diff --git a/CHANGELOG.md b/CHANGELOG.md index aae4166..586d3e9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,8 +7,8 @@ Enhancement: - Added Pester tests for certificate management. [GH-119](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/119) -- Add support for non-disruptive ESXi certificate replacement in VMware Cloud Foundation 5.2 to `Install-VCFCertificate` function. [GH-123](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/123) -- Add support for uploading the private key for non-disruptive ESXi certificate replacement in VMware Cloud Foundation 5.2 to `Install-VCFCertificate` function. [GH-123](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/123) +- Add support for non-disruptive ESX certificate replacement in VMware Cloud Foundation 5.2 to `Install-VcfCertificate` function. [GH-123](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/123) +- Add support for uploading the private key for non-disruptive ESX certificate replacement in VMware Cloud Foundation 5.2 to `Install-VcfCertificate` function. [GH-123](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/123) Chore: @@ -36,7 +36,7 @@ Chore: Enhancement: -- Added a restart for specific vCenter Server services to `Set-EsxiCertificateMode` function. [GH-110](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/110) +- Added a restart for specific vCenter services to `Set-EsxiCertificateMode` function. [GH-110](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/110) ## v1.5.1 @@ -82,10 +82,10 @@ Bugfix: Enhancement: -- **Breaking Change**: Renamed `Set-SddcCertificateAuthority` to `Set-VCFCertificateAuthority`. [GH-74](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/74) -- **Breaking Change**: Renamed `Request-SddcCertificate` to `Request-VCFSignedCertificate`. [GH-74](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/74) +- **Breaking Change**: Renamed `Set-SddcCertificateAuthority` to `Set-VcfCertificateAuthority`. [GH-74](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/74) +- **Breaking Change**: Renamed `Request-SddcCertificate` to `Request-VcfSignedCertificate`. [GH-74](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/74) - **Breaking Change**: Refactored `Set-SddcCertificateAuthority` to support OpenSSL Certificate Authority configuration. [GH-68](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/68) -- **Breaking Change**: Refactored `Get-EsxiCertificateThumbprint` and `Get-vCenterCertificateThumbprint` to a single function `Get-VCFCertificateThumbprint`. [GH-68](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/68) +- **Breaking Change**: Refactored `Get-EsxiCertificateThumbprint` and `Get-vCenterCertificateThumbprint` to a single function `Get-VcfCertificateThumbprint`. [GH-68](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/68) - Added `Request-VcfCsr`as a wrapper for `Request-EsxiCsr` and `Request-SddcCsr`. [GH-68](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/68) - Added `Install-VcfCertificate` as a wrapper for `Install-EsxiCertificate` and `Install-SddcCertificate`. [GH-68](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/68) @@ -139,14 +139,14 @@ Chore: Enhancement: -- Added support for an ESXi certificate management pre-check with `Test-EsxiCertMgmtChecks` cmdlet. [GH-37](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/37) +- Added support for an ESX certificate management pre-check with `Test-EsxiCertMgmtChecks` cmdlet. [GH-37](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/37) - Added support for PowerShell Core. [GH-37](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/37) - Added support for VMware PhotonOS. [GH-37](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/37) - Enhanced `Get-vSANHealthSummary` cmdlet improving log messages and adding a check for vSAN services. [GH-37](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/37) Bugfix: -- Added a disconnect from vCenter Server prior to an ESXi host reboot. [GH-36](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/36) +- Added a disconnect from vCenter prior to an ESX host reboot. [GH-36](https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/pull/36) ## v1.0.0 diff --git a/README.md b/README.md index 92ca782..5e8a7ec 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ ## Overview -`VMware.CloudFoundation.CertificateManagement` is a PowerShell module design to provide you the ability to manage +`VMware.CloudFoundation.CertificateManagement` is a PowerShell module designed to provide you the ability to manage certificates within your VMware Cloud Foundation environment. Using this module, you can perform various tasks on a VMware Cloud Foundation instance or a specific diff --git a/VMware.CloudFoundation.CertificateManagement.psd1 b/VMware.CloudFoundation.CertificateManagement.psd1 index 202e777..b471450 100644 --- a/VMware.CloudFoundation.CertificateManagement.psd1 +++ b/VMware.CloudFoundation.CertificateManagement.psd1 @@ -4,7 +4,7 @@ # Module manifest for module 'VMware.CloudFoundation.CertificateManagement' # Generated by: Broadcom -# Generated on: 2024-08-07 +# Generated on: 2025-05-05 @{ @@ -12,7 +12,7 @@ RootModule = '.\VMware.CloudFoundation.CertificateManagement.psm1' # Version number of this module. - ModuleVersion = '1.5.5.1000' + ModuleVersion = '1.5.5.1001' # ID used to uniquely identify this module GUID = 'ac903c83-c745-44f7-b6bd-1dff133fec92' @@ -75,7 +75,7 @@ # NestedModules = @() # Functions to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no functions to export. - FunctionsToExport = 'Install-VCFCertificate', 'Get-VCFCertificateThumbprint', 'Confirm-EsxiCertificateInstalled', 'Confirm-CAInvCenterServer', 'Request-VCFCsr', 'Get-EsxiCertificateMode', 'Set-EsxiCertificateMode', 'Get-vSANHealthSummary', 'Get-EsxiLockdownMode', 'Set-EsxiLockdownMode', 'Restart-EsxiHost', 'Test-EsxiCertMgmtChecks', 'Set-VCFCertificateAuthority', 'Request-VCFSignedCertificate', 'Get-EsxiHostVsanMaintenanceModePrecheck' + FunctionsToExport = 'Install-VcfCertificate', 'Get-VcfCertificateThumbprint', 'Confirm-EsxiCertificateInstalled', 'Confirm-CAInvCenterServer', 'Request-VcfCsr', 'Get-EsxiCertificateMode', 'Set-EsxiCertificateMode', 'Get-vSANHealthSummary', 'Get-EsxiLockdownMode', 'Set-EsxiLockdownMode', 'Restart-EsxiHost', 'Test-EsxiCertMgmtChecks', 'Set-VcfCertificateAuthority', 'Request-VcfSignedCertificate', 'Get-EsxiHostVsanMaintenanceModePrecheck' # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export. CmdletsToExport = @() diff --git a/VMware.CloudFoundation.CertificateManagement.psm1 b/VMware.CloudFoundation.CertificateManagement.psm1 index 6bfa476..cab4bc6 100644 --- a/VMware.CloudFoundation.CertificateManagement.psm1 +++ b/VMware.CloudFoundation.CertificateManagement.psm1 @@ -1,4 +1,5 @@ -# Copyright 2023-2024 Broadcom. All Rights Reserved. +# © Broadcom. All Rights Reserved. +# The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. # SPDX-License-Identifier: BSD-2 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE @@ -7,7 +8,7 @@ # OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # Allow communication with self-signed certificates when using Powershell Core. If you require all communications to be -# secure and do not wish to allow communication with self-signed certificates, remove lines 19-39 before importing the +# secure and do not wish to allow communication with self-signed certificates, remove lines 20-40 before importing the # module. if ($PSEdition -eq 'Core') { @@ -56,15 +57,15 @@ Function Get-Password { Function Get-VcenterService { <# .DESCRIPTION - The Get-VcenterService retrieves the service's current status and health from vCenter Server and returns with an + The Get-VcenterService retrieves the service's current status and health from vCenter and returns with an ordered hash object with the service name and health. .EXAMPLE Get-VcenterService -serviceName "certificateauthority" - This example retrieves the status and health of the vCenter Server service named "certificateauthority" + This example retrieves the status and health of the vCenter service named "certificateauthority" .PARAMETER serviceName - The name of the vCenter Server service. + The name of the vCenter service. #> Param ( @@ -87,15 +88,15 @@ Function Get-VcenterService { Function Restart-VcenterService { <# .DESCRIPTION - The Restart-VcenterService restart the vCenter Server service taken from parameter value and returns a hash object + The Restart-VcenterService restart the vCenter service taken from parameter value and returns a hash object with the service name, the service status, and the result from restart operation. .EXAMPLE Restart-VcenterService -serviceName "certificateauthority" - This example restart the vCenter server service named "certificateauthority" + This example restart the vCenter service named "certificateauthority" .PARAMETER serviceName - The name of the vCenter Server service. + The name of the vCenter service. #> param ( [string]$serviceName @@ -152,25 +153,25 @@ Function Restart-VcenterService { Function Get-vCenterServer { <# .SYNOPSIS - Retrieves the vCenter Server details and connection object from SDDC Manager using either a workload domain - name or ESXi host FQDN. + Retrieves the vCenter details and connection object from SDDC Manager using either a workload domain + name or ESX host FQDN. .DESCRIPTION - The Get-vCenterServer retrieves the vCenter Server details and connection object from SDDC Manager using either - a workload domain name or ESXi host FQDN. + The Get-vCenterServer retrieves the vCenter details and connection object from SDDC Manager using either + a workload domain name or ESX host FQDN. The cmdlet connects to the SDDC Manager using the -server, -user, and -password values. - Validates that network connectivity and authentication is possible to SDDC Manager. - - Validates that network connectivity and authentication is possible to vCenter Server. + - Validates that network connectivity and authentication is possible to vCenter. - Validates that the workload domain exists in the SDDC Manager inventory. - - Connects to vCenter Server and returns its details and connection in a single object. + - Connects to vCenter and returns its details and connection in a single object. .EXAMPLE - Get-vCenterServer -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io - This example retrieves the vCenter Server details and connection object to which the ESXi host with The fully qualified domain name of sfo01-m01-esx01.sfo.rainpole.io belongs. + Get-vCenterServer -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -esxiFqdn [esx_host_fqdn] + This example retrieves the vCenter details and connection object to which the ESX host with the fully qualified domain name belongs. .EXAMPLE - Get-vCenterServer -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 - This example retrieves the vCenter Server details and connection object belonging to the domain sfo-m01. + Get-vCenterServer -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] + This example retrieves the vCenter details and connection object belonging to the domain. .PARAMETER server The fully qualified domain name of the SDDC Manager appliance. @@ -182,10 +183,10 @@ Function Get-vCenterServer { The password to authenticate to the SDDC Manager instance. .PARAMETER domain - The name of the workload domain to retrieve the vCenter Server details from SDDC Manager for the connection object. + The name of the workload domain to retrieve the vCenter details from SDDC Manager for the connection object. .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host to validate against the SDDC Manager inventory. + The fully qualified domain name of the ESX host to validate against the SDDC Manager inventory. #> Param ( @@ -203,7 +204,7 @@ Function Get-vCenterServer { } else { $esxiHost = Get-VCFHost -fqdn $esxiFqdn if (!$esxiHost) { - Throw "ESXi host not found. Please check the provided FQDN: $esxiFqdn." + Throw "ESX host not found. Please check the provided FQDN: $esxiFqdn." } $domain = $(Get-VCFWorkloadDomain -id $($esxiHost.domain.id)).name } @@ -217,7 +218,7 @@ Function Get-vCenterServer { } } } else { - Throw "Unable to return vCenter Server details: PRE_VALIDATION_FAILED" + Throw "Unable to return vCenter details: PRE_VALIDATION_FAILED" } } else { Throw "Unable to obtain access token from SDDC Manager ($server), check credentials: PRE_VALIDATION_FAILED" @@ -227,28 +228,28 @@ Function Get-vCenterServer { } } -Function Get-VCFCertificateThumbprint { +Function Get-VcfCertificateThumbprint { <# .SYNOPSIS - Retrieves certificate thumbprints for ESXi hosts or vCenter Server instances. + Retrieves certificate thumbprints for ESX hosts or vCenter instances. .DESCRIPTION - The Get-VCFCertificateThumbprint cmdlet retrieves certificate thumbprints for ESXi hosts or vCenter Server + The Get-VcfCertificateThumbprint cmdlet retrieves certificate thumbprints for ESX hosts or vCenter instances. .EXAMPLE - Get-VCFCertificateThumbprint -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io - This example retrieves the ESXi host's certificate thumbprint for an ESXi host with The fully qualified domain name of sfo01-m01-esx01.sfo.rainpole.io. + Get-VcfCertificateThumbprint -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -esxiFqdn [esx_host_fqdn] + This example retrieves the ESX host's certificate thumbprint for an ESX host. .EXAMPLE - Get-VCFCertificateThumbprint -vcenter -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -issuer rainpole - This example retrieves the vCenter Server instance's certificate thumbprints for the vCenter Server instance belonging to domain sfo-m01 and a matching issuer "rainpole". + Get-VcfCertificateThumbprint -vcenter -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -issuer [issuer_name] + This example retrieves the vCenter instance's certificate thumbprints for the vCenter instance belonging to domain and a matching issuer. .PARAMETER esxi - Switch to retrieve the certificate thumbprint for an ESXi host. + Switch to retrieve the certificate thumbprint for an ESX host. .PARAMETER vcenter - Switch to retrieve the certificate thumbprints for a vCenter Server instance. + Switch to retrieve the certificate thumbprints for a vCenter instance. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -263,16 +264,16 @@ Function Get-VCFCertificateThumbprint { The name of the workload domain (only required when using the "vCenter" parameter). .PARAMETER issuer - The name of the issuer to match with the vCenter Server instance's certificate thumbprints (only required when using the "vCenter" parameter). + The name of the issuer to match with the vCenter instance's certificate thumbprints (only required when using the "vCenter" parameter). #> Param ( - [Parameter (Mandatory = $true, ParameterSetName = "ESXi")] [ValidateNotNullOrEmpty()] [Switch] $esxi, + [Parameter (Mandatory = $true, ParameterSetName = "ESX")] [ValidateNotNullOrEmpty()] [Switch] $esxi, [Parameter (Mandatory = $true, ParameterSetName = "vCenter")] [ValidateNotNullOrEmpty()] [Switch] $vcenter, [Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] $server, [Parameter (Mandatory = $true)] [ValidateNotNullOrEmpty()] [String] $user, [Parameter (Mandatory = $false)] [ValidateNotNullOrEmpty()] [String] $pass, - [Parameter (Mandatory = $false, ParameterSetName = "ESXi")] [ValidateNotNullOrEmpty()] [String] $esxiFqdn, + [Parameter (Mandatory = $false, ParameterSetName = "ESX")] [ValidateNotNullOrEmpty()] [String] $esxiFqdn, [Parameter (Mandatory = $false, ParameterSetName = "vCenter")] [ValidateNotNullOrEmpty()] [String] $domain, [Parameter (Mandatory = $false, ParameterSetName = "vCenter")] [ValidateNotNullOrEmpty()] [String] $issuer ) @@ -295,7 +296,7 @@ Function Get-VCFCertificateThumbprint { $vcCertificateThumbprint = $vcTrustedCert.Certificate.Thumbprint return $vcCertificateThumbprint } else { - Write-Error "Unable to retrieve certificates from vCenter Server instance $($vCenterServer.details.fqdn)." -ErrorAction Stop + Write-Error "Unable to retrieve certificates from vCenter instance $($vCenterServer.details.fqdn)." -ErrorAction Stop } } } Catch { @@ -308,23 +309,23 @@ Function Get-VCFCertificateThumbprint { Function Test-EsxiCertMgmtChecks { <# .SYNOPSIS - Run the checks required for ESXi Certificate Management for a given cluster or an ESXi host. + Run the checks required for ESX Certificate Management for a given cluster or an ESX host. .DESCRIPTION - The Test-EsxiCertMgmtChecks runs the checks required for ESXi Certificate Management for a given cluster or an - ESXi host. The following checks are run: - - Check ESXi Certificate Mode - - Check ESXi Lockdown Mode - - Confirm CA In vCenter Server + The Test-EsxiCertMgmtChecks runs the checks required for ESX Certificate Management for a given cluster or an + ESX host. The following checks are run: + - Check ESX Certificate Mode + - Check ESX Lockdown Mode + - Confirm CA In vCenter - Check vSAN Health Status .EXAMPLE - Test-EsxiCertMgmtChecks -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -issuer rainpole -signedCertificate F:\Certificates\Root64.cer - This example runs the checks required for ESXi Certificate Management for the cluster belonging to the domain sfo-m01. + Test-EsxiCertMgmtChecks -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -issuer [issuer_name] -signedCertificate [full_certificate_file_path] + This example runs the checks required for ESX Certificate Management for the cluster belonging to the domain. .EXAMPLE - Test-EsxiCertMgmtChecks -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -issuer rainpole -signedCertificate F:\Certificates\Root64.cer - This example runs the checks required for ESXi Certificate Management for an ESXi host belonging to the domain sfo-m01. + Test-EsxiCertMgmtChecks -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -esxiFqdn [esx_host_fqdn] -issuer [issuer_name] -signedCertificate [full_certificate_file_path] + This example runs the checks required for ESX Certificate Management for an ESX host belonging to the domain. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -336,19 +337,19 @@ Function Test-EsxiCertMgmtChecks { The password to authenticate to the SDDC Manager instance. .PARAMETER domain - The name of the workload domain to retrieve the vCenter Server instance's certificate thumbprints from. + The name of the workload domain to retrieve the vCenter instance's certificate thumbprints from. .PARAMETER cluster - The name of the cluster in which the ESXi host is located. + The name of the cluster in which the ESX host is located. .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host to verify the certificate thumbprint against. + The fully qualified domain name of the ESX host to verify the certificate thumbprint against. .PARAMETER signedCertificate The complete path for the signed certificate file. .PARAMETER issuer - The name of the issuer to match with the vCenter Server instance's certificate thumbprints. + The name of the issuer to match with the vCenter instance's certificate thumbprints. #> Param ( @@ -369,21 +370,21 @@ Function Test-EsxiCertMgmtChecks { $statusMessage = @() Try { - Write-Output "############## Running Prechecks for ESXi Certificate Management ###############" + Write-Output "############## Running Prechecks for ESX Certificate Management ###############" $status = "FAILED" $vCenterServer = Get-vCenterServer -server $server -user $user -pass $pass -domain $domain $mode = Get-EsxiCertificateMode -server $server -user $user -pass $pass -domain $domain if ($mode -ne "custom") { - $msg = "Certificate Management Mode is not set to $mode on the vCenter Server instance $($vCenterServer.details.fqdn)." + $msg = "Certificate Management Mode is not set to $mode on the vCenter instance $($vCenterServer.details.fqdn)." $errorMessage += $msg } else { - $msg = "Certificate Management Mode is set to $mode on the vCenter Server instance $($vCenterServer.details.fqdn)." + $msg = "Certificate Management Mode is set to $mode on the vCenter instance $($vCenterServer.details.fqdn)." $statusMessage += $statusMessage $status = "PASSED" } - Write-Output "Check ESXi Certificate Mode: $status" + Write-Output "Check ESX Certificate Mode: $status" $status = "FAILED" if ($PsBoundParameters.ContainsKey("esxiFqdn")) { @@ -401,24 +402,24 @@ Function Test-EsxiCertMgmtChecks { } } - Write-Output "Check ESXi Lockdown Mode: $status" + Write-Output "Check ESX Lockdown Mode: $status" $status = "FAILED" $caStatus = Confirm-CAInvCenterServer -server $server -user $user -pass $pass -domain $domain -issuer $issuer -signedCertificate $signedCertificate if ($caStatus -eq $true) { - $msg = "Signed certificate thumbprint matches with the vCenter Server certificate authority thumbprint." + $msg = "Signed certificate thumbprint matches with the vCenter certificate authority thumbprint." $statusMessage += $msg $status = "PASSED" } elseif ($caStatus -eq $false) { - $msg = "Signed certificate thumbprint does not match any of the vCenter Server certificate authority thumbprints." + $msg = "Signed certificate thumbprint does not match any of the vCenter certificate authority thumbprints." $errorMessage += $msg } else { - $msg = "Error: Unable to Confirm CA In vCenter Server." + $msg = "Error: Unable to Confirm CA In vCenter." $msg = $msg + $caStatus $errorMessage += $msg } - Write-Output "Confirm CA In vCenter Server: $status" + Write-Output "Confirm CA In vCenter: $status" $status = "FAILED" $vsanStatus = Get-vSANHealthSummary -server $server -user $user -pass $pass -domain $domain -cluster $cluster -errorAction SilentlyContinue -ErrorVariable errorMsg -WarningAction SilentlyContinue -WarningVariable warnMsg @@ -436,24 +437,24 @@ Function Test-EsxiCertMgmtChecks { Write-Output "Check vSAN Health Status: $status" - Write-Output "############## Finished Running Prechecks for ESXi Certificate Management ###############" + Write-Output "############## Finished Running Prechecks for ESX Certificate Management ###############" if ($statusMessage) { - Write-Debug "############## Status of ESXi Certificate Management Prechecks : ###############" + Write-Debug "############## Status of ESX Certificate Management Prechecks : ###############" foreach ($msg in $statusMessage) { Write-Debug $msg } } if ($warningMessage) { - Write-Output "############## Warnings Raised While Running Prechecks for ESXi Certificate Management : ###############" + Write-Output "############## Warnings Raised While Running Prechecks for ESX Certificate Management : ###############" foreach ($msg in $warningMessage) { Write-Warning $msg } } if ($errorMessage) { - Write-Output "############## Issues Found While Running Prechecks for ESXi Certificate Management : ###############" + Write-Output "############## Issues Found While Running Prechecks for ESX Certificate Management : ###############" foreach ($msg in $errorMessage) { Write-Error $msg } @@ -466,16 +467,16 @@ Function Test-EsxiCertMgmtChecks { Function Confirm-EsxiCertificateInstalled { <# .SYNOPSIS - Verifies if the provided certificate is already on the ESXi host. + Verifies if the provided certificate is already on the ESX host. .DESCRIPTION The Confirm-EsxiCertificateInstalled cmdlet will get the thumbprint from the provided signed certificate and - matches it with the certificate thumbprint from ESXi host. You need to pass in the complete path for the + matches it with the certificate thumbprint from ESX host. You need to pass in the complete path for the certificate file. Returns true if certificate is already installed, else returns false. .EXAMPLE - Confirm-EsxiCertificateInstalled -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -esxiFqdn sfo01-w01-esx01.sfo.rainpole.io -signedCertificate F:\certificates\sfo01-w01-esx01.sfo.rainpole.io.cer - This example checks the thumbprint of the provided signed certificate with the thumbprint on ESXi host. + Confirm-EsxiCertificateInstalled -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -esxiFqdn [esx_host_fqdn] -signedCertificate [full_certificate_file_path] + This example checks the thumbprint of the provided signed certificate with the thumbprint on ESX host. