Host Profiles and the CLI Part 2

Building off of Part 1 , I forgot to add how to associate all hosts to the specified profile with the “associateonly” command:

PowerCLI C:\ Get-VMHost | Invoke-VMHostProfile -AssociateOnly -profile $profile

Now to test compliance against the hosts:

Test-VMHostProfileCompliance -VMHost *

Or against the profile specified:

Test-VMHostProfileCompliance -Profile SpecificNameHere

A failure would look similar to:


PowerCLI C:\> Test-VMHostProfileCompliance -VMHost ESXi-perfect | FL

VMHostId : HostSystem-host-20
VMHost : ESXi-perfect
VMHostUid : /VIServer=bbazan@ifitisnotbroken.com:443/VMHost=HostSystem-host-20/
VMHostProfileId : HostProfile-hostprofile-1
VMHostProfile : SpecificNameHere
VMHostProfileUid : /VIServer=bbazan@ifitisnotbrokencom:443/VMHostProfile=HostProfile-hostprofile-1/
IncomplianceElementList : {service_serviceProfile_ServiceConfigProfile-ProfExpression:Service TSM-SSH doesn't meet the running status False}
ExtensionData : VMware.Vim.ComplianceResult
Client : VMware.VimAutomation.ViCore.Impl.V1.VimClient

PowerCLI C:\>

The above shows that TSM-SSH doesn’t meet the running status False, meaning the Host Profile wants SSH off but is currently on. To make the host compliant to the Host Profile use the following command switching out the variable for the associated cluster/ set of hosts:

First, check that your host is in Maintenance Mode (and if not, put it in Maintenance Mode):

 set-VMHost -vmhost ESXi-perfect -State Maintenance

This will apply the Host Profile and then test compliance:

Invoke-VMHostProfile $vmhost | Test-VMHostProfileCompliance $vmhost

If the Host Profile was applied without any issues you will have no output from the check like this:


PowerCLI C:\> Test-VMHostProfileCompliance -VMHost ESXi-perfect | FL

PowerCLI C:\>

Now you can take the host out of Maintenance Mode!

set-VMHost -vmhost ESXi-perfect -State Connected

These can be modified to put a series of hosts into Maintenance Mode and apply the profile depending on your use case!

 

 

Advertisements

Host Profiles and the CLI Part 1

Depending on your licensing level you might want to create a Host Profile. This post is to show how to do it from the CLI. For those of you not familiar with Host Profiles you can read up here. When you have a host configured to a standard you are happy with you can use it as a reference host to “capture” those settings you just spent hours configuring :). Once you do that you will be able to apply it to other hosts and even setup a scheduled job to check of their compliance to make sure there hasn’t been any drift in configuration.

Create a Host Profile from the CLI:

 PowerCLI C:\ New-VMHostProfile -Name SpecificNameHere -ReferenceHost ESXi-perfect -Description "This is for testing compliance in the first vCenter" 

SpecificNameHere: some sort of descriptive name so you know what the Host Profile is testing against or its basic use

ESXi-perfect: The IP or Name of your reference host that is listed in vCenter that you  are now ready to capture its configuration.

Description: I find if people do not name their host profiles something useful they forget what they are for so a description might help you figure out why you made this in the first place.

If you were successful in your command you will now have a host profile!

PowerCLI C:\ New-VMHostProfile -Name SpecificNameHere -ReferenceHost ESXi-perfect -Description "This is for testing compliance in the first vCenter"

Name Description
---- -----------
SpecificNameHere This is for testing complia...

From there you can list out the details to make sure you selected the correct reference host.

PowerCLI C:\ Get-VMHostProfile | FL

ServerId : /VIServer=ifitisnotbroken\bbazan@FirstvCenter:443/
Server : FirstvCenter.ifitisnotbroken.com
Description : This is for testing compliance in the first vCenter
ReferenceHostId : HostSystem-host-##
ReferenceHost : ESXi-perfect.ifitisnotbroken.com
Name : SpecificNameHere
ExtensionData : VMware.Vim.HostProfile
Id : HostProfile-hostprofile-201
Uid : /VIServer=ifitisnotbroken\bbazan@FirstvCenter:443/:443/VMHostProfile=HostProfile-hostprofile-201/
Client : VMware.VimAutomation.ViCore.Impl.V1.VimClient
 

Now the trick is to attach it to other hosts and check their compliance against that Host Profile and remediate. You can attach the Host Profile to a Cluster and/or specific hosts by using these commands:

PowerCLI C:\ Invoke-VMHostProfile -AssociateOnly -Entity $cluster -Profile $profile

$cluster: the cluster you are wanting to associate this Host Profile to

$vmhost: the hosts you are wanting to associate this Host Profile to

$profile: the Host Profile you just created 🙂

At this point if you are worried about your Host Profile being deleted you can simply export a copy.

