Introduction
On so many customers I stumble about the last automation steps to seal their Master Images with Citrix Provisioning Services. If the customer has used the BDM-ISO it’s neacassary to switch the Storage Device ID (WriteCache ID 0, local Install ID 1) and insert the BDM-Boot-ISO, the vDisk must created first and the Master Target Device in the PVS Collection also. After you have optimize and seal your image, you must change the vDisk to shared Mode, select the right WriteCacheType and CacheSize, select the right Load Balancing and replicate this vDisk accross your PVS Servers.. so many manual steps…
All this needed steps now, I have automate with an Powershell Script and and Event-Trigger
Requirements
- XenServer
- tested with XS 7.x
- Script would be developed for XenServer, if you have experience with VMware PowerCLI or Hyper-V you can change it for your own.
- On an Admin-Server you have to install
- Citirx Provisioning Server Console to get PVS Powershell AddIn
- Citirx XenServer Powershell SDK
- https://www.citrix.com/downloads/xenserver/product-software/xenserver-71-standard-edition.html
- go to Development Components and select SDK to Download
- Note: you must unblock the ZIP File from the SDK first, bevore install. If you do not you run in an error, if you import the module
- https://discussions.citrix.com/topic/367496-having-trouble-simply-getting-started/
- The Account for the scheduled Task must have PVS Adminprivileges:
- create, modify Target Devices
- create, modify, delete vDisks
- https://www.citrix.com/downloads/xenserver/product-software/xenserver-71-standard-edition.html
- Base Image Script Framework (BIS-F) 6.x to seal the Image -> [Download not found]
- ADMX for BIS-F must be configured for fully silent sealing without any MessageBoxes
GPO Settings
Group Policy – PVS Maintenance / MasterDevice:
The next GPO Settings can be placed in a single GPO for your PVS Maintenance /Master Devices
GPO for SealMasterImage Event-Script:
For your Master Image create an Policy to set 3 System Environmentvariables, their be needed in the Event-Log to start the trigger on the Admin-Server
SealMasterImageServer: The Computername of your Admin-Server, where to have to install the PVS Console and the XenServer Powershell SDK is installed
SealMasterImagePVSCollection: The Name of the PVS Collection to be placed the Master Target Device in (must be created first)
SealMasterImagePVSDiskStore: The Name of the PVS Store to create the vDisk (must be created first)
NOTE: Please do not change the name of this Environmentvariables, the script will not be run !!
GPO for Base Image Script Framework (BIS-F):
How-To
Copy Script to Admin- Server
Copy the Script on your Admin-Server (Download below), in the next few steps we will configure it !
Create vDisk Name Schema
As an example: IF you have create different Master Images, like for Standard User and for Admin Users with Admin-Tools and some else, and would build different PVS vDisk’s. You can use different vDisk Names in your Enterprise Software Deployment (ESD) for your Master Images as an Environment Variable, that would be used from the Script.
Standard vDisk: vDisk-XA7-STD
Admin vDisk: vDisk-XA7-ADM
Create an Package in your ESD with the following code orrun that manualy on your Master Image
REG ADD “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment” /v “SealMasterImagePVSDiskName” /t “REG_SZ” /d “vDisk-XA7-STD” /f
NOTE: If you have only one Image to create with all your Software, you can ignore this line above and add this Environment Variable to the GPO above “GPO for SealMasterImage Event-Script”. If SealMasterImagePVSDiskName is not specified, the script will create a vDisk based on the Computername with an incremental Versioncounter, e.g. %Computername%-V01.
Create Event-Log entry for testing
Booting up your Master Image, log on with administrative privileges, check with run > cmd > set if all Environmentvariables for SealMasterImage are set.
After that run the following command to create an Remote Event on the Admin-Server (%SealMasterImageServer%)
eventcreate /S %SealMasterImageServer% /T INFORMATION /SO SealMasterImage /ID 1000 /L APPLICATION /D “<Params><VMName>%COMPUTERNAME%</VMName><PVSCollection>%SealMasterImagePVSCollection%</PVSCollection><PVSDiskStore>%SealMasterImagePVSDiskStore%</PVSDiskStore><PVSDiskName>%SealMasterImagePVSDiskName%</PVSDiskName></Params>”
Please Check the Application Eventlog on the Admin-Server
Create Trigger from this Event
Triggerd from this Event with Source “SealMasterImage” and Event-ID “1000” we would start an scheduled Task.
