среда, 15 августа 2018 г.

azure stack port checker

$ports = import-csv "C:\Docs\работа\SIT\MTS Cloud\AzureStack\3.Support\azs_ports.csv" -delimiter ";"

foreach($port in $ports) {
    $client = new-object System.Net.Sockets.TcpClient
    try {
        $client.Connect($port.ip, $port.port) | out-host
        if ($client.Connected) {
            Write-host $port.ip $port.port " - OK" -ForegroundColor Green
        }
        $client.Close()
    }
    catch {
        Write-host $port.ip $port.port " - FAIL" -ForegroundColor Red
        Write-Host $_ -ForegroundColor Red
    }
}
Автор: на Комментариев нет:
Ярлыки:

четверг, 26 июля 2018 г.

scom, get health hierarchy

if (-not (get-module OperationsManager)) {
    Import-Module OperationsManager
}

function GetMonitorTree($item, $level) {
        "{0}{1} ({2})" -f "".PadLeft($level, '-'), $item.item.MonitorDisplayName, $item.item.HealthState | out-host
        foreach($child in ($item.ChildNodes | where {@("Success", "Uninitialized") -notcontains $_.Item.HealthState})) {
            GetMonitorTree -item $child -level ($level+1)
        }
}

$objs = Get-SCOMClass -id 046ce89d-e1e2-e18e-d891-96e004f6ed5f | Get-SCOMMonitoringObject

foreach($obj in $objs) {
    "`n{0}\{1}" -f $obj.Path, $obj.DisplayName | out-host
   
    $hierarchy = $obj.GetMonitoringStateHierarchy()

    GetMonitorTree -item $hierarchy -level 1
}
Автор: на Комментариев нет:
Ярлыки:

пятница, 25 мая 2018 г.

ave-om, deploy scom agent

param(
    [string]$serverName
)

$serverName = "xxx.healthcare.local"

function WaitForProcess($procID){
    $waitRetry = 60
    while ($waitRetry -gt 0){
        if (-not (Get-WmiObject -Class Win32_Process -Filter ("ProcessId=" + $procID) -ComputerName $serverName -Credential $cred)){
            $waitRetry=0
        }

        $waitRetry--
        Start-Sleep -Seconds 3
    }
}

net use "\\$($serverName)\c`$" /user:"id-yyyy\yyyy" "xxxx"

if (-not (dir "\\$($serverName)\c`$\temp")) {
    md "\\$($serverName)\c`$\temp"
}

if (-not $cred) {
    $pwdCred = ConvertTo-SecureString -String "xxxx" -AsPlainText -Force
    $cred = new-object System.Management.Automation.PSCredential("id-xxxx\yyyy",$pwdCred)
}

copy "C:\temp\scom2016\agent\AMD64" "\\$($serverName)\c`$\temp\scomagent\" -Recurse -Force

copy "C:\temp\scom2016\SupportTools\AMD64" "\\$($serverName)\c`$\temp\scomtools\" -Recurse -Force

if (-not (more "\\$($serverName)\c`$\windows\system32\drivers\etc\hosts" | where {$_ -like "*ave-omms01.ave-om.local*"})){
    "10.250.199.6`tscom-xxx.xxx-om.xxx" | add-content -Path "\\$($serverName)\c`$\windows\system32\drivers\etc\hosts"
}

$scomParam = "USE_SETTINGS_FROM_AD=0 USE_MANUALLY_SPECIFIED_SETTINGS=1 " +
    "MANAGEMENT_GROUP=AVE-OM-MG MANAGEMENT_SERVER_DNS=scom.scom-om.local SECURE_PORT=5723 "+
    "ACTIONS_USE_COMPUTER_ACCOUNT=1 AcceptEndUserLicenseAgreement=1 ENABLE_ERROR_REPORTING=0" +
    "QUEUE_ERROR_REPORTS=0"
$installagentCmd = 'msiexec.exe /i c:\temp\scomagent\MOMAgent.msi /qn /norestart '+$scomParam

$retObj = Invoke-WmiMethod -Class Win32_Process -Name "Create" -ComputerName $serverName -ArgumentList @($installagentCmd) -Credential $cred

if ($retObj.ReturnValue -eq 0){
    WaitForProcess -procID $retObj.ProcessId
}

$momCertCmd = 'c:\temp\scomtools\MOMCertImport.exe /SubjectName "' + $serverName +'"'

