VeeamHub · carceneaux · Dec 16, 2025 · Dec 1, 2025 · Dec 1, 2025
diff --git a/VSA-Autodeploy/README.md b/VSA-Autodeploy/README.md
diff --git a/VSA-Autodeploy/autodeploy.ps1 b/VSA-Autodeploy/autodeploy.ps1
diff --git a/VSA-Autodeploy/autodeployppxity.ps1 b/VSA-Autodeploy/autodeployppxity.ps1
diff --git a/VSA-Autodeploy/conf/conftoresto.bco b/VSA-Autodeploy/conf/conftoresto.bco
diff --git a/VSA-Autodeploy/conf/unattended.xml b/VSA-Autodeploy/conf/unattended.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<unattendedConfigurationRestore mode="restore">
+	<properties>
+				<property name="CONFIGURATION_FILE" value="/var/lib/veeam/backup/conftoresto.bco" />
+				<property name="BACKUP_PASSWORD" value="123a123A123!123" hidden="1" />
+				<property name="OVERWRITE_EXISTING_DATABASE" value="1" />
+				<property name="STOP_PROCESSES" value="1" />
+				<property name="SWITCH_TO_RESTORE_MODE" value="1" />
+	</properties>
+</unattendedConfigurationRestore>
diff --git a/VSA-Autodeploy/conf/veeam_addsoconfpw.sh b/VSA-Autodeploy/conf/veeam_addsoconfpw.sh
@@ -0,0 +1,236 @@
+#!/bin/bash
+
+#==============================================================================
+# Veeam VSA Automation Script - Configuration Password
+# Auto-destruction after execution
+#==============================================================================
+
+# Configuration
+VSA_USER="veeamso"
+VSA_PASSWORD="$3"
+TOTP_SECRET="$2"
+CONFIG_PASSWORD="$1"
+VSA_PORT="10443"
+
+# Temporary files
+COOKIE_JAR="/tmp/veeam_session_$$_$(date +%s)"
+LOG_FILE="/var/log/veeam_addsoconfpw.log"
+SCRIPT_PATH="$0"
+
+#==============================================================================
+# Secure logging function
+#==============================================================================
+log() {
+    local level="$1"
+    shift
+    local message="$*"
+    local timestamp=$(date '+%Y-%m-%d %H:%M:%S')
+    echo "[${timestamp}] [${level}] ${message}" >> "$LOG_FILE"
+    case "$level" in
+        INFO)
+            echo -e "[INFO]${NC} ${message}"
+            ;;
+        WARN)
+            echo -e "[WARN]${NC} ${message}"
+            ;;
+        ERROR)
+            echo -e "[ERROR]${NC} ${message}"
+            ;;
+        *)
+            echo "[${level}] ${message}"
+            ;;
+    esac
+}
+
+#==============================================================================
+# Secure cleanup function
+#==============================================================================
+cleanup() {
+    log "INFO" "Cleaning up temporary files"
+    if [ -f "$COOKIE_JAR" ]; then
+        shred -u -n 3 "$COOKIE_JAR" 2>/dev/null || rm -f "$COOKIE_JAR"
+        log "INFO" "Cookie jar deleted"
+    fi
+
+    unset VSA_PASSWORD TOTP_SECRET TOTP_CODE CSRF_TOKEN CONFIG_PASSWORD
+
+    log "INFO" "Script self-destruction in 2 seconds"
+    sleep 2
+
+    if command -v shred &> /dev/null; then
+        shred -u -n 3 "$SCRIPT_PATH" 2>/dev/null
+        log "INFO" "Script deleted with shred"
+    else
+        rm -f "$SCRIPT_PATH"
+        log "WARN" "Script deleted without shred"
+    fi
+}
+
+trap cleanup EXIT
+
+#==============================================================================
+# Preliminary checks
+#==============================================================================
+log "INFO" "Starting Veeam VSA automation"
+
+if [ -z "$CONFIG_PASSWORD" ]; then
+    log "ERROR" "Usage: $0 <config_password> <totp_secret> <vsa_password>"
+    exit 1
+fi
+
+if ! command -v oathtool &> /dev/null; then
