vSphere

PowerCLI: Documenting vCenter Permissions (Part 1)

Feb 12th

Posted by mp in PowerShell

It’s a nice feeling being asked to do something challenging and new. There I was writing lots of lovely documentation and I was asked if I could document the permissions in vCenter. I said “Ok” without really thinking about it. Do you know how many different privileges there are in vCenter? Quite a few, I realised a few seconds later.

After consulting the PowerCLI cmdlets reference I found out exactly how many there were.

(get-VIPrivilege).count

Only 249. Multiply that by 14 default roles and you get 3486 permissions to document. It’s not quite that bad really. You only need to document permissions that have been assigned so that cuts the number down considerably. Still, there must be an easier way.

I’ve all but hit you over the head with the solution. Let’s take the default “Admin” role as an example. The following shows exactly which permissions it has:

get-VIPrivilege -role Admin

The output isn’t pretty but it gets the job done. Suppose you want the privileges for all roles. To borrow Apple’s catch-phrase, there’s a cmdlet for that.

get-VIRole

This is all well and good but we need to combine these cmdlets, their output and present it in some sort of meaningful way. PowerShell has a number of builtin cmdlets for formatting and / or exporting data. What I wanted was something that didn’t require me to do any extra formatting afterwards and that I can use again. Given the nature of the data we’re trying to extract, one of the best ways of presenting it is in an Excel spreadsheet. For this we could use the export-csv cmdlet but to avoid any extra formatting I decided to experiment with Excel interaction. That is the part that took most of the time and has made the script below such an ungainly beast. Thanks though to the magic of Google and inspiration from one of Alan Renouf’s scripts, I cobbled together the following:

####################################################################
# List-Privileges.ps1                                              #
#                                                                  #
# Author: Michael Poore (www.wekabyte.co.uk)                       #
# Version: 0.1                                                     #
# Date: 12/02/2010                                                 #
#                                                                  #
# Change History:                                                  #
# - 0.1 - First working version                                    #
#                                                                  #
####################################################################

$vcserver = "myvcserver"
$startrow = 3
$date = get-date -format F

# Connect to VC Server
Connect-VIServer $vcserver

# Get a list of all privileges from the VC Server
$privs = @()
foreach ($priv in Get-VIPrivilege | sort Id)
{
 $objecta = ""  | select-Object ID,Description
 $objecta.ID = $priv.Id
 $objecta.Description = $priv.Description
 $privs += $objecta
}

# Get a list of all roles from the VC Server and determine which privileges they hold
$roles = @()
foreach ($role in Get-VIRole)
{
 $objectb = "" | select-Object Name,System,Description,Privileges
 $objectb.Name = $role.Name
 $objectb.System = $role.IsSystem
 $objectb.Description = $role.Description
 $myprivs = @()
 $roleprivs = $role.PrivilegeList | Sort
 $roleprivs
 foreach ($priv in $privs)
 {
 $myprivs += $roleprivs -contains $priv.ID
 }
 $objectb.Privileges = $myprivs
 $roles += $objectb
}

# Create new Excel object
$Excel = New-Object -Com Excel.Application
$Excel.visible = $True
$Excel = $Excel.Workbooks.Add(1)
$Sheet = $Excel.WorkSheets.Item(1)

# Write Worksheet title
$Sheet.Cells.Item(1,1) = "Roles and Privileges Report for $vcserver - $date"
$Sheet.Cells.Item(1,1).font.bold = $true
$Sheet.Cells.Item(1,1).font.underline = $true
$Sheet.Cells.Item(1,1).font.size = 18

# Write worksheet column headers
$row = $startrow
$Sheet.Cells.Item($row,3) = "ROLE:"
$Sheet.Cells.Item($row,3).font.bold = $true
$Sheet.Cells.Item($row,3).HorizontalAlignment = 4
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
$row++
$Sheet.Cells.Item($row,3) = "DESCRIPTION:"
$Sheet.Cells.Item($row,3).font.bold = $true
$Sheet.Cells.Item($row,3).HorizontalAlignment = 4
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
$row++
$Sheet.Cells.Item($row,3) = "SYSTEM:"
$Sheet.Cells.Item($row,3).font.bold = $true
$Sheet.Cells.Item($row,3).HorizontalAlignment = 4
$Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
$Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
$Sheet.Rows.Item($row).Borders.Item(9).LineStyle = 1
$Sheet.Rows.Item($row).Borders.Item(9).Weight = 4
$row++
$sheet.columns.item(1).columnwidth = 5
$sheet.columns.item(2).columnwidth = 5
$sheet.columns.item(3).columnwidth = 30
$sheet.columns.item(4).columnwidth = 2