Right Click on the Event > Attach Task to this Event
Change the Name to “SealMasterImage” > Next
Check the entries > Next
Action: start a Programm > Next
Program/Script: powershell.exe
Add arguments (optional): E:\SCRIPTS\SealImage\TriggerEvent.ps1 -eventRecordID $(eventRecordID) -eventChannel $(eventChannel)
Start in (optional): E:\SCRIPTS\SealImage\tmp
Finish > Next
The scheduled Task would be created now, but it’s not operational as it is, some specified values to run the trigger are missing. Export the scheduled Task and save it “SealMasterImage.xml
Open the SealMasterImage.xml with an XML Editor and add the ValueQueries
<ValueQueries>
<Value name=”eventChannel”>Event/System/Channel</Value>
<Value name=”eventRecordID”>Event/System/EventRecordID</Value>
<Value name=”eventSeverity”>Event/System/Level</Value>
</ValueQueries>
Save the XML and delete the previous created schedule Task “SealMasterImage” .. yes, do it !
open cmd with administrative privileges and create a new Task based on the XML File.
schtasks /create /TN “Event Viewer Tasks\SealMasterImage” /XML “SealMasterImage.xml”
But Why ???
If you have a look to the XML View of the eventlog “SealMasterImage” it has an EventRecordID and Channel . After some times you have multiple eventlogs from the same Eventsoiurce SealMasterImage, same ID 1000 and same Channel Application. The EventRecordID is unique and increment the counter per each event. If you rememeber to the line from the scheduled task
“E:\SCRIPTS\SealImage\TriggerEvent.ps1 -eventRecordID $(eventRecordID) -eventChannel $(eventChannel)” it parsing the EventRecordID and the EventChannel as an argument to the script to query this specified eventlog entry and ignore all the other one.
Change the Security Settings in the Scheduled Task to run with an separated user account
Change Parameters in Script based on your Environment
Open the Script “SealPVSImage.ps1” and change the following content based on your target environment.
Change the Mailsettings, an HTML Report will send to this Mailaddress after the script is run.
IF you have different BDM-ISO’s based on DataCenter 1 or 2 you can automatically placed in the right one (calculated from the XenServer Hostname), or you can change it to a static one, change Line 208
Maintenance Servers Text File
The Script connect to specified Servers only, if you have standalone XenServers (without Pool) enter the XenServerHost,MasterImageComputerName. An example can be fund in the root folder of the SealMasterImage Folder. If you have an XenServer Pool enter the PoolMaster,MasterImageComputerName.Last Package in your ESD for your Master Image
At last step if you have build your Master Image create and Package with the following command.
eventcreate /S %SealMasterImageServer% /T INFORMATION /SO SealMasterImage /ID 1000 /L APPLICATION /D “<Params><VMName>%COMPUTERNAME%</VMName><PVSCollection>%SealMasterImagePVSCollection%</PVSCollection><PVSDiskStore>%SealMasterImagePVSDiskStore%</PVSDiskStore><PVSDiskName>%SealMasterImagePVSDiskName%</PVSDiskName></Params>”
Create XenSever encrypted Password
The Script creates an encrypted password for the root user based on the user account, who runs the script. For that you must run the script only once with the user account, you as entered in the security settings of the scheduled task. This opens the XenServer Connection prompt to enter the root password. This will be saved encrypted in the folder of the SealImage folder.
Create Event-Log entry to test the script
Booting up your Master Image, log on with administrative privileges, check with run > cmd > set if all Environmentvariables for SealMasterImage are set.
After that run the following command to create an Remote Event on the Admin-Server (%SealMasterImageServer%)
eventcreate /S %SealMasterImageServer% /T INFORMATION /SO SealMasterImage /ID 1000 /L APPLICATION /D “<Params><VMName>%COMPUTERNAME%</VMName><PVSCollection>%SealMasterImagePVSCollection%</PVSCollection><PVSDiskStore>%SealMasterImagePVSDiskStore%</PVSDiskStore><PVSDiskName>%SealMasterImagePVSDiskName%</PVSDiskName></Params>”
Check the Eventlogs on the Admin-Server and the Log folder of the SealImage folder. HTML Report
IF you have entered a valid Mail configuration in the script, you will receive an final E-Mail with an HTML Report an all the steps are made.
Final Result
As you can see above in the HTML Report, how many steps and checks are automate. In this Version only the Final vDisk copy across PVS Servers are not included… Here we go .. download it below and send any comments if you like or some ideas for the future…