+    log "ERROR" "oathtool not found - Installation: dnf install oathtool"
+    exit 1
+fi
+
+if ! command -v curl &> /dev/null; then
+    log "ERROR" "curl not found"
+    exit 1
+fi
+
+#==============================================================================
+# Retrieve local IP address
+#==============================================================================
+log "INFO" "Retrieving local IP address"
+VSA_IP=$(hostname -I 2>/dev/null | awk '{print $1}')
+
+if [ -z "$VSA_IP" ] || [ "$VSA_IP" = "127.0.0.1" ]; then
+    VSA_IP=$(ip route get 8.8.8.8 2>/dev/null | grep -oP 'src \K[^ ]+')
+fi
+
+if [ -z "$VSA_IP" ] || [ "$VSA_IP" = "127.0.0.1" ]; then
+    VSA_IP=$(ifconfig 2>/dev/null | grep 'inet ' | grep -v '127.0.0.1' | awk '{print $2}' | head -n1)
+fi
+
+if [ -z "$VSA_IP" ] || [ "$VSA_IP" = "127.0.0.1" ]; then
+    log "ERROR" "Unable to retrieve local IP address"
+    exit 1
+fi
+
+VSA_URL="https://${VSA_IP}:${VSA_PORT}"
+log "INFO" "VSA URL: ${VSA_URL}"
+
+#==============================================================================
+# Generate TOTP code
+#==============================================================================
+log "INFO" "Generating TOTP code"
+TOTP_CODE=$(oathtool --totp -b "$TOTP_SECRET" 2>/dev/null)
+
+if [ -z "$TOTP_CODE" ]; then
+    log "ERROR" "TOTP generation failed"
+    exit 1
+fi
+
+log "INFO" "TOTP code generated"
+TIMESTAMP=$(date +%s)
+
+#==============================================================================
+# Step 1: Authentication
+#==============================================================================
+log "INFO" "Step 1/4: Authentication"
+RESPONSE=$(curl -k -s -i -c "$COOKIE_JAR" -b "$COOKIE_JAR" -X POST "${VSA_URL}/api/auth/login" \
+    -H "Content-Type: application/json;charset=UTF-8" \
+    -H "x-otp-token: ${TOTP_CODE}" \
+    -H "otp-client-unixtime: ${TIMESTAMP}" \
+    -H "Accept: */*" \
+    -H "Connection: keep-alive" \
+    -H "User-Agent: Mozilla/5.0 (Linux) AppleWebKit/537.36" \
+    -d "{\"user\":\"${VSA_USER}\",\"password\":\"${VSA_PASSWORD}\"}" 2>&1)
+
+CSRF_TOKEN=$(echo "$RESPONSE" | grep -i "X-CSRF-TOKEN:" | awk '{print $2}' | tr -d '\r')
+
+if [ -z "$CSRF_TOKEN" ]; then
+    log "ERROR" "Authentication failed"
+    exit 1
+fi
+
+log "INFO" "Authentication successful"
+sleep 1
+
+#==============================================================================
+# Step 2: Log in check
+#==============================================================================
+log "INFO" "Step 2/4: Configuration check"
+STATUS=$(curl -k -s -b "$COOKIE_JAR" -c "$COOKIE_JAR" -w "%{http_code}" -o /dev/null \
+    -X GET "${VSA_URL}/api/v1/bco/imported?" \
+    -H "Accept: application/json" \
+    -H "x-csrf-token: ${CSRF_TOKEN}" \
+    -H "User-Agent: Mozilla/5.0 (Linux) AppleWebKit/537.36")
+
+if [ "$STATUS" != "200" ]; then
+    log "WARN" "Check: HTTP ${STATUS}"
+else
+    log "INFO" "login verified"
+fi
+
+#==============================================================================
+# Step 3: Add password
+#==============================================================================
+log "INFO" "Step 3/4: Add password"
+RESPONSE=$(curl -k -s -w "\nHTTP_CODE:%{http_code}" -b "$COOKIE_JAR" -c "$COOKIE_JAR" \
+    -X POST "${VSA_URL}/api/v1/bco/imported?" \
+    -H "Content-Type: application/json;charset=UTF-8" \
+    -H "Accept: application/json" \
+    -H "x-csrf-token: ${CSRF_TOKEN}" \
+    -H "Origin: ${VSA_URL}" \
+    -H "Referer: ${VSA_URL}/configuration" \
+    -H "Connection: keep-alive" \