 PowerCLI C:\ Export-VMHostProfile c:\ -Profile SpecificNameHere 

Mode LastWriteTime Length Name
---- ------------- ------ ----
-a---- 12/22/2017 11:35 AM 1378229 SpecificNameHere.vpf

PowerCLI C:\

If you are wondering what I’m referencing for all of these magical commands it is a variety of docs including this from @vmwarecode code.vmware.com

Now we’ve got a Host Profile, assigned it to a host or cluster and exported a copy just in case.

Part 2 will cover checking compliance and remediating!

 

 

 

 

In Guest VMware Tools CLI commands

In general it seems typical that VMware Tools gets installed on the Guest OS and then left alone after that. While doing some reading and working on some “slowness” issues, I’ve found the Tools CLI to become very handy and powerful.

On the Windows side of things here are a few “common” commands to use tools via the command line. First we need to get into the directory where tools is installed and the toolbox command can be run. The default directory is “C:\Program Files\VMware\VMware Tools”

The command below in the screenshot lists the base commands available with the VMwareToolboxCmd: VMwareToolboxCmd.exe help

vmwaretoolbox-help

I’m not covering all of the commands there but the documentation from VMware does a good job.

I’ve been using the VmwareToolboxCmd.exe stat “subcommandhere” for seeing stats within the GuestOS and I’ve included the snipit from the VMware doc with a little detail for each stat subcommand:

vmwaretoolbox-help-statsubcommands.PNG

As you can see it covers many useful areas to see if the VM is having performance issues related to CPU Limits perhaps or to see if any memory is ballooning, or swapping(I’ve also included memres and cpures just to see if your VM has any reservations):

vmwaretoolbox-stats

You can manually turn timesync with the host on/off/and check status:

vmwaretoolbox-timesync

Another command that I would imagine is useful would be the disk command and shrink subcommands that can be used to actually shrink and reduce the space the virtual disk takes up. As you can see from the screenshot my test VM is a linked clone and this can not be run against it. This doesn’t work against thick provisioned VMs as it wouldn’t shrink the virtual disk since the space has already been allocated for the virtual disk:

vmwaretoolbox-help-disk

**NOTE certain version of Fusion have a “Clean Up Virtual Machine” button and Workstation has a “Compact” menu command that will do the same thing.

The commands are pretty much the same within a Linux OS, below is a screenshot of a CentOS VM. The default directory for this is /usr/sbin/ and the command is “vmware-toolbox-cmd”:vmware-toolbox-cmd-help

There are many more commands that can be run from within the Guest OS, as I stated I’ve been using and seeing these commands used to track down slowness issues within VMs.

Note these commands were taken from the following User’s Guide from VMware and VMware vSphere 6.0 Documentation Center.

Memory Reservation Reporting & Changing Values via PowerCLI

I know there are many sources out there for setting values as far as limits are concerned (See Alan Renouf’s blog)with PowerCLI but I could not find anything about setting or removing reservations with commands found in PowerCLI.

I would like to thank Dean Grant (blog here) for the script to report on what VMs have either CPU or Memory reservations that do NOT equal 0. I have made a couple of slight changes as I was wanting to report VMs that only have Memory reservations and that did not match a specific name.

Here is the script for the reporting that will export to a CSV file(again this is mostly the script from Dean’s Blog with a few tweaks):

**Please note that -notlike could be changed to many different options such as -like or -eq. Also to select a specific # of VMs add the following after the closing } on the first line to select the first 5(or a number of your choosing) objects

| Select-object -First 5 

 $(
$VMs = Get-VM | Where-Object {$_.ExtensionData.ResourceConfig.MemoryAllocation.Reservation -ne "0" -and $_.Name -notlike "InsertVMNameHere*"}

ForEach ($VM in $VMs)

{
"" | Select @{N="Name";E={$VM.Name}},
@{N="Memory Reservation";E={$VM.ExtensionData.ResourceConfig.MemoryAllocation.Reservation }}

}
) | Export-Csv C:\FILENAME.CSV

If you are wanting to change the reservations to a specific reservation value AND VM Share value you can use the below script which I had a bit of help from a VERY knowledgeable colleague VirtualServerGuy

