PowerCLI

 View Only

  • 1.  Get compliance of a standalone single image (VCF PowerCLI 9.0)

    Posted Oct 27, 2025 04:14 PM

    Hi team,

    I have created a PowerCLI script to sort through nearly 650 VMhosts to identify my virtual vSAN witness appliance hosts, which I then plan to remediate against a single image.
    My script then identifies nearly 320 witnesses, which I confirm the image against a known good golden image.
    My final stage is to remediate the witness, which I could just attempt to remediate blind, which will then skip if the single image is already compliant, but not before it does a rescan of the image compliance - this all wastes time and compute.

    Is there a way that I can get the current compliance of the image without checking its compliance, as the vCenter is already showing the image as compliant in the GUI?



    -------------------------------------------


  • 2.  RE: Get compliance of a standalone single image (VCF PowerCLI 9.0)

    Posted Nov 03, 2025 11:41 AM

    I use the following in an ESXi patch script:

    $vCluster is the cluster that's being patched
    $baseline is a single baseline that has a beginning/end date.  keeps all hosts in different clusters sync'd,  we have 160 hosts, so sometimes new patches are released during our patch runs.
    #list compliant/noncompliant hosts
    #Test-Compliance -Entity $vCluster -UpdateType HostPatch > $null
    Try {
    $Compliant_hosts = (Get-Cluster -Name $vCluster | Get-vmHost | Sort-Object | Get-Compliance -Baseline $Baselines | Where-Object { $_.Status -eq 'Compliant' }).Entity.Name
    $nonCompliant_hosts = (Get-Cluster -Name $vCluster | Get-vmHost | Sort-Object | Get-Compliance -Baseline $Baselines | Where-Object { $_.Status -ne 'Compliant' }).Entity.Name
    }
    Catch {
    $ErrorMessage = $_.Exception.Message
    Write-Error $ErrorMessage
    exit_stage_left
    }

    -------------------------------------------

    Original Message


  • 3.  RE: Get compliance of a standalone single image (VCF PowerCLI 9.0)

    Posted Nov 03, 2025 12:28 PM

    But this won't work with witnesses, as from vCenter 8.0, even vSAN virtual witnesses are now treated as a standalone host, not part of a cluster.

    -------------------------------------------

    Original Message


  • 4.  RE: Get compliance of a standalone single image (VCF PowerCLI 9.0)

    Posted Nov 03, 2025 01:51 PM
    The Get-Cluster -Name $vCluster | Get-vmHost gets all hosts in a cluster.
    Change to Get-vmHost -Name $fqdn for a single host.


    Original Message