Monday, January 4, 2021

Install custom signed certificate on Avamar

Install custom signed certificate on Avamar


1) SSH to the Avamar Server

2) Backup the existing certificate file

cp /etc/apache2/ssl.crt/server.crt /etc/apache2/ssl.crt/server.crt.bak

cp /etc/apache2/ssl.key/server.key /etc/apache2/ssl.key/server.key.bak

optional:

cp /etc/apache2/ssl.crt/CA.crt /etc/apache2/ssl.crt/CA.crt.bak

cp /etc/apache2/ssl.crt/intermediate.cer /etc/apache2/ssl.crt/intermediate.cer.bak

cp /etc/apache2/servercert.p12 /etc/apache2/servercert.p12.bak

3) Regenerate the security certificate and keys:

openssl req -x509 -new -newkey rsa:3072 -nodes -keyout /etc/apache2/ssl.key/server.key -sha512 -out /etc/apache2/ssl.crt/server.crt -days 1825 -subj "/C=Country/ST=State/L=Locality/O=Organization/OU=OrganizationUnit/CN=AvmarServer.xyz.org/emailAddress=MailID@xyz.org"

4) Create the CSR: 

openssl x509 -x509toreq -in /etc/apache2/ssl.crt/server.crt -signkey /etc/apache2/ssl.key/server.key -out /etc/apache2/apache.csr

5) Use the following command to copy file “apache.csr” and change the permission from root to admin

sudo cp /etc/apache2/apache.csr /home/admin/apache.csr && sudo chown admin:admin /home/admin/apache.csr

6) Using WinSCP download the file apache.csr from /home/admin/

7) Submit the apache.csr file to your organization's Certificate Authority team and get the certificate signed (AvmarServer.cer) along with root (rootCA.cer) & intermediate (intermediate.cer)(optional) certificates.

8) Copy the rootCA.cer, intermediate.cer & AvmarServer.cer to /home/admin/ of the Avamar server using WinSCP

9) Navigate to /home/admin/

cd /home/admin/

10) Copy the rootCA.cer to /etc/apache2/ssl.crt/CA.crt

cp rootCA.cer /etc/apache2/ssl.crt/CA.crt

11) Copy the intermediate.cer to /etc/apache2/ssl.crt/

cp intermediate.cer /etc/apache2/ssl.crt

12) Copy the AvmarServer.cer to /etc/apache2/ssl.crt/server.crt

cp AvmarServer.cer /etc/apache2/ssl.crt/server.crt

13) Navigate to /etc/apache2

cd /etc/apache2

14) Verify the certificates

openssl x509 -noout -text -in ssl.crt/CA.crt

openssl x509 -noout -text -in ssl.crt/intermediate.cer

openssl x509 -noout -text -in ssl.crt/server.crt

15) Create .p12 file using server.crt, server.key, CA.crt & intermediate.cer

openssl pkcs12 -export -in /etc/apache2/ssl.crt/server.crt -inkey /etc/apache2/ssl.key/server.key -certfile /etc/apache2/ssl.crt/CA.crt -certfile /etc/apache2/ssl.crt/intermediate.cer -out /etc/apache2/servercert.p12 -name "Server-Cert" -passin pass:foo -passout pass:foo

16) List all the certificates in the certificate database

certutil -L -d mod_nss.d

17) Delete a private key and the associated certificate from a database

certutil -F -n Server-Cert -d mod_nss.d

When prompted, type the password changeme123!

18) List again to make sure it is empty

certutil -L -d mod_nss.d

Note: (optional) if not empty, upgrade the db:

certutil --upgrade-merge -d sql:mod_nss.d --source-dir mod_nss.d --upgrade-id 1

Note: (optional) if -F doesn’t work, try -D

certutil -D -n "Certificate Issuing Authority" -d mod_nss.d

19) Import the *.p12 file to NSS database

pk12util -i /etc/apache2/servercert.p12 -d /etc/apache2/mod_nss.d -W foo

When prompted, type the password changeme123!

