Menu

Virtual Geek

Tales from real IT system administrators world and non-production environment

VMware vCenter Server 7 Profiles with PowerShell

There is new feature introduced with VMware vSphere 7.0 and it is completely different from the ESXi host profiles. vCenter Server 7 Profiles feature allows you to list profiles, export vCenter server configuration from one vCenter server and then import and validate on another destination vCenter Server. All the operations are done using REST APIs and at the moment of writing no GUI is available. In the Exported configuration (JSON) file contains vCenter management (NTP, Backup schedules etc), network, authentication and user configuration information.

Exported text is in JSON format. It is very helpful to apply same configuration on multiple other target multiple vCenter v7 servers. This desired state configuration is also handy when reverting to the last known goold configuration as well as in bulk vCenter server deployments. You can have baseline configuration from once vCenter and it can be applied to another vCenter servers. These profiles can maintain version control between vCenter Servers, so that you can propagate the exported configurations to multiple vCenter Servers. As of now, the maximum supported number of vCenter Servers is 100.

Check this also: Configure vCenter 7 Profile from PowerShell GUI

VMware Vsphere vCenter server profile Rest APIs validate import export list management network auth export json file configuration profile powershell imvoke-restmethod vcsa 7 appliance.png

At the moment of writing this article vCenter server profiles can be only managed using REST APIs, Below are the operation done through REST APIs.

  • LIST:  This Rest API List all profiles which are registered. If you don not have all of the privileges described as follows Operation execution requires infraprofile.Read rights
  • EXPORT: It Exports the desired profile specification. If you do not have all of the privileges desrcibed as follows - Operation execution requires infraprofile.Read privileges. Out put is Json format.
  • IMPORT: Imports the desired profile specification on target vCenter server, Accepts exported JSON format supplied from source vCenter Server.
  • VALIDATE: Validates the desired profile specification on target vCenter server, Accepts exported JSON format.

More about REST APIs information available on vCenter Server >> Developer Center >> API Explorer >> Select API  -> appliance >> Filter -> profile. In my all the scripts core I am using as shown in the below screenshot API urls to connect vCenter and and do the operations.

Vmware vSphere vCenter server developer center API categories infraprofile configs API explorer appliance rest apis get post list export import validate vCenter server profiles settings config.png

For all the operations I created Powershell functions so they can be used again and again. Here I have used Rest APIs with Powershell and wrote a script to login into either source or target vCenter Server and aquire API Session Token ID. The ID I will keep using in next script. When fetching List & Export configuration profile I will grab session token id from Source vCenter and while validate & import profile I will run this script against Target vCenter server. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
function Get-vCenterAPISessionID {
    #https://developer.vmware.com/docs/vsphere-automation/latest/appliance/infraprofile/configs/

    [CmdletBinding()]
	param(
	    [Parameter(Position=0, Mandatory=$true)]
        [System.String]$vCenter,
		[Parameter(Position=1, Mandatory=$true)]
		[System.String]$username,
        [Parameter(Position=2, Mandatory=$true)]
		[System.String]$password
    )

    #$vCenter = 'marvel.vcloud-lab.com'  
    #$username = 'administrator@vsphere.local'   
    #$password = 'Computer@1'  
    
    $secureStringPassword = ConvertTo-SecureString $password -AsPlainText -Force
    $encryptedPassword = ConvertFrom-SecureString -SecureString $secureStringPassword
    $credential = New-Object System.Management.Automation.PsCredential($username,($encryptedPassword | ConvertTo-SecureString))
    #$credential.GetNetworkCredential().Password
    
    if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
    {  
        $certCallback = @'  
            using System;  
            using System.Net;  
            using System.Net.Security;  
            using System.Security.Cryptography.X509Certificates;  
            public class ServerCertificateValidationCallback  
            {  
                public static void Ignore()  
                {  
                    if (ServicePointManager.ServerCertificateValidationCallback == null)  
                    {  
                        ServicePointManager.ServerCertificateValidationCallback +=  
                        delegate   
                        (  
                            Object Obj,  
                            X509Certificate certificate,  
                            X509Chain chain,  
                            SslPolicyErrors errors  
                        )  
                        {  
                            return true;  
                        };  
                    }  
                }  
            }  
'@  
        Add-Type $certCallback  
    } #if (-not ([System.Management.Automation.PSTypeName]'ServerCertificateValidationCallback').Type)
    
    #execute c# code and ignore invalid certificate error  
    [ServerCertificateValidationCallback]::Ignore();
    
    #Type credential and process to base 64  
    #$credential = Get-Credential -Message 'Type vCenter Password' -UserName 'administrator@vsphere.local'  
    $auth = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($credential.UserName+':'+$credential.GetNetworkCredential().Password))  
    $head = @{  
    Authorization = "Basic $auth"  
    }  

    #Authenticate against vCenter  #old Url - https://$vCenter/rest/com/vmware/cis/session
    #https://developer.vmware.com/docs/vsphere-automation/latest/cis/api/session/post/
    
    $loginUrl = Invoke-WebRequest -Uri "https://$vCenter/rest/com/vmware/cis/session" -Method Post -Headers $head

    $token = ConvertFrom-Json $loginUrl.Content | Select-Object -ExpandProperty Value  
    $session = @{'vmware-api-session-id' = $token}
    $session
}

This is example script is to List vCenter profile configuration, Parameter is vCenter server and Session from source vCenter server. This shows which vCenter server configuration that can be exported.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
function List-vCenterAPIProfile  {
    [CmdletBinding()]
	param(
	    [Parameter(Position=0, Mandatory=$true)]
        [System.String]$vCenter,
		[Parameter(Position=1, Mandatory=$true)]
		[System.Collections.Hashtable]$session
    )
    
