On October 1st 2015 VMware published Security Advisory VMSA-2015-0007. In that advisory you will find three vulnerabilities: CVE-2015-5177, CVE-2015-2342 and CVE-2015-1047.
To anticipate the questions you will surely get from your local Security Officer, I created a function to report which vSphere Servers in your environment are impacted, and which action to take.
Update October 5th 2015:
- Updated build numbers in $vmsaTab
- Corrected build number testing (thanks Richard)
Continue reading VMSA-2015-0007 Report
An automation scripts that prompts you is a letdown, to say the least.
A typical example of such an event is the question you get when you try to unmount a CD or DVD drive from a VM. Some Linux guest OS will place a lock on the CD or DVD, and vSphere will ask you if you want to bypass this lock. And your script just hangs there, waiting for you to reply 🙁
I have been looking for some time to come up with a solution for this automation “issue”. And finally I came up with a working solution 🙂
Continue reading Answer the question!
How many of you have seen Alan‘s, by now famous, book, where he writes down all the user requests and comments he receives ?
Today Alan, and the PowerCLI Dev Team, have proven once again that this book is not there for the show. As I already mentioned some time ago in PowerCLI 5.5 R2, they do listen to you !, these guys keep improving an otherwise fantastic product at regular intervals. And note that 5.5R2 was only released a mere 18 months ago !
In today’s PowerCLI 6.0 Release 2 they added a bunch of highly interesting features. Just to name a few:
- Further steps to a full Module distribution. The License component is now a module as well. And they fixed the issue with the $PSModulePath I mentioned in Fixing a (minor) PowerCLI 6 R1 issue
- Further VROps integration, and I’m especially excited about the Get-OMStat cmdlet.
- Update Manager integration. We have all been waiting for this one! No more separate product, fully integrated in PowerCLI, and it will work with Update Manager 5.5 and later.
- More cmdlets build on the VASA API.
- Support for SRM 6.1 and vCloud Director 8.0
- …and a ton of fixes and improvements!
For a full overview consult the PowerCLI 6.0 R2 Release Notes.
Btw, Alan has demonstrated a number of these new features in our VMworld US session INF5211.
So what are you waiting for ? Start downloading !
And as a side note, the book is not full yet, keep sending your requests and suggestions to Alan ! It will only make the product better, because they do listen to you !
The first time I heard about Ravello Systems and their solution was way back in August 2013. Through pointers in blogs posts by Duncan (here) and William (here), I found an early research paper which explained what the HVX platform was all about. Needless to say I was very interested !
When Ravello Systems announced a beta for their Inception solution in April 2015, I was game. After a 2 week trial, I took a subscription. In June 2015 they also announced free access for vExperts (1000 CPU hours per month). And to top it off, I witnessed an excellent presentation during Virtualization Field Day 5 in June 2015 in Boston.
One aspect of the Ravello Systems solution that immediately captured my attention, was the availability of a REST API, that offers all the functionality that is available through their Web Gui, and more. While a Web Gui might be nice, for automation purposes that will not really work. That’s when I decided to start writing a Ravello PowerShell module based on the REST API.
Continue reading Ravello PowerShell Module
With PowerCLI 6 R1 a major change was introduced, PowerCLI now has modules !
Such a major change is bound to introduce some minor nuisances, as some PowerCLI users have already discovered. This post will try to tackle some of these nuisances.
The first issue is with the PSConsoleFile, called vim.psc1, which was often used in batch invocations of PowerCLI scripts. Unfortunately this is a breaking change, but it can easily be fixed as this post will show.
The second annoyance has to do with the PowerShell environment variable called $env:PSModulePath. The installation package for PowerCLI 6 R1, sets the module path in the user environment variable, which might cause an issue. Read on.
Did you convert to the vSphere Web client when you installed vSphere 5.5 or 6.0 ?
Are you using PowerCLI ?
Do you sometimes use SDK API methods for those special scripts ?
If you answered yes to some of these questions, you must be missing the Onyx Project application ! Well, your patience is rewarded. In the Fling repository you will find, starting today, the new Onyx for the Web Client v1.0 package.
With the new Onyx you can watch which methods and properties all your Web Client actions are using. And with that knowledge you can easily ascend another level or two on your path to automation nirvana !
Continue reading Le Onyx nouveau est arrivé ! *
In PowerShell v3 the Workflow feature was introduced. But until now there haven’t been too many examples available on how to use PowerCLI in PowerShell Workflows. Today I was triggered by a thread from Mark in the PowerCLI VMTN community, to revise some of my Workflow code snippets I had laying around.
And if you didn’t have enough arguments yet to upgrade to PowerCLI v6, which brings MODULES, the Workflow feature will give you another one !
Continue reading PowerCLI and PowerShell Workflows
One of the nice vSphere features is the ability to define DRS rules.
The feature allows a vSphere administrator to control the placement of virtual machines in a vSphere cluster. There are the VM to VM affinity and anti-affinity rules, and the newer VM to VMHost rules. With the VM to VMHost rules, vSphere introduced the concept of VM and VMHost groups, and the ability to have rules that are a requirement (‘shall’) or a preference (‘should’).
In a recent VMTN PowerCLI community thread a PowerCLI user had a query about exporting and importing DRS rules and groups. At that point Matt Boren and myself developed the idea to provide a PowerShell module. The PowerShell module, which we named DRSRule, provides all the functions we deemed useful for working with DRS rules and groups. And yes, the module includes an export and an import cmdlet !
Continue reading DRSRule – a DRS rules and groups module
With all the fuss going round about the latest Linux vulnerability you will probably get a request from your local Security Officer to produce a report which of your Linux systems are vulnerable to the Shellshock bug. And, seen there are already several known exploits, who can blame him for asking such a report.
Since a lot of these Linux boxes are running under vSphere, we can use PowerCLI to produce such a report. The Invoke-VMScript cmdlet is the vehicle I use in the following function. With the Invoke-VMScript cmdlet it is very easy to execute, what is considered the best test to check for the vulnerability.
Update2 September 29 2014: the 2nd test from the Shellshocker gives a syntax error. The test is replaced by the one found on Michael Boelen‘s website in How to protect yourself against Shellshock Bash vulnerability. Big thanks to for the pointer.
Update1 September 29 2014: the function was updated to include tests for most of the known Shellshock vulnerabilities. The tests were collected from the Shellshocker site.
Continue reading PowerCLI and the Linux Shellshock vulnerability
Finding out which performance counters are available on your vSphere server over which time interval, is not always an easy task. There is of course the Performance Manager entry in the VMware vSphere API Reference, but that is not always the easiest task. Let alone finding out what a specific counter actually represents.
For that reason I decided to create a tool, which I called the Stats Toolbox, that would query the vSphere server to get the actual list of counters it collects for each interval. In the tool I added some extra features that would make working with the performance counters easier.
During our VMworld 2014 US breakout session I demonstrated the features of the Stats Toolbox, and I received quite some positive feedback.
Continue reading Stats Toolbox – A vSphere Server Performance Counter tool