach-baseline -entity $ESX get-inventory $ESX | scan-inventory } #patching function skyline-fixer { [CmdletBinding()] param( [string]$OPTIONX, [string]$CSVFILE ) switch ( $OPTIONX ) { "kblist" { '' '' write-host "vSphere" write-host "https://kb.vmware.com/s/article/55650" write-host "https://kb.vmware.com/s/article/58874" write-host "https://kb.vmware.com/s/article/67529" write-host "https://kb.vmware.com/s/article/76372" write-host "https://kb.vmware.com/s/article/79520" write-host "https://kb.vmware.com/s/article/81576" write-host "https://kb.vmware.com/s/article/1003736" write-host "https://kb.vmware.com/s/article/2003322" write-host "https://kb.vmware.com/s/article/2136430" write-host "https://kb.vmware.com/s/article/2147959" write-host "https://kb.vmware.com/s/article/2150353" '' write-host "horizon" write-host "https://kb.vmware.com/s/article/2144475" '' write-host "vra (VMware Automation)" write-host "https://kb.vmware.com/s/article/1025279" '' '' } #kblist "csv" { import-csv $CSVFILE | foreach-object { $KB = $_."Reference" $VCENTER = $_."Source Name" $ESX = $_."Object Name" switch ( $KB ) { "https://kb.vmware.com/s/article/76372" { connect-viserver -server $VCENTER Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Stop-VMHostService -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "sfcbd-watchdog"} | Set-VMHostService -Policy Off -Confirm:$false Get-VMHost -name $ESX | Get-VMHostService | Where {$_.Key -eq "slpd"} | Set-VMHostService -Policy Off -Confirm:$false disconnect-viserver -confirm:$false } #76372 "https://kb.vmware.com/s/article/67529" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { "6.5.0" { $PATCHX = "ESXi650-201912002" patching } #6.0.0 "6.7.0" { $PATCHX = "ESXi670-202103001" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #67529 "https://kb.vmware.com/s/article/81576" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { "7.0.0" { $PATCHX = "ESXi70U1c-17325551" patching } #7.0.0 "6.7.0" { $PATCHX = "ESXi670-202011002" patching } #6.7.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #81576 "https://kb.vmware.com/s/article/79520" { #NOTE:config configs exist on vcenter connect-viserver -server $VCENTER get-advancedsetting -entity $ESX -name "config.task.timeout" | set-advancedsetting -value "7200" -confirm:$false get-advancedsetting -entity $ESX -name "config.vmomi.soapStubAdapter.blockingTimeoutSeconds" | set-advancedsetting -value "18000" -confirm:$false disconnect-viserver -confirm:$false } #79520 "https://kb.vmware.com/s/article/2144475" { #NOTE: ESX is really VM in this context #NOTE: VDI connect-viserver -server $VCENTER get-advancesetting -entity $ESX -name svga.enableScreenDMA | set-advancesetting -value TRUE -confirm:$false disconnect-viserver -confirm:$false } #2144475 "https://kb.vmware.com/s/article/1025279" { connect-viserver -server $VCENTER get-vm $ESX | get-snapshot | remove-snapshot -confirm:$false disconnect-viserver -confirm:$false } #1025279 "https://kb.vmware.com/s/article/1003736" { connect-viserver -server $VCENTER add-vmhostntpserver -vmhost $ESX -ntpserver 0.north-america.pool.ntp.org get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | start-vmhostservice get-vmhost -name $ESX | get-vmhostservice | where-object {$_.key -eq "ntpd" } | set-vmhostservice -policy "automatic" disconnect-viserver -confirm:$false } #1003736 "https://kb.vmware.com/s/article/2147959" { connect-viserver -server $VCENTER $PATCHX = "ESXi600-Update03" patching disconnect-viserver -confirm:$false } #2147959 "https://kb.vmware.com/s/article/58874" { connect-viserver -server $VCENTER $PATCHX = "ESXi670-Update02" patching disconnect-viserver -confirm:$false } #58874 "https://kb.vmware.com/s/article/2150353" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { "6.0.0" { $PATCHX = "ESXi600-201711001" patching } #6.0.0 "6.5.0" { $PATCHX = "ESXi650-201712001" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #2150353 "https://kb.vmware.com/s/article/2136430" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { "5.5.0" { $PATCHX = "ESXi550-201608001" patching } #5.5.0 "6.0.0" { $PATCHX = "ESXi600-201611401-BG" patching } #6.0.