Author Archives: Chris Allen - Page 3

Old Snapshots – PowerCLI Email Report

Whether your developers are keeping snapshots around for months or your backup program is leaving behind old snapshots due to backup failures, its always good to know about your aging snapshots.

Below is a script which will find all VMs with snapshots older than 7 days. As usual you can customize this to meet your needs, for me I like to keep transcripts and output files for archival and troubleshooting.

 

Virtual Machine Guest Disk Free Space – PowerCLI Email Report

I expanded upon a useful sharing from over at the VMware community site.

Below is some code you can use to run against vcenter to get an emailed report of all virtual machines with low free space. The VMs need to have vmware tools running for this report. Don’t worry, I’ll post a script to check on that too!

As a personal preference I like to create a service account with logon as batch rights on a system to run this script. I then provision this same service account with read only privileges to vCenter. Once those things are setup the powershell script can be ran from task scheduler (using least privileged, yay).

Another thing I like to do is to capture transcripts and outputs of any scripts I run. This way if I have an SMTP issue or lose the email, I can go back and check files to see what was in previous reports or any errors that the script encountered.

You will want to edit the vcenter server name, the output file path, and email addresses before using this script. The script will email any VMs with drives that have less than 10% free space, of course, you can customize that % as well.

 

Automating AWS with PowerShell

I often have to turn on instances or register them with load balancers. I had some trouble finding documentation on the AWS PowerShell modules but in the end I was able to get everything done via scripts.

Here are some examples that might help you out.

If you are not using IAM roles then you will need to pass credentials to the AWS powershell module to use. This is how you accomplish that (using least privileged IAM credentials I hope).

Query for EC2 instances by name

Power on an instance

Convert your already queried instance objects into objects that can be used with Elastic Load Balancers…

Use your ELB Instance objects to add or remove them from ELBs

 

Enable Ping reply with PowerShell

Windows ships with ICMP reply disabled in the firewall. Here is a quick 2 liner in powershell to enable ping replys.

 

Internally route to RDS instances

I was configuring a MySQL RDS instance inside a VPC a few months back with a bit of a unique setup. This RDS needed to be publicly accessible from some systems outside the corporate network and also accessible via systems in the same VPC.

I configured the RDS instance in a new public subnet and gave it an elastic IP by choosing the option for Publicly Accessible during RDS creation. I changed the security groups to allow it to accept MySQL traffic from the public IP of the system outside the corporate network. I also changed the security group to allow MySQL traffic from members of another security group containing the servers I wanted to interface with the RDS instance.

To my surprise I had no connectivity between the internal VPC systems and the RDS instance. Telnet tests to port 3306 confirmed the traffic was being blocked. After some name resolution troubleshooting, I discovered if I allowed MySQL traffic through the NAT security group and allowed MySQL traffic from the public IP of my AWS Nat instance into the RDS instance I had connectivity.

The systems in the VPC were resolving the public IPs of the RDS instance and not the internal IPs provided via the VPC. After some digging into the documentation I discovered this was a result of us bringing our own DNS into the VPC with Active Directory.

The solution was to create a conditional forwarder zone on the domain controllers located in the VPC to forward name resolution requests for amazonaws.com to the DNS server provided by the VPC. The DNS server provided with the VPC is located on the bottom most subnet of the VPC. So if your VPC CIDR block was 10.10.0.0/16 and your subnets were 10.10.0.0/24 your Amazon provided DNS server would be at 10.10.0.2.

This DNS server is used by your default DHCP option set and it cannot be accessed via systems outside your VPC. So if you have the same Active Directory domain on premises and in AWS, you will not want this conditional forwarder zone on your on premises domain controllers.

With the conditional forwarder in place, requests from VPC domain joined systems now resolved internal IPs of the RDS instance and traffic no longer needed to route out to the internet via the NAT instance.

Display and Save Wireless Mac Address with PowerShell

A while back I was working at a place where the desktop techs needed to send the wireless MAC address to the network security team. So during the build I wrote this powershell script to save the MAC address to a text document on the desktop and to open it up.

This was done in conjunction with MDT while it wrapped up the task sequence logged in as the built-in administrator .