How to use PowerCLI to tag multiple vSphere virtual machines.

In this post PowerCLI with an encrypted password is used to connect to the vSphere vCentre and tag multiple virtual machines based on a certain criteria like OS type

VIRTUALISATION

Jack Jalali

8/28/20244 min read

Task:

To create and maintain a SQL database, listing all powered-on virtual machines in a vSphere vCenter, along with their associated location, owner, and operating system details.

A scheduled PowerShell script can then run on regular basis, e.g. every night, to update the SQL database.

Prerequisites:

To enable our system to read VM related information from our vCentre and write data to the SQL database, we need to establish access to the vSphere vCenter. This involves creating two service accounts with specific permissions.

  • Read-Only Access: A service account with read-only permission to the vSphere vCenter is used to retrieve VM-related information. This account allows us to gather the necessary data and update our SQL database without making any changes to the vCenter.

  • Tagging Admin Access: Additionally, a separate service account has been set up with "Tagging Admin" permissions. This enables us to access the vCenter and apply tags to Virtual Machines (VMs) for easy identification

  • vSphere Tags: To facilitate the tagging process, we have created three pre-defined tag categories in our vCenter:

  • Location: To track where VMs are deployed.

  • Owner: To identify who is responsible for each VM.

  • Operating System: To keep record of which operating system is running on each VM

By having these service accounts and tags in place, we can streamline the process of gathering data from our vSphere vCenter and updating our SQL database

Method:

Login to the vCentre and create the tag categories for Operating system, owner and location from "Tags & Custom Attributes". Later on we will use these categories to tag all VMs:

Our goal is to establish a highly secure connection to the vSphere vCentre, which will serve as the foundation for our scripting efforts. To achieve this, we'll take two key steps:

  1. Create a Read-Only User Account: We've created a dedicated user account in vCentre with read-only permissions. This account will be used exclusively for all connections to the vCentre, ensuring that sensitive data is not modified by mistake.

  2. Store Variables in a .env File: To further enhance security, we'll store all our variables and credentials in a .env file. This approach keeps sensitive information separate from our scripts, reducing the risk of exposure.

Here's an example of what the contents of our .env file might look like::

encrypt the password for the read only vCentre account, and save encrypted password, in this case c:AsgharPass.txt:

now, using the above - let's connect to the vCentre:

this connection is very secure as not only the user account that is used for the connection is a read-only account, the password for it is encrypted and all variables are read from a .env file, therefore nothing in the script is in plain text format.

Now let's Tag a number of VMs with a specific owner, in this case "KD" Same code can be used to tag a list of VMs with location and/or OS type. The VMs are listed in a text file, one item per line:

The following code connects to the vCentre, reads the contents of the above list, linuxList.txt, and updates their owner tags to "KD". Finally, it disconnects from the vCentre:

The code snippet provided can be used to efficiently assign tags to thousands of Virtual Machines. By utilising this approach, we can quickly add location, owner, OS type, and other relevant tags to our entire virtual estate.

Once the existing VMs are properly tagged, we can take it a step further by automating the deployment of new VMs using Ansible. This means that not only will new VMs be created, but they will also be automatically tagged with the necessary information from the outset.

With all production VMs consistently and accurately tagged, our VM management processes become significantly easier to manage. For instance, we can assign specific maintenance tasks, such as patching, to each user based on their ownership of the respective VMs. This streamlined approach helps ensure that our virtual environment remains up-to-date and secure, while also reducing administrative efforts.

The SQL DB can be used by a number of third party application that need up-to-date VM information based on assigned tags.

All the above code can be found in our github

Sample before and after VM tags:

Once all VMs are tagged, we can then collect the information for all powered on VMs and update a SQL DB table:

The above scripts connects to the vCentre, collects the owner, location and OS type of all powered on VMs, updates the csv file at $csvPath. Then it will update the SQL DB with the contents of the $csvPath:

Connect

Email

Follow
Stay up to date

Write your text here...