PowerCLI is an incredible tool that you can use to automate many of your operational procedures, particularly useful if you are constrained by budget and you are competent in scripting with Windows PowerShell. This post covers setting up and using PowerCLI, the operational risks entailed, how to use Virtu-al.net’s vCheck script and a “Delete Snapshot, notify by email” script.
What is PowerCLI?
PowerCLI is an interface from VMware that integrates vCenter with Windows PowerShell. Which means that an administrator can use Windows PowerShell scripts (.PS1) to execute jobs within vCenter.
- Make sure you test each script before you roll it out to production.
- Run the script manually and verify that it works, try different permutations/combinations and failure scenarios to ensure you have the correct logic in place.
- Document what you have done and notify your operations and administration staff about what the script does, how it does it and when it will do it.
- You could write the best script in the world, but if you do not comment the code, use meaningful function and variable names and make it easy to modify and maintain, then it will be for naught when other administrators try to support it.
- Secure the script directory on your “APP” drive so that only authorised administrators can execute and modify them.
- Use Active Directory service accounts for running scheduled jobs, this secures and separates automated tasks from the manual tasks performed by administrators.
How do I Install PowerCLI?
- Download the “vSphere PowerCLI” package from my.vmware.com. Select “Downloads” and search for “vSphere PowerCLI”.
- Install PowerCLI on your vCenter server (Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2).
- Verify that your “Programs and Features” window has the “VMware Remote Console Plugin 5.1”, “VMware vSphere PowerCLI” and “VMware VIX” entries.
- Open a PowerShell windows (Run as Administrator) and type “set-executionpolicy -executionpolicy RemoteSigned”.
How do I use PowerCLI?
Open the PowerCLI icon (Run as Administrator) and you can execute commands manually, run scripts manually or automate your scripts with Task Scheduler (see below). For example:
- Type “Connect-VI <vCenter IP>”, and you will connect to your vCenter server.
- Type “Get-VM” and every VM in the vCenter Inventory is listed.
- If you have a script, go to the script location and execute it by typing “.\<scriptname>.PS1”.
How do I Run a PowerShell Script Automatically?
This is the real magic of PowerCLI, using sophisticated scripts with program logic to perform scheduled tasks within vCenter:
- You have manually executed the script and tested that it works.
- Go to the Administration Tools folder and execute “Task Scheduler”.
- Select the “Task Scheduler Library” and you will see the existing tasks.
- Select “Create Task”.
- Select the “General” tab and enter the “Name” of the task.
- Select “Run whether the user is logged in or not”.
- Select “Run with highest privileges”.
- Select “Change User or Group” and enter the PowerCLI service account name and password. Select “OK”.
- Select the “Trigger” tab and configure the schedule (eg. hourly, daily, weekly, monthly, yearly). Then press “OK”.
- Select the “Action” tab and press “New”.
- Set the “Action” to “Start a program”.
- For “Program/script”, press “Browse” and select “powershell.exe” in the “C:\Windows\System32\WindowsPowerShell\v1.0\” directory.
- In the “Add arguments (optional)” field, enter the PowerShell script path, eg. “E:\vCheck-vSphere-master\vCheck.ps1”. Press “OK”.
- Select the “Conditions” tab and deselect “Start the task only if the computer is on AC power”. Press “OK”.
- Select the “Settings” tab and select “Allow this task to be run on demand”.
- Select “Stop this task if it runs longer than” and set the period slightly longer than it takes to execute.
- Select “If the running task does not end when requested, force it to stop”.
- For “If the task is already running, then the following rule applies” select “Do not start a new instance”.
- Press “OK” to complete the configuration of the new task.
- Select the new task from the “Task Scheduler Library” and right mouse click and press “Run”. Verify that the task executes correctly.
- The PowerShell script will now execute automatically on the defined schedule.
- Be mindful of updating your operational procedures to reflect this automated task.
What is vCheck and how should I use it?
In my opinion, every organisation that uses vCenter should use vCheck for vSphere, it is free and it works. vCheck for vSphere is a set of vSphere health check scripts that you run daily upon your vSphere environment; everything that you could think of is already included and then some, with the results being emailed to you. Be aware that vCheck currently has four variants: vSphere, vCD Audit, Exchange 2010 and SCVMM.
- You get vCheck-vSphere from here: Virtu-al.net’s vCheck.
- Unzip the vCheck-vSphere package to your PowerShell scripts directory on your vCenter server.
- Open PowerCLI and change directory to vCheck.
- You configure vCheck by typing “.\vCheck.ps1 -config” and answering the prompts.
- To disable vCheck plugins, just type “.\vCheck-Plugins.ps1” and disable the modules you are not interested in (eg. VSAN).
- Execute the script manually by typing “.\vCheck.ps1” and wait for the script to execute, check for any error messages that may need to be resolved and verify you get the vCheck report emailed to you.
- Now you can create a daily task in Task Scheduler (procedure described above).
What is this “Delete Snapshot, Notify by Email” script?
Snapshots are a great feature of vSphere that allow you to protect yourself during patches and tricky upgrades. However, the bane of the Snapshot is the Administrator who forgets to cleanup. Create a policy regarding maximum Snapshot age (pick a number between 3 to 10 days) and then implement this script: DeleteSnapShotsOlderThan5DaysPS1 (Just rename it from .doc to .PS1). This script was adapted from Virtu-al.net’s Snapshot-Reminder script. I have verified it works on Windows Server 2008 R2 and Windows Server 2012 R2 with vSphere 5.1 and vSphere 5.5.
This script will be executed on a regular schedule, removing all Snapshots that exceed your policy and then emailing the details to a predefined email address. You will also need to edit the script to set the vCenter Server IP Address, SMTP Server IP Address and the Snapshot age.
If you are using VADP for Backup/Recovery, make sure this script does not execute during your backup window, otherwise you may impact the VADP snapshots (depending on the configured Snapshot Age). You could enhance the script to skip any Snapshots created by the VADP service account.