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #2136430 "https://kb.vmware.com/s/article/55650" { connect-viserver -server $VCENTER $HOSTX= get-vmhost $ESX switch ( $HOSTX.Version ) { "6.7.0" { $PATCHX = "ESXi670-201811401-BG" patching } #6.7.0 "6.5.0" { $PATCHX = "ESXi650-201811401-BG" patching } #6.5.0 } #switch-HOSTX disconnect-viserver -confirm:$false } #55650 "https://kb.vmware.com/s/article/2003322" { connect-viserver -server $VCENTER get-advancedsetting -entity $ESX -name "Syslog.global.logDir" | set-advancedsetting -value "[datastore1b] /" -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logDirUnique" | set-advancedsetting -value $true -confirm:$false get-advancedsetting -entity $ESX -name "Syslog.global.logHost" | set-advancedsetting -value "udp://192.168.222.100:514" -confirm:$false disconnect-viserver -confirm:$false } #2003322 } #switch-CSVFILE } #import } #csv default { '' 'USAGE: skyline-fixer ARG VARIABLE' ' kblist' ' csv Finding.csv' '' } #default } #switch-OPTIONX } #function function skyline-helper { [CmdletBinding()] param( [string]$CHOICE1, [string]$CHOICE2, [string]$CHOICE3, [string]$CHOICE4 ) switch ( $CHOICE1 ) { create-role { connect-viserver -server $CHOICE2 new-virole -name $CHOICE3 -privilege (get-viprivilege -id global.diagnostics, global.health, global.licenses, global.settings, system.anonymous, system.view, system.read) disconnect-viserver -confirm:$false } check-role { connect-viserver -server $CHOICE2 get-virole $CHOICE3 | get-viprivilege | select Id disconnect-viserver -confirm:$false } add-2-role { connect-viserver -server $CHOICE2 new-vipermission -entity (get-folder -norecursion) -principal $CHOICE3 -role $CHOICE4 -propagate:$true disconnect-viserver -confirm:$false } check-account { connect-viserver -server $CHOICE2 get-vipermission -principal $CHOICE3 disconnect-viserver -confirm:$false } skyline-prep { Set-ExecutionPolicy Bypass -Scope Process -Force; iex ((New-Object System.Net.WebClient).DownloadString('https://chocolatey.org/install.ps1')) choco install putty choco install curl } check-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --check" } install-update {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli update --install latest --accepteula" } check-version {plink -ssh root@$CHOICE2 -no-antispoof "/opt/vmware/bin/vamicli version --appliance" } nsx-prep { install-module PowerNSX } check-nsxaccount { connect-nsxserver -vCenterServer $CHOICE2 get-nsxuserrole $CHOICE3 disconnect-nsxserver -confirm:$false } vrops-prep { install-module Vmware.VimAutomation.vROps } check-vropsaccount { connect-omserver $CHOICE2 get-omuser $CHOICE3 disconnect-omserver -confirm:$false } powercli-prep { install-module vmware.powercli -force Set-PowerCLIConfiguration -Scope User -ParticipateInCEIP $false -confirm:$false Set-PowerCLIConfiguration -InvalidCertificateAction ignore -confirm:$false } default { '' 'USAGE: skyline-help.ps1 ARG VARIABLE' ' (client arg): [powercli-prep]' ' (vcenter arg): [create-role|check-role|add-2-role|check-account]' ' (skyline arg): [skyline-prep|check-update|install-update|check-version]' ' (nsx arg): [nsx-prep|check-nsxaccount]' ' (vrops arg): [vrops-prep|check-vropsaccount]' '' } } } #skyline-helper Export-ModuleMember -Function 'skyline-fixer', 'skyline-helper' |