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -487,7 +488,7 @@ Function Confirm-EsxiCertificateInstalled { The password to authenticate to the SDDC Manager instance. .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host to verify the certificate thumbprint against. + The fully qualified domain name of the ESX host to verify the certificate thumbprint against. .PARAMETER signedCertificate The complete path for the signed certificate file. @@ -510,17 +511,17 @@ Function Confirm-EsxiCertificateInstalled { Write-Error "Could not find certificate in $signedCertificate." -ErrorAction Stop return } - $esxiCertificateThumbprint = Get-VCFCertificateThumbprint -esxi -server $server -user $user -pass $pass -esxiFqdn $esxiFqdn + $esxiCertificateThumbprint = Get-VcfCertificateThumbprint -esxi -server $server -user $user -pass $pass -esxiFqdn $esxiFqdn $crt = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2($signedCertificate) $signedCertThumbprint = $crt.Thumbprint if ($esxiCertificateThumbprint -eq $signedCertThumbprint) { - Write-Debug "Signed certificate thumbprint matches with the ESXi host certificate thumbprint." - Write-Warning "Certificate is already installed on ESXi host $esxiFqdn : SKIPPED" + Write-Debug "Signed certificate thumbprint matches with the ESX host certificate thumbprint." + Write-Warning "Certificate is already installed on ESX host $esxiFqdn : SKIPPED" return $true } else { - Write-Debug "ESXi host's certificate thumbprint ($esxiCertificateThumbprint) does not match with the thumbprint of provided certificate ($signedCertThumbprint)" - Write-Debug "Provided certificate is not installed on ESXi host $esxiFqdn." + Write-Debug "ESX host's certificate thumbprint ($esxiCertificateThumbprint) does not match with the thumbprint of provided certificate ($signedCertThumbprint)" + Write-Debug "Provided certificate is not installed on ESX host $esxiFqdn." return $false } } Catch { @@ -531,16 +532,16 @@ Function Confirm-EsxiCertificateInstalled { Function Confirm-CAInvCenterServer { <# .SYNOPSIS - Verifies the root certificate thumbprint matches with one of the CA thumbprints from vCenter Server instance. + Verifies the root certificate thumbprint matches with one of the CA thumbprints from vCenter instance. .DESCRIPTION The Confirm-CAInvCenterServer cmdlet gets the thumbprint from the root certificate and matches it with the CA - thumbprint from the vCenter Server instance.You need to pass in the complete path for the certificate file. + thumbprint from the vCenter instance.You need to pass in the complete path for the certificate file. Returns true if thumbprint matches, else returns false. .EXAMPLE - Confirm-CAInvCenterServer -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -issuer rainpole -signedCertificate F:\certificates\Root64.cer - This example matches the thumbprint of provided root certificate file with the thumbprints on the vCenter Server instance matching the issuer "rainpole". + Confirm-CAInvCenterServer -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -issuer [issuer_name] -signedCertificate [certificate_path] + This example matches the thumbprint of provided root certificate file with the thumbprints on the vCenter instance matching the issuer. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -552,7 +553,7 @@ Function Confirm-CAInvCenterServer { The password to authenticate to the SDDC Manager instance. .PARAMETER domain - The name of the workload domain to retrieve the vCenter Server instance's certificate thumbprints from. + The name of the workload domain to retrieve the vCenter instance's certificate thumbprints from. .PARAMETER signedCertificate The complete path for the root certificate file. @@ -574,9 +575,9 @@ Function Confirm-CAInvCenterServer { Try { if ($PsBoundParameters.ContainsKey("issuer")) { - $vcThumbprints = Get-VCFCertificateThumbprint -vcenter -server $server -user $user -pass $pass -domain $domain -issuer $issuer + $vcThumbprints = Get-VcfCertificateThumbprint -vcenter -server $server -user $user -pass $pass -domain $domain -issuer $issuer } else { - $vcThumbprints = Get-VCFCertificateThumbprint -vcenter -server $server -user $user -pass $pass -domain $domain + $vcThumbprints = Get-VcfCertificateThumbprint -vcenter -server $server -user $user -pass $pass -domain $domain } if (Test-Path $signedCertificate -PathType Leaf ) { Write-Output "Certificate file found - $signedCertificate." @@ -591,13 +592,13 @@ Function Confirm-CAInvCenterServer { $match = $false foreach ($vcThumbprint in $vcThumbprints) { if ($vcThumbprint -eq $signedCertThumbprint) { - Write-Output "Signed certificate thumbprint matches with the vCenter Server certificate authority thumbprint." + Write-Output "Signed certificate thumbprint matches with the vCenter certificate authority thumbprint." $match = $true break } } if (!$match) { - Write-Error "Signed certificate thumbprint does not match any of the vCenter Server certificate authority thumbprints." + Write-Error "Signed certificate thumbprint does not match any of the vCenter certificate authority thumbprints." } return $match } Catch { @@ -608,15 +609,15 @@ Function Confirm-CAInvCenterServer { Function Get-EsxiCertificateMode { <# .SYNOPSIS - Retrieves the certificate management mode value from the vCenter Server instance for a workload domain. + Retrieves the certificate management mode value from the vCenter instance for a workload domain. .DESCRIPTION - The Get-EsxiCertificateMode cmdlet retrieves the certificate management mode value from vCenter Server instance + The Get-EsxiCertificateMode cmdlet retrieves the certificate management mode value from vCenter instance for a workload domain. .EXAMPLE - Get-EsxiCertificateMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 - This example retrieves the certificate management mode value for the vCenter Server instance for the workload domain sfo-m01. + Get-EsxiCertificateMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] + This example retrieves the certificate management mode value for the vCenter instance for the workload domain. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -654,15 +655,15 @@ Function Get-EsxiCertificateMode { Function Set-EsxiCertificateMode { <# .SYNOPSIS - Sets the certificate management mode in vCenter Server for the ESXi hosts in a workload domain. + Sets the certificate management mode in vCenter for the ESX hosts in a workload domain. .DESCRIPTION - The Set-EsxiCertificateMode cmdlet sets the certificate management mode in vCenter Server for the ESXi hosts in + The Set-EsxiCertificateMode cmdlet sets the certificate management mode in vCenter for the ESX hosts in a workload domain. .EXAMPLE - Set-EsxiCertificateMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -mode custom - This example sets the certificate management mode to custom in vCenter Server for the ESXi hosts in workload domain sfo-m01. + Set-EsxiCertificateMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -mode custom + This example sets the certificate management mode to custom in vCenter for the ESX hosts in workload domain. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -674,10 +675,10 @@ Function Set-EsxiCertificateMode { The password to authenticate to the SDDC Manager instance. .PARAMETER domain - The name of the workload domain to set the vCenter Server instance certificate management mode setting for. + The name of the workload domain to set the vCenter instance certificate management mode setting for. .PARAMETER mode - The certificate management mode to set in vCenter Server. One of "custom" or "vmca". + The certificate management mode to set in vCenter. One of "custom" or "vmca". #> Param ( @@ -696,7 +697,7 @@ Function Set-EsxiCertificateMode { if ($certModeSetting.value -ne $mode) { Set-AdvancedSetting $certModeSetting -Value $mode -confirm:$false # Restart "VMware Certificate Authority" and "VMware Certificate Management" services. - Write-Output 'Restarting vCenter Server services ("VMware Certificate Authority" and "VMware Certificate Management") for the change to take effect.' + Write-Output 'Restarting vCenter services ("VMware Certificate Authority" and "VMware Certificate Management") for the change to take effect.' $services = @("certificateauthority", "certificatemanagement") $failedServices = @() @@ -714,10 +715,10 @@ Function Set-EsxiCertificateMode { } Write-Error "The following services failed to restart successfully:`n$failedServicesErrorString`nSet-EsxiCertificateMode operation Failed." -ErrorAction Stop } else { - Write-Output 'vCenter Server services ("VMware Certificate Authority" and "VMware Certificate Management") restarted successfully.' + Write-Output 'vCenter services ("VMware Certificate Authority" and "VMware Certificate Management") restarted successfully.' } } else { - Write-Warning "Certificate Management Mode already set to $mode on the vCenter Server instance $($vCenterServer.details.fqdn): SKIPPED" + Write-Warning "Certificate Management Mode already set to $mode on the vCenter instance $($vCenterServer.details.fqdn): SKIPPED" } } Catch { Debug-ExceptionWriter -object $_ @@ -729,15 +730,15 @@ Function Set-EsxiCertificateMode { Function Get-vSANHealthSummary { <# .SYNOPSIS - Retrieves the vSAN health summary from vCenter Server for a cluster. + Retrieves the vSAN health summary from vCenter for a cluster. .DESCRIPTION - The Get-vSANHealthSummary cmdlet gets the vSAN health summary from vCenter Server for a cluster. + The Get-vSANHealthSummary cmdlet gets the vSAN health summary from vCenter for a cluster. If any status is YELLOW or RED, a WARNING or ERROR will be raised. .EXAMPLE - Get-vSANHealthSummary -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 - This example gets the vSAN health summary for cluster sfo-m01-cl01. + Get-vSANHealthSummary -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] + This example gets the vSAN health summary for cluster. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -811,19 +812,19 @@ Function Get-vSANHealthSummary { Function Get-EsxiConnectionState { <# .SYNOPSIS - Retrieves the ESXi host connection state from vCenter Server. + Retrieves the ESX host connection state from vCenter. .DESCRIPTION - The Get-EsxiConnectionState cmdlet gets the connection state of an ESXi host. + The Get-EsxiConnectionState cmdlet gets the connection state of an ESX host. One of "Connected", "Disconnected", "Maintenance", or "NotResponding" - Depends on a connection to a vCenter Server instance. + Depends on a connection to a vCenter instance. .EXAMPLE - Get-EsxiConnectionState -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io - This example gets an ESXi host's connection state. + Get-EsxiConnectionState -esxiFqdn [esx_host_fqdn] + This example gets an ESX host's connection state. .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host. + The fully qualified domain name of the ESX host. #> Param ( @@ -837,18 +838,18 @@ Function Get-EsxiConnectionState { Function Get-EsxiHostVsanMaintenanceModePrecheck { <# .SYNOPSIS - Checks for any issues when the ESXi H=host enters a particular vSAN maintenance mode. + Checks for any issues when the ESX H=host enters a particular vSAN maintenance mode. .DESCRIPTION - The Get-EsxiHostVsanMaintenanceModePrecheck cmdlet checks if there's any issues for the ESXi host entering a particular vSAN maintenance mode. + The Get-EsxiHostVsanMaintenanceModePrecheck cmdlet checks if there's any issues for the ESX host entering a particular vSAN maintenance mode. The cmdlet will halt the script if the pre check fails. .EXAMPLE - Get-EsxiHostVsanMaintenanceModePrecheck -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMware1! -domain sfo-m01 -cluster sfo-m01-cl01 -vsanDataMigrationMode Full - This example checks each ESXi host within a cluster within the workload domain for any issues when entering a particular vSAN maintenance mode + Get-EsxiHostVsanMaintenanceModePrecheck -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -vsanDataMigrationMode Full + This example checks each ESX host within a cluster within the workload domain for any issues when entering a particular vSAN maintenance mode - Get-EsxiHostVsanMaintenanceModePrecheck -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMware1! -domain sfo-m01 -host sfo01-m01-esx01.sfo.rainpole.io -vsanDataMigrationMode Full - This example checks each ESXi host within a cluster within the workload domain for any issues when entering a particular vSAN maintenance mode + Get-EsxiHostVsanMaintenanceModePrecheck -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -host [esx_host_fqdn] -vsanDataMigrationMode Full + This example checks each ESX host within a cluster within the workload domain for any issues when entering a particular vSAN maintenance mode .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -863,10 +864,10 @@ Function Get-EsxiHostVsanMaintenanceModePrecheck { The name of the workload domain in which the cluster is located. .PARAMETER cluster - The name of the cluster containing the ESXi hosts. + The name of the cluster containing the ESX hosts. .PARAMETER esxiFqdn - The name of the FQDN of an ESXi host. + The name of the FQDN of an ESX host. .PARAMETER vsanDataMigrationMode The type of vSAN maintenance mode. @@ -898,22 +899,22 @@ Function Get-EsxiHostVsanMaintenanceModePrecheck { $clusterDetails = Get-VCFCluster -Name $cluster if ($clusterDetails) { $esxiHosts = Get-VCFHost | Where-Object { $_.cluster.id -eq $clusterDetails.id } | Sort-Object -Property fqdn - if (!$esxiHosts) { Write-Warning "No ESXi hosts found in cluster $cluster." } + if (!$esxiHosts) { Write-Warning "No ESX hosts found in cluster $cluster." } } else { - Write-Error "Unable to locate cluster $cluster in $($vCenterServer.details.fqdn) vCenter Server: PRE_VALIDATION_FAILED" -ErrorAction Stop + Write-Error "Unable to locate cluster $cluster in $($vCenterServer.details.fqdn) vCenter: PRE_VALIDATION_FAILED" -ErrorAction Stop } } else { $esxiHosts = Get-VCFHost -fqdn $esxiFqdn - if (!$esxiHosts) { Write-Error "No ESXi host $esxiFqdn found in workload domain $domain." -ErrorAction Stop } + if (!$esxiHosts) { Write-Error "No ESX host $esxiFqdn found in workload domain $domain." -ErrorAction Stop } } foreach ($esxiHost in $esxiHosts) { $vsanReport = Get-VsanEnterMaintenanceModeReport -VMHost $esxiHost.fqdn -VsanDataMigrationMode $vsanMigrationMode if ($vsanReport.OverallStatus -ne "green") { - Write-Error "ESXi host($($esxiHost.fqdn)) vSAN Data Migration($vsanDataMigrationMode) Pre-check failed with error $($vsanReport.OverallStatus)" -ErrorAction Stop + Write-Error "ESX host($($esxiHost.fqdn)) vSAN Data Migration($vsanDataMigrationMode) Pre-check failed with error $($vsanReport.OverallStatus)" -ErrorAction Stop } else { - Write-Output "ESXi host($($esxiHost.fqdn)) vSAN Data Migration($vsanDataMigrationMode) Pre-check: $($vsanReport.OverallStatus)" + Write-Output "ESX host($($esxiHost.fqdn)) vSAN Data Migration($vsanDataMigrationMode) Pre-check: $($vsanReport.OverallStatus)" } } } Catch { @@ -926,45 +927,45 @@ Function Get-EsxiHostVsanMaintenanceModePrecheck { Function Set-EsxiConnectionState { <# .SYNOPSIS - Sets the ESXi host connection state in vCenter Server. + Sets the ESX host connection state in vCenter. .DESCRIPTION - The Set-EsxiConnectionState cmdlet sets the connection state of an ESXi host. + The Set-EsxiConnectionState cmdlet sets the connection state of an ESX host. One of "Connected", "Disconnected" or "Maintenance". If setting the connection state to Maintenance, provide the VsanDataMigrationMode for a vSAN environment. One of "Full", "EnsureAccessibility", or "NoDataMigration". - Depends on a connection to a vCenter Server instance. + Depends on a connection to a vCenter instance. .EXAMPLE - Set-EsxiConnectionState -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -state Connected - This example sets an ESXi host's connection state to Connected. + Set-EsxiConnectionState -esxiFqdn [esx_host_fqdn] -state Connected + This example sets an ESX host's connection state to Connected. .EXAMPLE - Set-EsxiConnectionState -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -state Maintenance -vsanDataMigrationMode Full - This example sets an ESXi host's connection state to Maintenance with a vSAN data migration mode set to Full data migration. + Set-EsxiConnectionState -esxiFqdn [esx_host_fqdn] -state Maintenance -vsanDataMigrationMode Full + This example sets an ESX host's connection state to Maintenance with a vSAN data migration mode set to Full data migration. .EXAMPLE - Set-EsxiConnectionState -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -state Maintenance -vsanDataMigrationMode EnsureAccessibility -migratePowerOffVMs - This example sets an ESXi host's connection state to Maintenance and will migrate any Power Off or Suspend VMs to other ESXi hosts and + Set-EsxiConnectionState -esxiFqdn [esx_host_fqdn] -state Maintenance -vsanDataMigrationMode EnsureAccessibility -migratePowerOffVMs + This example sets an ESX host's connection state to Maintenance and will migrate any Power Off or Suspend VMs to other ESX hosts and will set vSAN data migration mode to Ensure Accessibility. .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host. + The fully qualified domain name of the ESX host. .PARAMETER state - The connection state to set the ESXi host to. One of "Connected", "Disconnected" or "Maintenance". + The connection state to set the ESX host to. One of "Connected", "Disconnected" or "Maintenance". .PARAMETER migratePowerOffVMs - This optional switch argument will determined if power off and suspended VMs will be migrated off the ESXi host when setting the ESXi host to Maintenance. + This optional switch argument will determined if power off and suspended VMs will be migrated off the ESX host when setting the ESX host to Maintenance. .PARAMETER vsanDataMigrationMode - The vSAN data migration mode to use when setting the ESXi host to Maintenance. One of "Full", "EnsureAccessibility", or "NoDataMigration". + The vSAN data migration mode to use when setting the ESX host to Maintenance. One of "Full", "EnsureAccessibility", or "NoDataMigration". .PARAMETER timeout - The timeout in seconds to wait for the ESXi host to reach the desired connection state. Default is 18000 seconds (5 hours). + The timeout in seconds to wait for the ESX host to reach the desired connection state. Default is 18000 seconds (5 hours). .PARAMETER pollInterval - The poll interval in seconds to check the ESXi host connection state. Default is 60 seconds. + The poll interval in seconds to check the ESX host connection state. Default is 60 seconds. #> Param ( @@ -977,35 +978,35 @@ Function Set-EsxiConnectionState { ) if ($state -ieq (Get-EsxiConnectionState -esxiFqdn $esxiFqdn)) { - Write-Warning "ESXi host $esxiFqdn is already in the $state connection state: SKIPPED" + Write-Warning "ESX host $esxiFqdn is already in the $state connection state: SKIPPED" return } if ($state -ieq "maintenance") { if ($PSBoundParameters.ContainsKey("vsanDataMigrationMode")) { if (($vsanDataMigrationMode -eq "EnsureAccessibility") -and !($migratePowerOffVMs.IsPresent)) { - Write-Output "Entering $state connection state for ESXi host $esxiFqdn with vSAN data migration mode set to $vsanDataMigrationMode." - Write-Output "Power off VMs and suspended VMs are left on the ESXi host $esxiFqdn." + Write-Output "Entering $state connection state for ESX host $esxiFqdn with vSAN data migration mode set to $vsanDataMigrationMode." + Write-Output "Power off VMs and suspended VMs are left on the ESX host $esxiFqdn." Set-VMHost -VMHost $esxiFqdn -State $state -VsanDataMigrationMode $vsanDataMigrationMode -confirm:$false } elseif (($vsanDataMigrationMode -eq "NoDataMigration") -and !