Another Vester Test file generator and more vCenter checks

07/10/2019

Some time after finishing the “Vester Test file generator”, I was wondering how to get more configuration settings out of a vCenter Server. Then I realized that vCenter Servers also contain a large number of advanced settings.

 

 

 

To get an overview of ALL Advanced Settings in vSphere, connect to a vCenter Server and run the following line:

PS> Get-AdvancedSetting -Entity *

In the output you will discover three large groups:
VIServer, vCenter Server settings
VMHost, ESXi host settings (see other Vester Generator)
VM, Virtual machine settings

And finally, two small groups “Compute Cluster DRS” (9 settings) and “Datastore Cluster” (3 settings).

The script New-VesterVcenterAdvanced.ps1 will create >200 new Vester Checks, based on the VIServer group, which can read and write vCenter Server Advanced settings. The script requires one mandatory parameter; the FQDN or IP address of a vCenter Server, so no need to connect to a vCenter Server beforehand.
The generated Vester checks will be written in the current folder.

To distinguish the generated Vester checks from other files, all file names start with “VCAS-” (vCenter Advanced Setting) and contain the name of the Advanced Setting, e.g. “VCAS-ConfigLogLevel.Vester.ps1”, for “config.log.level”. After generating the files, you can decide which checks you want to add to the folder containing the vCenter checks.

But there is more! There are still a number of important settings which we can check on an ESXi host but not on a vCenter Server Appliance (vCSA); to name a few: DNS, NTP, access settings and local users.

With the introduction of vSphere 6.5, new vREST API’s where introduced, the VCSA API is one of these (more info here).
William Lam wrote a nice series of posts how to make good use of this new functionality. I can also recommend to check out his PowerShell VAMI module.

I have created a series of new checks which can read and (in most cases) write VAMI settings.
The only prerequisite is setting up a connection to the vSphere Automation SDK server with the Connect-CisServer cmdlet, like:

PS> Connect-CisServer -Server vc06.virtual.local -Credential $creds

Probably unnecessary to say, for the older checks, you still need to establish a connection with the vCenter server, using the Connect-VIServer cmdlet.

The new checks can be found here. The names of the checks based on the VCSA API, all start with “VAMI-”, like: “VAMI-ApplianceNetworkingDNSServers.Vester.ps1”.

The next section shows a portion of a Vester configuration file with the new VAMI checks.



"vCenter": {
           "accessConsolecli": true,
           "accessDcui": true,
           "accessShellBashEnabled": false,
           "accessSsh": true,
           "NetworkingDnsMode": "is_static",
           "NetworkingDnsServers": [
               "192.168.0.31",
               "192.168.0.32"
              ],
           "SystemBuild": "9451637",
           "SystemTimeTimezone": "UTC",
           "SystemVersion": "6.5.0.22000",
           "TechpreviewLocalAccountsUser": [
               "root",
               "dnsmasq"
              ],
           "TechpreviewMonitoringSnmpEnabled": false,
           "TechpreviewMonitoringSnmpPort": 161,
           "TechpreviewNTPServers": [
               "1.pool.ntp.org",
               "0.pool.ntp.org"
              ],
           "TechpreviewTimesyncMode": "NTP",
           "vc": "vc06.virtual.local"
},

As always, I thank you for reading and welcome your comments.

This is the sixt part of a series about configuration drift, Vester and DSC.
Overview of all posts in this series:

About Configuration Drift, Pester and Vester

Tips for writing Vester test files, part 1

Tips for writing Vester test files, part 2

Creating Dashboards for Vester

Vester Test file generator

Securing DSC resources for VMware