Solved: Re: Reconfigure Host Profile with PowerCLI

nicholas1982 · ‎11-28-2017

Hi All,

I'm sure I've seen this before possible API with powershell. I have a number of host profiles, almost Identical and I manually need to edit the profile and un-check certain configuration as they are unique to the reverence host. I would like to be able to automate this if possible?

Nicholas

LucD · ‎11-28-2017

That is possible, but it does require some reverse engineering, since the structures inside a host profile are not very well documented imho.

I did a script to change a password inside a host profile, see Change The Root Password In Hosts And Host Profiles

Which settings are you looking to change?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎11-28-2017

That is possible, but it does require some reverse engineering, since the structures inside a host profile are not very well documented imho.

I did a script to change a password inside a host profile, see Change The Root Password In Hosts And Host Profiles

Which settings are you looking to change?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

nicholas1982 · ‎11-28-2017

Hi Luc,

Some settings like setting password to fixed, but mainly I want to uncheck the settings. Example, HostNIC I want to uncheck DNS from vxlan and vmotion TCP/IP stack, or under the section which houses the portgroups I need to uncheck the vxlan/vtep portgroups.

Nicholas

nicholas1982 · ‎11-29-2017

Hi Luc,

I've been having a crack with the API to reconfigure Hostprofiles some of it makes sense but I can't seem to find how to uncheck the following setting

Networking Configuration > NetStack Instance > vmotion > [uncheck] DNS Configuration (see attached screenshots)

Any ideas on how to do this?

Nicholas

LucD · ‎11-29-2017

Try like this

function Copy-Property ($From, $To, $PropertyName ="*")

{

foreach ($p in Get-Member -In $From -MemberType Property -Name $propertyName)

{ trap {

Add-Member -In $To -MemberType NoteProperty -Name $p.Name -Value $From.$($p.Name) -Force

continue

}

$To.$($P.Name) = $From.$($P.Name)

}

$hpName = 'Test'

$hp = Get-VMHostProfile -Name $hpName

$spec = New-Object VMware.Vim.HostProfileCompleteConfigSpec

Copy-Property -From $hp.ExtensionData.Config -To $spec

foreach($propStack in $spec.ApplyProfile.Network.Property){

if($propStack.PropertyName -eq 'GenericNetStackInstanceProfile'){

foreach($prof in $propStack.Profile){

if($prof.Key -eq 'key-vim-profile-host-GenericNetStackInstanceProfile-vmotion'){

foreach($propMotion in $prof.Property){

if($propMotion.PropertyName -eq 'GenericDnsConfigProfile'){

$propMotion.Profile[0].Enabled = $false

}

$hp.ExtensionData.UpdateHostProfile($spec)

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

nicholas1982 · ‎11-29-2017

Thanks Luc,

i’ll try this out as soon as I get into the office, out interest why is the foreach loop required?

Also looking at the API it seems like unchecking settings like Active Directory Authenticatio is requires less code if I’m not mistake.

Nicholas

nicholas1982 · ‎11-29-2017

Hi Luc,

Unfortunately that didn't work for me, I left that setting enabled and went back in and checked it was still enabled.

Nicholas

LucD · ‎11-29-2017

How many netstacks do you have in the host profile?

Just the 2 default ones? Or more?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

nicholas1982 · ‎11-30-2017

Hi Luc,

Sorry it did actually work after all, i might have not cleared some variables, however there will be another netstack (vxlan) that will also need the same DNS config unchecked but I'll try and work that out it should be similar to the vmotion one.

I am however having a hard time working out how to to reverse engineer the un-selection of these two settings (attached Image) may I please seek some assistance?

