Posts

Showing posts from November, 2017

How to use SSH and SCP with VCSA

I was replacing some vCenter Server Appliance (VCSA) self-signed certificates with signed certs from an Active Directory Certificate Authority and I came across a minor issue that I wanted to document here.  I was using the /usr/lib/vmware-vmca/bin/certificate-manager tool to generate the CSR, and then PSCP to download the CSR and hand it off to the security team.

When I first tried to use pscp to get the file, I encountered an error that I hadn't seen before:

Fatal: Received unexpected end-of-file from server

Some quick googling didn't turn up any hits on this issue, but I thought of something as I was poking around.  When I connected to the VCSA via SSH, it didn't drop me to a BASH shell until I did the usual "shell.set --enabled True" "shell" operation that it prompts you with.  Since PSCP (and SCP in general) is just establishing an SSH connection to the host and then doing a copy command, I figured that my issue was probably that the default root s…

Parsing Palo Alto Config XML into PowerShell Objects

One of my customers is converting into an NSX-based network design.  In order to facilitate this conversion, they need to understand the rules that exist on their Palo Alto firewall and then recreate those desired behaviors in the NSX microsegmentation.  Their challenge was that their Palo Alto had a fairly complex ruleset, one that no one wanted to try and recreate by hand in NSX.  I'm sure that you can see where this is going.

Before we could create anything in NSX (via the ever-evolving PowerNSX module), we had to understand the configuration of the existing firewall.  When I asked about exporting the configuration, the networking team told me that they had two options: JSON or XML.  Not knowing what I was likely to get working, I asked for them both, then tried convertfrom-JSON and import-clixml on the provided files.  Neither worked, so I had to do some digging.

After banging my head into a wall for a while, one of my coworkers gave me a copy of a script that he got from Palo…

PowerCLI's RunAsync Parameter Rocks!

I've recently been playing around with the -RunAsync parameter in some of my PowerCLI scripts, and I'm super impressed!  I'm also super late to the party; I mean, LucD was writing about it back in 2010, but still!  So, what's it do?  It speeds up tasks that don't need to be run sequentially, that's what it does.

For example, if I have a list of VMs that all need to move into a new folder, I could do it like this:

$folder = get-folder "New Folder" $vmNames = get-content MyList.txt foreach ($vmname in $vmNames){ get-vm $vmname | move-vm -destination $folder }
And that would move one VM, then the next, then the next, etc.  Depending on the number of VMs, it could take a real long time.  This process could take a while because, the way this script is written, the system will wait for each "move" to complete before initiating the next.  That's where -RunAsync comes in.

$folder = get-folder "New Folder" $vmNames = get-content MyLi…