Friday, December 14, 2018

Vmware NSX SSL creation 

Using OpenSSL for NSX Manager SSL import:

Creates CSR and 4096 bit KEY

Creating NSX 6.4.2 SSL 

 

openssl req -out nsxcert.csr -newkey rsa:4096 -nodes -keyout nsxcert.key -config dc1vc2nsxmgr01.cnf

 

Log into WIndows PKI

Open CSR in Notepad++ then paste into the Windows PKI Cert web:

https://nsmvpkiweb01/certsrv/

 

Request a Cert

Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

Cert Template: VSphere6.5 (Drop down)

 

On Windows PKI server for vCenter SSL cert you will need the **Base 64 encode**:

nsxcert.cer (machine cert)

nsxcert.p7b (CA chain) Carries Sub and Root CA information

 

Open

nsxcert.p7b Extract Sub and Root CA and save as:

 

nsx-sub-root.cer 

nsx-root.cer

 

(Know order sequence)

 

Copy 3 files to the workstation with OPENSSL BIN directory

 

nsxcert.cer

nsx-sub-root.cer 

nsx-root.cer

 

**Have nsxcert.key in same BIN directory**

 

Use notepad++

machine+key+sub+root

 

 

save as .PEM

 

example: nsx-sub-root.pem

 

Convert PEM to PFX using OpenSSL

 

openssl pkcs12 -export -out nsx.pfx -inkey vransxcert.key -in nsx-machine.cer -certfile nsx-sub-root.pem

 .\CompareMultipleVcenters.ps1

 Compare files

 

Matching VMs Report - 10/21/2024
VM Name: VM001-Prod found in vCenter: vcenter1.domain.local
 


 

 

 

************


********

assigning connected vcenter srv to add tag

# Import VMware PowerCLI and Excel Modules
Import-Module VMware.VimAutomation.Core
Import-Module ImportExcel

# Define Variables
$vcenterServers = @("vcenter1.domain.local", "vcenter2.domain.local") # List of vCenters
$excelFilePath = "D:\Script\Tags.xlsx"
$logFilePath = "D:\Script\logfile.txt"
$genericCategoryName = "Application Custodian"
$user = "your-username"

# Function to load encrypted password
Function Get-SecurePassword {
    $secureFilePath = "D:\Script\password-file.txt"
    if (Test-Path $secureFilePath) {
        $securePassword = Get-Content -Path $secureFilePath | ConvertTo-SecureString
        return $securePassword
    } else {
        Write-Host "Password file not found at $secureFilePath" -ForegroundColor Red
        exit
    }
}

$password = Get-SecurePassword

# Ensure the log file exists and clear it
New-Item -Path $logFilePath -ItemType File -Force | Out-Null
Add-Content -Path $logFilePath -Value "Log Start Time: $(Get-Date)`n"

# Read the Excel file
$tagData = Import-Excel -Path $excelFilePath

# Process Each vCenter Server
foreach ($vcenter in $vcenterServers) {
    Write-Host "Processing vCenter: $vcenter" -ForegroundColor Cyan
    Add-Content -Path $logFilePath -Value "`nProcessing vCenter: $vcenter"

    try {
        # Connect to vCenter
        $credential = New-Object System.Management.Automation.PSCredential($user, $password)
        Connect-VIServer -Server $vcenter -Credential $credential
        Write-Host "Successfully connected to vCenter: $vcenter" -ForegroundColor Green
    } catch {
        Write-Host "Failed to connect to vCenter: $vcenter. Please check credentials and network connectivity." -ForegroundColor Red
        Add-Content -Path $logFilePath -Value "Failed to connect to vCenter: $vcenter. Skipping."
        continue
    }

    # Ensure the "Application Custodian" category exists
    $category = Get-TagCategory -Name $genericCategoryName -ErrorAction SilentlyContinue
    if (-not $category) {
        try {
            $category = New-TagCategory -Name $genericCategoryName -Cardinality Single -EntityType VirtualMachine
            Write-Host "Created Category: $genericCategoryName on vCenter: $vcenter" -ForegroundColor Yellow
            Add-Content -Path $logFilePath -Value "Created Category: $genericCategoryName on vCenter: $vcenter"
        } catch {
            Write-Host "Failed to create Category: $genericCategoryName on vCenter: $vcenter. Error: $_" -ForegroundColor Red
            Add-Content -Path $logFilePath -Value "Failed to create Category: $genericCategoryName on vCenter: $vcenter. Error: $_"
            Disconnect-VIServer -Server $vcenter -Force
            continue
        }
    } else {
        Write-Host "Using existing category: $genericCategoryName on vCenter: $vcenter" -ForegroundColor Green
        Add-Content -Path $logFilePath -Value "Using existing category: $genericCategoryName on vCenter: $vcenter"
    }