($migratePowerOffVMs.IsPresent)) { - Write-Output "Entering $state connection state for ESXi host $esxiFqdn with vSAN data migration mode set to $vsanDataMigrationMode." - Write-Output "Power off VMs and suspended VMs are left on the ESXi host $esxiFqdn." + Write-Output "Entering $state connection state for ESX host $esxiFqdn with vSAN data migration mode set to $vsanDataMigrationMode." + Write-Output "Power off VMs and suspended VMs are left on the ESX host $esxiFqdn." Set-VMHost -VMHost $esxiFqdn -State $state -VsanDataMigrationMode $vsanDataMigrationMode -confirm:$false } else { - Write-Output "Entering $state connection state for ESXi host $esxiFqdn with vSAN data migration mode set to $vsanDataMigrationMode." - Write-Output "Power off VMs and suspended VMs will be migrated off to other ESXi hosts." + Write-Output "Entering $state connection state for ESX host $esxiFqdn with vSAN data migration mode set to $vsanDataMigrationMode." + Write-Output "Power off VMs and suspended VMs will be migrated off to other ESX hosts." Set-VMHost -VMHost $esxiFqdn -State $state -VsanDataMigrationMode $vsanDataMigrationMode -Evacuate -confirm:$false } } else { if ($migratePowerOffVMs.IsPresent) { - Write-Output "Entering $state connection state for ESXi host $esxiFqdn. (Power off VMs and suspended VMs will be migrated off to other ESXi hosts)" + Write-Output "Entering $state connection state for ESX host $esxiFqdn. (Power off VMs and suspended VMs will be migrated off to other ESX hosts)" Set-VMHost -VMHost $esxiFqdn -State $state -Evacuate -confirm:$false } else { - Write-Output "Entering $state connection state for ESXi host $esxiFqdn. (Power off VMs and suspended VMs are left on the ESXi host)" + Write-Output "Entering $state connection state for ESX host $esxiFqdn. (Power off VMs and suspended VMs are left on the ESX host)" Set-VMHost -VMHost $esxiFqdn -State $state -confirm:$false } } } else { - Write-Output "Changing the connection state for ESXi host $esxiFqdn to $state." + Write-Output "Changing the connection state for ESX host $esxiFqdn to $state." Set-VMHost -VMHost $esxiFqdn -State $state -confirm:$false } $timeout = New-TimeSpan -Seconds $timeout @@ -1013,7 +1014,7 @@ Function Set-EsxiConnectionState { do { $currentState = Get-EsxiConnectionState -esxiFqdn $esxiFqdn if ($state -ieq $currentState) { - Write-Output "Successfully changed the connection state for ESXi host $esxiFqdn to $state." + Write-Output "Successfully changed the connection state for ESX host $esxiFqdn to $state." break } else { if ($state -ieq "Connected") { @@ -1028,19 +1029,19 @@ Function Set-EsxiConnectionState { Function Get-EsxiLockdownMode { <# .SYNOPSIS - Retrieves the ESXi host lockdown mode state from a vCenter Server instance. + Retrieves the ESX host lockdown mode state from a vCenter instance. .DESCRIPTION - The Get-EsxiLockdownMode cmdlet gets the lockdown mode value for all ESXi hosts in a given cluster or for a - given ESXi host within the cluster. If -esxiFqdn is provided, only the value for that host is returned. + The Get-EsxiLockdownMode cmdlet gets the lockdown mode value for all ESX hosts in a given cluster or for a + given ESX host within the cluster. If -esxiFqdn is provided, only the value for that host is returned. .EXAMPLE - Get-EsxiLockdownMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 - This example retrieves the lockdown mode for each ESXi host in a cluster. + Get-EsxiLockdownMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] + This example retrieves the lockdown mode for each ESX host in a cluster. .EXAMPLE - Get-EsxiLockdownMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io - This example retrieves the lockdown mode state for an ESXi host in a given cluster. + Get-EsxiLockdownMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -esxiFqdn [esx_host_fqdn] + This example retrieves the lockdown mode state for an ESX host in cluster. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -1055,10 +1056,10 @@ Function Get-EsxiLockdownMode { The name of the workload domain in which the cluster is located. .PARAMETER cluster - The name of the cluster in which the ESXi host is located. + The name of the cluster in which the ESX host is located. .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host to retrieve the lockdown mode state for. + The fully qualified domain name of the ESX host to retrieve the lockdown mode state for. #> Param ( @@ -1080,14 +1081,14 @@ Function Get-EsxiLockdownMode { } else { $esxiHosts = Get-Cluster $cluster | Get-VMHost | Sort-Object -Property Name } - if (!$esxiHosts) { Write-Warning "No ESXi hosts found within cluster $cluster." } + if (!$esxiHosts) { Write-Warning "No ESX hosts found within cluster $cluster." } } else { - Write-Error "Unable to locate cluster $cluster in $($vCenterServer.details.fqdn) vCenter Server: PRE_VALIDATION_FAILED" -ErrorAction Stop + Write-Error "Unable to locate cluster $cluster in $($vCenterServer.details.fqdn) vCenter: PRE_VALIDATION_FAILED" -ErrorAction Stop } foreach ($esxiHost in $esxiHosts) { $lockdownMode = (Get-VMHost -name $esxiHost).ExtensionData.Config.LockdownMode - Write-Output "ESXi host $esxiHost lockdown mode is set to $lockdownMode." + Write-Output "ESX host $esxiHost lockdown mode is set to $lockdownMode." } if ($PsBoundParameters.ContainsKey("esxiFqdn")) { return $lockdownMode @@ -1100,18 +1101,18 @@ Function Get-EsxiLockdownMode { Function Set-EsxiLockdownMode { <# .SYNOPSIS - Sets the lockdown mode for all ESXi hosts in a given cluster. + Sets the lockdown mode for all ESX hosts in a given cluster. .DESCRIPTION - The Set-EsxiLockdownMode cmdlet sets the lockdown mode for all ESXi hosts in a given cluster. + The Set-EsxiLockdownMode cmdlet sets the lockdown mode for all ESX hosts in a given cluster. .EXAMPLE - Set-EsxiLockdownMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -enable - This example will enable the lockdown mode for all ESXi hosts in a cluster. + Set-EsxiLockdownMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -enable + This example will enable the lockdown mode for all ESX hosts in a cluster. .EXAMPLE - Set-EsxiLockdownMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -disable - This example will disable the lockdown mode for all ESXi hosts in a cluster. + Set-EsxiLockdownMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -disable + This example will disable the lockdown mode for all ESX hosts in a cluster. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -1126,13 +1127,13 @@ Function Set-EsxiLockdownMode { The name of the workload domain in which the cluster is located. .PARAMETER cluster - The name of the cluster in which the ESXi host is located. + The name of the cluster in which the ESX host is located. .PARAMETER enable - Enable lockdown mode for the ESXi host(s). + Enable lockdown mode for the ESX host(s). .PARAMETER disable - Disable lockdown mode for the ESXi host(s). + Disable lockdown mode for the ESX host(s). #> Param ( @@ -1151,42 +1152,42 @@ Function Set-EsxiLockdownMode { $vCenterServer = Get-vCenterServer -server $server -user $user -pass $pass -domain $domain if (Get-Cluster | Where-Object { $_.Name -eq $cluster }) { $esxiHosts = Get-Cluster $cluster | Get-VMHost | Sort-Object -Property Name - if (!$esxiHosts) { Write-Warning "No ESXi hosts found within $cluster cluster." } + if (!$esxiHosts) { Write-Warning "No ESX hosts found within $cluster cluster." } } else { - Write-Error "Unable to locate Cluster $cluster in $($vCenterServer.details.fqdn) vCenter Server: PRE_VALIDATION_FAILED" -ErrorAction Stop + Write-Error "Unable to locate Cluster $cluster in $($vCenterServer.details.fqdn) vCenter: PRE_VALIDATION_FAILED" -ErrorAction Stop } if ($PSBoundParameters.ContainsKey("enable")) { - Write-Output "Enabling lockdown mode for each ESXi host in $cluster cluster" + Write-Output "Enabling lockdown mode for each ESX host in $cluster cluster" foreach ($esxiHost in $esxiHosts) { $currentLockdownMode = (Get-VMHost -name $esxiHost).ExtensionData.Config.LockdownMode if ($currentLockdownMode -eq "lockdownDisabled") { ($esxiHost | Get-View).EnterLockdownMode() - Write-Output "Changing lockdown mode for ESXi host $esxiHost from $currentLockdownMode to lockdownNormal." + Write-Output "Changing lockdown mode for ESX host $esxiHost from $currentLockdownMode to lockdownNormal." $newLockdownMode = (Get-VMHost -name $esxiHost).ExtensionData.Config.LockdownMode if ($lockdownMode -eq $newLockdownMode) { - Write-Error "Unable to change lockdown mode for ESXi host $esxiHost from $currentLockdownMode to lockdownNormal. Lockdown mode is set to $newLockdownMode." -ErrorAction Stop + Write-Error "Unable to change lockdown mode for ESX host $esxiHost from $currentLockdownMode to lockdownNormal. Lockdown mode is set to $newLockdownMode." -ErrorAction Stop } } else { - Write-Warning "Lockdown mode for ESXi host $esxiHost is already set to lockdownNormal: SKIPPED" + Write-Warning "Lockdown mode for ESX host $esxiHost is already set to lockdownNormal: SKIPPED" } } } if ($PSBoundParameters.ContainsKey("disable")) { - Write-Output "Disabling lockdown mode for each ESXi host in $cluster cluster." + Write-Output "Disabling lockdown mode for each ESX host in $cluster cluster." foreach ($esxiHost in $esxiHosts) { $currentLockdownMode = (Get-VMHost -name $esxiHost).ExtensionData.Config.LockdownMode if ($currentLockdownMode -ne "lockdownDisabled") { ($esxiHost | Get-View).ExitLockdownMode() - Write-Output "Changing lockdown mode for ESXi host $esxiHost from $currentLockdownMode to lockdownDisabled." + Write-Output "Changing lockdown mode for ESX host $esxiHost from $currentLockdownMode to lockdownDisabled." $newLockdownMode = (Get-VMHost -name $esxiHost).ExtensionData.Config.LockdownMode if ($currentLockdownMode -eq $newLockdownMode) { - Write-Error "Unable to change lockdown mode for ESXi host $esxiHost from $currentLockdownMode to lockdownDisabled. Lockdown mode is set to $newLockdownMode." -ErrorAction Stop + Write-Error "Unable to change lockdown mode for ESX host $esxiHost from $currentLockdownMode to lockdownDisabled. Lockdown mode is set to $newLockdownMode." -ErrorAction Stop } } else { - Write-Warning "Lockdown mode for ESXi host $esxiHost is already set to lockdownDisabled: SKIPPED" + Write-Warning "Lockdown mode for ESX host $esxiHost is already set to lockdownDisabled: SKIPPED" } } } @@ -1198,27 +1199,27 @@ Function Set-EsxiLockdownMode { Function Restart-EsxiHost { <# .SYNOPSIS - Restarts an ESXi host and poll for connection availability. + Restarts an ESX host and poll for connection availability. .DESCRIPTION - The Restart-EsxiHost cmdlet restarts an ESXi host and polls for connection availability. + The Restart-EsxiHost cmdlet restarts an ESX host and polls for connection availability. Timeout value is in seconds. .EXAMPLE - Restart-EsxiHost -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -user root -pass VMw@re1! -poll $true -timeout 1800 -pollInterval 30 - This example restarts an ESXi host and polls the connection availability every 30 seconds. It will timeout after 1800 seconds. + Restart-EsxiHost -esxiFqdn [esx_host_fqdn] -user [admin_username] -pass [admin_password] -poll $true -timeout 1800 -pollInterval 30 + This example restarts an ESX host and polls the connection availability every 30 seconds. It will timeout after 1800 seconds. .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host. + The fully qualified domain name of the ESX host. .PARAMETER user - The username to authenticate to the ESXi host. + The username to authenticate to the ESX host. .PARAMETER pass - The password to authenticate to the ESXi host. + The password to authenticate to the ESX host. .PARAMETER poll - Poll for connection availability after restarting the ESXi host. Default is true. + Poll for connection availability after restarting the ESX host. Default is true. .PARAMETER timeout The timeout value in seconds. Default is 1800 seconds. @@ -1238,17 +1239,17 @@ Function Restart-EsxiHost { $pass = Get-Password -User $user -Password $pass - # Connect to the ESXi host. + # Connect to the ESX host. Connect-VIServer $esxiFqdn -User $user -password $pass -Force $vmHost = Get-VMHost -Server $esxiFqdn if (!$vmHost) { - Write-Error "Unable to locate ESXi host with FQDN $esxiFqdn : PRE_VALIDATION_FAILED" -ErrorAction Stop + Write-Error "Unable to locate ESX host with FQDN $esxiFqdn : PRE_VALIDATION_FAILED" -ErrorAction Stop return } else { Write-Output "Restarting $esxiFqdn" } - # Retrieves the ESXi host uptime before restart. + # Retrieves the ESX host uptime before restart. $esxiUptime = New-TimeSpan -Start $vmHost.ExtensionData.Summary.Runtime.BootTime.ToLocalTime() -End (Get-Date) Restart-VMHost $esxiFqdn -server $esxiFqdn -Confirm:$false @@ -1256,7 +1257,7 @@ Function Restart-EsxiHost { Disconnect-VIServer -server $esxiFqdn -Confirm:$false -WarningAction SilentlyContinue -ErrorAction SilentlyContinue | Out-Null if ($poll) { - Write-Output "Waiting for ESXi host $esxiFqdn to restart. Polling the connection every $pollInterval seconds." + Write-Output "Waiting for ESX host $esxiFqdn to restart. Polling the connection every $pollInterval seconds." Start-Sleep -Seconds $pollInterval $timeout = New-TimeSpan -Seconds $timeout $stopwatch = [System.Diagnostics.Stopwatch]::StartNew() @@ -1266,43 +1267,43 @@ Function Restart-EsxiHost { $vmHost = Get-VMHost -Server $esxiFqdn $currentUpTime = New-TimeSpan -Start $vmHost.ExtensionData.Summary.Runtime.BootTime.ToLocalTime() -End (Get-Date) if ($($esxiUptime.TotalSeconds) -gt $($currentUpTime.TotalSeconds)) { - Write-Output "ESXi host $esxiFqdn has been restarted and is now accessible." + Write-Output "ESX host $esxiFqdn has been restarted and is now accessible." } else { - Write-Output "ESXi host $esxiFqdn uptime: $($esxiUptime.TotalSeconds) | Current Uptime - $($currentUpTime.TotalSeconds)" + Write-Output "ESX host $esxiFqdn uptime: $($esxiUptime.TotalSeconds) | Current Uptime - $($currentUpTime.TotalSeconds)" } Disconnect-VIServer -Server $esxiFqdn -Confirm:$false -WarningAction SilentlyContinue -ErrorAction SilentlyContinue | Out-Null return } } - Write-Output "Waiting for ESXi host $esxiFqdn to restart and become accessible." + Write-Output "Waiting for ESX host $esxiFqdn to restart and become accessible." Start-Sleep -Seconds $pollInterval } while ($stopwatch.elapsed -lt $timeout) - Write-Error "ESXi host $esxiFqdn did not respond after $($timeout.TotalMinutes) seconds. Please verify that the ESXi host is online and accessible." -ErrorAction Stop + Write-Error "ESX host $esxiFqdn did not respond after $($timeout.TotalMinutes) seconds. Please verify that the ESX host is online and accessible." -ErrorAction Stop } else { - Write-Warning "Restart of ESXi host $esxiFqdn triggered without polling connection state. Please monitor the connection state in the vSphere Client." + Write-Warning "Restart of ESX host $esxiFqdn triggered without polling connection state. Please monitor the connection state in the vSphere Client." } } Function Install-EsxiCertificate { <# .SYNOPSIS - Installs a certificate for an ESXi host or for each ESXi host in a cluster. + Installs a certificate for an ESX host or for each ESX host in a cluster. .DESCRIPTION - The Install-EsxiCertificate cmdlet will replace the certificate for an ESXi host or for each ESXi host + The Install-EsxiCertificate cmdlet will replace the certificate for an ESX host or for each ESX host in a cluster. You must provide the directory containing the signed certificate files. - Certificate names should be in format .crt e.g. sfo01-m01-esx01.sfo.rainpole.io.crt. - The workflow will put the ESXi host in maintenance mode with full data migration, - disconnect the ESXi host from the vCenter Server, replace the certificate, restart the ESXi host, - and the exit maintenance mode once the ESXi host is online. + Certificate names should be in format .crt. + The workflow will put the ESX host in maintenance mode with full data migration, + disconnect the ESX host from the vCenter, replace the certificate, restart the ESX host, + and the exit maintenance mode once the ESX host is online. .EXAMPLE - Install-EsxiCertificate -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -certificateDirectory F:\certificates -certificateFileExt ".cer" - This example will install the certificate to the ESXi host sfo01-m01-esx01.sfo.rainpole.io in domain sfo-m01 from the provided path. + Install-EsxiCertificate -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -esxiFqdn [esx_host_fqdn] -certificateDirectory [certificate_directory_path] -certificateFileExt ".cer" + This example will install the certificate to the ESX host in the workload domain from the provided path. .EXAMPLE - Install-EsxiCertificate -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -certificateDirectory F:\certificates -certificateFileExt ".cer" - This example will install certificates for each ESXi host in cluster sfo-m01-cl01 in workload domain sfo-m01 from the provided path. + Install-EsxiCertificate -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -certificateDirectory [certificate_directory_path] -certificateFileExt ".cer" + This example will install certificates for each ESX host in cluster in the workload domain from the provided path. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -1314,13 +1315,13 @@ Function Install-EsxiCertificate { The password to authenticate to the SDDC Manager instance. .PARAMETER domain - The name of the workload domain in which the ESXi host is located. + The name of the workload domain in which the ESX host is located. .PARAMETER cluster - The name of the cluster in which the ESXi host is located. + The name of the cluster in which the ESX host is located. .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host. + The fully qualified domain name of the ESX host. .PARAMETER certificateDirectory The directory containing the signed certificate files. @@ -1329,16 +1330,16 @@ Function Install-EsxiCertificate { The file extension of the certificate files. One of ".crt", ".cer", ".pem", ".p7b", or ".p7c". .PARAMETER timeout - The timeout in seconds for putting the ESXi host in maintenance mode. Default is 18000 seconds (5 hours). + The timeout in seconds for putting the ESX host in maintenance mode. Default is 18000 seconds (5 hours). .PARAMETER migratePowerOffVMs - This optional switch argument will determined if power off and suspended VMs will be migrated off the ESXi host when setting the ESXi host to Maintenance. + This optional switch argument will determined if power off and suspended VMs will be migrated off the ESX host when setting the ESX host to Maintenance. .PARAMETER vsanDataMigrationMode - The vSAN data migration mode to use when setting the ESXi host to Maintenance. One of "Full" or "EnsureAccessibility". + The vSAN data migration mode to use when setting the ESX host to Maintenance. One of "Full" or "EnsureAccessibility". .PARAMETER uploadPrivateKey - Option to upload of a custom Private Key for the ESXi host. + Option to upload of a custom Private Key for the ESX host. #> Param ( @@ -1362,13 +1363,13 @@ Function Install-EsxiCertificate { $clusterDetails = Get-VCFCluster -Name $cluster if ($clusterDetails) { $esxiHosts = Get-VCFHost | Where-Object { $_.cluster.id -eq $clusterDetails.id } | Sort-Object -Property fqdn - if (!$esxiHosts) { Write-Warning "No ESXi hosts found in cluster $cluster." } + if (!$esxiHosts) { Write-Warning "No ESX hosts found in cluster $cluster." } } else { - Write-Error "Unable to locate cluster $cluster in $($vCenterServer.details.fqdn) vCenter Server: PRE_VALIDATION_FAILED" -ErrorAction Stop + Write-Error "Unable to locate cluster $cluster in $($vCenterServer.details.fqdn) vCenter: PRE_VALIDATION_FAILED" -ErrorAction Stop } } else { $esxiHosts = Get-VCFHost -fqdn $esxiFqdn - if (!$esxiHosts) { Write-Error "No ESXi host $esxiFqdn found in workload domain $domain." -ErrorAction Stop } + if (!$esxiHosts) { Write-Error "No ESX host $esxiFqdn found in workload domain $domain." -ErrorAction Stop } } $version = Get-VCFManager -version @@ -1384,12 +1385,12 @@ Function Install-EsxiCertificate { Write-Error "Unable to retrieve session ID from $($vcenter.details.fqdn)'s API: PRE_VALIDATION_FAILED" -ErrorAction Stop } } else { - # Perform ESXi host vSAN data migration pre-check. + # Perform ESX host vSAN data migration pre-check. if ($PsBoundParameters.ContainsKey("cluster")) { Write-Output "Performing Data Migration Pre-check on the cluster $cluster" Get-EsxiHostVsanMaintenanceModePrecheck -server $server -user $user -pass $pass -domain $domain -cluster $cluster -vsanDataMigrationMode $vsanDataMigrationMode } else { - Write-Output "Performing Data Migration Pre-check on the ESXi host $esxiFqdn" + Write-Output "Performing Data Migration Pre-check on the ESX host $esxiFqdn" Get-EsxiHostVsanMaintenanceModePrecheck -server $server -user $user -pass $pass -domain $domain -esxiFqdn $esxiFqdn -vsanDataMigrationMode $vsanDataMigrationMode } } @@ -1403,7 +1404,7 @@ Function Install-EsxiCertificate { $crtPath = Join-Path -Path $certificateDirectory -childPath $esxiFqdn$certificateFileExt if (!(Test-Path $crtPath -PathType Leaf )) { - Write-Error "Certificate not found at $crtPath. Skipping certificate replacement for ESXi host $esxiFqdn." + Write-Error "Certificate not found at $crtPath. Skipping certificate replacement for ESX host $esxiFqdn." $skippedHosts.Add($esxiFqdn) continue } @@ -1411,7 +1412,7 @@ Function Install-EsxiCertificate { if ($vcfVersion -ge "5.2") { $keyPath = Join-Path -Path $certificateDirectory -childPath ($esxiFqdn + ".key") if (!(Test-Path $keyPath -PathType Leaf) -and ($PSBoundParameters.ContainsKey("uploadPrivateKey"))) { - Write-Error "Private key not found at $keyPath. Skipping certificate replacement for ESXi host $esxiFqdn." + Write-Error "Private key not found at $keyPath. Skipping certificate replacement for ESX host $esxiFqdn." $skippedHosts.Add($esxiFqdn) continue } @@ -1421,7 +1422,7 @@ Function Install-EsxiCertificate { $skippedHosts.Add($esxiFqdn) continue } elseif ($vcfVersion -ge "5.2") { - Write-Output "Starting certificate replacement for ESXi host $esxiFqdn." + Write-Output "Starting certificate replacement for ESX host $esxiFqdn." $esxCertificatePem = Get-Content $crtPath -Raw $esxiConfig = Get-View -ViewType HostSystem -Filter @{"Name" = "$esxiFqdn" } $esxiHostConfig = Get-View -Id $esxiConfig.ConfigManager.CertificateManager @@ -1430,14 +1431,14 @@ Function Install-EsxiCertificate { if ($PSBoundParameters.ContainsKey("uploadPrivateKey")) { $esxCertificateKey = Get-Content $keyPath -Raw $url = "https://$($vCenterServer.details.fqdn)/sdk/vim25/8.0.3.0/HostCertificateManager/$esxiHostConfigMoid/ProvisionServerPrivateKey" - # Install ESXi Private Key + # Install ESX Private Key $body = @{'key' = "$esxCertificateKey" } | ConvertTo-Json $respond = Invoke-WebRequest -Headers @{'vmware-api-session-id' = "$sessionId" } -Uri $url -Body $body -Method:POST -ContentType:'application/json' if (!