Ok, Loving the cmdlets for VUM, great job !
I am trying to get a list of the updates which apply to my host, I have done the following so far:
$VMHostObj = Get-VMHost testesx
$Baseline = Get-Baseline "ESXi Updates"
$Baseline | Attach-Baseline -Entity $VMHostObj
$VMHostObj | Scan-Inventory
Get-Compliance -Entity $VMHostObj
I would have thought the Get-Complance object would contain a list of the patches which are missing from my host as per the below screenshot, but I cant seam to find them, any ideas? am I missing something ?
!Patches.jpg!
Alan Renouf
Hi Alan,
Thanks for the positive feedback!
You must use the –Detailed parameter. The returned detailed compliance status contains lists of patches per each of the compliance statuses. You can retrieve the missing patches this way:
$complianceStatus = Get-Compliance -Entity $VMHostObj –Detailed
$complianceStatus.NotCompliantPatches
The NotCompliantPatches contains a list of the patches with NotCompliant/Missing status.
Biliana
Hi Alan,
Thanks for the positive feedback!
You must use the –Detailed parameter. The returned detailed compliance status contains lists of patches per each of the compliance statuses. You can retrieve the missing patches this way:
$complianceStatus = Get-Compliance -Entity $VMHostObj –Detailed
$complianceStatus.NotCompliantPatches
The NotCompliantPatches contains a list of the patches with NotCompliant/Missing status.
Biliana
Brilliant thanks, I missed that parameter, havent seen it done like that before on any of the PowerCLI cmdlets, is that to speed things up unless the information is needed, kinda like adding retrieving the full object with Get-View ?
If you found this information useful, please consider awarding points for Correct or Helpful.
Alan Renouf
Yes, Alan you are right. This is to speed things up. It is similar to the way the Get-View provides the ability to specify the level of detail through –Property parameter, but in opposite direction. The default behavior of Get-View cmdlet is to return a VIObject with its full details/properties, while the Get-Compliance returns the possible smallest level of detail, until the -Detailed parameter is not used.
Biliana
Hi,
I'm trying to do the same as Alan but for VMs, I tried the same solution but it didn't work for me:
When I execute the second command:
$complianceStatus.NotCompliantPatches
it doesn't bring any answer, but if I used just the variable $complianceStatus it respond with all the detailed information.
It's there a reason because the command doesn't show just one field of the detailed information keep on the variable?
Hi Frank,
All patches are grouped in properties(lists of patches) according to their compliance status. You can see these properties by running:
$complianceStatus | gm -MemberType property *patches
I suppose that the patches you are looking for are not with NotCompliant status, therefore the $complianceStatus.NotCompliantPatches list is empty. They should be represented in some of the other properties (patch lists). Could you check this?
One more thing, I presume that the $complianceStatus in your case is a single object. If it is an array you have to explore each element of the array. Each element represents an association between
inventory item - baseline - patches included in the baseline, devided by their status.
Thanks,
Biliana
Hi Biliana,
I saved the result for the Get-Compliance -Entity $VMHostObj –Detailed into the variable $Test, then try to returns the values for each one of the properties that a got from the command $complianceStatus | gm -MemberType property *patches,but non of this returned any data.
About what you said of the $complianceestatus, I'm trying the command for a single VM, and the VM has attached the two default baseline for the VMs:
Critical VM Patches
Non-Critical VM Patches
But when I run the Get-Compliance command, in Baseline what I got is:
VMware.VumAutomation.Types.UpgradeBaselineImpl, and
VMware.VumAutomation.Types.PatchBaselineImpl
Could this be related or I have to look somewhere else?
Thanks.
Frank,
you can get the not compliant patches with:
$VMHostObj = Get-VMHost YourHost.YourDomain.YourCountry $ComplianceStatus = Get-Compliance -Entity $VMHostObj -Detailed $ComplianceStatus | Select-Object -expandProperty NotCompliantPatches
You can get the values of the other VMware.VumAutomation.Types.Patch[] properties of $ComplianceStatus in the same way.
Robert