Hi ,
We have recently implemented host profiles in our environment and we scheduled periodical checks to run a Host Profile compliance check on the cluster on a recurring basis. For that we used vCenter inbuilt scheduler that does the job ever 15 days . We have total of 20 vCenter servers ...is there any powercli script that i can get the status of all the host profiles whether the attached profile is complaint or non-complaint at a cluster level .
example : vCenter name Profile Name Compliance status
-------------------- ------------------ ----------------------
SYD_VC1 CL1_v.6.5 Complaint / non complaint .
Would this do the trick?
It assumes that you are connected to all vCenters.
Get-VMHost | Test-VMHostProfileCompliance -UseCache -ErrorAction SilentlyContinue |
Select @{N='VMHost';E={$_.VMHost.Name}},
@{N='VMHostProfile';E={$_.VMHostProfile.Name}},
@{N='CheckDate';E={$_.VMHost.ExtensionData.ConfigIssue.CreatedTime}},
@{N='Message';E={$_.VMHost.ExtensionData.ConfigIssue.FullFormattedMessage}}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
This should go in the PowerCLI subforum.
Would this do the trick?
It assumes that you are connected to all vCenters.
Get-VMHost | Test-VMHostProfileCompliance -UseCache -ErrorAction SilentlyContinue |
Select @{N='VMHost';E={$_.VMHost.Name}},
@{N='VMHostProfile';E={$_.VMHostProfile.Name}},
@{N='CheckDate';E={$_.VMHost.ExtensionData.ConfigIssue.CreatedTime}},
@{N='Message';E={$_.VMHost.ExtensionData.ConfigIssue.FullFormattedMessage}}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks ! LucD
Hey Luc, how can one tell from this which host ARE in compliance will this show both or just the ones thats are not in compliance?
Thanks
Edward
The object returned by that cmdlet contains a property named IncomplianceElementList.
If that property is empty then the ESXi node is compliant with the profile.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ok thanks, guess i need to try something different that allows me to pass a list of hosts and show they are in compliance with attached profile.
Why?
You can add multiple names on the Get-VMHost cmdlet.
And you can use a calculated property for the Compliance status
Test-VMHostProfileCompliance -UseCache -ErrorAction SilentlyContinue |
Select @{N='VMHost';E={$_.VMHost.Name}},
@{N='VMHostProfile';E={$_.VMHostProfile.Name}},
@{N='Compliance';E={if($_.IncomplianceElementList){'Not compliant'}else{'Compliant'}}},
@{N='CheckDate';E={$_.VMHost.ExtensionData.ConfigIssue.CreatedTime}},
@{N='Message';E={$_.VMHost.ExtensionData.ConfigIssue.FullFormattedMessage}}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
When i run this with three host, it come back with nothing. Assuming that means all were compliant? My issues is i want to prove to an Auditor with a screen shot that they ARE compliant. In my case a not in compliance would mean audit failure.
Are there any HostProfiles assigned to the ESXi nodes?
Get-VMHostProfile
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
@{N='Compliance';E={if($_.IncomplianceElementList){'Not compliant'}else{'Compliant'}}}
That line is very clever! Thanks LucD!