VMware Cloud Community
elihuj
Enthusiast
Enthusiast
Jump to solution

Compliance Check on Host or vCenter

When running compliance check scripts, are these being run against information pulled from the host or from information in vCenter? Is the host being queried or just vCenter? I am trying to figure out the impact to running scripts against hosts/clusters/datacenters/etc. Thank you for any info you can offer.

Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

That information is pulled from the server where the Update Manager service runs.

Since you don't do an actual scan, nothing will be started on the ESXi hosts.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Reply
0 Kudos
18 Replies
LucD
Leadership
Leadership
Jump to solution

It depends a bit on the code you use.

Could you perhaps share some code about which you have questions ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
elihuj
Enthusiast
Enthusiast
Jump to solution

Thanks LucD, here is the code that I am using:

# Get today's date

$CurrentDate = Get-Date

$CurrentDate = $CurrentDate.ToString('MM-dd-yyyy_hhmmss')

# Set Output Path

$path = "C:\SUPPORT\Reports\"

# Edit the file below to include the hosts you wish to output

Get-VMHost -Name (Get-Content "C:\SUPPORT\esxihosts.txt") |

Get-Compliance -Detailed |

  Select @{N="Host Name";E={$_.Entity.Name}},

  @{N="Baseline";E={$_.Baseline.Name}},

  @{N="Compliant Patches";E={$_.CompliantPatches | Measure-Object | Select -ExpandProperty Count}},

  @{N="Not Compliant Patches";E={$_.NotCompliantPatches | Measure-Object | Select -ExpandProperty Count}},

  @{N="Unknown Patches";E={$_.UnknownPatches | Measure-Object | Select -ExpandProperty Count}},

  @{N="Not Applicable Patches";E={$_.NotApplicablePatches | Measure-Object | Select -ExpandProperty Count}},

  Status |

  Export-Csv "$path\PatchComplianceHostReport_$CurrentDate.csv" -UseCulture -NoTypeInformation

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

That information is pulled from the server where the Update Manager service runs.

Since you don't do an actual scan, nothing will be started on the ESXi hosts.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
elihuj
Enthusiast
Enthusiast
Jump to solution

Okay great! So with this script, there will be no impact whatsoever to the hosts themselves correct? ONLY against the vCenter server where Update Manager is running?

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

That is correct.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
elihuj
Enthusiast
Enthusiast
Jump to solution

As always, thank you LucD.

Reply
0 Kudos
Muchemi
Contributor
Contributor
Jump to solution

Hi LucD

The scripts works very well however in esxi 5.1, but when I run it on ESXi 4.1 hosts,I get the error below, despite the txt file containing the server name.

Get-VMHost : 1/16/2014 11:17:08 AM    Get-VMHost        VMHost with name 'server1                        ' was not found using the specified filter(s).

At D:\Powershell\VMCompliance\compliance.ps1:11 char:11

+ Get-VMHost <<<<  -Name (Get-Content "D:\Powershell\VMCompliance\esxi4.1hosts.txt") |

    + CategoryInfo          : ObjectNotFound: (:) [Get-VMHost], VimException

    + FullyQualifiedErrorId : Core_OutputHelper_WriteNotFoundError,VMware.VimAutomation.ViCore.Cmdlets.Commands.GetVMHost

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Which Update Manager PowerCLI build are you using to run on ESXi 4.1 hosts ?

I'm afraid the Update Manager PowerCLI pssnapin needs to be the same version as the servers you are running against.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Muchemi
Contributor
Contributor
Jump to solution

PowerCLI D:\Powershell\VMCompliance> Get-PowerCLIVersion

PowerCLI Version

----------------

   VMware vSphere PowerCLI 5.1 Release 1 build 793510

---------------

Snapin Versions

---------------

   VMWare AutoDeploy PowerCLI Component 5.1 build 768137

   VMWare ImageBuilder PowerCLI Component 5.1 build 768137

   VMware vCloud Director PowerCLI Component 1.5 build 793505

   VMware License PowerCLI Component 5.1 build 669840

   VMware vSphere PowerCLI Component 5.1 build 793489

  VMware vCenter Update Manager PowerCLI 4.1 build 266648

Reply
0 Kudos
elihuj
Enthusiast
Enthusiast
Jump to solution

Do you get any output when you run Get-VMHost - Name (Get-Content "D:\Powershell\VMCompliance\esxi4.1hosts.txt")?