+    -H "User-Agent: Mozilla/5.0 (Linux) AppleWebKit/537.36" \
+    -d "{\"hint\":\"\",\"passphrase\":\"${CONFIG_PASSWORD}\"}")
+
+HTTP_CODE=$(echo "$RESPONSE" | grep "HTTP_CODE:" | cut -d: -f2)
+
+if [ "$HTTP_CODE" = "200" ]; then
+    log "INFO" "Password added successfully"
+else
+    log "ERROR" "Failed to add password (HTTP ${HTTP_CODE})"
+    exit 1
+fi
+
+#==============================================================================
+# Step 4: Create current configuration password
+#==============================================================================
+log "INFO" "Step 4/5: Create current configuration password"
+RESPONSE=$(curl -k -s -w "\nHTTP_CODE:%{http_code}" -b "$COOKIE_JAR" -c "$COOKIE_JAR" \
+    -X POST "${VSA_URL}/api/v1/bco/current?" \
+    -H "Content-Type: application/json;charset=UTF-8" \
+    -H "Accept: application/json" \
+    -H "x-csrf-token: ${CSRF_TOKEN}" \
+    -H "Origin: ${VSA_URL}" \
+    -H "Referer: ${VSA_URL}/configuration" \
+    -H "Connection: keep-alive" \
+    -H "User-Agent: Mozilla/5.0 (Linux) AppleWebKit/537.36" \
+    -d "{\"hint\":\"\",\"passphrase\":\"${CONFIG_PASSWORD}\"}")
+
+HTTP_CODE=$(echo "$RESPONSE" | grep "HTTP_CODE:" | cut -d: -f2)
+BODY=$(echo "$RESPONSE" | sed 's/HTTP_CODE:.*//')
+
+if [ "$HTTP_CODE" = "200" ]; then
+    log "INFO" "Current configuration password created successfully"
+else
+    log "ERROR" "Failed to create current configuration password (HTTP ${HTTP_CODE})"
+    exit 1
+fi
+
+#==============================================================================
+# Step 5: Final verification
+#==============================================================================
+log "INFO" "Step 5/5: Final verification"
+FINAL_STATUS=$(curl -k -s -b "$COOKIE_JAR" -w "%{http_code}" -o /dev/null \
+    -X GET "${VSA_URL}/api/v1/bco/imported?" \
+    -H "Accept: application/json" \
+    -H "x-csrf-token: ${CSRF_TOKEN}" \
+    -H "User-Agent: Mozilla/5.0 (Linux) AppleWebKit/537.36")
+
+if [ "$FINAL_STATUS" = "200" ]; then
+    log "INFO" "Final verification successful"
+else
+    log "WARN" "Final verification: HTTP ${FINAL_STATUS}"
+fi
+
+log "INFO" "Process completed successfully"
+log "INFO" "Cleanup in progress"
+
+exit 0
+
+
diff --git a/VSA-Autodeploy/log/PS ISO_Customization.log b/VSA-Autodeploy/log/PS ISO_Customization.log
@@ -0,0 +1,128 @@
+**********************
+Windows PowerShell transcript start
+Start time: 20251026224717
+Username: 
+RunAs User: 
+Configuration Name: 
+Machine: 
+Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe K:\autodeploy vsa\test\autodeployconf.ps1
+Process ID: 5168
+PSVersion: 5.1.22621.6060
+PSEdition: Desktop
+PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.22621.6060
+BuildVersion: 10.0.22621.6060
+CLRVersion: 4.0.30319.42000
+WSManStackVersion: 3.0
+PSRemotingProtocolVersion: 2.3
+SerializationVersion: 1.1.0.1
+**********************
+Transcript started, output file is ISO_Customization_20251026_224717.log
+[2025-10-26 22:47:17][INFO] ==================================================================================================
+[2025-10-26 22:47:17][INFO] Veeam ISO Customization Script - Version 2.3
+[2025-10-26 22:47:17][INFO] ==================================================================================================
+[2025-10-26 22:47:17][INFO] Loading configuration from: restore-config.json
+[2025-10-26 22:47:17][INFO] JSON configuration loaded successfully
+[2025-10-26 22:47:17][INFO] Applying JSON configuration...
