VMware App Volumes – Install App Volumes Manager silently with Powershell

Release date: December 27th 2022

Welcome to my VMware App Volumes series. I recently experienced a complete hardware crash in my old lab, and had to do a complete rebuild. Although this was sad, it gave me the opportunity to do it by scripting this time. As part of the exercise, I wanted to do all the installation from the management server using PowerShell and PowerCLI. This involved recreating the servers and joining them to the domain. Once that was done, I could start installing my VMware App Volumes Manager Servers.

Before I started I made myself a little workflow as show below.

Although I wanted to use PowerShell for most of the installation, I ran into some issues with OpenSSL and PowerShell, which resulted in the need to use a CMD-file, below.

First, I created the following credentials to be used in the script:

  • vCenter admin-user:
New-VICredentialStoreItem -User <user> -Password <user> -Host <server> -File C:\<your location.xml>
  • App Volumes Manager admin-user:
$credential = Get-Credential
$credential | Export-CliXml -Path '<path>\appvol_admin.xml'

Next, I created the CMD file below which will be copied to the avm-server before installation and run within the script in a PS Session.

ConvCerts.cmd

openssl.exe pkcs12 -in c:\install\<cert.pfx> -inkey 1234 -passin pass:1234 -nocerts -out c:\install\<cert.key> -passout pass:1234
openssl.exe rsa -in c:\install\<cert.key> -passin pass:1234 -outform PEM -out c:\install\<cert-PEM.key>
openssl.exe pkcs12 -in c:\install\<cert.pfx> -passin pass:1234 -clcerts -nokeys -out c:\install\<cert.crt>

The last thing I pre-configured, was the “nginx.conf” file. I created one for each of my AVM-servers and named the <fqdn.conf>, which I saved on the network share.

Now that I had the credentials and the cmd-file ready, I was good to go. (PS: I know I’m no programmer and a lot of this script have the potential for improvement, but, it gets the job done, and that’s good enough for me).

instAVM.ps1

# --- Initialize PowerCLI Modules --- 

Import-Module VMware.VimAutomation.Core
Import-Module VMware.VimAutomation.Common
Set-PowerCLIConfiguration -Scope User -ParticipateInCeip $false -Confirm:$false
Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$false
Set-PowerCLIConfiguration -DefaultVIServerMode Multiple -Confirm:$false

# --- Connect to vCenter with Get-VICredentialStoreItem ---

$viserver = "vCenter fqdn"
$viuser = Get-VICredentialStoreItem -File "<path to vCenter Credentials>.xml" -host $viserver
Connect-viserver -Server $viserver -User $viuser.user -Password $viuser.password

# --- Shut Down VM ---

$avm = "avm fqdn"
Try{
   $vm = Get-VM -Name $avm -ErrorAction Stop
   switch($vm.PowerState){
   'poweredon' {
  Shutdown-VMGuest -VM $vm -Confirm:$false
   while($vm.PowerState -eq 'PoweredOn'){
  sleep 5
   $vm = Get-VM -Name $avm
   }
   }
   Default {
   Write-Host "VM '$($avm)' is not powered on!"
   }
   }
   Write-Host "$($avm) has shutdown. It should be ready for configuration."
}
Catch{
   Write-Host "VM '$($avm)' not found!"
}

# --- Take Snapshot ---

$SnapshotName = "Pre-Install"
Get-VM $avm | New-Snapshot -Name $SnapshotName

# --- Power On VM ---

Start-VM -VM $avm
# Wait 5 minutes - SLOW LAB :)
Start-Sleep 300

# --- Configure PSSession ---

$credential = Import-CliXml -Path "<path to App Volumes Admin>\appvol_admin_${env:USERNAME}_${env:COMPUTERNAME}.xml"
$session = New-PSSession -ComputerName $avm -Credential $credential -Authentication CredSSP

# --- Define, Copy and Run Installers ---

Invoke-Command -Session $session -ScriptBlock {
    
    # Create Temp Folder
    $installDir = "C:\Install\"
    New-Item -Path $installDir -type directory -Force

    # Install OpenSSL
    $opensslEXE = "\\<Network Path>\Win64OpenSSL_Light-1_1_1g.exe"
    $opensslVendor = "OpenSSL Win64 Installer Team"
    $opensslProduct = "OpenSSL 1.1.1g Light (64-bit)"
    $opensslVersion = "v.1.1.1g Light"
    $opensslPackageName = "C:\Install\Win64OpenSSL_Light-1_1_1g.exe"
    Copy-Item -Path $opensslEXE -Destination $installDir -Force
    $opensslArgs = ' /silent /verysilent /sp- /suppressmsgboxes'
    Write-Verbose "Starting Installation of $opensslProduct" -Verbose
    (Start-Process $installDir\$opensslPackageName $opensslArgs -Wait -Passthru).ExitCode