General System Settings > Core Dump Configuration > (UNCHECK) [Core file Settings]

Storage configuration > Native Multi-Pathing (NMP) > Storage Array Type Plugin (SATP) Configuration > (UNCHECK) [SATP Claimrule]

Nicholas

LucD · ‎11-30-2017

Try this one

function Copy-Property ($From, $To, $PropertyName ="*")

{

foreach ($p in Get-Member -In $From -MemberType Property -Name $propertyName)

{ trap {

Add-Member -In $To -MemberType NoteProperty -Name $p.Name -Value $From.$($p.Name) -Force

continue

}

$To.$($P.Name) = $From.$($P.Name)

}

$hpName = 'Test'

$hp = Get-VMHostProfile -Name $hpName

$spec = New-Object VMware.Vim.HostProfileCompleteConfigSpec

Copy-Property -From $hp.ExtensionData.Config -To $spec

# Disable DNS configuration on the vmotion netstack

foreach($propStack in $spec.ApplyProfile.Network.Property){

if($propStack.PropertyName -eq 'GenericNetStackInstanceProfile'){

foreach($prof in $propStack.Profile){

if($prof.Key -eq 'key-vim-profile-host-GenericNetStackInstanceProfile-vmotion'){

foreach($propMotion in $prof.Property){

if($propMotion.PropertyName -eq 'GenericDnsConfigProfile'){

$propMotion.Profile[0].Enabled = $false

}

# Disable Core Dump FileSettings

foreach($prop in $spec.ApplyProfile.Property){

if($prop.PropertyName -eq 'coredumpFileConfig_coredumpFile_CoredumpFileProfile'){

$prop.Profile[0].Enabled = $false

}

# Disable SATP claimrule

foreach($propStor in $spec.ApplyProfile.Storage.Property){

if($propStor.PropertyName -eq 'nmp_nmpProfile_NativeMultiPathingProfile '){

foreach($propSatp in $propStor.Profile.Property){

if($propSatp.PropertyName -eq 'nmp_nmpProfile_StorageArrayTypePluginProfile'){

foreach($propPlugin in $propSatp.Profile.Property){

if($propPlugin.PropertyName -eq 'nmp_nmpProfile_SatpClaimrulesProfile'){

if($propPlugin.Profile -ne $null){

$propPlugin.Profile[0].Enabled = $false

}

$hp.ExtensionData.UpdateHostProfile($spec)

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

nicholas1982 · ‎11-30-2017

Hi Luc,

Thanks for this its almost fully working however there are muiltple SATP Claimrule's it just unhecked the first one, see image attached.

Nicholas

LucD · ‎11-30-2017

Try replacing that last part with the following, it should run through all claimrules.

# Disable SATP claimrule

foreach($propStor in $spec.ApplyProfile.Storage.Property){

if($propStor.PropertyName -eq 'nmp_nmpProfile_NativeMultiPathingProfile '){

foreach($propSatp in $propStor.Profile.Property){

if($propSatp.PropertyName -eq 'nmp_nmpProfile_StorageArrayTypePluginProfile'){

foreach($propPlugin in $propSatp.Profile.Property){

if($propPlugin.PropertyName -eq 'nmp_nmpProfile_SatpClaimrulesProfile'){

foreach($claimrule in $propPlugin.Profile){

if($claimrule -ne $null){

$claimrule.Enabled = $false

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

nicholas1982 · ‎12-01-2017

Hi Luc,

I really appreciate your help with this, I managed to figure a few more in my own but just stuck on one last one If you wouldn’t mind helping with. I have an additional local user account, it’s a readonly account but I need to set the password as fixed and store the password. I tried to follow your root password change method in your blog but couldn’t figure out how to select this particular user account?

Nicholas

nicholas1982 · ‎12-02-2017

Hi Luc,

I'm still having trouble settings this host profile. What I did notice is when I tried to add a new user account into the HP via the GUI the name was "Security_UserAccountProfile_UserAccountProfile" thought this could be the clue to cracking this but can't figure.

I've attached a screenshot but basically i wanted to do what you described in your blog but not on the root account but the account "read_account" i would like to set the password policy to fixed with the password, i'm not sure if this is possible, if not would I at least be able to uncheck the "read_account" ?

Nicholas