foreach ($priv in $privs)
{
 $level = [regex]::matches($priv.ID,"\.").count
 switch ($level)
 {
 0 {$col = 1}
 1 {$col = 2}
 default {$col = 3}
 }
 $Sheet.Cells.Item($row,$col) = $priv.Description
 $Sheet.Cells.Item($row,3).Borders.Item(10).LineStyle = 1
 $Sheet.Cells.Item($row,3).Borders.Item(10).Weight = 4
 #$Sheet.Cells.Item($row,3).WrapText = $true
 $Sheet.Cells.Item($row,4) = " "
 $row++
}

$col = 5
foreach ($role in $roles)
{
 $row = $startrow
 $Sheet.Cells.Item($row,$col).Orientation = 90
 $Sheet.Cells.Item($row++,$col) = $role.Name
 $Sheet.Cells.Item($row,$col).HorizontalAlignment = 3
 $Sheet.Cells.Item($row++,$col) = $role.System
 $Sheet.Cells.Item($row,$col).HorizontalAlignment = 5
 $Sheet.Cells.Item($row++,$col) = $role.Description
 foreach ($priv in $role.Privileges)
 {
 if ($priv)
 {
 $Sheet.Cells.Item($row,$col).HorizontalAlignment = 3
 $Sheet.Cells.Item($row,$col) = "Yes"
 }
 $row++
 }
 $sheet.columns.item($col).columnwidth = 6
 $col++
}
Clear

It’s a little slow to run but fairly easy to read the output. These are the default roles in vCenter 4.0.

So that’s part 1. The next step is already underway – tidying the script and adding to it to try and give some indication of which AD users and groups map to which roles.

,

vSphere Client Silent Install

Feb 11th

Posted by mp in VMware

I was asked yesterday if I knew how to do a silent installation of the vSphere client. My client wanted to roll out the vSphere client to their Operations team automatically. They had experimented with getting it working and even asked a company about producing a custom MSI for them.

The solution is a little easier than that though. The key thing is using the right file. The VMware-viclient.exe file that can be downloaded from the vCenter server or an ESX / ESXi host is a self-extracting archive and doesn’t pay any attention to the normal parameters and switches that you can try to add to get a silent installation performed.

The right file to use is from the vCenter installation media (zip file or iso). In the “vpx” folder is a VMware-viclient.exe file that is 137Mb in size (the archive file mentioned above is about 114Mb). If you place the file on the root of your C:\ drive then a silent installation (an unattended one at least) can be performed using the following command line:

start /wait C:\VMware-viclient.exe /q /s /w /L1033 /v" /qr"

If you’d like a log file created, use this instead to write a logfile to the user’s temp directory:

start /wait C:\VMware-viclient.exe /q /s /w /L1033 /v" /qr /L*v \"%TEMP%\vmvcc.log\""

Review: vSphere 4.0 Quick Start Guide

Jan 6th

Posted by mp in Reviews

I was planning to do this over the Christmas break but I hardly turned my computers on. I did pop a quick review on Amazon but I wanted to expand on it a bit.

I first heard about the book in the run up to VMworld 2009 back in September. I would very much have like to go but could not. I gather that some preview copies of the book were given away there. Luckily I know and live quite close to one of the authors and managed to get my hands on a copy. I can’t recall what my expectations were but the book that I started reading that night was easier to read and more compelling than anything that I’d picked up for a while.

The structure of the book is fairly loose – there are no chapters. It is broken down into different sections covering vCenter, Networking, Storage etc and in turn each of those is broken down into sub topics. These take the form of FAQ type questions that are then answered or are descriptive sections of text. Throughout the book are helpful scripts or commands that can be used, the majority being written in PowerShell.

The quality of the content is very high and should appeal to seasoned vExperts and relative beginners alike. While reading it I certainly found areas where my knowledge was rusty or non-existent and many other areas where the book will serve as a handy reference when I can’t remember something. And given the size of the book (~240 pages and pocket sized) it’s very easy to carry around.

There is talk of further titles coming from the same authors and if this volume is indicative of the quality that we can expect then I am looking forward to seeing more. I also hope that it inspires other people to consider sharing their knowledge like this.

,