20) List all the certificates in a certificate database and verify

certutil -L -d mod_nss.d

# We expect to see Server-Cert, the Root CA, and the intermediate CA.

21) Change the permission of /etc/apache2/mod_nss.d

chown -R wwwrun:www /etc/apache2/mod_nss.d

22) Stop and start the httpd2 service

website stop

website start

Thursday, June 21, 2018

PowerCLI script to get Datastore, Canonical name, VMs, Number of Paths & State

PowerCLI script to get Datastore, Canonical name, VMs, Number of Paths & State


Add-PSSnapin vmware.vimautomation.core -ErrorAction Stop
Connect-Viserver vcenter_server
                                                               
 function Get-DatastoreInventory {                                                               
   $HostDatastoreInfo = Get-VMHost | Get-ScsiLun -LunType disk                                                                
   $DatastoreInfo = Get-Datastore                                                               
   foreach ($Hostdatastore in $HostDatastoreInfo) {                                                                
    $Datastore = $DatastoreInfo | Where-Object {$_.extensiondata.info.vmfs.extent.Diskname -match $Hostdatastore.CanonicalName}                                                               
    $LunPath = $Hostdatastore | Get-ScsiLunPath                                                              
    if ($Datastore.ExtensionData.vm) {                                                               
     $VMsOnDatastore = $(Get-view $Datastore.ExtensionData.vm).name -join ","                                                               
    } #if                                                               
    else {$VMsOnDatastore = "No VMs"}                                                               
                                                                 
   #Work on not assigned Luns error at silentlyContinue                                                               
    if ($Datastore.Name -eq $null) {                                                              
     $DatastoreName = "Not mapped"                                                              
     $FileSystemVersion = "Not mapped"                                                              
    }                                                              
    else {                                                              
     $DatastoreName = $Datastore.Name -join "," 
     $FileSystemVersion = $Datastore[0].FileSystemVersion
    }                                                              
    $DatastoreFreeSpace = $Datastore.FreeSpaceGB -join ", "     
    $DatastoreCapacityGB = $Datastore.CapacityGB -join ", "   
    $DatastoreDatacenter = $Datastore.Datacenter -join ", " 
    $State = $LunPath.State -join ", "                                                              
    $Preferred = $LunPath.Preferred -join ", "                                                              
    $Paths = ($LunPath.ExtensionData.Transport | foreach {($_.Address -split ":")[0]}) -Join ", "                                                              
    $IsWorkingPath = $LunPath.ExtensionData.IsWorkingPath -Join ", "                                                              
    $Obj = New-Object PSObject                                                               
    $Obj | Add-Member -Name VMhost -MemberType NoteProperty -Value $hostdatastore.VMHost                                                               
    $Obj | Add-Member -Name DatastoreName -MemberType NoteProperty -Value $DatastoreName                                                                
    $Obj | Add-Member -Name FreeSpaceGB -MemberType NoteProperty -Value $DatastoreFreeSpace                                                               
    $Obj | Add-Member -Name CapacityGB -MemberType NoteProperty -Value $DatastoreCapacityGB                                                               
    $Obj | Add-Member -Name FileSystemVersion -MemberType NoteProperty -Value $FileSystemVersion
    $Obj | Add-Member -Name RuntimeName -MemberType NoteProperty -Value $hostdatastore.RuntimeName                                                               
    $Obj | Add-Member -Name CanonicalName -MemberType NoteProperty -Value $hostdatastore.CanonicalName                                                               
    $Obj | Add-Member -Name MultipathPolicy -MemberType NoteProperty -Value $hostdatastore.MultipathPolicy                                                               
    $Obj | Add-Member -Name Vendor -MemberType NoteProperty -Value $hostdatastore.Vendor                                                               
    $Obj | Add-Member -Name DatastoreDatacenter -MemberType NoteProperty -Value $DatastoreDatacenter                                                               
    $Obj | Add-Member -Name VMsOnDataStore -MemberType NoteProperty -Value $VMsOnDatastore                                                               
    $Obj | Add-Member -Name NumberOfPaths -MemberType NoteProperty -Value $LunPath.Count                                                              
    $Obj | Add-Member -Name Paths -MemberType NoteProperty -Value $Paths                                                              
    $Obj | Add-Member -Name State -MemberType NoteProperty -Value $State                                                              
    $Obj | Add-Member -Name Preferred -MemberType NoteProperty -Value $Preferred                                                              
    $Obj | Add-Member -Name IsWorkingPath -MemberType NoteProperty -Value $IsWorkingPath                                                              
    $Obj                                                               
   }                                                               
  }                                                               
  Get-DatastoreInventory | Export-Csv -NoTypeInformation D:\Scripts\DatastoreInfoHostwise.csv

