Hello Community,
I wanted to share a script I've been working on hoping that other people find it useful and perhaps some PowerCLI specialists collaborate in making it better and more adequate as I’m not an expert PowerCLI scripter.
I've decided to attempt scripting a solution that will keep many Windows Server Templates updated without user interaction.
Disclaimer: I am not a PowerCLI expert; much of what I have scripted for this and other solutions was gathered from what others shared and learning as I go.
The Tasks involved: Convert template to VM, Power On VM, run Windows Update remotely, reboot VMGuest, shut VM down and finally convert back to template.
What's required on Templates:
- Server 2008/2012 Templates need to be running PowerShell v.3 minimum but v.4 is highly recommended.
- PowerShell 4 for 2008 server can be downloaded here: http://www.microsoft.com/en-us/download/details.aspx?id=40855
- The Windows Update PowerShell Module needs to be installed on your templates.
- Can be downloaded from here: Script Windows Update PowerShell Module
Note: This Windows Update Module includes the Get-WUInstall PowerShell command which is the one used to install patches remotely.
Here's what is working for me:
# Connect to vCenter
Connect-VIServer "vCenterServer"
# Convert template to VM
Set-Template -Template W2K12Template -ToVM -Confirm:$false -RunAsync
Start-sleep -s 15
#Start VM - I've seen some converted templates that prompt with the VMQuestion, so adding the command to answer with the default option was my response to it.
Start-VM -VM W2K12Template | Get-VMQuestion | Set-VMQuestion -DefaultOption -Confirm:$false
Start-sleep -s 45
#Create variables for Guest OS credentials - This is needed for the Invoke-VMScript cmdlet to be able to execute actions inside the Guest.
#If you don't want to enter the Guest OS local administrator password as clear text in the script, follow the steps on following link to create a file and store it as an encrypted string: Using PowerShell credentials without being prompted for a password - Stack Overflow
$Username = "administrator"
$OSPwd = cat C:\Scripts\OSPwd.txt | convertto-securestring
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $OSPwd
#The following is the cmdlet that will invoke the Get-WUInstall inside the GuestVM to install all available Windows updates; optionally results can be exported to a log file to see the patches installed and related results.
Invoke-VMScript -ScriptType PowerShell -ScriptText "Get-WUInstall –WindowsUpdate –AcceptAll –AutoReboot" -VM W2K12Template -GuestCredential $Cred | Out-file -Filepath C:\WUResults.log -Append
Start-sleep -s 45
#Optionally restart VMGuest one more time in case Windows Update requires it and for whatever reason the –AutoReboot switch didn’t complete it.
Restart-VMGuest -VM W2K12Template -Confirm:$false
#On a separate scheduled script or after a desired wait period, Shutdown the server and convert it back to Template.
Shutdown-VMGuest –VM W2K12Template -Confirm:$false –RunAsync
Start-sleep -s 120
Set-VM –VM W2K12Template -ToTemplate -Confirm:$false
The script can be scheduled to run a couple of days after Patch Tuesdays or whenever you desire.
I really hope PowerCLI leaders can take a look at this and suggest best practices, help improve or advance it with more capabilities.
All feedback and questions are welcomed.
--
Jorge.