    # Process Tags from the "Support group" Column
    foreach ($row in $tagData) {
        # Skip rows with empty "Support group"
        if (-not $row.'Support group') {
            Write-Warning "Skipping row with empty 'Support group'."
            Add-Content -Path $logFilePath -Value "Skipped row with empty 'Support group'."
            continue
        }

        $tagValue = $row.'Support group'
        $vmName = $row.Name

        # Ensure the tag exists under "Application Custodian"
        $tag = Get-Tag -Name $tagValue -Category $genericCategoryName -ErrorAction SilentlyContinue
        if (-not $tag) {
            try {
                $tag = New-Tag -Name $tagValue -Category $category
                Write-Host "Created Tag: $tagValue in Category: $genericCategoryName on vCenter: $vcenter" -ForegroundColor Yellow
                Add-Content -Path $logFilePath -Value "Created Tag: $tagValue in Category: $genericCategoryName on vCenter: $vcenter"
            } catch {
                Write-Warning "Failed to create Tag: $tagValue on vCenter: $vcenter. Error: $_"
                Add-Content -Path $logFilePath -Value "Failed to create Tag: $tagValue on vCenter: $vcenter. Error: $_"
                continue
            }
        } else {
            Write-Host "Tag: $tagValue already exists in Category: $genericCategoryName on vCenter: $vcenter" -ForegroundColor Cyan
            Add-Content -Path $logFilePath -Value "Tag: $tagValue already exists in Category: $genericCategoryName on vCenter: $vcenter"
        }

        # Assign the tag to the VM
        if (-not $vmName) {
            Write-Warning "VM name is null for Support group: $tagValue. Skipping tag assignment."
            Add-Content -Path $logFilePath -Value "VM name is null for Support group: $tagValue. Skipped tag assignment."
            continue
        }

        # Attempt to retrieve the VM
        $vm = Get-VM -Name $vmName -Server $vcenter -ErrorAction SilentlyContinue
        if (-not $vm) {
            Write-Warning "VM: $vmName not found in vCenter: $vcenter. Skipping tag assignment."
            Add-Content -Path $logFilePath -Value "VM: $vmName not found in vCenter: $vcenter. Skipped tag assignment."
            continue
        }

        try {
            New-TagAssignment -Tag $tag -Entity $vm -Server $vcenter
            Write-Host "Assigned Tag: $tagValue to VM: $vmName on vCenter: $vcenter" -ForegroundColor Green
            Add-Content -Path $logFilePath -Value "Assigned Tag: $tagValue to VM: $vmName on vCenter: $vcenter"
        } catch {
            Write-Warning "Failed to assign Tag: $tagValue to VM: $vmName on vCenter: $vcenter. Error: $_"
            Add-Content -Path $logFilePath -Value "Failed to assign Tag: $tagValue to VM: $vmName on vCenter: $vcenter. Error: $_"
        }
    }

    # Disconnect from vCenter
    try {
        Disconnect-VIServer -Server $vcenter -Force
        Write-Host "Disconnected from vCenter: $vcenter" -ForegroundColor Green
    } catch {
        Write-Host "Failed to disconnect from vCenter: $vcenter. Error: $_" -ForegroundColor Red
        Add-Content -Path $logFilePath -Value "Failed to disconnect from vCenter: $vcenter. Error: $_"
    }
}

Add-Content -Path $logFilePath -Value "`nLog End Time: $(Get-Date)"
Write-Host "Processing complete. Logs saved to $logFilePath." -ForegroundColor Green

Vmware NSX SSL creation 

Using OpenSSL for NSX Manager SSL import: Creates CSR and 4096 bit KEY Creating NSX 6.4.2 SSL    openssl req -out nsxcert.csr -newkey rsa:40...