$retObj = Invoke-WmiMethod -Class Win32_Process -Name "Create" -ComputerName $serverName -ArgumentList @($momCertCmd) -Credential $cred

if ($retObj.ReturnValue -eq 0){
    WaitForProcess -procID $retObj.ProcessId
}

#sc "\\$serverName" stop HealthService
#sc "\\$serverName" start HealthService

del "\\$($serverName)\c`$\temp\scomagent\" -Recurse -Force
del "\\$($serverName)\c`$\temp\scomtools\" -Recurse -Force

net use "\\$($serverName)\c`$" /delete
Автор: на Комментариев нет:

ave-om, request/deploy certificate

param(
    [string]$serverName
)

$serverName = "sql.healthcare.local"

$req = @"

[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "CN=%subject%"
KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
KeyUsage = "CERT_KEY_ENCIPHERMENT_KEY_USAGE | CERT_DATA_ENCIPHERMENT_KEY_USAGE"

[Strings]
szOID_ENHANCED_KEY_USAGE = "2.5.29.37"
szOID_PKIX_KP_SERVER_AUTH = "1.3.6.1.5.5.7.3.1"
szOID_PKIX_KP_CLIENT_AUTH = "1.3.6.1.5.5.7.3.2"

[RequestAttributes]
CertificateTemplate=SCOMCert

"@

#[Extensions]
#%szOID_ENHANCED_KEY_USAGE% = "{text}%szOID_PKIX_KP_SERVER_AUTH%,%szOID_PKIX_KP_CLIENT_AUTH%"

$cert = dir cert:\localmachine\my | where {$_.subject -eq ("CN=" + $serverName)}
if (-not $cert) {
    $req = $req.Replace("%subject%", $serverName)

    $req | set-content ($serverName + ".txt")

    certreq.exe -new ($serverName + ".txt") ($serverName + ".req")
    #-attrib "CertificateTemplate:SCOMCert"
    certreq.exe -submit  ($serverName + ".req") ($serverName + ".cer")
    certreq.exe -accept ($serverName + ".cer")
}

$cert = dir cert:\localmachine\my | where {$_.subject -eq ("CN=" + $serverName)}
if ($cert) {
    $cert  | Export-PfxCertificate -Password (ConvertTo-SecureString -String  "xxxxxx" -AsPlainText -Force ) -FilePath (join-path "c:\temp" ($serverName + ".pfx"))
}

net use "\\$($serverName)\c`$" /user:"zzz-yyy\yyyyy" "xxxxx"

if (-not (dir "\\$($serverName)\c`$\temp")) {
    md "\\$($serverName)\c`$\temp"
}

if (-not $cred) {
    $pwdCred = ConvertTo-SecureString -String "xxxxx" -AsPlainText -Force
    $cred = new-object System.Management.Automation.PSCredential("zzz-yyy\yyyyy",$pwdCred)
}

copy (join-path "c:\temp" ($serverName + ".pfx")) "\\$($serverName)\c`$\temp\" -Force

$installPfxCmd = 'certutil.exe -importPFX -p "xxxxx" "c:\temp\'+$serverName+'.pfx"'

Invoke-WmiMethod -Class Win32_Process -Name "Create" -ComputerName $serverName -ArgumentList @($installPfxCmd) -Credential $cred

del ($serverName + ".txt") -ErrorAction Ignore
del ($serverName + ".req") -ErrorAction Ignore
del ($serverName + ".cer") -ErrorAction Ignore

del ("\\$($serverName)\c`$\temp\" + $serverName+".pfx")

net use "\\$($serverName)\c`$" /delete
Автор: на Комментариев нет:

ave-om, create dns rec

$record = @(
"name.domain.com", "10.250.205.191"
)

$serverName = "ave-dc01"
$resName = $record[0].Split(".")[0]
$zoneName = $record[0].Substring($resName.Length + 1)
Add-DnsServerResourceRecordA -ZoneName $zoneName -Name $resName -ComputerName $serverName -IPv4Address $record[1]
Автор: на Комментариев нет:

четверг, 15 февраля 2018 г.

azure stack, vpn asa config

!azure stack (15.02.2018) support only aes-gcm-256 as esp encryption

object-group network Azure-Networks
 network-object <external>0.0 255.255.255.0
object-group network Onprem-Networks
 network-object <internal>20.0 255.255.255.0
access-list outside_access_in extended permit ip host <external_gw> host <internal_gw>
access-list Azure-VMNetworks-acl extended permit ip object-group Onprem-Networks object-group Azure-Networks


sysopt connection tcpmss 1350
sysopt connection preserve-vpn-flows
crypto ipsec ikev2 ipsec-proposal AES-256
 protocol esp encryption aes-gcm-256
 protocol esp integrity sha-1

