VMware Cloud Community
BrianDGeorge
Enthusiast
Enthusiast
‎09-16-2019 07:16 AM
Jump to solution

PowerCLI Script to make all NTP Servers and Services Consistant

I am working on a script to fix all the NTP servers on my ESXi hosts. It works great if everything is messed up the same way but I need to get this to work with ifelse statements I think.  I know there should be an easy way to say if services -eq 'automatic' or 'off' then set-vmhostservice -policy "On".  I want to use the same type of logic to remove ntp servers from hosts, if host = 'aaaa','bbbb','cccc' then remove-vmhostntpserver and add-vmhostntpserver $newntpservers

Currently I have the following:

$oldntpservers='aaaa','bbbb','cccc','dddd'

$newntpservers='xxxx','yyyy'

$vmhostservice='rrrr','ssss'

foreach($vmhost in get-vmhost){

#stop ntpd service

$vmhost|Get-VMHostService |?{$_.key -eq 'ntpd'}|Stop-VMHostService -Confirm:$false

#remove ntpservers

$vmhost|Remove-VMHostNtpServer -NtpServer $oldntpservers -Confirm:$false

#add new ntpservers

$vmhost|Add-VmHostNtpServer -NtpServer $newntpservers

#Change NTP Policy to On for Host

Get-VmHostService -VMHost $vmhostservice | Where-Object {$_.key -eq "ntpd"} | Set-VMHostService -policy "On"

#start ntpd service

$vmhost|Get-VMHostService |?{$_.key -eq 'ntpd'}|Start-VMHostService

}

Please Help.

Regards,

0 Kudos
1 Solution

Accepted Solutions
Zsoldier
Expert
Expert
‎09-16-2019 11:43 AM
Jump to solution

Honestly, if you are looking for consistency, I would look for the list you want, and wipe if it doesn't match what you want it to be.  Otherwise, you end up looking for a pattern that may or may not be right.

I'm pulling from memory, but below is how I approached this in the past.  Unsure on my if statement below, but you could just run it against all hosts to clear what they have and put in what you want.

$NTPList = @("#.#.#.#","#.#.#.#")

$VMhosts = get-vmhost

Foreach ($VMHost in $VMHosts)

{

If (($VMHost | Get-VMHostntpServer) -ne $NTPList)

{

$VMHost | Get-VMHostntpserver | Remove-VMHostNtpServer

$VMHosts | Add-VmHostNtpServer -NtpServer $NTPList

}

}

#Allow NTP queries outbound through the firewall

$VMHosts | Get-VMHostFirewallException | where-object {$_.Name -eq "NTP client"} | Set-VMHostFirewallException -Enabled:$true

#Start NTP client service and set to automatic

$VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Stop-VMHostService

$VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Start-VMHostService

$VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Set-VMHostService -policy "automatic"

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier

View solution in original post

0 Kudos
3 Replies
BrianDGeorge
Enthusiast
Enthusiast
‎09-16-2019 10:17 AM
Jump to solution

Playing around with it I have gotten the answer but want to be careful before I run it in Production.  Anyone have any comments on the following?

$vmhost|Get-VMHostNtpServer |?{$_ -eq $oldntpservers} | Remove-VMHostNtpServer -NtpServer $oldntpservers -Confirm:$false

0 Kudos
Zsoldier
Expert
Expert
‎09-16-2019 11:43 AM
Jump to solution

Honestly, if you are looking for consistency, I would look for the list you want, and wipe if it doesn't match what you want it to be.  Otherwise, you end up looking for a pattern that may or may not be right.

I'm pulling from memory, but below is how I approached this in the past.  Unsure on my if statement below, but you could just run it against all hosts to clear what they have and put in what you want.

$NTPList = @("#.#.#.#","#.#.#.#")

$VMhosts = get-vmhost

Foreach ($VMHost in $VMHosts)

{

If (($VMHost | Get-VMHostntpServer) -ne $NTPList)

{

$VMHost | Get-VMHostntpserver | Remove-VMHostNtpServer

$VMHosts | Add-VmHostNtpServer -NtpServer $NTPList

}

}

#Allow NTP queries outbound through the firewall

$VMHosts | Get-VMHostFirewallException | where-object {$_.Name -eq "NTP client"} | Set-VMHostFirewallException -Enabled:$true

#Start NTP client service and set to automatic

$VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Stop-VMHostService

$VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Start-VMHostService

$VMhosts | Get-VmHostService | Where-Object {$_.key -eq "ntpd"} | Set-VMHostService -policy "automatic"

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Was it helpful? Let us know by completing this short survey here.

Chris Nakagaki (中垣浩一)
Blog: https://tech.zsoldier.com
Twitter: @zsoldier
0 Kudos
BrianDGeorge
Enthusiast
Enthusiast
‎09-16-2019 11:47 AM
Jump to solution

Good point, I was looking at this too complicated and needed to just simplify and "wipe and reload".  Sometimes I forget my KISS methodology.

0 Kudos