($respond.StatusCode -eq 204)) { - Write-Error "Upload private key to ESXi host $esxiFqdn failed. " -ErrorAction Stop + Write-Error "Upload private key to ESX host $esxiFqdn failed. " -ErrorAction Stop } } - # Install ESXi Certificate + # Install ESX Certificate $esxiHostConfig.InstallServerCertificate($esxCertificatePem) # trigger refresh on affected services @@ -1458,40 +1459,40 @@ Function Install-EsxiCertificate { } else { Set-EsxiConnectionState -esxiFqdn $esxiFqdn -state "Maintenance" -timeout $timeout } - Write-Output "Starting certificate replacement for ESXi host $esxiFqdn." + Write-Output "Starting certificate replacement for ESX host $esxiFqdn." $esxCertificatePem = Get-Content $crtPath -Raw Set-VIMachineCertificate -PemCertificate $esxCertificatePem -VMHost $esxiFqdn -ErrorAction Stop -Confirm:$false $replacedHosts.Add($esxiFqdn) - # Disconnect ESXi host from vCenter Server prior to restarting an ESXi host. + # Disconnect ESX host from vCenter prior to restarting an ESX host. Set-EsxiConnectionState -esxiFqdn $esxiFqdn -state "Disconnected" -timeout $timeout Restart-ESXiHost -esxiFqdn $esxiFqdn -user $($esxiCredential.username) -pass $($esxiCredential.password) - # Connect to vCenter Server, set the ESXi host connection state, and exit maintenance mode. - Write-Output "Connecting to vCenter Server instance $($vCenterServer.details.fqdn) and exiting ESXi host $esxiFqdn from maintenance mode." + # Connect to vCenter, set the ESX host connection state, and exit maintenance mode. + Write-Output "Connecting to vCenter instance $($vCenterServer.details.fqdn) and exiting ESX host $esxiFqdn from maintenance mode." $vCenterServer = Get-vCenterServer -server $server -user $user -pass $pass -domain $domain if ($vCenterServer) { Set-EsxiConnectionState -esxiFqdn $esxiFqdn -state "Connected" -timeout $timeout Start-Sleep -Seconds 30 Set-EsxiConnectionState -esxiFqdn $esxiFqdn -state "Connected" } else { - Write-Error "Could not connect to vCenter Server instance $($vCenterServer.details.fqdn). Check the state of ESXi host $esxiFqdn using the Get-EsxiConnectionState cmdlet." -ErrorAction Stop + Write-Error "Could not connect to vCenter instance $($vCenterServer.details.fqdn). Check the state of ESX host $esxiFqdn using the Get-EsxiConnectionState cmdlet." -ErrorAction Stop break } } else { - Write-Error "Unable to get credentials for ESXi host $esxiFqdn from SDDC Manager." + Write-Error "Unable to get credentials for ESX host $esxiFqdn from SDDC Manager." $skippedHosts.Add($esxiFqdn) } } } Write-Output "--------------------------------------------------------------------------------" - Write-Output "ESXi Host Certificate Replacement Summary:" + Write-Output "ESX Host Certificate Replacement Summary:" Write-Output "--------------------------------------------------------------------------------" - Write-Output "Succesfully completed certificate replacement for $($replacedHosts.Count) ESXi hosts:" + Write-Output "Succesfully completed certificate replacement for $($replacedHosts.Count) ESX hosts:" foreach ($replacedHost in $replacedHosts) { Write-Output "$replacedHost" } - Write-Warning "Skipped certificate replacement for $($skippedHosts.Count) ESXi hosts:" + Write-Warning "Skipped certificate replacement for $($skippedHosts.Count) ESX hosts:" foreach ($skippedHost in $skippedHosts) { Write-Warning "$skippedHost : SKIPPED" } @@ -1503,21 +1504,21 @@ Function Install-EsxiCertificate { } } -Function Set-VCFCertificateAuthority { +Function Set-VcfCertificateAuthority { <# .SYNOPSIS Sets the certificate authority in SDDC Manager to use a Microsoft Certificate Authority or an OpenSSL Certificate Authority. .DESCRIPTION - The Set-VCFCertificateAuthority will configure Microsoft Certificate Authority or + The Set-VcfCertificateAuthority will configure Microsoft Certificate Authority or OpenSSL Certificate Authority as SDDC Manager's Certificate Authority. .EXAMPLE - Set-VCFCertificateAuthority -certAuthority Microsoft -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -certAuthorityFqdn rpl-ad01.rainpole.io -certAuthorityUser svc-vcf-ca -certAuthorityPass VMw@re1! -certAuthorityTemplate VMware - This example will configure Microsoft Certificate Authority rpl-ad01.rainpole.io in SDDC Manager. + Set-VcfCertificateAuthority -certAuthority Microsoft -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -certAuthorityFqdn [certificate_authority_fqdn] -certAuthorityUser [certificate_authority_username] -certAuthorityPass [certificate_authority_password] -certAuthorityTemplate [certificate_authority_template_name] + This example will configure Microsoft Certificate Authority in SDDC Manager. - Set-VCFCertificateAuthority -certAuthority OpenSSL -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re123! -commonName sfo-vcf01.sfo.rainpole.io -organization Rainpole -organizationUnit "Platform Engineering" -locality "San Francisco" -state CA -country US + Set-VcfCertificateAuthority -certAuthority OpenSSL -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -commonName []common_name] -organization [organization] -organizationUnit [organization_unit] -locality [locality] -state [state] -country [country] This example will configure an OpenSSL Certificate Authority in SDDC Manager. .PARAMETER certAuthority @@ -1686,7 +1687,7 @@ Function gatherSddcInventory { } } - # vCenter Server + # vCenter if (([float]$sddcMgrVersion -ge 4) -AND ($domainType -eq "Management")) { $domain = Get-VCFWorkloadDomain | Where-Object { $_.type -eq "MANAGEMENT" } $vCenterServer = Get-VCFvCenter | Where-Object { $_.domain.id -eq $domain.id } @@ -1736,41 +1737,40 @@ Function gatherSddcInventory { Return $resourcesObject } -Function Request-VCFCsr { +Function Request-VcfCsr { <# .SYNOPSIS Requests SDDC Manager to generate and store certificate signing request (CSR) files or requests a certificate - signing request for either an ESXi host or a for each ESXi host in a cluster and saves it to file(s) in a + signing request for either an ESX host or a for each ESX host in a cluster and saves it to file(s) in a directory. .DESCRIPTION - The Request-VCFCsr will request SDDC Manager to generate certificate signing request files for all components - associated with the given domain when used with -sddcManager switch. The Request-VCFCsr cmdlet will generate - the certificate signing request for ESXi host(s) and saves it to file(s) in an output directory when used with + The Request-VcfCsr will request SDDC Manager to generate certificate signing request files for all components + associated with the given domain when used with -sddcManager switch. The Request-VcfCsr cmdlet will generate + the certificate signing request for ESX host(s) and saves it to file(s) in an output directory when used with the -esxi switch. The cmdlet connects to the SDDC Manager using the -server, -user, and -password values. - Validates that network connectivity and authentication is possible to SDDC Manager. - Validates that the workload domain exists in the SDDC Manager inventory. - - Validates that network connectivity and authentication is possible to vCenter Server. + - Validates that network connectivity and authentication is possible to vCenter. When used with -esxi switch, this cmdlet - - Gathers the ESXi hosts from the cluster - - Requests the ESXi host CSR and saves it in the output directory as .csr. e.g. sfo01-m01-esx01.sfo.rainpole.io.csr + - Gathers the ESX hosts from the cluster + - Requests the ESX host CSR and saves it in the output directory as .csr. e.g. sfo01-m01-esx01.sfo.rainpole.io.csr - Defines possible country codes. Reference: https://www.digicert.com/kb/ssl-certificate-country-codes.htm .EXAMPLE - Request-VCFCsr -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -country US -locality "Palo Alto" -organization "Rainpole" -organizationUnit "Engineering" -stateOrProvince "California" -outputDirectory F:\csr - This example generates CSRs and stores them in the provided output directory for all ESXi hosts in the cluster sfo-m01-cl01 with the specified fields. + Request-VcfCsr -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -country [country] -locality [locality] -organization [organization] -organizationUnit [organization_unit] -stateOrProvince [state_or_province] -outputDirectory [output_path] + This example generates CSRs and stores them in the provided output directory for all ESX hosts in the cluster with the specified fields. .EXAMPLE - Request-VCFCsr -sddcManager -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re123! -domain sfo-w01 -country US -keysize "3072" -locality "San Francisco" -organization "Rainpole" -organizationUnit "IT" -stateOrProvince "California" -email "admin@rainpole.io" + Request-VcfCsr -sddcManager -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -country [country] -keysize [keysize] -locality [locality] -organization [organization] -organizationUnit [organization_unit] -stateOrProvince [state_or_province] -email [email_address] This example will request SDDC Manager to generate certificate signing request files for all components associated with the given workload domain. - .PARAMETER esxi - Switch to request and save certificate signing request files for ESXi hosts + Switch to request and save certificate signing request files for ESX hosts. .PARAMETER sddcManager - Switch to request and store certificate signing request files on SDDC Manager + Switch to request and store certificate signing request files on SDDC Manager. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -1785,10 +1785,10 @@ Function Request-VCFCsr { The name of the workload domain in which the cluster is located. .PARAMETER cluster - The name of the cluster in which the ESXi host is located. (Only required when using -esxi parameter) + The name of the cluster in which the ESX host is located. (Only required when using -esxi parameter) .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host to request certificate signing request (CSR) for. (Only required when using -esxi parameter) + The fully qualified domain name of the ESX host to request certificate signing request (CSR) for. (Only required when using -esxi parameter) .PARAMETER country The country code for the certificate signing request (CSR). @@ -1863,23 +1863,23 @@ Function Request-VCFCsr { Function Request-EsxiCsr { <# .SYNOPSIS - Requests a certificate signing request (CSR) for an ESXi host or a for each ESXi host in a cluster and saves it + Requests a certificate signing request (CSR) for an ESX host or a for each ESX host in a cluster and saves it to file(s) in a directory. .DESCRIPTION - The Request-EsxiCsr cmdlet will generate the certificate signing request for ESXi host(s) and saves it to + The Request-EsxiCsr cmdlet will generate the certificate signing request for ESX host(s) and saves it to file(s) in an output directory. The cmdlet connects to the SDDC Manager using the -server, -user, and -password values. - Validates that network connectivity and authentication is possible to SDDC Manager. - Validates that the workload domain exists in the SDDC Manager inventory. - - Validates that network connectivity and authentication is possible to vCenter Server. - - Gathers the ESXi hosts from the cluster. - - Requests the ESXi host CSR and saves it in the output directory as .csr. e.g. sfo01-m01-esx01.sfo.rainpole.io.csr + - Validates that network connectivity and authentication is possible to vCenter. + - Gathers the ESX hosts from the cluster. + - Requests the ESX host CSR and saves it in the output directory as .csr. e.g. sfo01-m01-esx01.sfo.rainpole.io.csr - Defines possible country codes. Reference: https://www.digicert.com/kb/ssl-certificate-country-codes.htm .EXAMPLE - Request-EsxiCsr -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -country US -locality "Palo Alto" -organization "Rainpole" -organizationUnit "Engineering" -stateOrProvince "California" -outputDirectory F:\csr - This example generates CSRs and stores them in the provided output directory for all ESXi hosts in the cluster sfo-m01-cl01 with the specified fields. + Request-EsxiCsr -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -country [country] -locality [locality] -organization [organization] -organizationUnit [organization_unit] -stateOrProvince [state_or_province] -outputDirectory [output_path] + This example generates CSRs and stores them in the provided output directory for all ESX hosts in the cluster with the specified fields. .PARAMETER server The fully qualified domain name of the SDDC Manager instance. @@ -1894,10 +1894,10 @@ Function Request-EsxiCsr { The name of the workload domain in which the cluster is located. .PARAMETER cluster - The name of the cluster in which the ESXi host is located. + The name of the cluster in which the ESX host is located. .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host to request certificate signing request (CSR) for. + The fully qualified domain name of the ESX host to request certificate signing request (CSR) for. .PARAMETER country The country code for the certificate signing request (CSR). @@ -1951,14 +1951,14 @@ Function Request-EsxiCsr { if ($PsBoundParameters.ContainsKey("cluster")) { if (Get-Cluster | Where-Object { $_.Name -eq $cluster }) { $esxiHosts = Get-Cluster $cluster | Get-VMHost | Sort-Object -Property Name - if (!$esxiHosts) { Write-Warning "No ESXi hosts found within $cluster cluster." } + if (!$esxiHosts) { Write-Warning "No ESX hosts found within $cluster cluster." } } else { - Write-Error "Unable to locate cluster $cluster in vCenter Server instance $($vCenterServer.details.fqdn): PRE_VALIDATION_FAILED" - Throw "Unable to locate cluster $cluster in vCenter Server $($vCenterServer.details.fqdn): PRE_VALIDATION_FAILED" + Write-Error "Unable to locate cluster $cluster in vCenter instance $($vCenterServer.details.fqdn): PRE_VALIDATION_FAILED" + Throw "Unable to locate cluster $cluster in vCenter $($vCenterServer.details.fqdn): PRE_VALIDATION_FAILED" } } else { $esxiHosts = Get-VMHost -Name $esxiFqdn - if (!$esxiHosts) { Write-Warning "No ESXi host $esxiFqdn found within workload domain $domain." } + if (!$esxiHosts) { Write-Warning "No ESX host $esxiFqdn found within workload domain $domain." } } if ($esxiHosts) { @@ -1995,7 +1995,7 @@ Function Request-SddcCsr { - Defines possible country codes. Reference: https://www.digicert.com/kb/ssl-certificate-country-codes.htm .EXAMPLE - Request-SddcCsr -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -workloadDomain sfo-w01 -country US -keysize "3072" -locality "San Francisco" -organization "Rainpole" -organizationUnit "IT" -stateOrProvince "California" -email "admin@rainpole.io" + Request-SddcCsr -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -workloadDomain [workload_domain_name] -country [country] -keysize [keysize] -locality [locality] -organization [organization] -organizationUnit [organization_unit] -stateOrProvince [state_or_province] -email [email_address] This example will request SDDC Manager to generate certificate signing request files for all components associated with the given workload domain. .PARAMETER server @@ -2123,22 +2123,22 @@ Function Request-SddcCsr { } } -Function Request-VCFSignedCertificate { +Function Request-VcfSignedCertificate { <# .SYNOPSIS Requests SDDC Manager to connect to certificate authority to sign the certificate signing request files and to store the signed certificates. .DESCRIPTION - The Request-VCFSignedCertificate will request SDDC Manager to connect to the certificate authority to sign the + The Request-VcfSignedCertificate will request SDDC Manager to connect to the certificate authority to sign the generated certificate signing request files for all components associated with the given workload domain .EXAMPLE - Request-VCFSignedCertificate -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -workloadDomain sfo-w01 -certAuthority Microsoft + Request-VcfSignedCertificate -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -workloadDomain [workload_domain_name] -certAuthority Microsoft This example will connect to SDDC Manager to request to have the certificate signing request files for a given workload domain to be signed by Microsoft CA. .EXAMPLE - Request-VCFSignedCertificate -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -workloadDomain sfo-w01 -certAuthority OpenSSL + Request-VcfSignedCertificate -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -workloadDomain [workload_domain_name] -certAuthority OpenSSL This example will connect to SDDC Manager to request to have the certificate signing request files for a given workload domain to be signed by OpenSSL CA. .PARAMETER server @@ -2223,43 +2223,43 @@ Function Request-VCFSignedCertificate { } } -Function Install-VCFCertificate { +Function Install-VcfCertificate { <# .SYNOPSIS - Installs the signed certificates for all components associated with the given workload domain, or an ESXi Host - or for each ESXi host in a given cluster. + Installs the signed certificates for all components associated with the given workload domain, or an ESX Host + or for each ESX host in a given cluster. .DESCRIPTION - The Install-VCFCertificate will install the signed certificates for all components associated with the given - workload domain when used with the -sddcManager switch. The Install-VCFCertificate cmdlet will replace the - certificate for an ESXi host or for each ESXi host in a cluster when used with the -esxi switch. + The Install-VcfCertificate will install the signed certificates for all components associated with the given + workload domain when used with the -sddcManager switch. The Install-VcfCertificate cmdlet will replace the + certificate for an ESX host or for each ESX host in a cluster when used with the -esxi switch. When used with the -esxi switch: - You must provide the directory containing the signed certificate files. - - Certificate names should be in format .crt e.g. sfo01-m01-esx01.sfo.rainpole.io.crt. - - The workflow will put the ESXi host in maintenance mode with full data migration, - disconnect the ESXi host from the vCenter Server, replace the certificate, restart the ESXi host, - and the exit maintenance mode once the ESXi host is online. + - Certificate names should be in format .crt. + - The workflow will put the ESX host in maintenance mode with full data migration, + disconnect the ESX host from the vCenter, replace the certificate, restart the ESX host, + and the exit maintenance mode once the ESX host is online. .EXAMPLE - Install-VCFCertificate -sddcManager -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-w01 + Install-VcfCertificate -sddcManager -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] This example will connect to SDDC Manager to install the signed certificates for a given workload domain. .EXAMPLE - Install-VCFCertificate -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -migratePowerOffVMs -vsanDataMigrationMode EnsureAccessibility -certificateDirectory F:\certificates -certificateFileExt ".cer" - This example will install the certificate to the ESXi host sfo01-m01-esx01.sfo.rainpole.io in sfo-m01 workload domain using the provided path. - For VMware Cloud Foundation version 5.1 and earlier, the ESXi hosts will enter maintenance mode with vSAN data migration Mode set to 'EnsureAccessibility'. - Any powered off virtual machines will be migrated off the ESXi hosts prior to entering maintenance mode. + Install-VcfCertificate -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -esxiFqdn [esx_host_fqdn] -migratePowerOffVMs -vsanDataMigrationMode EnsureAccessibility -certificateDirectory [certificate_directory_path] -certificateFileExt ".cer" + This example will install the certificate to the ESX host in the workload domain using the provided path. + For VMware Cloud Foundation version 5.1 and earlier, the ESX hosts will enter maintenance mode with vSAN data migration Mode set to 'EnsureAccessibility'. + Any powered off virtual machines will be migrated off the ESX hosts prior to entering maintenance mode. .EXAMPLE - Install-VCFCertificate -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -certificateDirectory F:\certificates -certificateFileExt ".cer" - This example will install certificates for each ESXi host in the sfo-m01-cl01 cluster within the sfo-m01 workload domain, using the provided path. + Install-VcfCertificate -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -certificateDirectory [certificate_directory_path] -certificateFileExt ".cer" + This example will install certificates for each ESX host in the cluster within the workload domain, using the provided path. For VMware Cloud Foundation 5.2 or later, the vsanDataMigrationMode option is no longer applicable. - For VMware Cloud Foundation 5.1 and earlier, by default the ESXi hosts will enter maintenance mode with vSAN data migration Mode set to 'Full data migration'. - Any powered off virtual machines will not be migrated off the ESXi hosts prior to entering maintenance mode. + For VMware Cloud Foundation 5.1 and earlier, by default the ESX hosts will enter maintenance mode with vSAN data migration Mode set to 'Full data migration'. + Any powered off virtual machines will not be migrated off the ESX hosts prior to entering maintenance mode. .EXAMPLE - Install-VCFCertificate -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -certificateDirectory F:\certificates -certificateFileExt ".cer" -uploadPrivateKey - This example will install private keys and certificates for each ESXi host in the sfo-m01-cl01 cluster within the sfo-m01 workload domain, using the provided path. + Install-VcfCertificate -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -certificateDirectory [certificate_directory_path] -certificateFileExt ".cer" -uploadPrivateKey + This example will install private keys and certificates for each ESX host in the cluster within the workload domain, using the provided path. The 'uploadprivatekey' parameter is only validated for VMware Cloud Foundation version is 5.2 or later. .PARAMETER server @@ -2272,13 +2272,13 @@ Function Install-VCFCertificate { The password to authenticate to the SDDC Manager instance. .PARAMETER domain - The name of the domain in which the certificate is requested to be installed or in which the ESXi hosts are located. + The name of the domain in which the certificate is requested to be installed or in which the ESX hosts are located. .PARAMETER cluster - The name of the cluster in which the ESXi host is located. (Only required when -esxi switch is used) + The name of the cluster in which the ESX host is located. (Only required when -esxi switch is used) .PARAMETER esxiFqdn - The fully qualified domain name of the ESXi host. (Only required when -esxi switch is used) + The fully qualified domain name of the ESX host. (Only required when -esxi switch is used) .PARAMETER certificateDirectory The directory containing the signed certificate files. (Only required when -esxi switch is used) @@ -2287,22 +2287,22 @@ Function Install-VCFCertificate { The file extension of the certificate files. One of ".crt", ".cer", ".pem", ".p7b", or ".p7c". (Only required when -esxi switch is used) .PARAMETER timeout - The timeout in seconds for putting the ESXi host in maintenance mode. Default is 18000 seconds (5 hours). (Only required when -esxi switch is used) + The timeout in seconds for putting the ESX host in maintenance mode. Default is 18000 seconds (5 hours). (Only required when -esxi switch is used) .PARAMETER esxi - Switch to indicate that the certificate is to be installed on an ESXi host. + Switch to indicate that the certificate is to be installed on an ESX host. .PARAMETER sddcManager - Switch to indicate that the certificate is to be installed for all components associated with the given workload domain, excluding ESXi hosts. + Switch to indicate that the certificate is to be installed for all components associated with the given workload domain, excluding ESX hosts. .PARAMETER migratePowerOffVMs - Option to decide if power off virtual machines and suspended virtual machines will be migrated to other ESXi hosts when the ESXi host goes into maintenance mode. + Option to decide if power off virtual machines and suspended virtual machines will be migrated to other ESX hosts when the ESX host goes into maintenance mode. .PARAMETER uploadPrivateKey - Option to upload of a custom Private Key for the ESXi host. + Option to upload of a custom Private Key for the ESX host. .PARAMETER vsanDataMigrationMode - The vSAN data migration mode to use when setting the ESXi host to Maintenance. One of "Full" or "EnsureAccessibility". + The vSAN data migration mode to use when setting the ESX host to Maintenance. One of "Full" or "EnsureAccessibility". .PARAMETER NoConfirmation The cmdlet will not ask for confirmation. @@ -2333,7 +2333,7 @@ Function Install-VCFCertificate { if (Test-VCFConnection -server $server) { if (Test-VCFAuthentication -server $server -user $user -pass $pass) { } else { - Throw "Unable to return vCenter Server details: PRE_VALIDATION_FAILED" + Throw "Unable to return vCenter details: PRE_VALIDATION_FAILED" } } else { Throw "Unable to obtain access token from SDDC Manager ($server), check credentials: PRE_VALIDATION_FAILED" @@ -2369,7 +2369,7 @@ Function Install-VCFCertificate { # Warning Message on using EnsureAccessibility instead of Full Migration if (!