My role currently involves dealing with Windows in addition to the standard VMware/hardware infrastructure. If we ever thought that patching ESXi was fun, dealing with WSUS is whole other ball game. I will no doubt get around to writing a full post about it in the near future, as dealing with it has been quite time consuming and there are a few gotchas 😉
However the point of this post is looking at WSUS and automation, in this case using Powershell. There are two obvious approaches to using WSUS:
Approve everything to every computer group (depending on your patching schedule).
Approve only the required patches to each computer group.
The latter approach appeals to me, purely because we can ensure that a patch is approved/applied to a less important environment (think Dev -> UAT – > Production) and easily identify those patches that *haven’t* been required previously (Do you really want to apply a patch for the first time to Production ?)
Quick powershell snippet time ! When you have a UCS Central instance with a number of domains, knowing what free slots you have available is quite useful – especially when you’ve got a smart hands service and won’t be racking new servers but instead having to communicate instructions.
In my time I’ve seen UCS Central used to manage geographically separate domains and a large number of domains across a small number of sites. When you get a new blade it needs to be put into a free slot, the question is where ?
The script below uses domain groups to separate out domains, but the code is formatted so it can be removed if they aren’t used.
vSphere Replication is really a wonderful product – I’ve been using it for a few years now across a few employers and I’ve never had a really serious problem with it – it just seems to work.
Sure, there are a few feature requests we could make of it, for example setting a schedule of when to replicate and ignoring RPO violations outside of that, and bandwidth limiting on the traffic coming out of the appliance, but they really aren’t necessary for what it is designed for.
Something I like exists in the Flash/Flex UI, where we can find out the size of the last data replication was (“Last sync size” in the image below). However this only exists in this one place and I haven’t found that this can be reported on anywhere else. It’s good to know the rate of change for your servers for judging bandwidth (yes we should have monitoring on the lines, but this won’t break transfers down into individual servers)
Adding users to groups within the same domain using Powershell is quite simple – there is a cmdlet Add-ADGroupMember (and removing them is just as easy !), but how we accomplish when one domain contains groups and has a one way trust with a domain in another forest that contains the users ?
This is a rhetorical question 😉 Assuming we are running from the domain containing the groups, the other domain needs to be mapped to a PSDrive. Once done we can search for the user and use the Add-ADGroupMember cmdlet to add them.
Removing users is nearly as straight forward, though I only had success using Remove-ADPrincipalGroupMembership to remove the remote user.
When working with block storage we occasionally need to remove a storage device from the hosts it is connected to. When using the Web Client we can detach devices on a per-host basis, but there is nothing to detach from all its attached hosts.
What we do have is a helpful KB article on how to remove/detach a datastore – https://kb.vmware.com/kb/2004605 and a PowerCLI file that contains some functions. However the functions revolve around managing actions on datastores as opposed to devices that are connected and could be used for RDMs.
Most LUNs are masked to all the hosts in a cluster so that, whether the device is an RDM or has a VMFS datastore on it, VMs can run on any host in the cluster. To deal with this use case, I use a script that will detach a device from every host in a cluster. If the device does not exist on a host then an error is displayed and the script moves on to the next device/host.
From the first article we looked at how to use the SSH Sessions Powershell module to log into a Linux server that will, via a script, log into a Brocade FC switch and get the zoning configuration.
As per the disclaimer in the first part, these articles have been assembled from my notes and memory and may not be 100% correct. I worked with FOS 6.x and so 7.x/later releases might not need this approach – I no longer have access to any Brocade FC switches to test 🙂
I’ve been looking at automating physical server creation, and there are tools from Cisco and NetApp that allow Powershell to do the heavy lifting for UCS and Storage. The missing part of the process is the FC switches (Brocade in this case, though when I researched this I could not find a toolkit for Cisco MDS) – so we will cheat and use powershell to issue SSH commands to the switches. This post will look at automating Brocade FC Configuration on v6.00 and later switches.
There are two disclaimers – this is what has worked for me, it may not work for you. I also don’t have access to the script files any more, so this has been assembled from notes and memory – I last looked at this about a year ago. If there is anything wrong you’ll need to troubleshoot.
My Linux skills are not so advanced that I think this is the best way of doing things. If you know of something better please leave a reply in the comments !
This is a quick snippet that allows you to retrieve UCS Blades that have SD cards – this might be useful in determining if your blades are ready to have an OS installed on them. These scripts assume you’ve already connected to your UCS Central or UCS Domain.
This will get the blades if you’re using UCS Central:
If you’re not using UCS Central, we modify the commandlets by removing the “Central” from them, and remove resolving the domain (because you’ll know what domain you’re running it against). The following (currently untested) should work: