Hi All,
I'm sure I've seen this before possible API with powershell. I have a number of host profiles, almost Identical and I manually need to edit the profile and un-check certain configuration as they are unique to the reverence host. I would like to be able to automate this if possible?
That is possible, but it does require some reverse engineering, since the structures inside a host profile are not very well documented imho.
I did a script to change a password inside a host profile, see Change The Root Password In Hosts And Host Profiles
Which settings are you looking to change?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That is possible, but it does require some reverse engineering, since the structures inside a host profile are not very well documented imho.
I did a script to change a password inside a host profile, see Change The Root Password In Hosts And Host Profiles
Which settings are you looking to change?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi Luc,
Some settings like setting password to fixed, but mainly I want to uncheck the settings. Example, HostNIC I want to uncheck DNS from vxlan and vmotion TCP/IP stack, or under the section which houses the portgroups I need to uncheck the vxlan/vtep portgroups.
Hi Luc,
I've been having a crack with the API to reconfigure Hostprofiles some of it makes sense but I can't seem to find how to uncheck the following setting
Networking Configuration > NetStack Instance > vmotion > [uncheck] DNS Configuration (see attached screenshots)
Any ideas on how to do this?
Try like this
function Copy-Property ($From, $To, $PropertyName ="*")
{
foreach ($p in Get-Member -In $From -MemberType Property -Name $propertyName)
{ trap {
Add-Member -In $To -MemberType NoteProperty -Name $p.Name -Value $From.$($p.Name) -Force
continue
}
$To.$($P.Name) = $From.$($P.Name)
}
}
$hpName = 'Test'
$hp = Get-VMHostProfile -Name $hpName
$spec = New-Object VMware.Vim.HostProfileCompleteConfigSpec
Copy-Property -From $hp.ExtensionData.Config -To $spec
foreach($propStack in $spec.ApplyProfile.Network.Property){
if($propStack.PropertyName -eq 'GenericNetStackInstanceProfile'){
foreach($prof in $propStack.Profile){
if($prof.Key -eq 'key-vim-profile-host-GenericNetStackInstanceProfile-vmotion'){
foreach($propMotion in $prof.Property){
if($propMotion.PropertyName -eq 'GenericDnsConfigProfile'){
$propMotion.Profile[0].Enabled = $false
}
}
}
}
}
}
$hp.ExtensionData.UpdateHostProfile($spec)
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks Luc,
i’ll try this out as soon as I get into the office, out interest why is the foreach loop required?
Also looking at the API it seems like unchecking settings like Active Directory Authenticatio is requires less code if I’m not mistake.
Hi Luc,
Unfortunately that didn't work for me, I left that setting enabled and went back in and checked it was still enabled.
How many netstacks do you have in the host profile?
Just the 2 default ones? Or more?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi Luc,
Sorry it did actually work after all, i might have not cleared some variables, however there will be another netstack (vxlan) that will also need the same DNS config unchecked but I'll try and work that out it should be similar to the vmotion one.
I am however having a hard time working out how to to reverse engineer the un-selection of these two settings (attached Image) may I please seek some assistance?
General System Settings > Core Dump Configuration > (UNCHECK) [Core file Settings]
Storage configuration > Native Multi-Pathing (NMP) > Storage Array Type Plugin (SATP) Configuration > (UNCHECK) [SATP Claimrule]
Try this one
function Copy-Property ($From, $To, $PropertyName ="*")
{
foreach ($p in Get-Member -In $From -MemberType Property -Name $propertyName)
{ trap {
Add-Member -In $To -MemberType NoteProperty -Name $p.Name -Value $From.$($p.Name) -Force
continue
}
$To.$($P.Name) = $From.$($P.Name)
}
}
$hpName = 'Test'
$hp = Get-VMHostProfile -Name $hpName
$spec = New-Object VMware.Vim.HostProfileCompleteConfigSpec
Copy-Property -From $hp.ExtensionData.Config -To $spec
# Disable DNS configuration on the vmotion netstack
foreach($propStack in $spec.ApplyProfile.Network.Property){
if($propStack.PropertyName -eq 'GenericNetStackInstanceProfile'){
foreach($prof in $propStack.Profile){
if($prof.Key -eq 'key-vim-profile-host-GenericNetStackInstanceProfile-vmotion'){
foreach($propMotion in $prof.Property){
if($propMotion.PropertyName -eq 'GenericDnsConfigProfile'){
$propMotion.Profile[0].Enabled = $false
}
}
}
}
}
}
# Disable Core Dump FileSettings
foreach($prop in $spec.ApplyProfile.Property){
if($prop.PropertyName -eq 'coredumpFileConfig_coredumpFile_CoredumpFileProfile'){
$prop.Profile[0].Enabled = $false
}
}
# Disable SATP claimrule
foreach($propStor in $spec.ApplyProfile.Storage.Property){
if($propStor.PropertyName -eq 'nmp_nmpProfile_NativeMultiPathingProfile '){
foreach($propSatp in $propStor.Profile.Property){
if($propSatp.PropertyName -eq 'nmp_nmpProfile_StorageArrayTypePluginProfile'){
foreach($propPlugin in $propSatp.Profile.Property){
if($propPlugin.PropertyName -eq 'nmp_nmpProfile_SatpClaimrulesProfile'){
if($propPlugin.Profile -ne $null){
$propPlugin.Profile[0].Enabled = $false
}
}
}
}
}
}
}
$hp.ExtensionData.UpdateHostProfile($spec)
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Try replacing that last part with the following, it should run through all claimrules.
# Disable SATP claimrule
foreach($propStor in $spec.ApplyProfile.Storage.Property){
if($propStor.PropertyName -eq 'nmp_nmpProfile_NativeMultiPathingProfile '){
foreach($propSatp in $propStor.Profile.Property){
if($propSatp.PropertyName -eq 'nmp_nmpProfile_StorageArrayTypePluginProfile'){
foreach($propPlugin in $propSatp.Profile.Property){
if($propPlugin.PropertyName -eq 'nmp_nmpProfile_SatpClaimrulesProfile'){
foreach($claimrule in $propPlugin.Profile){
if($claimrule -ne $null){
$claimrule.Enabled = $false
}
}
}
}
}
}
}
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi Luc,
I really appreciate your help with this, I managed to figure a few more in my own but just stuck on one last one If you wouldn’t mind helping with. I have an additional local user account, it’s a readonly account but I need to set the password as fixed and store the password. I tried to follow your root password change method in your blog but couldn’t figure out how to select this particular user account?
Hi Luc,
I'm still having trouble settings this host profile. What I did notice is when I tried to add a new user account into the HP via the GUI the name was "Security_UserAccountProfile_UserAccountProfile" thought this could be the clue to cracking this but can't figure.
I've attached a screenshot but basically i wanted to do what you described in your blog but not on the root account but the account "read_account" i would like to set the password policy to fixed with the password, i'm not sure if this is possible, if not would I at least be able to uncheck the "read_account" ?