($PSBoundParameters.ContainsKey("NoConfirmation")) -and ($vsanDataMigrationMode -eq "EnsureAccessibility")) { - $warningMessage = "Please ensure sufficient backups of the cluster exists. Please ensure the ESXi`n" + $warningMessage = "Please ensure sufficient backups of the cluster exists. Please ensure the ESX`n" $warningMessage += " hosts activities are minimumized during certificate replacement process. `n" $warningMessage += "Please enter yes to confirm: " $proceed = Read-Host $warningMessage @@ -2448,7 +2448,7 @@ Function Install-SddcCertificate { workload domain. .EXAMPLE - Install-SddcCertificate -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -workloadDomain sfo-w01 + Install-SddcCertificate -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -workloadDomain [workload_domain_name] This example will connect to SDDC Manager to install the signed certificates for a given workload domain. .PARAMETER server diff --git a/docs/community/index.md b/docs/community/index.md index 02d11af..bfe5561 100644 --- a/docs/community/index.md +++ b/docs/community/index.md @@ -4,10 +4,3 @@ This PowerShell module is the work of many contributors and the project team app Thank you for your interest in the project. Whether it's a bug report, enhancement, correction, or additional documentation, we greatly value feedback and contributions from our community. - -Name | Role | GitHub | ----------------|--------------|--------------------------------------------------------------| -Bhumitra Nagar | Maintainer | [:fontawesome-brands-github:](https://github.com/bhumitra) | -Gary Blake | Maintainer | [:fontawesome-brands-github:](https://github.com/GaryJBlake) | -Ryan Johnson | Maintainer | [:fontawesome-brands-github:](https://github.com/tenthirtyam)| -Kevin Teng | Collaborator | [:fontawesome-brands-github:](https://github.com/garlicNova) | diff --git a/docs/community/support.md b/docs/community/support.md index 8637a7b..5fdb5ee 100644 --- a/docs/community/support.md +++ b/docs/community/support.md @@ -1,18 +1,25 @@ # Support -:octicons-heart-24:   While this module is not supported by VMware Support Services, it is supported by the project maintainers and its community of users. +:octicons-heart-24:   This module is community-driven and maintained by the project +contributors. It is not officially supported by Broadcom Support but thrives on collaboration and +input from its users. -:octicons-issue-opened-24:   Use the GitHub [issues][issues] to report bugs or suggest enhancements. +:octicons-issue-opened-24:   Use the GitHub [issues][issues] to report bugs or suggest +enhancements. -:octicons-thumbsup-24:   Issues are monitored by the maintainers and are prioritized based on criticality and community [reactions][reactions]. +:octicons-thumbsup-24:   Issues are monitored by the maintainers and are prioritized based on +criticality and community [reactions][reactions]. -:octicons-search-24:   Before opening an issue, please [search the issues][issues-search] and use the reactions to add votes to matching issues. Please include as much information as you can. Details like these are incredibly useful in helping the us evaluate and prioritize any changes: +:octicons-search-24:   Before opening an issue, please [search the issues][issues-search] and +use the reactions to add votes to matching issues. Please include as much information as you can. +Details like these are incredibly useful in helping the us evaluate and prioritize any changes: - A reproducible test case or series of steps. - Any modifications you've made relevant to the bug. - Anything unusual about your environment or deployment. -:octicons-comment-discussion-24:   You can also start a discussion on the GitHub [discussions][discussions] area to ask questions or share ideas. +:octicons-comment-discussion-24:   You can also start a discussion on the GitHub [discussions][discussions] +area to ask questions or share ideas. [discussions]: https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/discussions [issues]: https://github.com/vmware/powershell-module-for-vmware-cloud-foundation-certificate-management/issues diff --git a/docs/documentation/functions/Confirm-CAInvCenterServer.md b/docs/documentation/functions/Confirm-CAInvCenterServer.md index b98b619..ff6c93b 100644 --- a/docs/documentation/functions/Confirm-CAInvCenterServer.md +++ b/docs/documentation/functions/Confirm-CAInvCenterServer.md @@ -2,7 +2,7 @@ ## Synopsis -Verifies the root certificate thumbprint matches with one of the CA thumbprints from vCenter Server instance. +Verifies the root certificate thumbprint matches with one of the CA thumbprints from vCenter instance. ## Syntax @@ -12,7 +12,7 @@ Confirm-CAInvCenterServer [-server] [-user] [-pass] [ ## Description -The `Confirm-CAInvCenterServer` cmdlet gets the thumbprint from the root certificate and matches it with the CA thumbprint from the vCenter Server instance. +The `Confirm-CAInvCenterServer` cmdlet gets the thumbprint from the root certificate and matches it with the CA thumbprint from the vCenter instance. You need to pass in the complete path for the certificate file. @@ -23,10 +23,10 @@ Returns `true` if thumbprint matches, else returns `false`. ### Example 1 ```powershell -Confirm-CAInvCenterServer -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -issuer rainpole -signedCertificate F:\certificates\Root64.cer +Confirm-CAInvCenterServer -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -issuer [issuer_name] -signedCertificate [full_certificate_file_path] ``` -This example matches the thumbprint of provided root certificate file with the thumbprints on the vCenter Server instance matching the issuer "rainpole". +This example matches the thumbprint of provided root certificate file with the thumbprints on the vCenter instance matching the issuer. ## Parameters @@ -80,7 +80,7 @@ Accept wildcard characters: False ### -domain -The name of the workload domain to retrieve the vCenter Server instance's certificate thumbprints from. +The name of the workload domain to retrieve the vCenter instance's certificate thumbprints from. ```yaml Type: String diff --git a/docs/documentation/functions/Confirm-EsxiCertificateInstalled.md b/docs/documentation/functions/Confirm-EsxiCertificateInstalled.md index 446f435..ca0be9b 100644 --- a/docs/documentation/functions/Confirm-EsxiCertificateInstalled.md +++ b/docs/documentation/functions/Confirm-EsxiCertificateInstalled.md @@ -2,7 +2,7 @@ ## Synopsis -Verifies if the provided certificate is already on the ESXi host. +Verifies if the provided certificate is already on the ESX host. ## Syntax @@ -12,7 +12,7 @@ Confirm-EsxiCertificateInstalled [-server] [-user] [-pass] [-user] [-pass] [-d ## Description -The `Get-EsxiCertificateMode` cmdlet retrieves the certificate management mode value from vCenter Server instance for a workload domain. +The `Get-EsxiCertificateMode` cmdlet retrieves the certificate management mode value from vCenter instance for a workload domain. ## Examples ### Example 1 ```powershell -Get-EsxiCertificateMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 +Get-EsxiCertificateMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] ``` -This example retrieves the certificate management mode value for the vCenter Server instance for the workload domain sfo-m01. +This example retrieves the certificate management mode value for the vCenter instance for the workload domain. ## Parameters diff --git a/docs/documentation/functions/Get-EsxiHostVsanMaintenanceModePrecheck.md b/docs/documentation/functions/Get-EsxiHostVsanMaintenanceModePrecheck.md index 421aaa0..a40620f 100644 --- a/docs/documentation/functions/Get-EsxiHostVsanMaintenanceModePrecheck.md +++ b/docs/documentation/functions/Get-EsxiHostVsanMaintenanceModePrecheck.md @@ -2,7 +2,7 @@ ## Synopsis -Checks for any issues when the ESXi host enters a particular vSAN maintenance mode. +Checks for any issues when the ESX host enters a particular vSAN maintenance mode. ## Syntax @@ -12,7 +12,7 @@ Get-EsxiHostVsanMaintenanceModePrecheck [-server] [-user] [-pa ## Description -The `Get-EsxiHostVsanMaintenanceModePrecheck` cmdlet checks if there's any issue for the ESXi host entering a particular vSAN maintenance mode. The cmdlet will halt the script if the pre-check fails. +The `Get-EsxiHostVsanMaintenanceModePrecheck` cmdlet checks if there's any issue for the ESX host entering a particular vSAN maintenance mode. The cmdlet will halt the script if the pre-check fails. If `esxiFqdn` is provided, only the value for that host is returned. @@ -21,18 +21,18 @@ If `esxiFqdn` is provided, only the value for that host is returned. ### Example 1 ```powershell -Get-EsxiHostVsanMaintenanceModePrecheck -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMware1! -domain sfo-m01 -cluster sfo-m01-cl01 -vsanDataMigrationMode Full +Get-EsxiHostVsanMaintenanceModePrecheck -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -vsanDataMigrationMode Full ``` -This example checks each ESXi host within a cluster within the workload domain for any issues when entering maintenance mode with vSAN maintenance mode set to Full migration +This example checks each ESX host within a cluster within the workload domain for any issues when entering maintenance mode with vSAN maintenance mode set to Full migration ### Example 2 ```powershell -Get-EsxiHostVsanMaintenanceModePrecheck -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMware1! -domain sfo-m01 -host sfo01-m01-esx01.sfo.rainpole.io -vsanDataMigrationMode Full +Get-EsxiHostVsanMaintenanceModePrecheck -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -host [esx_host_fqdn] -vsanDataMigrationMode Full ``` -This example checks the ESXi host within the workload domain for any issues when entering maintenance mode with vSAN maintenance mode set to Full migration +This example checks the ESX host within the workload domain for any issues when entering maintenance mode with vSAN maintenance mode set to Full migration ## Parameters @@ -102,7 +102,7 @@ Accept wildcard characters: False ### -cluster -The name of the cluster in which the ESXi host is located. +The name of the cluster in which the ESX host is located. ```yaml Type: String @@ -118,7 +118,7 @@ Accept wildcard characters: False ### -esxiFqdn -The fully qualified domain name of the ESXi host within the workload domain. +The fully qualified domain name of the ESX host within the workload domain. ```yaml Type: String diff --git a/docs/documentation/functions/Get-EsxiLockdownMode.md b/docs/documentation/functions/Get-EsxiLockdownMode.md index db9f062..07f8964 100644 --- a/docs/documentation/functions/Get-EsxiLockdownMode.md +++ b/docs/documentation/functions/Get-EsxiLockdownMode.md @@ -2,7 +2,7 @@ ## Synopsis -Retrieves the ESXi host lockdown mode state from a vCenter Server instance. +Retrieves the ESX host lockdown mode state from a vCenter instance. ## Syntax @@ -12,7 +12,7 @@ Get-EsxiLockdownMode [-server] [-user] [-pass] [-doma ## Description -The `Get-EsxiLockdownMode` cmdlet gets the lockdown mode value for all ESXi hosts in a given cluster or for a given ESXi host within the cluster. +The `Get-EsxiLockdownMode` cmdlet gets the lockdown mode value for all ESX hosts in a given cluster or for a given ESX host within the cluster. If `esxiFqdn` is provided, only the value for that host is returned. @@ -21,18 +21,18 @@ If `esxiFqdn` is provided, only the value for that host is returned. ### Example 1 ```powershell -Get-EsxiLockdownMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 +Get-EsxiLockdownMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] ``` -This example retrieves the lockdown mode for each ESXi host in a cluster. +This example retrieves the lockdown mode for each ESX host in a cluster. ### Example 2 ```powershell -Get-EsxiLockdownMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io +Get-EsxiLockdownMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -esxiFqdn [esx_host_fqdn] ``` -This example retrieves the lockdown mode state for an ESXi host in a given cluster. +This example retrieves the lockdown mode state for an ESX host in a given cluster. ## Parameters @@ -102,7 +102,7 @@ Accept wildcard characters: False ### -cluster -The name of the cluster in which the ESXi host is located. +The name of the cluster in which the ESX host is located. ```yaml Type: String @@ -118,7 +118,7 @@ Accept wildcard characters: False ### -esxiFqdn -The fully qualified domain name of the ESXi host to retrieve the lockdown mode state for. +The fully qualified domain name of the ESX host to retrieve the lockdown mode state for. ```yaml Type: String diff --git a/docs/documentation/functions/Get-VCFCertificateThumbprint.md b/docs/documentation/functions/Get-VcfCertificateThumbprint.md similarity index 56% rename from docs/documentation/functions/Get-VCFCertificateThumbprint.md rename to docs/documentation/functions/Get-VcfCertificateThumbprint.md index cb20c18..b8af348 100644 --- a/docs/documentation/functions/Get-VCFCertificateThumbprint.md +++ b/docs/documentation/functions/Get-VcfCertificateThumbprint.md @@ -1,58 +1,58 @@ -# Get-VCFCertificateThumbprint +# Get-VcfCertificateThumbprint ## Synopsis -Retrieves certificate thumbprints for ESXi hosts or vCenter Server instances. +Retrieves certificate thumbprints for ESX hosts or vCenter instances. ## Syntax -### Certificate Thumbprint from an ESXi Host +### Certificate Thumbprint from an ESX Host ```powershell -Get-VCFCertificateThumbprint [-esxi] [-server] [-user] [-pass] [-esxiFqdn] [] +Get-VcfCertificateThumbprint [-esxi] [-server] [-user] [-pass] [-esxiFqdn] [] ``` -### Certificate Thumbprint from a vCenter Server Instance +### Certificate Thumbprint from a vCenter Instance ```powershell -Get-VCFCertificateThumbprint [-vcenter] [-server] [-user] [-pass] [-domain] [[-issuer] ] [] +Get-VcfCertificateThumbprint [-vcenter] [-server] [-user] [-pass] [-domain] [[-issuer] ] [] ``` ## Description -The `Get-VCFCertificateThumbprint` cmdlet retrieves certificate thumbprints for ESXi hosts or vCenter Server instances. +The `Get-VcfCertificateThumbprint` cmdlet retrieves certificate thumbprints for ESX hosts or vCenter instances. ## Examples ### Example 1 ```powershell -Get-VCFCertificateThumbprint -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io +Get-VcfCertificateThumbprint -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -esxiFqdn [esx_host_fqdn] ``` -This example retrieves the ESXi host's certificate thumbprint for an ESXi host with The fully qualified domain name of sfo01-m01-esx01.sfo.rainpole.io. +This example retrieves the ESX host's certificate thumbprint for an ESX host. ### Example 2 ```powershell -Get-VCFCertificateThumbprint -vcenter -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 +Get-VcfCertificateThumbprint -vcenter -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] ``` -This example retrieves the certificate thumbprints for the vCenter Server instance belonging to the domain sfo-m01. +This example retrieves the certificate thumbprints for the vCenter instance belonging to the domain. ### Example 3 ```powershell -Get-VCFCertificateThumbprint -vcenter -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -issuer rainpole +Get-VcfCertificateThumbprint -vcenter -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -issuer [issuer_name] ``` -This example retrieves the vCenter Server instance's certificate thumbprints for the vCenter Server instance belonging to domain sfo-m01 and a matching issuer "rainpole". +This example retrieves the vCenter instance's certificate thumbprints for the vCenter instance belonging to domain and a matching issuer. ## Parameters ### -esxi -Switch to retrieve the certificate thumbprint for an ESXi host. +Switch to retrieve the certificate thumbprint for an ESX host. ```yaml Type: SwitchParameter @@ -68,7 +68,7 @@ Accept wildcard characters: False ### -vcenter -Switch to retrieve the certificate thumbprints for a vCenter Server instance. +Switch to retrieve the certificate thumbprints for a vCenter instance. ```yaml Type: SwitchParameter @@ -132,7 +132,7 @@ Accept wildcard characters: False ### -esxiFqdn -The fully qualified domain name of the ESXi host to retrieve the certificate thumbprint. +The fully qualified domain name of the ESX host to retrieve the certificate thumbprint. ```yaml Type: String @@ -148,7 +148,7 @@ Accept wildcard characters: False ### -domain -The name of the workload domain to retrieve the vCenter Server instance's certificate thumbprints from. +The name of the workload domain to retrieve the vCenter instance's certificate thumbprints from. ```yaml Type: String @@ -164,7 +164,7 @@ Accept wildcard characters: False ### -issuer -The name of the issuer to match with the vCenter Server instance's certificate thumbprints. +The name of the issuer to match with the vCenter instance's certificate thumbprints. ```yaml Type: String diff --git a/docs/documentation/functions/Get-vSANHealthSummary.md b/docs/documentation/functions/Get-vSANHealthSummary.md index 7304f2b..e375153 100644 --- a/docs/documentation/functions/Get-vSANHealthSummary.md +++ b/docs/documentation/functions/Get-vSANHealthSummary.md @@ -2,7 +2,7 @@ ## Synopsis -Retrieves the vSAN health summary from vCenter Server for a cluster. +Retrieves the vSAN health summary from vCenter for a cluster. ## Syntax @@ -12,7 +12,7 @@ Get-vSANHealthSummary [-server] [-user] [-pass] [-dom ## Description -The `Get-vSANHealthSummary` cmdlet gets the vSAN health summary from vCenter Server for a cluster. +The `Get-vSANHealthSummary` cmdlet gets the vSAN health summary from vCenter for a cluster. If any status is YELLOW or RED, a WARNING or ERROR will be raised. @@ -21,10 +21,10 @@ If any status is YELLOW or RED, a WARNING or ERROR will be raised. ### Example 1 ```powershell -Get-vSANHealthSummary -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 +Get-vSANHealthSummary -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] ``` -This example gets the vSAN health summary for cluster sfo-m01-cl01. +This example gets the vSAN health summary for cluster. ## Parameters diff --git a/docs/documentation/functions/Install-VCFCertificate.md b/docs/documentation/functions/Install-VcfCertificate.md similarity index 60% rename from docs/documentation/functions/Install-VCFCertificate.md rename to docs/documentation/functions/Install-VcfCertificate.md index 4835634..d3c2781 100644 --- a/docs/documentation/functions/Install-VCFCertificate.md +++ b/docs/documentation/functions/Install-VcfCertificate.md @@ -1,47 +1,47 @@ -# Install-VCFCertificate +# Install-VcfCertificate ## Synopsis -Installs the signed certificates for all components associated with the given workload domain, or an ESXi Host or for each ESXi host in a given cluster. +Installs the signed certificates for all components associated with the given workload domain, or an ESX Host or for each ESX host in a given cluster. ## Syntax ### Installing Certificates for a Workload Domain ```powershell -Install-VCFCertificate [-sddcManager] [-server] [-user] [-pass] [-workloadDomain] [] +Install-VcfCertificate [-sddcManager] [-server] [-user] [-pass] [-workloadDomain] [] ``` -### Installing Certificates ESXi Hosts in a Cluster +### Installing Certificates ESX Hosts in a Cluster ```powershell -Install-VCFCertificate [-esxi] [-server] [-user] [-pass] [-domain] [-cluster] [-vsanDataMigrationMode] [-migratePowerOffVMs] [-certificateDirectory] [-certificateFileExt] [[-timeout] ] [-NoConfirmation] [] +Install-VcfCertificate [-esxi] [-server] [-user] [-pass] [-domain] [-cluster] [-vsanDataMigrationMode] [-migratePowerOffVMs] [-certificateDirectory] [-certificateFileExt] [[-timeout] ] [-NoConfirmation] [] ``` -### Installing a Certificate for an ESXi Host +### Installing a Certificate for an ESX Host ```powershell -Install-VCFCertificate [-esxi] [-server] [-user] [-pass] [-domain] [-esxiFqdn] [-vsanDataMigrationMode] [-migratePowerOffVMs] [-certificateDirectory] [-certificateFileExt] [[-timeout] ] [-NoConfirmation] [] +Install-VcfCertificate [-esxi] [-server] [-user] [-pass] [-domain] [-esxiFqdn] [-vsanDataMigrationMode] [-migratePowerOffVMs] [-certificateDirectory] [-certificateFileExt] [[-timeout] ] [-NoConfirmation] [] ``` ## Description -The `Install-VCFCertificate` will install the signed certificates for all components associated with the given workload domain when used with the `-sddcManager` switch. +The `Install-VcfCertificate` will install the signed certificates for all components associated with the given workload domain when used with the `-sddcManager` switch. -The `Install-VCFCertificate` will replace the certificate for an ESXi host or for each ESXi host in a cluster when used with the `-esxi` switch. +The `Install-VcfCertificate` will replace the certificate for an ESX host or for each ESX host in a cluster when used with the `-esxi` switch. When used with the `-esxi` switch, this cmdlet: - You must provide the directory containing the signed certificate files. -- Certificate names should be in format `.crt` (_e.g._, `sfo01-m01-esx01.sfo.rainpole.io.crt`.) -- The workflow will put the ESXi host in maintenance mode with full data migration, disconnect the ESXi host from the vCenter