Release date: December 27th 2022
Welcome to my VMware App Volumes series. I recently experienced a complete hardware crash in my old lab, and had to do a complete rebuild. Although this was sad, it gave me the opportunity to do it by scripting this time. As part of the exercise, I wanted to do all the installation from the management server using PowerShell and PowerCLI. This involved recreating the servers and joining them to the domain. Once that was done, I could start installing my VMware App Volumes Manager Servers.
Before I started I made myself a little workflow as show below.
Although I wanted to use PowerShell for most of the installation, I ran into some issues with OpenSSL and PowerShell, which resulted in the need to use a CMD-file, below.
First, I created the following credentials to be used in the script:
- vCenter admin-user:
New-VICredentialStoreItem -User <user> -Password <user> -Host <server> -File C:\<your location.xml>- App Volumes Manager admin-user:
$credential = Get-Credential
$credential | Export-CliXml -Path '<path>\appvol_admin.xml'Next, I created the CMD file below which will be copied to the avm-server before installation and run within the script in a PS Session.
ConvCerts.cmd
openssl.exe pkcs12 -in c:\install\<cert.pfx> -inkey 1234 -passin pass:1234 -nocerts -out c:\install\<cert.key> -passout pass:1234
openssl.exe rsa -in c:\install\<cert.key> -passin pass:1234 -outform PEM -out c:\install\<cert-PEM.key>
openssl.exe pkcs12 -in c:\install\<cert.pfx> -passin pass:1234 -clcerts -nokeys -out c:\install\<cert.crt>The last thing I pre-configured, was the “nginx.conf” file. I created one for each of my AVM-servers and named the <fqdn.conf>, which I saved on the network share.
Now that I had the credentials and the cmd-file ready, I was good to go. (PS: I know I’m no programmer and a lot of this script have the potential for improvement, but, it gets the job done, and that’s good enough for me).
instAVM.ps1
# --- Initialize PowerCLI Modules ---
Import-Module VMware.VimAutomation.Core
Import-Module VMware.VimAutomation.Common
Set-PowerCLIConfiguration -Scope User -ParticipateInCeip $false -Confirm:$false
Set-PowerCLIConfiguration -InvalidCertificateAction ignore -Confirm:$false
Set-PowerCLIConfiguration -DefaultVIServerMode Multiple -Confirm:$false
# --- Connect to vCenter with Get-VICredentialStoreItem ---
$viserver = "vCenter fqdn"
$viuser = Get-VICredentialStoreItem -File "<path to vCenter Credentials>.xml" -host $viserver
Connect-viserver -Server $viserver -User $viuser.user -Password $viuser.password
# --- Shut Down VM ---
$avm = "avm fqdn"
Try{
$vm = Get-VM -Name $avm -ErrorAction Stop
switch($vm.PowerState){
'poweredon' {
Shutdown-VMGuest -VM $vm -Confirm:$false
while($vm.PowerState -eq 'PoweredOn'){
sleep 5
$vm = Get-VM -Name $avm
}
}
Default {
Write-Host "VM '$($avm)' is not powered on!"
}
}
Write-Host "$($avm) has shutdown. It should be ready for configuration."
}
Catch{
Write-Host "VM '$($avm)' not found!"