    # Install ODBC Driver
    $odbcMSI = "\\<Network Path>\msodbcsql_17.2.0.1_x64.msi"
    $odbcVendor = "Microsoft"
    $odbcProduct = "ODBC Driver 17 for SQL Server"
    $odbcVersion = "v.17.2.0.1"
    $odbcPackageName = "c:\Install\msodbcsql_17.2.0.1_x64.msi"
    Copy-Item -Path $odbcMSI -Destination $installDir -Force
    $odbcArgs = "/i $odbcPackageName /qn IACCEPTMSODBCSQLLICENSETERMS=YES /norestart"
    Write-Verbose "Starting Installation of $odbcVendor $odbcProduct $odbcVersion" -Verbose
    (Start-Process msiexec.exe -ArgumentList $odbcArgs -Wait -Passthru).ExitCode

    # Install App Volumes Manager
    $avmMSI = "\\<Network Path>\App Volumes Manager.msi"
    $avmVendor = "VMware"
    $avmProduct = "App Volumes Manager"
    $avmVersion = "4.8.0.33"
    $avmPackageName = "C:\Install\App Volumes Manager.msi"
    Copy-Item -Path $avmMSI -Destination $installDir -Force
    $avmArgs = "/qb IS_SQLSERVER_SERVER=<Ip-address SQL Server> IS_SQLSERVER_DATABASE=<App Volumes Database Name> RESET_DB=0 ALLOW_HTTP=1 IS_SQLSERVER_USERNAME=<SQL Username> IS_SQLSERVER_PASSWORD=<SQL User Password> IS_SQLSERVER_AUTHENTICATION=1"
    Write-Verbose "Starting Installation of $avmVendor $avmProduct $avmVersion" -Verbose
    (Start-Process $avmPackageName $avmArgs -Wait -Passthru).ExitCode
}

Remove-PSSession $session
Restart-Computer -ComputerName $avm -Force

# Wait 5 minutes - SLOW LAB :)
Start-Sleep 300

# --- Request / Convert Certs and Key, reconfigure NGINX ---

$session = New-PSSession -ComputerName $avm -Credential $credential -Authentication CredSSP

Invoke-Command -Session $session -ScriptBlock {
    $installDir = "C:\Install\"
    $convCertsCMD = "<network-path>\convCerts.cmd"
    $nginxDir ="C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf"
    
   # Request certificate from CA
    Get-Certificate -Template "<Certificate Template>" -DnsName "<fqdn avm>","fqdn loadbalancer VIP" -SubjectName 'CN=<fqdn avm>' -CertStoreLocation cert:\LocalMachine\My
    $mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
    $CertThumbprint = (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Issuer -match "<CA Name>"}).Thumbprint;
    Get-ChildItem -Path Cert:\LocalMachine\My\ | where{$_.Thumbprint -eq $CertThumbprint} | Export-PfxCertificate -FilePath C:\Install\<cert.pfx> -Password $mypwd 
    Copy-Item -Path $convCertsCMD -Destination $installDir -Force
    C:\Install\convCerts.cmd
    Copy-Item -Path $installDir\<cert.crt> -Destination $nginxDir -Force
    Copy-Item -Path $installDir\<cert-PEM.key> -Destination $nginxDir -Force
    Copy-Item -Path "<network-path>\<fqdn>.conf" -Destination "$nginxDir\nginx.conf" -Force
}

Remove-PSSession $session
Restart-Computer -ComputerName $avm -Force

# Wait 5 minutes - SLOW LAB :)
Start-Sleep 300

# --- Remove Temp folder and install media ---

$session = New-PSSession -ComputerName $avm -Credential $credential -Authentication CredSSP

Invoke-Command -Session $session -ScriptBlock {
    $installDir = "C:\Install\"
    Remove-Item –path $installDir –Recurse -Force
}

Remove-PSSession $session

# --- Remove Snapshot ---

$SnapshotName = "Pre-Install"
Get-VM $avm | Get-snapshot -Name $SnapshotName | Remove-Snapshot  -Confirm:$false

Having this script in place, it was just a matter of sitting back, drinking coffee and get the App Volumes Servers installed. Once done, I could move on to automate the packaging of the applications, posted here:

Official VMware Documentation:

VMware App Volumes planning, deployment, upgrades etc.

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: