Solved: change all esxi root passwords - need to define ex...

jonebgood_157 · ‎11-17-2022

So I have the following script which allows me to rotate all the ESXi root passwords in a given vCenter. A great time saver, however, I have a few hosts in the vcenter that are not in scope and I don't want to rotate their passwords. Can someone help in how I can create a statement(if? not sure) to exclude. The good thing is that the hosts I want to exclude have a common pattern string in their hostname "mgt".

here is my code.

$thisPath = Split-Path (Resolve-Path $MyInvocation.MyCommand.Path)
Set-Location $thisPath

Write-Host "Enter the current root password"
$root = Get-Credential root

$rootPwdNew = Read-Host "Enter the NEW root password" -AsSecureString
$rootPwdNewDecrypted = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($rootPwdNew))
Write-Host "The new root password will be set to: $rootPwdNewDecrypted"

Write-Host "Enter your admin account credential"
$acct = Get-Credential

$vCenterName = Read-Host "Enter a vCenter name"

Write-Host "Connecting to $vCenterName" -ForegroundColor Cyan -NoNewline
$vi = Connect-VIServer $vCenterName -Credential $acct -WarningAction SilentlyContinue
Write-Host "..Connected" -ForegroundColor Green

$vmhosts_good = Get-VMHost | where { $_.ConnectionState -eq "Connected" -or $_.ConnectionState -eq "Maintenance" }
$vmhosts_not_connected = Get-VMHost | where { $_.ConnectionState -ne "Connected" -and $_.ConnectionState -ne "Maintenance" }

if ($vmhosts_good)
{
$vmhostCount = $vmhosts_good.Count
Write-Host "There are $vmhostCount esx hosts in $vCenterName"
}

if ($vmhosts_not_connected)
{
Write-Host "These hosts are not accessible:"
$vmhosts_not_connected
}

Write-Host "Disconnecting from $vCenterName" -ForegroundColor Magenta -NoNewline
Disconnect-VIServer $vi -Confirm:$false
Write-Host "..Disconnected" -ForegroundColor Green
Write-Host ""

$i = 1
$bad_root = @()
$vmhosts_good | foreach {
$vmhostName = $vmhost = $vi = $null

$vmhostName = $_.Name
Write-Host "$i of $vmhostCount Connecting to $vmhostName" -ForegroundColor Cyan -NoNewline
try {
$vi = Connect-VIServer $vmhostName -Credential $root -WarningAction SilentlyContinue -ErrorAction Stop
Write-Host "..Connected" -ForegroundColor Green

Write-Host "..Changing the root password on $vmhostName" -ForegroundColor Cyan -NoNewline
Set-VMHostAccount -UserAccount root -Password $rootPwdNewDecrypted -Confirm:$false | Out-Null
Write-Host "..Done" -ForegroundColor Green

Write-Host "Disconnecting from $vmhostName" -ForegroundColor Magenta -NoNewline
Disconnect-VIServer $vi -Confirm:$false
Write-Host "..Disconnected" -ForegroundColor Green
Write-Host ""
}
catch
{

LucD · ‎11-17-2022

Follow the Get-VMHost with a Where-clause

$VMHosts = Get-VMHost -Location $Location | where{$_.Name -notmatch 'mgt'}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

View solution in original post

LucD · ‎11-17-2022

With -notmatch (and -match) you can use RegEx to specify a mask.

Something like this

$vmhost_Selection = Get-VMHost | where{$_.Name -notmatch 'mgt'}
$vmhosts_good = $vmhost_Selection | where { $_.ConnectionState -eq "Connected" -or $_.ConnectionState -eq "Maintenance" }
$vmhosts_not_connected = $vmhost_Selection | where { $_.ConnectionState -ne "Connected" -and $_.ConnectionState -ne "Maintenance" }

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

jonebgood_157 · ‎11-17-2022

@LucD

So I'm trying to write a newer script with better code for this purpose. If I'm using this line(which defines a location via input), how can I add the exclusion with regex pattern match?

Param ( [String] $vCenter = (Read-Host "Enter Virtual Center"),
[String] $Location = (Read-Host "Enter VMHost Location (can be a vCenter, DataCenter, Cluster or * for all)"),
[System.Security.SecureString] $RootPassword = (Read-Host "Enter current root password" -AsSecureString),
[System.Security.SecureString] $NewPassword = (Read-Host "Enter new root password" -AsSecureString),
[System.Security.SecureString] $NewPasswordVerify = (Read-Host "Re-enter new root password" -AsSecureString)
)

$VMHosts = Get-VMHost -Location $Location

LucD · ‎11-17-2022

Follow the Get-VMHost with a Where-clause

$VMHosts = Get-VMHost -Location $Location | where{$_.Name -notmatch 'mgt'}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

jonebgood_157 · ‎11-17-2022

@LucD Thanks, that all worked great. Do you know any JavaScript? I've done an equivalent VRO workflow for this purpose but have no idea how to exclude string patterns in Javascript. This is my code and it changes all the hosts in a given vCenter, but I don't know how to exclude. I would think it would be something in my var statement....

var hosts = vcenter.allHostSystems;

for (var h in hosts) {

var host = hosts[h];

System.log("ESXi Host " + host.name + ":");

var specAccount = new VcHostAccountSpec();

specAccount.id = username;

specAccount.password = password;

host.configManager.accountManager.updateUser(specAccount)};

LucD · ‎11-18-2022

Sorry, never used Java.
A quick search seems to indicate that there is a Class RegexFilter, but I wouldn't know how to use it.
Perhaps ask the question in the vRO Community.

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

change all esxi root passwords - need to define exclusions