crypto map Azure-VMNetworks-map 1 match address Azure-VMNetworks-acl
crypto map Azure-VMNetworks-map 1 set pfs group24
! or try to use group 14
!crypto map Azure-VMNetworks-map 1 set pfs group14
crypto map Azure-VMNetworks-map 1 set peer <external_gw>
crypto map Azure-VMNetworks-map 1 set ikev2 ipsec-proposal AES-256
crypto map Azure-VMNetworks-map 1 set security-association lifetime seconds 14400
crypto map Azure-VMNetworks-map interface outside

crypto isakmp identity address
crypto ikev2 policy 1
 encryption aes-256
 integrity sha256
 group 2
 prf sha256
 lifetime seconds 28800
crypto ikev2 enable outside

tunnel-group <external_gw> type ipsec-l2l
tunnel-group <external_gw> ipsec-attributes
 ikev2 remote-authentication pre-shared-key *****
 ikev2 local-authentication pre-shared-key *****

group-policy DfltGrpPolicy attributes
 vpn-tunnel-protocol ikev1 ikev2
Автор: на Комментариев нет:
Ярлыки: ,

azure stack, get usage report

$configtoken = ""

do {
    $aggr = Get-UsageAggregates -ReportedStartTime "01/01/2018" -ReportedEndTime "02/02/2018" -ShowDetails:$true -ContinuationToken $configtoken -AggregationGranularity Hourly
    $aggr.UsageAggregations | ft
    $configtoken = $aggr.ContinuationToken
}
while($configtoken -ne $null)

Автор: на Комментариев нет:
Ярлыки: ,

azure, deploy vm from template

$TenantName = "nvgastest.onmicrosoft.com"
cd AzureStack-Tools-master

Import-Module .\Connect\AzureStack.Connect.psm1

# For Azure Stack development kit, this value is set to https://adminmanagement.local.azurestack.external. To get this value for Azure Stack integrated systems, contact your service provider.
  $ArmEndpoint = "https://adminmanagement.local.azurestack.external"

# For Azure Stack development kit, this value is adminvault.local.azurestack.external
$KeyvaultDnsSuffix = “adminvault.local.azurestack.externa”


# Register an AzureRM environment that targets your Azure Stack instance
  Add-AzureRMEnvironment `
    -Name "AzureStackAdmin" `
    -ArmEndpoint $ArmEndpoint

# Get the Active Directory tenantId that is used to deploy Azure Stack
  $TenantID = Get-AzsDirectoryTenantId `
    -AADTenantName $TenantName `
    -EnvironmentName "AzureStackAdmin"

# Sign in to your environment
  Login-AzureRmAccount `
    -EnvironmentName "AzureStackAdmin" `
    -TenantId $TenantID

$rg_Name = "azs-srv01_rg"

New-AzureRmResourceGroup -Name $rg_Name -Location "local"
New-AzureRmResourceGroupDeployment -ResourceGroupName $rg_Name -TemplateFile "template.json" -TemplateParameterFile "parameters_azs-srv01.json"

$rg_Name = "azs-srv02_rg"

New-AzureRmResourceGroup -Name $rg_Name -Location "local"
New-AzureRmResourceGroupDeployment -ResourceGroupName $rg_Name -TemplateFile "template.json" -TemplateParameterFile "parameters_azs-srv02.json" 
Автор: на Комментариев нет:
Ярлыки: ,

среда, 14 февраля 2018 г.

azure stack, run script extension

$groupName = "azs-srv07_rg"
$vmName = "azs-srv07"
$location = "local"

$storageAccount = "dtscripts"
$key = "c9TL0F9AdnxPEahQLARAYLV+SIQTBqNjf51QaK7mULeCrc822Zu8duv1OFfy2aK7NdTLXWlWfTuYO49DPHo1tg=="
$container = "stcripts"

#Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName "dt_join_domain.ps1" –ContainerName $container -Run "dt_join_domain.ps1" -Name "dt_join_domain"

#Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName "dt_sync_time.ps1" –ContainerName $container  -Run "dt_sync_time.ps1" -Name "dt_sync_time"

Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName @("install_dt_8.1.1.885.2.ps1") –ContainerName $container -Run "install_dt_8.1.1.885.2.ps1" -Name "dt_install"

#Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName "dt_create_job_fullServer.ps1" –ContainerName $container  -Run "dt_create_job_fullServer.ps1" -Name "dt_create_job_fullServer"

#Set-AzureRMVMCustomScriptExtension –ResourceGroupName $groupName –Location $location –VMName $vmname -StorageAccountName $storageAccount –StorageAccountKey $key –FileName "dt_psh_start_failover.ps1" –ContainerName $container  -Run "dt_psh_start_failover.ps1" -Name "dt_psh_start_failover"


Автор: на Комментариев нет:
Ярлыки: ,
Подписаться на: Сообщения (Atom)