}
# --- Take Snapshot ---
$SnapshotName = "Pre-Install"
Get-VM $avm | New-Snapshot -Name $SnapshotName
# --- Power On VM ---
Start-VM -VM $avm
# Wait 5 minutes - SLOW LAB :)
Start-Sleep 300
# --- Configure PSSession ---
$credential = Import-CliXml -Path "<path to App Volumes Admin>\appvol_admin_${env:USERNAME}_${env:COMPUTERNAME}.xml"
$session = New-PSSession -ComputerName $avm -Credential $credential -Authentication CredSSP
# --- Define, Copy and Run Installers ---
Invoke-Command -Session $session -ScriptBlock {
# Create Temp Folder
$installDir = "C:\Install\"
New-Item -Path $installDir -type directory -Force
# Install OpenSSL
$opensslEXE = "\\<Network Path>\Win64OpenSSL_Light-1_1_1g.exe"
$opensslVendor = "OpenSSL Win64 Installer Team"
$opensslProduct = "OpenSSL 1.1.1g Light (64-bit)"
$opensslVersion = "v.1.1.1g Light"
$opensslPackageName = "C:\Install\Win64OpenSSL_Light-1_1_1g.exe"
Copy-Item -Path $opensslEXE -Destination $installDir -Force
$opensslArgs = ' /silent /verysilent /sp- /suppressmsgboxes'
Write-Verbose "Starting Installation of $opensslProduct" -Verbose
(Start-Process $installDir\$opensslPackageName $opensslArgs -Wait -Passthru).ExitCode
# Install ODBC Driver
$odbcMSI = "\\<Network Path>\msodbcsql_17.2.0.1_x64.msi"
$odbcVendor = "Microsoft"
$odbcProduct = "ODBC Driver 17 for SQL Server"
$odbcVersion = "v.17.2.0.1"
$odbcPackageName = "c:\Install\msodbcsql_17.2.0.1_x64.msi"
Copy-Item -Path $odbcMSI -Destination $installDir -Force
$odbcArgs = "/i $odbcPackageName /qn IACCEPTMSODBCSQLLICENSETERMS=YES /norestart"
Write-Verbose "Starting Installation of $odbcVendor $odbcProduct $odbcVersion" -Verbose
(Start-Process msiexec.exe -ArgumentList $odbcArgs -Wait -Passthru).ExitCode
# Install App Volumes Manager
$avmMSI = "\\<Network Path>\App Volumes Manager.msi"
$avmVendor = "VMware"
$avmProduct = "App Volumes Manager"
$avmVersion = "4.8.0.33"
$avmPackageName = "C:\Install\App Volumes Manager.msi"
Copy-Item -Path $avmMSI -Destination $installDir -Force
$avmArgs = "/qb IS_SQLSERVER_SERVER=<Ip-address SQL Server> IS_SQLSERVER_DATABASE=<App Volumes Database Name> RESET_DB=0 ALLOW_HTTP=1 IS_SQLSERVER_USERNAME=<SQL Username> IS_SQLSERVER_PASSWORD=<SQL User Password> IS_SQLSERVER_AUTHENTICATION=1"
Write-Verbose "Starting Installation of $avmVendor $avmProduct $avmVersion" -Verbose
(Start-Process $avmPackageName $avmArgs -Wait -Passthru).ExitCode
}
Remove-PSSession $session
Restart-Computer -ComputerName $avm -Force
# Wait 5 minutes - SLOW LAB :)
Start-Sleep 300
# --- Request / Convert Certs and Key, reconfigure NGINX ---
$session = New-PSSession -ComputerName $avm -Credential $credential -Authentication CredSSP
Invoke-Command -Session $session -ScriptBlock {
$installDir = "C:\Install\"
$convCertsCMD = "<network-path>\convCerts.cmd"
$nginxDir ="C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf"
# Request certificate from CA
Get-Certificate -Template "<Certificate Template>" -DnsName "<fqdn avm>","fqdn loadbalancer VIP" -SubjectName 'CN=<fqdn avm>' -CertStoreLocation cert:\LocalMachine\My
$mypwd = ConvertTo-SecureString -String "1234" -Force -AsPlainText
$CertThumbprint = (Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Issuer -match "<CA Name>"}).Thumbprint;
Get-ChildItem -Path Cert:\LocalMachine\My\ | where{$_.Thumbprint -eq $CertThumbprint} | Export-PfxCertificate -FilePath C:\Install\<cert.pfx> -Password $mypwd
Copy-Item -Path $convCertsCMD -Destination $installDir -Force
C:\Install\convCerts.cmd
Copy-Item -Path $installDir\<cert.crt> -Destination $nginxDir -Force
Copy-Item -Path $installDir\<cert-PEM.key> -Destination $nginxDir -Force
Copy-Item -Path "<network-path>\<fqdn>.conf" -Destination "$nginxDir\nginx.conf" -Force
}
Remove-PSSession $session
Restart-Computer -ComputerName $avm -Force
# Wait 5 minutes - SLOW LAB :)
Start-Sleep 300
# --- Remove Temp folder and install media ---
$session = New-PSSession -ComputerName $avm -Credential $credential -Authentication CredSSP
Invoke-Command -Session $session -ScriptBlock {
$installDir = "C:\Install\"
Remove-Item –path $installDir –Recurse -Force
}
Remove-PSSession $session
# --- Remove Snapshot ---
$SnapshotName = "Pre-Install"
Get-VM $avm | Get-snapshot -Name $SnapshotName | Remove-Snapshot -Confirm:$falseHaving this script in place, it was just a matter of sitting back, drinking coffee and get the App Volumes Servers installed. Once done, I could move on to automate the packaging of the applications, posted here:
Official VMware Documentation:
VMware App Volumes planning, deployment, upgrades etc.
Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.
bjosoren's IT-Tech blog 