Server, replace the certificate, restart the ESXi host, and the exit maintenance mode once the ESXi host is online. +- Certificate names should be in format`.crt`. +- The workflow will put the ESX host in maintenance mode with full data migration, disconnect the ESX host from the vCenter, replace the certificate, restart the ESX host, and the exit maintenance mode once the ESX host is online. ## Examples ### Example 1 ```powershell -Install-VCFCertificate -sddcManager -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -workloadDomain sfo-w01 +Install-VcfCertificate -sddcManager -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -workloadDomain [workload_domain_name] ``` This example will connect to SDDC Manager to install the signed certificates for a given workload domain. @@ -49,32 +49,32 @@ This example will connect to SDDC Manager to install the signed certificates for ### Example 2 ```powershell -Install-VCFCertificate -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -migratePowerOffVMs -vsanDataMigrationMode EnsureAccessibility -certificateDirectory F:\certificates -certificateFileExt ".cer" +Install-VcfCertificate -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -esxiFqdn [esx_host_fqdn] -migratePowerOffVMs -vsanDataMigrationMode EnsureAccessibility -certificateDirectory [certificate_directory_path] -certificateFileExt ".cer" ``` -This example will install the certificate to the ESXi host sfo01-m01-esx01.sfo.rainpole.io in sfo-m01 workload domain using the provided path. +This example will install the certificate to the ESX host sfo01-m01-esx01.sfo.rainpole.io in sfo-m01 workload domain using the provided path. -For VMware Cloud Foundation 5.1 or earlier, the ESXi host will enter maintenance mode with vSAN data migration Mode set to `EnsureAccessibility`. Any powered off virtual machines will be migrated off the ESXi host prior to entering maintenance mode. +For VMware Cloud Foundation 5.1 or earlier, the ESX host will enter maintenance mode with vSAN data migration Mode set to `EnsureAccessibility`. Any powered off virtual machines will be migrated off the ESX host prior to entering maintenance mode. ### EXAMPLE 3 ```powershell -Install-VCFCertificate -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -certificateDirectory F:\certificates -certificateFileExt ".cer" +Install-VcfCertificate -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -certificateDirectory [certificate_directory_path] -certificateFileExt ".cer" ``` -This example will install certificates for each ESXi host in the sfo-m01-cl01 cluster within the sfo-m01 workload domain, using the provided path. +This example will install certificates for each ESX host in the sfo-m01-cl01 cluster within the sfo-m01 workload domain, using the provided path. For VMware Cloud Foundation 5.2 or later, the `vsanDataMigrationMode` option is no longer applicable. -For VMware Cloud Foundation 5.1 or earlier, by default the ESXi hosts will enter maintenance mode with vSAN data migration Mode set to `Full data migration`. Any powered off virtual machines will not be migrated off the ESXi hosts prior to entering maintenance mode. +For VMware Cloud Foundation 5.1 or earlier, by default the ESX hosts will enter maintenance mode with vSAN data migration Mode set to `Full data migration`. Any powered off virtual machines will not be migrated off the ESX hosts prior to entering maintenance mode. ### EXAMPLE 4 ```powershell -Install-VCFCertificate -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -certificateDirectory F:\certificates -certificateFileExt ".cer" -uploadPrivateKey +Install-VcfCertificate -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -certificateDirectory [certificate_directory_path] -certificateFileExt ".cer" -uploadPrivateKey ``` -This example will install private keys and certificates for each ESXi host in the sfo-m01-cl01 cluster within the sfo-m01 workload domain, using the provided path. +This example will install private keys and certificates for each ESX host in the sfo-m01-cl01 cluster within the sfo-m01 workload domain, using the provided path. The `uploadPrivateKey` parameter is only validated for VMware Cloud Foundation version is 5.2 or later. @@ -82,7 +82,7 @@ The `uploadPrivateKey` parameter is only validated for VMware Cloud Foundation v ### -esxi -Switch to indicate that the certificate is to be installed on an ESXi host. +Switch to indicate that the certificate is to be installed on an ESX host. ```yaml Type: SwitchParameter @@ -98,7 +98,7 @@ Accept wildcard characters: False ### -sddcManager -Switch to indicate that the certificate is to be installed for all components associated with the given workload domain, excluding ESXi hosts. +Switch to indicate that the certificate is to be installed for all components associated with the given workload domain, excluding ESX hosts. ```yaml Type: SwitchParameter @@ -162,7 +162,7 @@ Accept wildcard characters: False ### -domain -The name of the workload domain in which the certificate is requested to be installed or where the ESXi host is located. +The name of the workload domain in which the certificate is requested to be installed or where the ESX host is located. ```yaml Type: String @@ -178,7 +178,7 @@ Accept wildcard characters: False ### -cluster -The name of the cluster in which the ESXi host is located. +The name of the cluster in which the ESX host is located. ```yaml Type: String @@ -194,7 +194,7 @@ Accept wildcard characters: False ### -esxiFqdn -The fully qualified domain name of the ESXi host. +The fully qualified domain name of the ESX host. ```yaml Type: String @@ -243,7 +243,7 @@ Accept wildcard characters: False ### -timeout -The timeout in seconds for putting the ESXi host in maintenance mode. +The timeout in seconds for putting the ESX host in maintenance mode. Default is 18000 seconds (5 hours). ```yaml @@ -276,7 +276,7 @@ Accept wildcard characters: False ### -migratePowerOffVMs -Option to decide if power off virtual machines and suspended virtual machines will be migrated to other ESXi hosts when the ESXi host goes into maintenance mode. +Option to decide if power off virtual machines and suspended virtual machines will be migrated to other ESX hosts when the ESX host goes into maintenance mode. ```yaml Type: Switch @@ -292,7 +292,7 @@ Accept wildcard characters: False ### -NoConfirmation -Option to skip Confirmation warning when performing the ESXi host certificate replacement. +Option to skip Confirmation warning when performing the ESX host certificate replacement. ```yaml Type: Switch @@ -308,7 +308,7 @@ Accept wildcard characters: False ### -uploadPrivateKey -Option to upload an external private key when performing the ESXi host certificate replacement. Supported on VMware Cloud Foundation 5.2 or later +Option to upload an external private key when performing the ESX host certificate replacement. Supported on VMware Cloud Foundation 5.2 or later ```yaml Type: Switch diff --git a/docs/documentation/functions/Request-VCFCsr.md b/docs/documentation/functions/Request-VcfCsr.md similarity index 73% rename from docs/documentation/functions/Request-VCFCsr.md rename to docs/documentation/functions/Request-VcfCsr.md index 5af56f0..2df917e 100644 --- a/docs/documentation/functions/Request-VCFCsr.md +++ b/docs/documentation/functions/Request-VcfCsr.md @@ -1,60 +1,60 @@ -# Request-VCFCsr +# Request-VcfCsr ## Synopsis -Requests SDDC Manager to generate and store certificate signing request (CSR) files or requests a certificate signing request for either an ESXi host or a for each ESXi host in a cluster and saves it to file(s) in a directory. +Requests SDDC Manager to generate and store certificate signing request (CSR) files or requests a certificate signing request for either an ESX host or a for each ESX host in a cluster and saves it to file(s) in a directory. ## Syntax ### Certificate Signing Requests for a Workload Domain ```powershell -Request-VCFCsr [-sddcManager] [-server] [-user] [-pass] [-workloadDomain] [-country] [-keySize] [-locality] [-organization] [-organizationUnit] [-stateOrProvince] [-email] [] +Request-VcfCsr [-sddcManager] [-server] [-user] [-pass] [-workloadDomain] [-country] [-keySize] [-locality] [-organization] [-organizationUnit] [-stateOrProvince] [-email] [] ``` -### Certificate Signing Request for all ESXi Hosts in a Cluster +### Certificate Signing Request for all ESX Hosts in a Cluster ```powershell -Request-VCFCsr [-esxi] [-server] [-user] [-pass] [-domain] [-cluster] [-outputDirectory] [-country] [-locality] [-organization] [-organizationUnit] [-stateOrProvince] [] +Request-VcfCsr [-esxi] [-server] [-user] [-pass] [-domain] [-cluster] [-outputDirectory] [-country] [-locality] [-organization] [-organizationUnit] [-stateOrProvince] [] ``` -### Certificate Signing Request for an ESXi Host +### Certificate Signing Request for an ESX Host ```powershell -Request-VCFCsr [-esxi] [-server] [-user] [-pass] [-domain] [-cluster] [-esxiFqdn] [-outputDirectory] [-country] [-locality] [-organization] [-organizationUnit] [-stateOrProvince] [] +Request-VcfCsr [-esxi] [-server] [-user] [-pass] [-domain] [-cluster] [-esxiFqdn] [-outputDirectory] [-country] [-locality] [-organization] [-organizationUnit] [-stateOrProvince] [] ``` ## Description - The `Request-VCFCsr` will request SDDC Manager to generate certificate signing request files for all components associated with the given domain when used with `-sddcManager` switch. - The `Request-VCFCsr` will generate the certificate signing request for ESXi host(s) and saves it to file(s) in an output directory when used with `-esxi` switch. + The `Request-VcfCsr` will request SDDC Manager to generate certificate signing request files for all components associated with the given domain when used with `-sddcManager` switch. + The `Request-VcfCsr` will generate the certificate signing request for ESX host(s) and saves it to file(s) in an output directory when used with `-esxi` switch. The cmdlet connects to the SDDC Manager using the `-server`, `-user`, and `-password` values. - Validates that network connectivity and authentication is possible to SDDC Manager. - Validates that the workload domain exists in the SDDC Manager inventory. -- Validates that network connectivity and authentication is possible to vCenter Server. +- Validates that network connectivity and authentication is possible to vCenter. - Defines possible country codes. [Reference](https://www.digicert.com/kb/ssl-certificate-country-codes.htm) When used with the `-esxi` switch, this cmdlet: -- Gathers the ESXi hosts from the cluster. -- Requests the ESXi host CSR and saves it in the output directory as `.csr` (_e.g._, `sfo01-m01-esx01.sfo.rainpole.io.csr`.) +- Gathers the ESX hosts from the cluster. +- Requests the ESX host CSR and saves it in the output directory as `.csr` (_e.g._, `sfo01-m01-esx01.sfo.rainpole.io.csr`.) ## Examples ### Example 1 ```powershell -Request-VCFCsr -esxi -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -country US -locality "Palo Alto" -organization "Rainpole" -organizationUnit "Engineering" -stateOrProvince "California" -outputDirectory F:\csr +Request-VcfCsr -esxi -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -country [country] -locality [locality] -organization [organization] -organizationUnit [organization_unit] -stateOrProvince [state_or_province] -outputDirectory [output_path] ``` -This example generates CSRs and stores them in the provided output directory for all ESXi hosts in the cluster sfo-m01-cl01 with the specified fields. +This example generates CSRs and stores them in the provided output directory for all ESX hosts in the cluster with the specified fields. ### Example 2 ```powershell -Request-VCFCsr -sddcManager -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-w01 -country US -keysize "3072" -locality "San Francisco" -organization "Rainpole" -organizationUnit "IT" -stateOrProvince "California" -email "admin@rainpole.io" +Request-VcfCsr -sddcManager -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -country [country] -keysize [keysize] -locality [locality] -organization [organization] -organizationUnit [organization_unit] -stateOrProvince [state_or_province] -email [email_address] ``` This example will request SDDC Manager to generate certificate signing request files for all components associated with the given workload domain. @@ -63,7 +63,7 @@ This example will request SDDC Manager to generate certificate signing request f ### -esxi -Switch to request and save certificate signing request files for ESXi hosts +Switch to request and save certificate signing request files for ESX hosts ```yaml Type: SwitchParameter @@ -159,7 +159,7 @@ Accept wildcard characters: False ### -cluster -The name of the cluster in which the ESXi host is located. +The name of the cluster in which the ESX host is located. ```yaml Type: String @@ -175,7 +175,7 @@ Accept wildcard characters: False ### -esxiFqdn -The fully qualified domain name of the ESXi host to request certificate signing request (CSR) for. +The fully qualified domain name of the ESX host to request certificate signing request (CSR) for. ```yaml Type: String diff --git a/docs/documentation/functions/Request-VCFSignedCertificate.md b/docs/documentation/functions/Request-VcfSignedCertificate.md similarity index 81% rename from docs/documentation/functions/Request-VCFSignedCertificate.md rename to docs/documentation/functions/Request-VcfSignedCertificate.md index 252fd4b..f884aab 100644 --- a/docs/documentation/functions/Request-VCFSignedCertificate.md +++ b/docs/documentation/functions/Request-VcfSignedCertificate.md @@ -1,4 +1,4 @@ -# Request-VCFSignedCertificate +# Request-VcfSignedCertificate ## Synopsis @@ -7,30 +7,30 @@ Requests SDDC Manager to connect to certificate authority to sign the certificat ## Syntax ```powershell -Request-VCFSignedCertificate [-server] [-user] [-pass] [-workloadDomain] [-certAuthority] [] +Request-VcfSignedCertificate [-server] [-user] [-pass] [-workloadDomain] [-certAuthority] [] ``` ## Description -The `Request-VCFSignedCertificate` will request SDDC Manager to connect to the certificate authority to sign the generated certificate signing request files for all components associated with the given workload domain +The `Request-VcfSignedCertificate` will request SDDC Manager to connect to the certificate authority to sign the generated certificate signing request files for all components associated with the given workload domain ## Examples ### Example 1 ```powershell -Request-VCFSignedCertificate -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -workloadDomain sfo-w01 -certAuthority Microsoft +Request-VcfSignedCertificate -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -workloadDomain [workload_domain_name] -certAuthority Microsoft ``` -This example will connect to SDDC Manager to request to have the certificate signing request files for a given workload domain to be signed by Microsft CA +This example will connect to SDDC Manager to request to have the certificate signing request files for a given workload domain to be signed by Microsft CA. ### Example 2 ```powershell -Request-VCFSignedCertificate -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -workloadDomain sfo-w01 -certAuthority OpenSSL +Request-VcfSignedCertificate -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -workloadDomain [workload_domain_name] -certAuthority OpenSSL ``` -This example will connect to SDDC Manager to request to have the certificate signing request files for a given workload domain to be signed by OpenSSL CA +This example will connect to SDDC Manager to request to have the certificate signing request files for a given workload domain to be signed by OpenSSL CA. ## Parameters diff --git a/docs/documentation/functions/Restart-EsxiHost.md b/docs/documentation/functions/Restart-EsxiHost.md index 83b8667..9d9d32a 100644 --- a/docs/documentation/functions/Restart-EsxiHost.md +++ b/docs/documentation/functions/Restart-EsxiHost.md @@ -2,7 +2,7 @@ ## Synopsis -Restarts an ESXi host and poll for connection availability. +Restarts an ESX host and poll for connection availability. ## Syntax @@ -12,7 +12,7 @@ Restart-EsxiHost [-esxiFqdn] [-user] [-pass] [[-poll] ## Description -The `Restart-EsxiHost` cmdlet restarts an ESXi host and polls for connection availability. +The `Restart-EsxiHost` cmdlet restarts an ESX host and polls for connection availability. Timeout value is in seconds. @@ -21,16 +21,16 @@ Timeout value is in seconds. ### Example 1 ```powershell -Restart-EsxiHost -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -user root -pass VMw@re1! -poll $true -timeout 1800 -pollInterval 30 +Restart-EsxiHost -esxiFqdn [esx_host_fqdn] -user [admin_username] -pass [admin_password] -poll $true -timeout 1800 -pollInterval 30 ``` -This example restarts an ESXi host and polls the connection availability every 30 seconds. It will timeout after 1800 seconds. +This example restarts an ESX host and polls the connection availability every 30 seconds. It will timeout after 1800 seconds. ## Parameters ### -esxiFqdn -The fully qualified domain name of the ESXi host. +The fully qualified domain name of the ESX host. ```yaml Type: String @@ -46,7 +46,7 @@ Accept wildcard characters: False ### -user -The username to authenticate to the ESXi host. +The username to authenticate to the ESX host. ```yaml Type: String @@ -62,7 +62,7 @@ Accept wildcard characters: False ### -pass -The password to authenticate to the ESXi host. +The password to authenticate to the ESX host. ```yaml Type: String @@ -78,7 +78,7 @@ Accept wildcard characters: False ### -poll -Poll for connection availability after restarting the ESXi host. +Poll for connection availability after restarting the ESX host. Default is true. ```yaml diff --git a/docs/documentation/functions/Set-EsxiCertificateMode.md b/docs/documentation/functions/Set-EsxiCertificateMode.md index 0d4c0da..bebc619 100644 --- a/docs/documentation/functions/Set-EsxiCertificateMode.md +++ b/docs/documentation/functions/Set-EsxiCertificateMode.md @@ -2,7 +2,7 @@ ## Synopsis -Sets the certificate management mode in vCenter Server for the ESXi hosts in a workload domain. +Sets the certificate management mode in vCenter for the ESX hosts in a workload domain. ## Syntax @@ -12,17 +12,17 @@ Set-EsxiCertificateMode [-server] [-user] [-pass] [-d ## Description -The `Set-EsxiCertificateMode` cmdlet sets the certificate management mode in vCenter Server for the ESXi hosts in a workload domain. +The `Set-EsxiCertificateMode` cmdlet sets the certificate management mode in vCenter for the ESX hosts in a workload domain. ## Examples ### Example 1 ```powershell -Set-EsxiCertificateMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -mode custom +Set-EsxiCertificateMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -mode custom ``` -This example sets the certificate management mode to custom in vCenter Server for the ESXi hosts in workload domain sfo-m01. +This example sets the certificate management mode to custom in vCenter for the ESX hosts in workload domain. ## Parameters @@ -76,7 +76,7 @@ Accept wildcard characters: False ### -domain -The name of the workload domain to set the vCenter Server instance certificate management mode setting for. +The name of the workload domain to set the vCenter instance certificate management mode setting for. ```yaml Type: String @@ -92,7 +92,7 @@ Accept wildcard characters: False ### -mode -The certificate management mode to set in vCenter Server. +The certificate management mode to set in vCenter. One of "custom" or "vmca". ```yaml diff --git a/docs/documentation/functions/Set-EsxiLockdownMode.md b/docs/documentation/functions/Set-EsxiLockdownMode.md index 77be621..ad8e3b1 100644 --- a/docs/documentation/functions/Set-EsxiLockdownMode.md +++ b/docs/documentation/functions/Set-EsxiLockdownMode.md @@ -2,7 +2,7 @@ ## Synopsis -Sets the lockdown mode for all ESXi hosts in a given cluster. +Sets the lockdown mode for all ESX hosts in a given cluster. ## Syntax @@ -21,25 +21,25 @@ Set-EsxiLockdownMode [-server] [-user] [-pass] [-doma ## Description -The `Set-EsxiLockdownMode` cmdlet sets the lockdown mode for all ESXi hosts in a given cluster. +The `Set-EsxiLockdownMode` cmdlet sets the lockdown mode for all ESX hosts in a given cluster. ## Examples ### Example 1 ```powershell -Set-EsxiLockdownMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -enable +Set-EsxiLockdownMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -enable ``` -This example will enable the lockdown mode for all ESXi hosts in a cluster. +This example will enable the lockdown mode for all ESX hosts in a cluster. ### Example 2 ```powershell -Set-EsxiLockdownMode -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -disable +Set-EsxiLockdownMode -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -disable ``` -This example will disable the lockdown mode for all ESXi hosts in a cluster. +This example will disable the lockdown mode for all ESX hosts in a cluster. ## Parameters @@ -109,7 +109,7 @@ Accept wildcard characters: False ### -cluster -The name of the cluster in which the ESXi host is located. +The name of the cluster in which the ESX host is located. ```yaml Type: String @@ -125,7 +125,7 @@ Accept wildcard characters: False ### -enable -Enable lockdown mode for the ESXi host(s). +Enable lockdown mode for the ESX host(s). ```yaml Type: SwitchParameter @@ -141,7 +141,7 @@ Accept wildcard characters: False ### -disable -Disable lockdown mode for the ESXi host(s). +Disable lockdown mode for the ESX host(s). ```yaml Type: SwitchParameter diff --git a/docs/documentation/functions/Set-VCFCertificateAuthority.md b/docs/documentation/functions/Set-VcfCertificateAuthority.md similarity index 84% rename from docs/documentation/functions/Set-VCFCertificateAuthority.md rename to docs/documentation/functions/Set-VcfCertificateAuthority.md index a921dcb..0e4353c 100644 --- a/docs/documentation/functions/Set-VCFCertificateAuthority.md +++ b/docs/documentation/functions/Set-VcfCertificateAuthority.md @@ -1,4 +1,4 @@ -# Set-VCFCertificateAuthority +# Set-VcfCertificateAuthority ## Synopsis @@ -9,33 +9,33 @@ Sets the certificate authority in SDDC Manager to use a Microsoft Certificate Au ### Microsoft Certificate Authority ```powershell -Set-VCFCertificateAuthority [-certAuthority] [-server] [-user] [-pass] [-certAuthorityFqdn] [-certAuthorityUser] [-certAuthorityPass] [-certAuthorityTemplate] [] +Set-VcfCertificateAuthority [-certAuthority] [-server] [-user] [-pass] [-certAuthorityFqdn] [-certAuthorityUser] [-certAuthorityPass] [-certAuthorityTemplate] [] ``` ### OpenSSL Certificate Authority ```powershell -Set-VCFCertificateAuthority [-certAuthority] [-server] [-user] [-pass] [-commonName] [-organization] [-organizationUnit] [-locality] [-state] [-country] [] +Set-VcfCertificateAuthority [-certAuthority] [-server] [-user] [-pass] [-commonName] [-organization] [-organizationUnit] [-locality] [-state] [-country] [] ``` ## Description -The `Set-VCFCertificateAuthority` will configure Microsoft Certificate Authority or OpenSSL Certificate Authority as SDDC Manager's Certificate Authority. +The `Set-VcfCertificateAuthority` will configure Microsoft Certificate Authority or OpenSSL Certificate Authority as SDDC Manager's Certificate Authority. ## Examples ### Example 1 ```powershell -Set-VCFCertificateAuthority -certAuthority Microsoft -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -certAuthorityFqdn rpl-ad01.rainpole.io -certAuthorityUser svc-vcf-ca -certAuthorityPass VMw@re1! -certAuthorityTemplate VMware +Set-VcfCertificateAuthority -certAuthority Microsoft -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -certAuthorityFqdn [certificate_authority_fqdn] -certAuthorityUser [certificate_authority_username] -certAuthorityPass [certificate_authority_password] -certAuthorityTemplate [certificate_authority_template_name] ``` -This example will configure Microsoft Certificate Authority `rpl-ad01.rainpole.io` in SDDC Manager. +This example will configure Microsoft Certificate Authority in SDDC Manager. ### Example 2 ```powershell -Set-VCFCertificateAuthority -certAuthority OpenSSL -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -commonName "sfo-vcf01.sfo.rainpole.io" -organization "Rainpole" -organizationUnit "Platform Engineering" -locality "San Francisco" -state CA -country US +Set-VcfCertificateAuthority -certAuthority OpenSSL -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -commonName [common_name] -organization [organization] -organizationUnit [organization_unit] -locality [locality] -state [state] -country [country] ``` This example will configure an OpenSSL Certificate Authority in SDDC Manager. diff --git a/docs/documentation/functions/Test-EsxiCertMgmtChecks.md b/docs/documentation/functions/Test-EsxiCertMgmtChecks.md index 7a6d825..52a24e7 100644 --- a/docs/documentation/functions/Test-EsxiCertMgmtChecks.md +++ b/docs/documentation/functions/Test-EsxiCertMgmtChecks.md @@ -2,7 +2,7 @@ ## Synopsis -Run the checks required for ESXi Certificate Management for a given cluster or an ESXi host. +Run the checks required for ESX Certificate Management for a given cluster or an ESX host. ## Syntax @@ -12,13 +12,13 @@ Test-EsxiCertMgmtChecks [-server] [-user] [-pass] [-d ## Description -The `Test-EsxiCertMgmtChecks` runs the checks required for ESXi Certificate Management for a given cluster or an ESXi host. +The `Test-EsxiCertMgmtChecks` runs the checks required for ESX Certificate Management for a given cluster or an ESX host. The following checks are run: -- Check ESXi Certificate Mode -- Check ESXi Lockdown Mode -- Confirm Certificate Authority in vCenter Server +- Check ESX Certificate Mode +- Check ESX Lockdown Mode +- Confirm Certificate Authority in vCenter - Check vSAN Health Status ## Examples @@ -26,18 +26,18 @@ The following checks are run: ### Example 1 ```powershell -Test-EsxiCertMgmtChecks -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -issuer rainpole -signedCertificate F:\Certificates\Root64.cer +Test-EsxiCertMgmtChecks -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -issuer [issuer_name] -signedCertificate [full_certificate_file_path] ``` -This example runs the checks required for ESXi Certificate Management for the cluster belonging to the domain sfo-m01. +This example runs the checks required for ESX Certificate Management for the cluster belonging to the domain. ### Example 2 ```powershell -Test-EsxiCertMgmtChecks -server sfo-vcf01.sfo.rainpole.io -user administrator@vsphere.local -pass VMw@re1! -domain sfo-m01 -cluster sfo-m01-cl01 -esxiFqdn sfo01-m01-esx01.sfo.rainpole.io -issuer rainpole -signedCertificate F:\Certificates\Root64.cer +Test-EsxiCertMgmtChecks -server [sddc_manager_fqdn] -user [admin_username] -pass [admin_password] -domain [workload_domain_name] -cluster [cluster_name] -esxiFqdn [esx_host_fqdn] -issuer [issuer_name] -signedCertificate [full_certificate_file_path] ``` -This example runs the checks required for ESXi Certificate Management for an ESXi host belonging to the domain sfo-m01. +This example runs the checks required for ESX Certificate Management for an ESX host belonging to the domain. ## Parameters @@ -91,7 +91,7 @@ Accept wildcard characters: False ### -domain -The name of the workload domain to retrieve the vCenter Server instance's certificate thumbprints from. +The name of the workload domain to retrieve the vCenter instance's certificate thumbprints from. ```yaml Type: String @@ -107,7 +107,7 @@ Accept wildcard characters: False ### -cluster -The name of the cluster in which the ESXi host is located. +The name of the cluster in which the ESX host is located. ```yaml Type: String @@ -155,7 +155,7 @@ Accept wildcard characters: False ### -esxiFqdn -The fully qualified domain name of the ESXi host. +The fully qualified domain name of the ESX host. ```yaml Type: String diff --git a/docs/documentation/user-guide/esxi-certificate-management.md b/docs/documentation/user-guide/esxi-certificate-management.md index fec259a..af2c560 100644 --- a/docs/documentation/user-guide/esxi-certificate-management.md +++ b/docs/documentation/user-guide/esxi-certificate-management.md @@ -1,10 +1,10 @@ -# ESXi Certificate Management +# ESX Certificate Management -This section provides information on how to use the PowerShell module for VMware Cloud Foundation Certificate Management to manage ESXi host certificates across your VMware Cloud Foundation instance. +This section provides information on how to use the PowerShell module for VMware Cloud Foundation Certificate Management to manage ESX host certificates across your VMware Cloud Foundation instance. -## Set the ESXi Certificate Mode in vCenter Server +## Set the ESX Certificate Mode in vCenter -The [`Set-EsxiCertificateMode`](../functions/Set-EsxiCertificateMode.md) cmdlet sets the certificate management mode in vCenter Server for the ESXi hosts in a workload domain. +The [`Set-EsxiCertificateMode`](../functions/Set-EsxiCertificateMode.md) cmdlet sets the certificate management mode in vCenter for the ESX hosts in a workload domain. 1. Start PowerShell (Run as Administrator). @@ -18,7 +18,7 @@ The [`Set-EsxiCertificateMode`](../functions/Set-EsxiCertificateMode.md) cmdlet --8<-- "./docs/snippets/vars-esxi-cer-mode.ps1" ``` -3. Set the ESXi certificate management mode in vCenter Server by running the command in the PowerShell console. +3. Set the ESX certificate management mode in vCenter by running the command in the PowerShell console. ```powershell Set-EsxiCertificateMode -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -mode $mode @@ -26,9 +26,9 @@ The [`Set-EsxiCertificateMode`](../functions/Set-EsxiCertificateMode.md) cmdlet ## Request a Certificate Signing Request -The [`Request-VCFCsr`](../functions/Request-VCFCsr.md) cmdlet will generate the Certificate Signing Request for ESXi host(s) and saves it to file(s) in an output directory. +The [`Request-VcfCsr`](../functions/Request-VcfCsr.md) cmdlet will generate the Certificate Signing Request for ESX host(s) and saves it to file(s) in an output directory. -## Request Certificate Signing Request for each ESXi Host in a Cluster +## Request Certificate Signing Request for each ESX Host in a Cluster 1. Start PowerShell (Run as Administrator). @@ -47,10 +47,10 @@ The [`Request-VCFCsr`](../functions/Request-VCFCsr.md) cmdlet will generate the 3. Request Certificate Signing Request files by running the command in the PowerShell console. ```powershell - Request-VCFCsr -esxi -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -cluster $cluster -Country $country -Locality $location -Organization $organization -OrganizationUnit $organizationUnit -StateOrProvince $stateOrProvince -outputDirectory $outputDirectory + Request-VcfCsr -esxi -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -cluster $cluster -Country $country -Locality $location -Organization $organization -OrganizationUnit $organizationUnit -StateOrProvince $stateOrProvince -outputDirectory $outputDirectory ``` -## Request a Certificate Signing Request for an ESXi Host +## Request a Certificate Signing Request for an ESX Host 1. Start PowerShell (Run as Administrator). @@ -69,12 +69,12 @@ The [`Request-VCFCsr`](../functions/Request-VCFCsr.md) cmdlet will generate the 3. Request a Certificate Signing Request file by running the command in the PowerShell console. ```powershell - Request-VCFCsr -esxi -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -esxiFqdn $esxiFqdn -Country $country -Locality $locality -Organization $organization -OrganizationUnit $organizationUnit -StateOrProvince $stateOrProvince -outputDirectory $outputDirectory + Request-VcfCsr -esxi -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -esxiFqdn $esxiFqdn -Country $country -Locality $locality -Organization $organization -OrganizationUnit $organizationUnit -StateOrProvince $stateOrProvince -outputDirectory $outputDirectory ``` -## Verify the Certificate Authority is Trusted in vCenter Server +## Verify the Certificate Authority is Trusted in vCenter -The [`Confirm-CAInvCenterServer`](../functions/Confirm-CAInvCenterServer.md) cmdlet gets the thumbprint from the root certificate and matches it with the CA thumbprint from the vCenter Server instance. You need to pass in the complete path for the certificate file. Returns true if thumbprint matches, else returns false. +The [`Confirm-CAInvCenterServer`](../functions/Confirm-CAInvCenterServer.md) cmdlet gets the thumbprint from the root certificate and matches it with the CA thumbprint from the vCenter instance. You need to pass in the complete path for the certificate file. Returns true if thumbprint matches, else returns false. 1. Start PowerShell (Run as Administrator). @@ -89,17 +89,17 @@ The [`Confirm-CAInvCenterServer`](../functions/Confirm-CAInvCenterServer.md) cmd --8<-- "./docs/snippets/vars-signedcer-windows.ps1" ``` -3. Verify the Certificate Authority is trusted in vCenter server by running the command in the PowerShell console. +3. Verify the Certificate Authority is trusted in vCenter by running the command in the PowerShell console. ```powershell Confirm-CAInvCenterServer -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -issuer $issuer -signedCertificate $signedCertificate ``` -## Set the Lockdown Mode for ESXi Hosts +## Set the Lockdown Mode for ESX Hosts -The [`Set-EsxiLockdownMode`](../functions/Set-EsxiLockdownMode.md) cmdlet sets the lockdown mode for all ESXi hosts in a given cluster. +The [`Set-EsxiLockdownMode`](../functions/Set-EsxiLockdownMode.md) cmdlet sets the lockdown mode for all ESX hosts in a given cluster. -### Disable Lockdown Mode for Each ESXi Host in a Cluster +### Disable Lockdown Mode for Each ESX Host in a Cluster 1. Start PowerShell (Run as Administrator). @@ -119,7 +119,7 @@ The [`Set-EsxiLockdownMode`](../functions/Set-EsxiLockdownMode.md) cmdlet sets t Set-EsxiLockdownMode -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -cluster $cluster -disable ``` -### Enable Lockdown Mode for Each ESXi Host in a Cluster +### Enable Lockdown Mode for Each ESX Host in a Cluster 1. Start PowerShell (Run as Administrator). @@ -139,9 +139,9 @@ The [`Set-EsxiLockdownMode`](../functions/Set-EsxiLockdownMode.md) cmdlet sets t Set-EsxiLockdownMode -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -cluster $cluster -enable ``` -## Get the vSAN Health Summary from vCenter Server for a Cluster +## Get the vSAN Health Summary from vCenter for a Cluster -The [`Get-vSANHealthSummary`](../functions/Get-vSANHealthSummary.md) cmdlet gets the vSAN health summary from vCenter Server for a cluster. If any status is YELLOW or RED, a WARNING or ERROR will be raised. +The [`Get-vSANHealthSummary`](../functions/Get-vSANHealthSummary.md) cmdlet gets the vSAN health summary from vCenter for a cluster. If any status is YELLOW or RED, a WARNING or ERROR will be raised. 1. Start PowerShell (Run as Administrator). @@ -155,20 +155,20 @@ The [`Get-vSANHealthSummary`](../functions/Get-vSANHealthSummary.md) cmdlet gets --8<-- "./docs/snippets/vars-cluster.ps1" ``` -3. Get the vSAN health summary from vCenter server for a cluster by running the command in the PowerShell console. +3. Get the vSAN health summary from vCenter for a cluster by running the command in the PowerShell console. ```powershell Get-vSANHealthSummary -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -cluster $cluster ``` -## Run the checks required for ESXi Certificate Management for a Cluster +## Run the checks required for ESX Certificate Management for a Cluster -The [`Test-EsxiCertMgmtChecks`](../functions/Test-EsxiCertMgmtChecks.md) cmdlet runs the checks required for ESXi Certificate Management for a given cluster or an ESXi host. +The [`Test-EsxiCertMgmtChecks`](../functions/Test-EsxiCertMgmtChecks.md) cmdlet runs the checks required for ESX Certificate Management for a given cluster or an ESX host. The following checks are run: -- Check ESXi Certificate Mode -- Check ESXi Lockdown Mode -- Confirm CA In vCenter Server +- Check ESX Certificate Mode +- Check ESX Lockdown Mode +- Confirm CA In vCenter - Check vSAN Health Status 1. Start PowerShell (Run as Administrator). @@ -185,7 +185,7 @@ The following checks are run: --8<-- "./docs/snippets/vars-signedcer-windows.ps1" ``` -3. Run the checks required for ESXi Certificate management for a cluster by running the command in the PowerShell console. +3. Run the checks required for ESX Certificate management for a cluster by running the command in the PowerShell console. ```powershell Test-EsxiCertMgmtChecks -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -cluster $cluster -signedCertificate $signedCertificate -issuer $issuer @@ -193,9 +193,9 @@ The following checks are run: ## Install a Certificate -The [`Install-VCFCertificate`](../functions/Install-VCFCertificate.md) cmdlet will replace the certificate for an ESXi host or for each ESXi host in a cluster. You must provide the directory containing the signed certificate files. Certificate names should be in format .cer (_e.g._, sfo01-m01-esx01.sfo.rainpole.io.cer.) The workflow will put the ESXi host in maintenance mode (with full data migration for vSAN only), disconnect the ESXi host from the vCenter Server, replace the certificate, restart the ESXi host, and the exit maintenance mode once the ESXi host is online. +The [`Install-VcfCertificate`](../functions/Install-VcfCertificate.md) cmdlet will replace the certificate for an ESX host or for each ESX host in a cluster. You must provide the directory containing the signed certificate files. Certificate names should be in format .cer (_e.g._, sfo01-m01-esx01.sfo.rainpole.io.cer.) The workflow will put the ESX host in maintenance mode (with full data migration for vSAN only), disconnect the ESX host from the vCenter, replace the certificate, restart the ESX host, and the exit maintenance mode once the ESX host is online. -### Install a Certificate to Each ESXi Host in a Cluster +### Install a Certificate to Each ESX Host in a Cluster 1. Start PowerShell (Run as Administrator). @@ -211,13 +211,13 @@ The [`Install-VCFCertificate`](../functions/Install-VCFCertificate.md) cmdlet wi --8<-- "./docs/snippets/vars-cer-ext.ps1" ``` -3. Install a Certificate for each ESXi host in cluster by running the command in the PowerShell console. +3. Install a Certificate for each ESX host in cluster by running the command in the PowerShell console. ```powershell - Install-VCFCertificate -esxi -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -cluster $cluster -certificateDirectory $certificateDirectory -certificateFileExt $certificateFileExt + Install-VcfCertificate -esxi -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -cluster $cluster -certificateDirectory $certificateDirectory -certificateFileExt $certificateFileExt ``` -### Install a Certificate to an ESXi Host +### Install a Certificate to an ESX Host 1. Start PowerShell (Run as Administrator). @@ -233,8 +233,8 @@ The [`Install-VCFCertificate`](../functions/Install-VCFCertificate.md) cmdlet wi --8<-- "./docs/snippets/vars-cer-ext.ps1" ``` -3. Install a certificate to an ESXi host by running the command in the PowerShell console. +3. Install a certificate to an ESX host by running the command in the PowerShell console. ```powershell - Install-VCFCertificate -esxi -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -esxiFqdn $esxiFqdn -certificateDirectory $certificateDirectory -certificateFileExt $certificateFileExt + Install-VcfCertificate -esxi -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -esxiFqdn $esxiFqdn -certificateDirectory $certificateDirectory -certificateFileExt $certificateFileExt ``` diff --git a/docs/documentation/user-guide/vcf-certificate-management.md b/docs/documentation/user-guide/vcf-certificate-management.md index a646975..e0c933b 100644 --- a/docs/documentation/user-guide/vcf-certificate-management.md +++ b/docs/documentation/user-guide/vcf-certificate-management.md @@ -1,10 +1,10 @@ # VMware Cloud Foundation Certificate Management -This section provides information on how to use the PowerShell module for VMware Cloud Foundation Certificate Management to manage certificates for SDDC Manager and workload domain components [with the exception of ESXi hosts](esxi-certificate-management.md) in your VMware Cloud Foundation instance. +This section provides information on how to use the PowerShell module for VMware Cloud Foundation Certificate Management to manage certificates for SDDC Manager and workload domain components [with the exception of ESX hosts](esxi-certificate-management.md) in your VMware Cloud Foundation instance. ## Configuring the Certificate Authority for SDDC Manager -The [`Set-VCFCertificateAuthority`](../functions/Set-VCFCertificateAuthority.md) configures Microsoft Certificate Authority or OpenSSL Certificate Authority as SDDC Manager's Certificate Authority. +The [`Set-VcfCertificateAuthority`](../functions/Set-VcfCertificateAuthority.md) configures Microsoft Certificate Authority or OpenSSL Certificate Authority as SDDC Manager's Certificate Authority. ### Configuring the Microsoft Certificate Authority for SDDC Manager @@ -22,10 +22,10 @@ The [`Set-VCFCertificateAuthority`](../functions/Set-VCFCertificateAuthority.md) 3. Configuring the Certificate Authority for SDDC Manager by running the command in the PowerShell console. ```powershell -Set-VCFCertificateAuthority -certAuthority Microsoft -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -certAuthorityFqdn $certAuthorityFqdn -certAuthorityUser $certAuthorityUser -certAuthorityPass $certAuthorityPass -certAuthorityTemplate $certAuthorityTemplate +Set-VcfCertificateAuthority -certAuthority Microsoft -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -certAuthorityFqdn $certAuthorityFqdn -certAuthorityUser $certAuthorityUser -certAuthorityPass $certAuthorityPass -certAuthorityTemplate $certAuthorityTemplate ``` -This example will configure Microsoft Certificate Authority `rpl-ad01.rainpole.io` in SDDC Manager. +This example will configure Microsoft Certificate Authority in SDDC Manager. ### Configuring the OpenSSL Certificate Authority for SDDC Manager @@ -44,14 +44,14 @@ This example will configure Microsoft Certificate Authority `rpl-ad01.rainpole.i 3. Configuring the Certificate Authority for SDDC Manager by running the command in the PowerShell console. ```powershell -Set-VCFCertificateAuthority -certAuthority OpenSSL -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -commonName $commonName -organization $organization -organizationUnit $organizationUnit -locality $locality -state $stateOrProvince -country $country +Set-VcfCertificateAuthority -certAuthority OpenSSL -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -commonName $commonName -organization $organization -organizationUnit $organizationUnit -locality $locality -state $stateOrProvince -country $country ``` This example will configure an OpenSSL Certificate Authority in SDDC Manager. ## Request a Certificate Signing Request for a Workload Domain -The [`Request-VCFCsr`](../functions/Request-VCFCsr.md) cmdlet will request SDDC Manager to generate and store certificate signing request files. +The [`Request-VcfCsr`](../functions/Request-VcfCsr.md) cmdlet will request SDDC Manager to generate and store certificate signing request files. 1. Start PowerShell (Run as Administrator). @@ -70,14 +70,14 @@ The [`Request-VCFCsr`](../functions/Request-VCFCsr.md) cmdlet will request SDDC 3. Request Certificate Signing Request files by running the command in the PowerShell console. ```powershell - Request-VCFCsr -sddcManager -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -Country $country -keySize $keySize -Locality $locality -Organization $organization -OrganizationUnit $organizationUnit -StateOrProvince $stateOrProvince -email $email + Request-VcfCsr -sddcManager -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain -Country $country -keySize $keySize -Locality $locality -Organization $organization -OrganizationUnit $organizationUnit -StateOrProvince $stateOrProvince -email $email ``` This example will request SDDC Manager to generate certificate signing request files for all components associated with the given workload domain. ## Request Certificate Authority Signed Certificates for a Workload Domain -The [`Request-VCFSignedCertificate`](../functions/Request-VCFSignedCertificate.md) will request SDDC Manager to connect to the certificate authority to sign the generated certificate signing request files for all components associated with the given workload domain +The [`Request-VcfSignedCertificate`](../functions/Request-VcfSignedCertificate.md) will request SDDC Manager to connect to the certificate authority to sign the generated certificate signing request files for all components associated with the given workload domain 1. Start PowerShell (Run as Administrator). @@ -93,14 +93,14 @@ The [`Request-VCFSignedCertificate`](../functions/Request-VCFSignedCertificate.m 3. Request Certificate Authority Signed Certificates for a workload domain by running the command in the PowerShell console. ```powershell -Request-VCFSignedCertificate -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $workloadDomain -certAuthority Microsoft +Request-VcfSignedCertificate -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $workloadDomain -certAuthority Microsoft ``` This example will connect to SDDC Manager to request to have the certificate signing request files for a given workload domain to be signed by Microsoft CA ## Installing and Replacing Certificate Authority Signed Certificates for a Workload Domain -The [`Install-VCFCertificate`](../functions/Install-VCFCertificate.md) cmdlet installs the signed certificates for all components (except ESXi hosts) associated with the given workload domain. +The [`Install-VcfCertificate`](../functions/Install-VcfCertificate.md) cmdlet installs the signed certificates for all components (except ESX hosts) associated with the given workload domain. 1. Start PowerShell (Run as Administrator). @@ -116,5 +116,5 @@ The [`Install-VCFCertificate`](../functions/Install-VCFCertificate.md) cmdlet in 3. Install a Certificate Authority Signed Certificates for SDDC Manager and the workload domain components by running the command in the PowerShell console. ```powershell - Install-VCFCertificate -sddcManager -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain + Install-VcfCertificate -sddcManager -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $workloadDomain ``` diff --git a/docs/index.md b/docs/index.md index 2866baf..a67f617 100644 --- a/docs/index.md +++ b/docs/index.md @@ -6,15 +6,19 @@ PowerShell Gallery Downloads -`VMware.CloudFoundation.CertificateManagement` is a PowerShell module that has been written to support the ability to manage certificates across your [VMware Cloud Foundation][docs-vmware-cloud-foundation] such as: +VMware.CloudFoundation.CertificateManagement` is a PowerShell module designed to provide you the ability to manage +certificates within your VMware Cloud Foundation environment. -- Configuring the Certificate Authority for SDDC Manager. -- Generating certificate signing requests for a workload domain. -- Requesting signed-certificates for a workload domain. -- Installing and replacing CA-signed certificates for a workload domain. -- Generating certificate signing requests for ESXi hosts. -- Setting the ESXi Certificate Mode in vCenter Server. -- Installing and replacing CA-signed certificates for a ESXi hosts. +Using this module, you can perform various tasks on a VMware Cloud Foundation instance or a specific +workload domain. + +- Configure the Certificate Authority for SDDC Manager. +- Generate certificate signing requests for a workload domain. +- Request signed-certificates for a workload domain. +- Install and replace CA-signed certificates for a workload domain.+ +- Generate certificate signing requests for ESX hosts. +- Set the ESX Certificate Mode in vCenter. +- Install and replace CA-signed certificates for a ESX hosts. [:material-powershell:   PowerShell Gallery][psgallery-module-certificate-management]{ .md-button .md-button--primary } @@ -25,26 +29,15 @@ The following table lists the supported platforms for this module. | Platform | Support | -| ------------------------------------------------------------ | ----------------------------------- | +|--------------------------------------------------------------| ----------------------------------- | +| :fontawesome-solid-cloud:   VMware Cloud Foundation 5.2 | :fontawesome-solid-check:{ .green } | | :fontawesome-solid-cloud:   VMware Cloud Foundation 5.1 | :fontawesome-solid-check:{ .green } | | :fontawesome-solid-cloud:   VMware Cloud Foundation 5.0 | :fontawesome-solid-check:{ .green } | | :fontawesome-solid-cloud:   VMware Cloud Foundation 4.5 | :fontawesome-solid-check:{ .green } | -| :fontawesome-solid-cloud:   VMware Cloud Foundation 4.4 | :fontawesome-solid-x:{ .red } | -| :fontawesome-solid-cloud:   VMware Cloud Foundation 4.3 | :fontawesome-solid-x:{ .red } | !!! note - ESXi certificate management for VMware Cloud Foundation on Dell EMC VxRail is not supported. - -### Operating Systems - -The following table lists the supported operating systems for this module. - -| Operating System | Version | -| ---------------------------------------------------------------------- | ---------- | -| :fontawesome-brands-windows:   Microsoft Windows Server | 2019, 2022 | -| :fontawesome-brands-windows:   Microsoft Windows | 10, 11 | -| :fontawesome-brands-linux:   [VMware Photon OS][github-photon-os] | 3.0, 4.0 | + ESX certificate management for VMware Cloud Foundation on Dell EMC VxRail is not supported. ### PowerShell @@ -62,7 +55,7 @@ The following table lists the required PowerShell module dependencies for this m | ----------------------------------------------- | --------- | --------- | -------------------------------------------------------------------------- | | [VMware.PowerCLI][psgallery-module-powercli] | >= 13.3.0 | Broadcom | :fontawesome-solid-book:   [Documentation][developer-module-powercli] | | [PowerVCF][psgallery-module-powervcf] | >= 2.4.1 | Broadcom | :fontawesome-solid-book:   [Documentation][docs-module-powervcf] | -| [PowerValidatedSolutions][psgallery-module-pvs] | >= 2.11.0 | Broadcom | :fontawesome-solid-book:   [Documentation][docs-module-pvs] | +| [PowerValidatedSolutions][psgallery-module-pvs] | >= 2.12.0 | Broadcom | :fontawesome-solid-book:   [Documentation][docs-module-pvs] | [docs-vmware-cloud-foundation]: https://docs.vmware.com/en/VMware-Cloud-Foundation/index.html [microsoft-powershell]: https://docs.microsoft.com/en-us/powershell diff --git a/mkdocs.yml b/mkdocs.yml index 007cf8a..6b51b88 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -13,7 +13,7 @@ edit_uri: blob/main/docs/ # Copyright copyright: | - Copyright © 2005-2024 Broadcom. All Rights Reserved.
+ Copyright © 2005-2025 Broadcom. All Rights Reserved.
The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.

# Configuration @@ -130,16 +130,16 @@ nav: - Reference: - User Guide: - VMware Cloud Foundation Certificate Management: documentation/user-guide/vcf-certificate-management.md - - ESXi Certificate Management: documentation/user-guide/esxi-certificate-management.md + - ESX Certificate Management: documentation/user-guide/esxi-certificate-management.md - Functions: - Common: - - Get-VCFCertificateThumbprint: documentation/functions/Get-VCFCertificateThumbprint.md - - Install-VCFCertificate: documentation/functions/Install-VCFCertificate.md - - Request-VCFCsr: documentation/functions/Request-VCFCsr.md + - Get-VcfCertificateThumbprint: documentation/functions/Get-VcfCertificateThumbprint.md + - Install-VcfCertificate: documentation/functions/Install-VcfCertificate.md + - Request-VcfCsr: documentation/functions/Request-VcfCsr.md - VMware Cloud Foundation Certificate Management: - - Request-VCFSignedCertificate: documentation/functions/Request-VCFSignedCertificate.md - - Set-VCFCertificateAuthority: documentation/functions/Set-VCFCertificateAuthority.md - - ESXi Certificate Management: + - Request-VcfSignedCertificate: documentation/functions/Request-VcfSignedCertificate.md + - Set-VcfCertificateAuthority: documentation/functions/Set-VcfCertificateAuthority.md + - ESX Certificate Management: - Confirm-CAInvCenterServer: documentation/functions/Confirm-CAInvCenterServer.md - Confirm-EsxiCertificateInstalled: documentation/functions/Confirm-EsxiCertificateInstalled.md - Get-EsxiCertificateMode: documentation/functions/Get-EsxiCertificateMode.md diff --git a/tests/cert.tests.ps1 b/tests/cert.tests.ps1 index 076a2ff..8a4c920 100644 --- a/tests/cert.tests.ps1 +++ b/tests/cert.tests.ps1 @@ -130,7 +130,7 @@ Describe 'Test Suite' { Write-LogToFile -message "Start of 'Configuring of Certificate Authority' Positive Testcase" # Configure the Certificate Authority for SDDC Manager. - $config = Set-VCFCertificateAuthority -certAuthority 'Microsoft' -server $server -user $sddcManagerUser -pass $sddcManagerPass -certAuthorityFqdn $certAuthorityFqdn -certAuthorityUser $certAuthorityUser -certAuthorityPass $certAuthorityPass -certAuthorityTemplate $certAuthorityTemplate + $config = Set-VcfCertificateAuthority -certAuthority 'Microsoft' -server $server -user $sddcManagerUser -pass $sddcManagerPass -certAuthorityFqdn $certAuthorityFqdn -certAuthorityUser $certAuthorityUser -certAuthorityPass $certAuthorityPass -certAuthorityTemplate $certAuthorityTemplate Write-LogToFile -message "Update Result: $config" $config -match "Configuration a Microsoft Certificate Authority in SDDC Manager completed." @@ -151,7 +151,7 @@ Describe 'Test Suite' { $certAuthorityFqdn = 'rpl-ad01.rainpole.io' # Configure the Certificate Authority for SDDC Manager. - $config = Set-VCFCertificateAuthority -certAuthority 'Microsoft' -server $server -user $sddcManagerUser -pass $sddcManagerPass -certAuthorityFqdn $certAuthorityFqdn -certAuthorityUser $certAuthorityUser -certAuthorityPass $certAuthorityPass -certAuthorityTemplate $certAuthorityTemplate + $config = Set-VcfCertificateAuthority -certAuthority 'Microsoft' -server $server -user $sddcManagerUser -pass $sddcManagerPass -certAuthorityFqdn $certAuthorityFqdn -certAuthorityUser $certAuthorityUser -certAuthorityPass $certAuthorityPass -certAuthorityTemplate $certAuthorityTemplate $null | Should -Be $config } Catch { # Output the caught exception. @@ -166,13 +166,13 @@ Describe 'Test Suite' { } } - Describe 'Request-VCFCsr for SDDC Manager' -Tag "RequestVCFCsrSDDCMicrosoft" { + Describe 'Request-VcfCsr for SDDC Manager' -Tag "RequestVCFCsrSDDCMicrosoft" { # Expect a success. It 'Expect Success' -Tag "Positive" { Try { - Write-LogToFile -message "Start of Request-VCFCsr for SDDC Positive Testcase" + Write-LogToFile -message "Start of Request-VcfCsr for SDDC Positive Testcase" - $config = Request-VCFCsr -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] -country $country -keysize $keysize -locality $locality -organization $organization -organizationUnit $organizationUnit -stateOrProvince $state -email $email + $config = Request-VcfCsr -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] -country $country -keysize $keysize -locality $locality -organization $organization -organizationUnit $organizationUnit -stateOrProvince $state -email $email Write-LogToFile -message "Update Result: $config" $config -match "Workflow completed with status: Successful." | Should -Not -BeNullorEmpty @@ -180,39 +180,39 @@ Describe 'Test Suite' { Write-LogToFile -Type ERROR -message "An error occurred: $_" $false | Should -Be $true } Finally { - Write-LogToFile -message "End of Request-VCFCsr for SDDC Positive Testcase" + Write-LogToFile -message "End of Request-VcfCsr for SDDC Positive Testcase" } } # Expect a failure. It 'Expect Failure' -Tag "Negative" { Try { - Write-LogToFile -message "Start of Request-VCFCsr for SDDC Negative Testcase" + Write-LogToFile -message "Start of Request-VcfCsr for SDDC Negative Testcase" # Set $sddcManagerPass to an invalid value. $sddcManagerPass = "VMw@re" # Request certificate. - $config = Request-VCFCsr -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] -country $country -keysize $keysize -locality $locality -organization $organization -organizationUnit $organizationUnit -stateOrProvince $state -email $email + $config = Request-VcfCsr -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] -country $country -keysize $keysize -locality $locality -organization $organization -organizationUnit $organizationUnit -stateOrProvince $state -email $email } Catch { # Output the caught error. Write-LogToFile -Type ERROR -message "An error occurred: $_" $true | Should -Be $true } Finally { - Write-LogToFile -message "End of Request-VCFCsr for SDDC Negative Testcase" + Write-LogToFile -message "End of Request-VcfCsr for SDDC Negative Testcase" $sddcManagerPass = $inputData.'Password' } } } - Describe 'Request-VCFSignedCertificate for SDDC' -Tag "RequestVCFSignedCsrSDDCMicrosoft" { + Describe 'Request-VcfSignedCertificate for SDDC' -Tag "RequestVCFSignedCsrSDDCMicrosoft" { # Expect a success. It 'Expect Success' -Tag "Positive" { Try { - Write-LogToFile -message "Start of Request-VCFSignedCertificate for SDDC Positive Testcase" + Write-LogToFile -message "Start of Request-VcfSignedCertificate for SDDC Positive Testcase" # Request certificate. - $config = Request-VCFSignedCertificate -server $server -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $inputData.'Domains'[1] -certAuthority Microsoft + $config = Request-VcfSignedCertificate -server $server -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $inputData.'Domains'[1] -certAuthority Microsoft Write-LogToFile -message "Update Result: $config" $config -match "Workflow completed with status: Successful." | Should -Not -BeNullorEmpty @@ -220,26 +220,26 @@ Describe 'Test Suite' { Write-LogToFile -Type ERROR -message "An error occurred: $_" $false | Should -Be $true } Finally { - Write-LogToFile -message "End of Request-VCFSignedCertificate for SDDC Positive Testcase" + Write-LogToFile -message "End of Request-VcfSignedCertificate for SDDC Positive Testcase" } } # Expect a failure. It 'Expect Failure' -Tag "Negative" { Try { - Write-LogToFile -message "Start of Request-VCFSignedCertificate for SDDC Negative Testcase" + Write-LogToFile -message "Start of Request-VcfSignedCertificate for SDDC Negative Testcase" # Set $sddcManagerPass to an invalid value. $sddcManagerPass = "VMw@re" # Request certificate. - $config = Request-VCFSignedCertificate -server $server -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $inputData.'Domains'[1] -certAuthority Microsoft + $config = Request-VcfSignedCertificate -server $server -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $inputData.'Domains'[1] -certAuthority Microsoft } Catch { # Output the caught error. Write-LogToFile -Type ERROR -message "An error occurred: $_" $true | Should -Be $true } Finally { - Write-LogToFile -message "End of Request-VCFSignedCertificate for SDDC Negative Testcase" + Write-LogToFile -message "End of Request-VcfSignedCertificate for SDDC Negative Testcase" $sddcManagerPass = $inputData.'Password' } } @@ -253,7 +253,7 @@ Describe 'Test Suite' { Write-LogToFile -message "Installing VCFCertificate for SDDC Positive Testcase" # Install certificate. - $config = Install-VCFCertificate -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] + $config = Install-VcfCertificate -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] Start-Sleep -Seconds 1500 Write-LogToFile -message "Update Result: $config" @@ -275,7 +275,7 @@ Describe 'Test Suite' { $sddcManagerPass = "VMw@re1!" # Configure the Certificate Authority for SDDC Manager. - $config = Install-VCFCertificate -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] + $config = Install-VcfCertificate -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] } Catch { # Output the caught error. Write-LogToFile -Type ERROR -message "An error occurred: $_" @@ -298,7 +298,7 @@ Describe 'Test Suite' { Write-LogToFile -message "Start of 'Configuring OpenSSL Certificate Authority' Positive Testcase" # Configure the Certificate Authority for SDDC Manager. - $config = Set-VCFCertificateAuthority -certAuthority OpenSSL -server $server -user $sddcManagerUser -pass $sddcManagerPass -commonName $commonName -organization $organization -organizationUnit $organizationUnit -locality $locality -state $state -country $country + $config = Set-VcfCertificateAuthority -certAuthority OpenSSL -server $server -user $sddcManagerUser -pass $sddcManagerPass -commonName $commonName -organization $organization -organizationUnit $organizationUnit -locality $locality -state $state -country $country Write-LogToFile -message "Update Result: $config" $config -match "Configuration the OpenSSL Certificate Authority in SDDC Manager completed." | Should -Not -BeNullorEmpty @@ -319,7 +319,7 @@ Describe 'Test Suite' { $commonName = "sfo-vc01.sfo.rainpole.io" # Configure the Certificate Authority for SDDC Manager. - $config = Set-VCFCertificateAuthority -certAuthority OpenSSL -server $server -user $sddcManagerUser -pass $sddcManagerPass -commonName $commonName -organization $organization -organizationUnit $organizationUnit -locality $locality -state $state -country $country + $config = Set-VcfCertificateAuthority -certAuthority OpenSSL -server $server -user $sddcManagerUser -pass $sddcManagerPass -commonName $commonName -organization $organization -organizationUnit $organizationUnit -locality $locality -state $state -country $country $null | Should -Be $config } Catch { # Output the caught exception. @@ -333,14 +333,14 @@ Describe 'Test Suite' { } } - Describe 'Request-VCFCsr for SDDC' -Tag "RequestVCFCsrSDDCOpenssl" { + Describe 'Request-VcfCsr for SDDC' -Tag "RequestVCFCsrSDDCOpenssl" { # Expect a success. It 'Expect Success' -Tag "Positive" { Try { - Write-LogToFile -message "Start of Request-VCFCsr for SDDC Positive Testcase" + Write-LogToFile -message "Start of Request-VcfCsr for SDDC Positive Testcase" # Request-VCF certificate - $config = Request-VCFCsr -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] -country $country -keysize $keysize -locality $locality -organization $organization -organizationUnit $organizationUnit -stateOrProvince $state -email $email + $config = Request-VcfCsr -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] -country $country -keysize $keysize -locality $locality -organization $organization -organizationUnit $organizationUnit -stateOrProvince $state -email $email Write-LogToFile -message "Update Result: $config" $config -match "Workflow completed with status: Successful." | Should -Not -BeNullorEmpty @@ -348,40 +348,40 @@ Describe 'Test Suite' { Write-LogToFile -Type ERROR -message "An error occurred: $_" $false | Should -Be $true } Finally { - Write-LogToFile -message "End of Request-VCFCsr for SDDC Positive Testcase" + Write-LogToFile -message "End of Request-VcfCsr for SDDC Positive Testcase" } } # Expect a failure. It 'Expect Failure' -Tag "Negative" { Try { - Write-LogToFile -message "Start of Request-VCFCsr for SDDC Negative Testcase" + Write-LogToFile -message "Start of Request-VcfCsr for SDDC Negative Testcase" # Set $$sddcManagerPass to an invalid value. $sddcManagerPass = "VMw@re" # Request-VCF certificate - $config = Request-VCFCsr -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] -country $country -keysize $keysize -locality $locality -organization $organization -organizationUnit $organizationUnit -stateOrProvince $state -email $email + $config = Request-VcfCsr -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] -country $country -keysize $keysize -locality $locality -organization $organization -organizationUnit $organizationUnit -stateOrProvince $state -email $email $null | Should -Be $config } Catch { # Output the caught error. Write-LogToFile -Type ERROR -message "An error occurred: $_" $true | Should -Be $true } Finally { - Write-LogToFile -message "End of Request-VCFCsr for SDDC Negative Testcase" + Write-LogToFile -message "End of Request-VcfCsr for SDDC Negative Testcase" $sddcManagerPass = $inputData.'Password' } } } - Describe 'Request-VCFSignedCertificate for SDDC' -Tag "RequestVCFSignedCsrSDDCOpenssl" { + Describe 'Request-VcfSignedCertificate for SDDC' -Tag "RequestVCFSignedCsrSDDCOpenssl" { # Expect a success. It 'Expect Success' -Tag "Positive" { Try { - Write-LogToFile -message "Start of Request-VCFSignedCertificate for SDDC Positive Testcase" + Write-LogToFile -message "Start of Request-VcfSignedCertificate for SDDC Positive Testcase" # Request certificate. - $config = Request-VCFSignedCertificate -server $server -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $inputData.'Domains'[1] -certAuthority OpenSSL + $config = Request-VcfSignedCertificate -server $server -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $inputData.'Domains'[1] -certAuthority OpenSSL Write-LogToFile -message "Update Result: $config" $config -match "Workflow completed with status: Successful." | Should -Not -BeNullorEmpty @@ -389,40 +389,40 @@ Describe 'Test Suite' { Write-LogToFile -Type ERROR -message "An error occurred: $_" $false | Should -Be $true } Finally { - Write-LogToFile -message "End of Request-VCFSignedCertificate for SDDC Positive Testcase" + Write-LogToFile -message "End of Request-VcfSignedCertificate for SDDC Positive Testcase" } } # Expect a failure. It 'Expect Failure' -Tag "Negative" { Try { - Write-LogToFile -message "Start of Request-VCFSignedCertificate for SDDC Negative Testcase" + Write-LogToFile -message "Start of Request-VcfSignedCertificate for SDDC Negative Testcase" # Set $sddcManagerPass to an invalid value. $sddcManagerPass = "VMw@re" # Request certificate. - $config = Request-VCFSignedCertificate -server $server -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $inputData.'Domains'[1] -certAuthority OpenSSL + $config = Request-VcfSignedCertificate -server $server -user $sddcManagerUser -pass $sddcManagerPass -workloadDomain $inputData.'Domains'[1] -certAuthority OpenSSL } Catch { # Output the caught error. Write-LogToFile -Type ERROR -message "An error occurred: $_" $true | Should -Be $true } Finally { - Write-LogToFile -message "End of Request-VCFSignedCertificate for SDDC Negative Testcase" + Write-LogToFile -message "End of Request-VcfSignedCertificate for SDDC Negative Testcase" $sddcManagerPass = $inputData.'Password' } } } - Describe 'Install-VCFCertificate for SDDC' -Tag "InstallVCFCertificateSDDCOpenssl" { + Describe 'Install-VcfCertificate for SDDC' -Tag "InstallVCFCertificateSDDCOpenssl" { # Expect a success. It 'Expect Success' -Tag "Positive" { Try { Write-LogToFile -message "Installing VCFCertificate for SDDC Positive Testcase" # Instal vcf certificate - $config = Install-VCFCertificate -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] + $config = Install-VcfCertificate -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] Start-Sleep -Seconds 1500 Write-LogToFile -message "Update Result: $config" @@ -444,7 +444,7 @@ Describe 'Test Suite' { $sddcManagerPass = "VMw@re1!" # Install certificate. - $config = Install-VCFCertificate -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] + $config = Install-VcfCertificate -sddcManager -server $server -user $sddcManagerUser -pass $sddcManagerPass -domain $inputData.'Domains'[1] $null | Should -Be $config } Catch { # Output the caught error. diff --git a/tests/inputData.json.example b/tests/inputData.json.example index bdf74de..352e840 100644 --- a/tests/inputData.json.example +++ b/tests/inputData.json.example @@ -23,7 +23,7 @@ "sfo-m01": { "Clusters": { "Name": "sfo-m01-cl01", - "ESXi Hosts": [ + "ESX Hosts": [ "sfo01-m01-esx01.sfo.rainpole.io", "sfo01-m01-esx02.sfo.rainpole.io", "sfo01-m01-esx03.sfo.rainpole.io", @@ -34,7 +34,7 @@ "sfo-w01": { "Clusters": { "Name": "sfo-w01-cl01", - "ESXi Hosts": [ + "ESX Hosts": [ "sfo01-w01-esx01.sfo.rainpole.io", "sfo01-w01-esx02.sfo.rainpole.io", "sfo01-w01-esx03.sfo.rainpole.io",