Using VMware Update Manager with PowerCLI

While this isn’t anything exciting which I have accomplished (I am just using the tools which others have done a great job of creating), this is exciting because it provides other options – even if they involve a little more work initially. Granted, I don’t want to end up re-creating the entire VMware Infrastructure Client through PowerCLI, but it is a very nice tool, to help me function more quickly.

Tired of the VUM add-on user interface, and the clumsiness which often ensues when navigating the VIC in general (focus changes when arrowing through tree views, sub-sections of the display are unable to be maximized without dragging them using a mouse), I turned to VMware PowerCLI to help me use VUM to remediate ESX hosts.

Besides PowerShell (which comes with Windows 7 and Server 2008) and VMware vSphere™ PowerCLI, you also need the vCenter Update Manager PowerCLI. Make sure you get VUM PowerCLI version 4.1.

I had planned on pasting a complete session with commands and output, but my history turned out to only include the last 4th of my work. SO instead, I’ll just show commands, including some comments.

This is not a PowerCLI script, but a set of commands which I used interactively – similarly to what you would do in the VIC. This is also my first real use of Powershell, so likely there are other smarter ways to do some of the pipelining – suggestions are welcome!

# Connect to a vCenter server.
# Instead of using a Powershell authentication object, or specifying user / password, we will get prompted with a GUI.
connect-viserver -server
# We will use the critical and noncritical host patches baselines.
# Put both of those in a single variable, which we can then attach to ESX hosts.
# Baselines only need to be attached to a host once.
$baselines = Get-Baseline '*critical host patches'
# Verify which baselines we have chosen, by printing the variable:
# This will show the two baselines and their description.
# Create a variable which represents the host we want to patch.
$h = get-vmhost -name
# Attach the two baselines to the ESX host.
attach-baseline -baseline $baselines -entity $h
# Show the baselines atached to this ESX host, just to verify.
# This is also useful when baselines are already attached from an earlier use of VUM.
$h | get-baseline
# Scan the host.
# You can also add the -async option to the scan-inventory call, to not wait for the task to complete.
$h | scan-inventory
# See if the host is compliant.
$h | get-compliance
# Show compliance, with more info (number of patches in each baseline).
$h | get-compliance -detailed
# For interest, see which VMs are running on this host.
$h | get-vm | foreach-object {(Get-View $_.ID).name } | sort
# Put the host in maintenance mode before remediating it.
# The remediation action puts the host into maintenance mode too,
# but doing it by hand lets us deal with any issues along the way, without risking the remediation task timing out.
# The -evacuate parameter registers powered off VMs on other hosts.
# The -runasync parameter does not wait for the task to complete, so you can do other things, like look at the task list.
$h | set-vmhost -state maintenance -evacuate -runasync
# Now remediate this host.
# The -runasync parameter does not wait for the task to complete.
$h | remediate-inventory -baseline $baselines -runasync
# Watch tasks with:
get-task -status running
# Get the host's status after reboot, wait for the host to come back in VC:
# I am not sure of a way to do this with our $h variable.
# This will show a status of not responding while the host reboots.
# Once it shows a status of maintenance mode, continue...
get-vmhost -name
# Now that the host has rebooted, and is connected in vCenter:
# Rescan the host, then check compliance again.
# I believe the remediate process does an automatic rescan itself, but we'll do it again just to be sure...
$h | scan-inventory
$h | get-compliance -detailed
# Now exit maintenance mode.
$h | set-vmhost -state connected
This entry was posted in VMware vSphere and tagged , , , . Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s