**USE AT YOUR OWN RISK**

**Please note that -notlike could be changed to many different options such as -like or -eq. Also to select a specific # of VMs add the following after the closing } on the first line to select the first 5(or a number of your choosing) objects. Also note you need to replace the “#” for the MemReservationMB with a numerical value and you can alert the -MemSharesLevel to High/Low/Normal (or Custom but I have yet to test that) 

$VMs = Get-VM | Where-Object {$_.ExtensionData.ResourceConfig.MemoryAllocation.Reservation -ne "0" -and $_.Name -notlike "InsertVMNameHere*"}

ForEach ($VM in $VMs){

Get-VM $VM | Get-VMResourceConfiguration | Set-VMResourceConfiguration -MemReservationMB "#" -MemSharesLevel Normal

}

Answer Challenge questions after a datastore reaches 100% used

I’ve run into this issue a few times and with the amount of VMs that are typically on the datastores that reach 100% usage, it comes in handy to have a way to mass answer a challenge question.

**Please note that these scripts are just for reference – use at your own risk** – Standard disclaimer 🙂


##--Use the commented out lines if you haven't connected to a vC yet--##

##$cred = Get-Credential -Message "vCenter or esxi username and password"
##Connect-Viserver vcenterserver -Credential $cred

get-datastore "*" | get-vm "*" | get-vmquestion | Set-VMQuestion -Option "Retry"

Set-VMQuestion -VMQuestion $question -Option "Retry"

To break down the above:

Get-datastore “*” will select any datastore presented to the vC you connect to. You can replace the * with a datastore name to target just the 1 datastore that might be full or have VMs on it with challenge questions.

Get-VM “*” again will target any VM with a challenge question on it. This can be replaced with a full VM name or with a partial like “vc*” to target any VM starting with vc.

This script tells the question to “Retry”. There are other answers but for my need I answer “Retry” after freeing up space on the full datastore. This will then allow your VMs to be able to write to their virtual disks.

 

**Please note that these scripts are just for reference – use at your own risk** – Standard disclaimer 🙂

ESXi5.5 Host Services (vsantraced) non-VMHostService

Sometimes there is a need to stop/start or pull the status of a service that is not listed on a  host when you run the command Get-VMHostService from PowerCLI.

For reference here is what is listed when you run the above command:

Services shown from an esxi5.x host

Services shown from an esxi5.x host

I have had a need to disable the /etc/init.d/vsantraced service to unmount datastores lately and thought I would try to create something on my own to disable the service on a number of hosts.

I haven’t found a way to do it simply with PowerCLI so I decided to use plink.exe (found here) For the following script it is based on having plink in your windows/system32 folder. As a point of reference this script turns SSH on so that plink can login to each host and run the command. Starting with a great foundation for using plink.exe from Alan Renouf’s blog here, started to test starting and stopping the vsantraced service on individual hosts and then changed the current script to run against all hosts found:

This first bit is just something I have saved into a vsantraced.txt file that is referenced in the actual script that is pasted into PowerCLI and run.


/etc/init.d/vsantraced stop

This is the actual script that is pasted into something like PowerShell ISE

**NOTE this has only been tested this against an environment that is NOT currently using VSAN**

**I currently have the first portion commented out as I am typically already connected to my home lab vCenter server**

##--This script is based on having plink.exe(download with putty) in the windows system32 folder--##
##--Use the commented out lines if you haven't connected to a vC yet--##
## $cred = Get-Credential -Message "vCenter or esxi username and password"
## Connect-Viserver vcenterservername -Credential $cred

Add-PSSnapin vmware.vimautomation.core
$command = "**ENTER THE LOCATION OF THE FIRST TXT FILE**\vsantraced.txt"
$esxiHosts = Get-VMHost
$esxicred = Get-Credential -Message "ESXi Host username and password"
foreach ($esxiHost in $esxiHosts) {
$SSHservice = $esxiHost | Get-VMHostService | where {$psitem.key -eq "tsm-ssh"}
if ($SSHservice.Running -eq $False) {
$esxiHost | Get-VMHostService | where {$psitem.key -eq "tsm-ssh"} | Start-VMHostService
}
Write-Output "yes" | plink.exe -ssh root@$esxihost -P 22 -pw $passwd -m $command
$esxiHost | Get-VMHostService | where {$psitem.key -eq "tsm-ssh"} | Stop-VMHostService -Confirm:$false
}

vsantraced-script

**Please note that these scripts are just for reference – use at your own risk** – Standard disclaimer 🙂