VMware Cloud Community
sanknl
Contributor
Contributor
Jump to solution

Host Profile Compliance report script .

Hi ,

We have recently implemented host profiles in our environment and we scheduled periodical checks to run a Host Profile compliance check on the cluster on a recurring basis. For that we used vCenter inbuilt scheduler that does the job ever 15 days . We have total of 20 vCenter servers ...is there any powercli script that i can get the status of all the host profiles whether the attached profile is complaint or non-complaint at a cluster level .

example : vCenter name            Profile Name             Compliance status

               --------------------            ------------------               ----------------------

                 SYD_VC1                     CL1_v.6.5                Complaint / non complaint .

1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

Would this do the trick?
It assumes that you are connected to all vCenters.

Get-VMHost | Test-VMHostProfileCompliance -UseCache -ErrorAction SilentlyContinue |

Select @{N='VMHost';E={$_.VMHost.Name}},

    @{N='VMHostProfile';E={$_.VMHostProfile.Name}},

    @{N='CheckDate';E={$_.VMHost.ExtensionData.ConfigIssue.CreatedTime}},

    @{N='Message';E={$_.VMHost.ExtensionData.ConfigIssue.FullFormattedMessage}}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

10 Replies
daphnissov
Immortal
Immortal
Jump to solution

This should go in the PowerCLI subforum.

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Would this do the trick?
It assumes that you are connected to all vCenters.

Get-VMHost | Test-VMHostProfileCompliance -UseCache -ErrorAction SilentlyContinue |

Select @{N='VMHost';E={$_.VMHost.Name}},

    @{N='VMHostProfile';E={$_.VMHostProfile.Name}},

    @{N='CheckDate';E={$_.VMHost.ExtensionData.ConfigIssue.CreatedTime}},

    @{N='Message';E={$_.VMHost.ExtensionData.ConfigIssue.FullFormattedMessage}}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

sanknl
Contributor
Contributor
Jump to solution

Thanks ! LucD

Reply
0 Kudos
RJ4719
Contributor
Contributor
Jump to solution

Hey Luc, how can one tell from this which host ARE in compliance will this show both or just the ones thats are not in compliance?

Thanks

Edward

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

The object returned by that cmdlet contains a property named IncomplianceElementList.

If that property is empty then the ESXi node is compliant with the profile.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
RJ4719
Contributor
Contributor
Jump to solution

Ok thanks, guess i need to try something different that allows me to pass a list of hosts and show they are in compliance with attached profile.

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Why?

You can add multiple names on the Get-VMHost cmdlet.
And you can use a calculated property for the Compliance status

Get-VMHost -Name esx1,esx2,esx3 |

Test-VMHostProfileCompliance -UseCache -ErrorAction SilentlyContinue |

Select @{N='VMHost';E={$_.VMHost.Name}},

    @{N='VMHostProfile';E={$_.VMHostProfile.Name}},

    @{N='Compliance';E={if($_.IncomplianceElementList){'Not compliant'}else{'Compliant'}}},

    @{N='CheckDate';E={$_.VMHost.ExtensionData.ConfigIssue.CreatedTime}},

    @{N='Message';E={$_.VMHost.ExtensionData.ConfigIssue.FullFormattedMessage}}


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

RJ4719
Contributor
Contributor
Jump to solution

When i run this with three host, it come back with nothing. Assuming that means all were compliant?  My issues is i want to prove to an Auditor with a screen shot that they ARE compliant. In my case a not in compliance would mean audit failure.

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Are there any HostProfiles assigned to the ESXi nodes?

Get-VMHost -Name esx1,esx2,esx3 |

Get-VMHostProfile


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
DanMan3395
Enthusiast
Enthusiast
Jump to solution

@{N='Compliance';E={if($_.IncomplianceElementList){'Not compliant'}else{'Compliant'}}}

That line is very clever! Thanks LucD!

Reply
0 Kudos