send-mailmessage -Attachments "D:\Scripts\DatastoreInfoHostwise.csv" -to "DeliverTo@emailaddress.com" -from "SentFrom@emailaddress.com" -subject "Datastore LUN identifier" -SmtpServer "mail.emailaddress.com"

OUTPUT

Thursday, September 21, 2017

Cannot Power on virtual machine - A general system error occurred: Connection refused

Cannot Power on virtual machine - A general system error occurred: Connection refused

While attempting to power on a virtual machine from vCenter server displays this error.


The same virtual machine can be powered on from the vSphere Client connected to the ESXi host.

Windows vCenter server

1) Open "services.msc"
2) Right click "VMware vCenter workflow manager" service and click start.
3) You will be able to power on the server now.

vCenter Server appliance (VCSA)

1) Connect to VCSA shell as root.
2) Run the command to start the "VMware vCenter workflow manager" service
service-control --start vmware-vpx-workflow
3) You will be able to power on the server now.

Friday, September 15, 2017

Adding new NIC to multiple virtual machines using PowerCLI script

Adding new NIC to multiple virtual machines using PowerCLI script

Connect-viserver vcenter_server
$VM = Get-Content D:\servers.txt
New-NetworkAdapter -VM $VM -Type Vmxnet3 -NetworkName network_label -WakeOnLan:$true -StartConnected:$true -Confirm:$false
Disconnect-VIServer -Confirm:$false

Tuesday, September 12, 2017

Restart management agents on an ESXi using PowerCLI script

Restart management agents on an ESXi using PowerCLI script

Get-VMHostService -VMHost esxi_server | where {$_.Key -eq "vpxa"} | Restart-VMHostService -Confirm:$false -ErrorAction SilentlyContinue

Enabling and Disabling SSH on ESXi hosts via PowerCLI scripts

Enabling and Disabling SSH on ESXi hosts via PowerCLI scripts

Enable SSH on Particular ESXi
Get-VMHost -Name esxi_server1,esxi_server2 | Foreach {Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )}

Disable SSH on Particular ESXi
Get-VMHost -Name esxi_server1,esxi_server2 | Foreach {Stop-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )}

SSH status on Particular ESXi
Get-VMHostService -VMHost esxi_server1,esxi_server2 | Where-Object {$_.Key -eq "TSM-SSH"}

Enable SSH on all ESXi
Get-VMHost | Foreach { Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )}

Disable SSH on all ESXi
Get-VMHost | Foreach {Stop-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )}

SSH status on all ESXi
Get-VMHost | Get-VMHostService | Where { $_.Key -eq "TSM-SSH" } |select VMHost, Label, Running

Monday, September 11, 2017

Search vCenter server events using PowerCLI script

Search vCenter server events using PowerCLI script

Retrieves information about the events on a vSphere server

Syntax:

Get-VIEvent <vm_name> -MaxSamples([int]::MaxValue) | Where-Object {$_.FullFormattedMessage -like "<search content>"} |Select CreatedTime, UserName, FullFormattedMessage

Examples:

To search who renamed a virtual machine

Get-VIEvent Win2008 -MaxSamples([int]::MaxValue) | Where-Object {$_.FullFormattedMessage -like "* rename *"} |Select CreatedTime, UserName, FullFormattedMessage

To search for entries created by user "adminuser" in a virtual machine

Get-VIEvent Win2008 -MaxSamples([int]::MaxValue) | Where-Object {$_.UserName -like "adminuser"} |Select CreatedTime, UserName, FullFormattedMessage

To search for entries created in a particular date/time in a virtual machine

Get-VIEvent Win2008 -MaxSamples([int]::MaxValue) | Where-Object {$_.CreatedTime -like "* 9/11/2017 *"} |Select CreatedTime, UserName, FullFormattedMessage