+[2025-10-26 22:47:17][INFO] Applied 37 parameters from JSON configuration
+[2025-10-26 22:47:17][INFO] Configuration loaded from JSON file: restore-config.json
+[2025-10-26 22:47:17][INFO] Selected Appliance Type: VSA
+[2025-10-26 22:47:17][INFO] Invoking VSA (Veeam Software Appliance) workflow...
+[2025-10-26 22:47:17][INFO] ==================================================================================================
+[2025-10-26 22:47:17][INFO]                          VSA WORKFLOW - VEEAM SOFTWARE APPLIANCE
+[2025-10-26 22:47:17][INFO] ==================================================================================================
+[2025-10-26 22:47:17][INFO] Config only set to False
+[2025-10-26 22:47:17][INFO] Testing prerequisites...
+[2025-10-26 22:47:17][INFO] WSL is available
+[2025-10-26 22:47:18][INFO] xorriso is available at: /usr/bin/xorriso
+[2025-10-26 22:47:18][INFO] All prerequisites validated successfully
+[2025-10-26 22:47:18][INFO] Working in directory: K:\autodeploy vsa\test
+[2025-10-26 22:47:18][INFO] Out-of-place modification mode: creating VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso
+[2025-10-26 22:47:45][INFO] Working copy created: VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso
+
+==================================================================================================
+                                    ISO MODIFICATION SUMMARY
+==================================================================================================
+Appliance Type: VSA
+Source ISO: VeeamSoftwareAppliance_13.0.0.4967_20250822.iso
+Target ISO: VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso
+Mode: Out-of-Place
+
+CONFIGURATION:
+  GRUB Timeout: 0 seconds
+  Keyboard: fr
+  Timezone: Europe/Paris
+  Hostname: VSA
+  Network: DHCP
+
+OPTIONAL FEATURES:
+  Node Exporter Local: Disabled
+  Node Exporter Online: Disabled
+  License Auto-Install: Enabled
+  VCSP Connection: Disabled
+  Restore Config: Enabled
+==================================================================================================
+
+Press Enter to continue or Ctrl+C to abort...
+[2025-10-26 22:50:26][INFO] Extracting configuration files from ISO...
+[2025-10-26 22:50:26][INFO] Executing: Extract configuration files
+[2025-10-26 22:50:26][INFO] Command: wsl xorriso -boot_image any keep -dev "VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso" -osirrox on -extract vbr-ks.cfg vbr-ks.cfg
+[2025-10-26 22:50:26][INFO] Extract configuration files completed successfully
+[2025-10-26 22:50:26][INFO] Executing: Extract configuration files
+[2025-10-26 22:50:26][INFO] Command: wsl xorriso -boot_image any keep -dev "VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso" -osirrox on -extract /EFI/BOOT/grub.cfg grub.cfg
+[2025-10-26 22:50:26][INFO] Extract configuration files completed successfully
+[2025-10-26 22:50:26][INFO] File extracted: vbr-ks.cfg
+[2025-10-26 22:50:26][INFO] File extracted: grub.cfg
+[2025-10-26 22:50:26][INFO] Configuring GRUB bootloader...
+[2025-10-26 22:50:26][INFO] Updated with ${1} inst.assumeyes in grub.cfg
+[2025-10-26 22:50:26][INFO] Updated with set default="Veeam Backup & Replication v13.0>Install - fresh install, wipes everything (including local backups)" in grub.cfg
+[2025-10-26 22:50:26][INFO] Updated with set timeout=0 in grub.cfg
+[2025-10-26 22:50:26][INFO] Configuring Kickstart file...
+[2025-10-26 22:50:26][INFO] Setting keyboard layout to fr
+[2025-10-26 22:50:26][INFO] Updated with keyboard --xlayouts='fr' in vbr-ks.cfg
+[2025-10-26 22:50:26][INFO] Setting timezone to Europe/Paris
+[2025-10-26 22:50:26][INFO] Updated with timezone Europe/Paris --utc in vbr-ks.cfg
+[2025-10-26 22:50:26][INFO] Configuring network settings
+[2025-10-26 22:50:26][INFO] Using DHCP configuration
+[2025-10-26 22:50:26][INFO] Network configuration applied
+[2025-10-26 22:50:26][INFO] Added content after line: mkdir -p /var/log/veeam/
+[2025-10-26 22:50:26][INFO] Added content after line: find /etc/yum.repos.d/ -type f -not -name "*veeam*" -delete
+[2025-10-26 22:50:26][INFO] Adding restore configuration...
+[2025-10-26 22:50:26][INFO] Added content after line: /usr/bin/cp -rv /tmp/*.* /mnt/sysimage/var/log/appliance-installation-logs/
+[2025-10-26 22:50:26][INFO] Added content after line: /opt/veeam/hostmanager/veeamhostmanager --apply_init_config /etc/veeam/vbr_init.cfg
+[2025-10-26 22:50:26][INFO] Added content after line: dnf install -y --nogpgcheck --disablerepo="*" /tmp/static-packages/*.rpm
+[2025-10-26 22:50:26][INFO] Executing: Add conf folder to ISO
+[2025-10-26 22:50:26][INFO] Command: wsl xorriso -boot_image any keep -dev "VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso" -map conf /conf
+[2025-10-26 22:50:26][INFO] Add conf folder to ISO completed successfully
+[2025-10-26 22:50:26][INFO] Adding license configuration...
+[2025-10-26 22:50:26][INFO] Added content after line: /opt/veeam/hostmanager/veeamhostmanager --apply_init_config /etc/veeam/vbr_init.cfg
+[2025-10-26 22:50:26][INFO] Added content after line: /usr/bin/cp -rv /tmp/*.* /mnt/sysimage/var/log/appliance-installation-logs/
+[2025-10-26 22:50:26][INFO] Executing: Add license folder to ISO
+[2025-10-26 22:50:26][INFO] Command: wsl xorriso -boot_image any keep -dev "VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso" -map license /license
+[2025-10-26 22:50:26][INFO] Add license folder to ISO completed successfully
+[2025-10-26 22:50:26][INFO] Normalizing line endings...
+[2025-10-26 22:50:26][INFO] Committing changes to ISO...
+[2025-10-26 22:50:26][INFO] Executing: Commit changes to ISO
+[2025-10-26 22:50:26][INFO] Command: wsl xorriso -boot_image any keep -dev "VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso" -rm vbr-ks.cfg
+[2025-10-26 22:50:26][INFO] Commit changes to ISO completed successfully
+[2025-10-26 22:50:26][INFO] Executing: Commit changes to ISO
+[2025-10-26 22:50:26][INFO] Command: wsl xorriso -boot_image any keep -dev "VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso" -map vbr-ks.cfg vbr-ks.cfg
+[2025-10-26 22:50:27][INFO] Commit changes to ISO completed successfully
+[2025-10-26 22:50:27][INFO] Executing: Commit changes to ISO
+[2025-10-26 22:50:27][INFO] Command: wsl xorriso -boot_image any keep -dev "VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso" -rm /EFI/BOOT/grub.cfg
+[2025-10-26 22:50:27][INFO] Commit changes to ISO completed successfully
+[2025-10-26 22:50:27][INFO] Executing: Commit changes to ISO
+[2025-10-26 22:50:27][INFO] Command: wsl xorriso -boot_image any keep -dev "VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso" -map grub.cfg /EFI/BOOT/grub.cfg
+[2025-10-26 22:50:27][INFO] Commit changes to ISO completed successfully
+[2025-10-26 22:50:27][INFO] ISO customization completed successfully!
+
+==================================================================================================
+                                        SUCCESS!
+==================================================================================================
+Customized ISO: VeeamSoftwareAppliance_13.0.0.4967_20250822_customized.iso
+Mode: Out-of-Place
+==================================================================================================
+[2025-10-26 22:50:27][INFO] Script execution completed successfully
+**********************
+Windows PowerShell transcript end
+End time: 20251026225027
+**********************