Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

VMWare Powercli: Time Configuration (NTP - Network Time Protocol) on multiple Esxi server

August 16, 2017 05:01PM

This blog is related to my earlier blog vSphere ESXi security best practices: Time configuration - (NTP) Network Time Protocol, This is Powercli part of same article. Login into vCenter server, For more details check VMWARE VSPHERE POWERCLI INSTALLATION AND CONFIGURATION STEP BY STEP.

To add ntpserver on esxi server run below command, For adding multiple NTP addresses, run same command with different server IP twice or use array as given format @('192.168.34.11','pool.ntp.org').
Add-VMHostNtpServer -VMHost esxi001.vcloud-lab.com -NtpServer 192.168.34.11

Once NTP IP addresses are added, Start ntpd service (daemon).
Get-VmHostService -VMHost esxi001.vcloud-lab.com | ? {$_.key -eq "ntpd"} | Start-VMHostService

Next setup ntpd service policy on (Start or Stop with esxi host)
Get-VmHostService -VMHost esxi001.vcloud-lab.com | ? {$_.key -eq "ntpd"} | Set-VMHostService -policy "on"

Powercli vmware esxi time configuration NTP (Network time Protocol) Add-VMHostNtpServer vmhost ntpserver Get-vmhostservice key start-vmhostservice, Set-VMhostservice ntpd ntp daemon policy on, Service status running true false

Next step check NTP client status in the esxi firewall. This step might not be required. 
Get-VMHostFirewallException -VMHost esxi001.vcloud-lab.com | ? {$_.Name -eq "NTP client"}

If in case firewall port 123 is not enabled execute below command.
Get-VMHostFirewallException -VMHost esxi001.vcloud-lab.com | ? {$_.Name -eq "NTP client"} | Set-VMHostFirewallException -Enabled:$true

Powercli esxi time configuration NTP (Network time Protocol) vmhost Get-VMHostFirewallException NTP client Set-VMHostFirewallException enabled UDP port 123, incoming and outgoing port

I have combined all above commands and created one single Powercli function, To execute it either copy paste script code on console directly as shown or store it in powershell profile (reopen Powershell). (Get-VMHost).Name contains the all esxi server names in vCenter server. Once script is executed successfully, it shows the progress.

Set-VMHostNTPServer -VMHost (Get-VMHost).Name -NtpServer @('192.168.34.11','192.168.34.12')

vmware Powercli, set-vmhostntpserver, start-vmhostservice, set-vmhostservice, get-vmhostfirewallexception, set-vmhostfirewallexception, add-vmhostntpserver

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
function Set-VMHostNTPServer {  
   [CmdletBinding()]  
  #####################################   
  ## http://vcloud-lab.com
  ## Version: 1   
  ## Tested this script on successfully  
  ## 1) Powershell v6   
  ## 2) Windows 10
  ## 3) vSphere 6.5 (vcenter, esxi, powercli)
  #####################################   
  Param (  
     [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=0)]
     [ValidateNotNullOrEmpty()]
     [Alias("Name")]
     [string[]]$VMHost,
     [string[]]$NtpServer
   )  
   begin {}  
   Process {
        foreach ($esxi in $VMHost) {
            Write-Host "Working on $esxi"
            foreach ($Ntp in $NtpServer) {
                Add-VMHostNtpServer -VMHost $esxi -NtpServer $Ntp | Out-Null
            }
            $NTPService | Set-VMHostService -Policy 'on' | Out-Null
            Get-VMHostFirewallException -VMHost $esxi | ? {$_.Name -eq "NTP client"} | Set-VMHostFirewallException -Enabled:$true | Out-Null
            $AllServices = Get-VMHostService -VMHost $esxi  
            $NTPService = $AllServices | Where-Object {$_.Key -eq 'ntpd'}    
            if ($NTPService.running -eq $false) {  
                $NTPService | Start-VMHostService -confirm:$false | Out-Null
            }  
            else {  
                Write-Host -BackgroundColor DarkGreen -Object "ntpd service on $esxi is already running"  
            }
        }
   }  
   end {}  
}

 

Go Back

Comment