string(7) "English"

Unattended VMFS UNMAP Script

This post was originally published on this site

I updated my UNMAP PowerCLI script a month or so ago and improved quite a few things–but I did remove hard-coded variables and replaced it with interactive input. Which is fine for some, but for many it was not.

Note: Move to VMFS-6 in vSphere 6.5 and you don’t have to worry about this UNMAP business anymore 🙂

Essentially, quite a few people want to run it as a scheduled task in Windows, and if it requires input that just isn’t going to work out of the box. So I have created an unattended version of the script. For details read on.

Note: I will continue to update the script (bugs, features, etc.) but will note them on my other blog post about the script here:

Pure Storage FlashArray UNMAP PowerCLI Script for VMware ESXi

I will only update this post if the unattended version changes in a way that makes these instructions wrong.

First off, the script:

https://github.com/codyhosterman/powercli/blob/master/unmapsdkunattended.ps1

No difference in function with this, but a slight difference in how you run it.

The credentials handling is the biggest change. The kicker here is that the script needs credentials to run against vCenter and the various FlashArrays. And storing credentials in the script with plain text is not a good idea. And, as far as I am aware, the script cannot use the credentials the scheduled task is run with.

So there are a variety of options here. I went with the option described in this Stack Overflow post:

http://stackoverflow.com/questions/30492045/access-windows-task-credentials-in-the-powershell-script

I use two credential files. One for vCenter. One for all of your FlashArrays (this assumes one set of credentials are valid for all of your arrays–if not, we can talk about edits). To make it easier, I wrote a short script for you to use to create the proper credential files. You can get that here:

https://github.com/codyhosterman/powercli/blob/master/unattendedUnmapConfigurator.ps1

At a high level this is what you need to do:

  • Run the configurator to create the credential files
  • Run the script (either through task scheduler or manually) with the appropriate parameters.

Creating the Credential Files

The first step is creating the credential files. To do so, run the configurator script linked above.

The first step will be to choose a directory (or create one). This is where you credential files will go and the eventual logs for your UNMAP runs. I will use C:UNMAP.

Then, a dialog box will appear asking for your FlashArray credentials. Enter those.

Then, a dialog box will appear asking for your vCenter credentials. Enter those.

In the folder, you will see two credential files appear:

faUnmapCreds.xml and vcUnmapCreads.xml. Each contains those credentials in an encrypted fashion. They are tied to the username that actually created the files. So they can only be referenced and used by the user that created them. I created them with user account “cody”. In the above screen shot I can use those credentials. In the lower window which is running under “administrator” it cannot reference those credentials as seen in the error:

So now you can run the UNMAP script!

Running the Unattended UNMAP Script

The unattended UNMAP script still needs some input. The location of the credential files (which doubles as the directory to put its log files to), a vCenter IP/FQDN and one or more FlashArray IP/FQDNs.

These are configured through parameters that can be passed upon calling the script, so there is never a need to actually open and edit the script.

I have my log folder at C:UNMAP, my vCenter is 10.21.10.32 and my FlashArrays are 10.21.88.7 and 10.21.88.244. So my command to run the script would look like so:

Note that the FlashArrays are comma-separated. Theses three things are mandatory. The script will not run without them. Optionally, you can enter in a Log Insight IP/FQDN and an agent ID if you plan on logging to Log Insight the results.

Running the script as a Scheduled Task in Windows

So first create a new task in Windows Task Scheduler. On the general tab, enter in the name and description. Select the following:

  • Choose the user that you used to create the credential files (in my case “cody”). This will allow the script to use the authentication files.
  • Choose run whether the user is logged on or not (I guess you dont have to, but I imagine you want this)

Set you trigger however. Once a week, once a month, whatever you feel is right.

Then on the action, create a new one like so:

Powershell.exe as the program and your starter command like above  (with the full path for the script) in the “add arguments” box. Mine is like so:

Save and you are good to go!