Reply
0 Kudos
Muchemi
Contributor
Contributor
Jump to solution

Yes, I get the list of the hosts

Reply
0 Kudos
Muchemi
Contributor
Contributor
Jump to solution

Below is the script I am running

Add-PSSnapin VMware.VimAutomation.Core -ErrorAction SilentlyContinue

Set-PowerCLIConfiguration -InvalidCertificateAction "Ignore" -Confirm:$false

Connect-VIServer vcenter -user  -password

# Get today's date

$CurrentDate = Get-Date

$CurrentDate = $CurrentDate.ToString('MM-dd-yyyy_hhmmss')

# Set Output Path

$path = "D:\Powershell\VMCompliance\"

Get-VMHost -Name (Get-Content "D:\Powershell\VMCompliance\esxi4.1hosts.txt") |

Get-Compliance -Detailed |

Select @{N="Host Name";E={$_.Entity.Name}},

    @{N="Baseline";E={$_.Baseline.Name}},

    @{N="Compliant Patches";E={$_.CompliantPatches | Measure-Object | Select -ExpandProperty Count}},

    @{N="Not Compliant Patches";E={$_.NotCompliantPatches | Measure-Object | Select -ExpandProperty Count}},

    @{N="Unknown Patches";E={$_.UnknownPatches | Measure-Object | Select -ExpandProperty Count}},

    @{N="Not Applicable Patches";E={$_.NotApplicablePatches | Measure-Object | Select -ExpandProperty Count}},

    Status |

Export-Csv "$path\PatchComplianceReport$CurrentDate.csv" -UseCulture -NoTypeInformation

Disconnect-VIServer -Server  -Confirm:$false

Reply
0 Kudos
elihuj
Enthusiast
Enthusiast
Jump to solution

Perhaps try adding a new variable:

$esxi = Get-VMHost -Name (Get-Content "D:\Powershell\VMCompliance\esxi4.1hosts.txt") |


$esxi |

Get-Compliance -Detailed |

Select @{N="Host Name";E={$_.Entity.Name}},

    @{N="Baseline";E={$_.Baseline.Name}},

    @{N="Compliant Patches";E={$_.CompliantPatches | Measure-Object | Select -ExpandProperty Count}},

    @{N="Not Compliant Patches";E={$_.NotCompliantPatches | Measure-Object | Select -ExpandProperty Count}},

    @{N="Unknown Patches";E={$_.UnknownPatches | Measure-Object | Select -ExpandProperty Count}},

    @{N="Not Applicable Patches";E={$_.NotApplicablePatches | Measure-Object | Select -ExpandProperty Count}},

    Status |

Export-Csv "$path\PatchComplianceReport$CurrentDate.csv" -UseCulture -NoTypeInformation

Reply
0 Kudos
Muchemi
Contributor
Contributor
Jump to solution

When I add that I get this error

PowerCLI D:\Powershell\VMCompliance> .\compliance.ps1

Expressions are only allowed as the first element of a pipeline.

At D:\Powershell\VMCompliance\compliance.ps1:13 char:7

+ $esxi  <<<< |

    + CategoryInfo          : ParserError: (:) [], ParseException

    + FullyQualifiedErrorId : ExpressionsMustBeFirstInPipeline

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Could it be that your copy/paste wasn't like it should be ?

Can you attach the script you are using, I suspect something is wrong in there.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Muchemi
Contributor
Contributor
Jump to solution

here you go

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

That looks ok.

Are you sure there is something in the $esxi variable ?

Is the TXT file having some valid entries ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
Muchemi
Contributor
Contributor
Jump to solution

Very true my text file had issues, now working like charm.

Thanks a tonne LucD

Reply
0 Kudos