    #curl -X GET 'https://marvel.vcloud-lab.com/api/appliance/infraprofile/configs' -H 'vmware-api-session-id: 2181a0349363fb44415a9f0110e9162e'
    #Main list vCenter API url  
    $listProfileAPIUrl = "https://$vCenter/api/appliance/infraprofile/configs"  
    #List vCenter profiles from vcenter  
    $listProfileAPI = Invoke-WebRequest -Uri $listProfileAPIUrl -Method Get -Headers $session  
    $listProfileJson = $listProfileAPI.Content
    #ConvertFrom-Json $listProfileJson
    $listProfileJson 
}

Here the profile configuration exported from Source vCenter server. The exported configuration is in JSON format, it can be easily stored inside file. It exports desired vCenter server profile, This Json can be edited as per your requirements.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
function Export-vCenterAPIProfile  {
    [CmdletBinding()]
	param(
	    [Parameter(Position=0, Mandatory=$true)]
        [System.String]$vCenter,
		[Parameter(Position=1, Mandatory=$true)]
		[System.Collections.Hashtable]$session
    )
    #curl -X POST 'https://marvel.vcloud-lab.com/api/appliance/infraprofile/configs?action=export' -H 'vmware-api-session-id: 2181a0349363fb44415a9f0110e9162e' -H 'Content-type: application/json'
    #https://developer.vmware.com/docs/vsphere-automation/latest/appliance/data-structures/Infraprofile/Configs/ProfilesSpec/
    #https://developer.vmware.com/docs/vsphere-automation/latest/appliance/api/appliance/infraprofile/configsactionvalidatevmw-tasktrue/post/
    #Main export vCenter API url 
    $exportProfileAPIUrl = "https://$vCenter/api/appliance/infraprofile/configs?action=export"
    #export vCenter profiles from vcenter
    <#
    $headers = @{
        'vmware-api-session-id' = $token  
        'Content-type' = 'application/json'
    }
    #>
    $exportProfileAPI = Invoke-WebRequest -Uri $exportProfileAPIUrl -Method Post -Headers $session -ContentType 'application/json'
    #(ConvertFrom-Json (ConvertFrom-Json $exportProfileAPI.Content)).profiles | Format-List
    $exportProfileJson = $exportProfileAPI.Content
    $exportProfileJson
}

This scipt helps Import json configuration on Remote target vCenter server. (Make sure you get session token id from target server first).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
function Import-vCenterAPIProfile  {
    [CmdletBinding()]
	param(
	    [Parameter(Position=0, Mandatory=$true)]
        [System.String]$vCenter,
		[Parameter(Position=1, Mandatory=$true)]
		[System.Collections.Hashtable]$Session,
		[Parameter(Position=2, Mandatory=$true)]
		[System.String]$JsonProfile
    )     
    #curl -X POST 'https://marvel.vcloud-lab.com/api/appliance/infraprofile/configs?action=import&vmw-task=true' -H 'vmware-api-session-id: 2181a0349363fb44415a9f0110e9162e' -H 'Content-type: application/json'
    #Main validate vCenter API url 
    $importProfileAPIUrl = "https://$vCenter/api/appliance/infraprofile/configs?action=import&vmw-task=true"
    #export vCenter profiles from vcenter
    
    $headers = @{
        'vmware-api-session-id' = $Session['vmware-api-session-id']
        'Content-type' = 'application/json'
    }

    $body = @{
        'config_spec' = $JsonProfile
    }

    $importProfileAPI = Invoke-WebRequest -Uri $importProfileAPIUrl -Method Post -Headers $headers -Body (Convertto-json $body)
    $importProfileJson = $importProfileAPI.Content
    $importProfileJson
}

Using this script you can validate configuration on remote target vCenter server either before or after Import. This validate API do syntax check to validate edited vCenter server profile has no error. (Make sure you get session token id from target server first)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
function Validate-vCenterAPIProfile  {
    [CmdletBinding()]
	param(
	    [Parameter(Position=0, Mandatory=$true)]
        [System.String]$vCenter,
		[Parameter(Position=1, Mandatory=$true)]
		[System.Collections.Hashtable]$session,
		[Parameter(Position=2, Mandatory=$true)]
		[System.String]$JsonProfile
    )    
    #curl -X POST 'https://marvel.vcloud-lab.com/api/appliance/infraprofile/configs?action=import&vmw-task=true' -H 'vmware-api-session-id: 2181a0349363fb44415a9f0110e9162e' -H 'Content-type: application/json'
    #Main validate vCenter API url
    $validateProfileAPIUrl = "https://$vCenter/api/appliance/infraprofile/configs?action=validate&vmw-task=true"
    #export vCenter profiles from vcenter
    $headers = @{
        'vmware-api-session-id' = $session['vmware-api-session-id']
        'Content-type' = 'application/json'
    }
    $body = Convertto-json @{
        'config_spec' = $JsonProfile
    }

    $validateProfileAPI = Invoke-WebRequest -Uri $validateProfileAPIUrl -Method Post -Headers $headers -Body $body
    $validateProfileJson = $validateProfileAPI.Content
    $validateProfileJson
}

Using all above PowerShell function I will use them in the script to List, Export, Import and Validate vCenter profiles. To run this script Powershell version is required is 5.1. I will connect to the Master source server and featch session token key id.

#Verify you are running Powershell version 5 desktop.
"Powershell Version: " + $PSVersionTable.PSVersion.Major + "." + $PSVersionTable.PSVersion.Minor + " " + $PSVersionTable.PSEdition

#Log into Source Master vCenter and get session token
$sourcevCenter = 'marvel.vcloud-lab.com'
$username = 'administrator@vsphere.local'
$password = 'Computer@1'

$sourceSession = Get-vCenterAPISessionID -vCenter $sourcevCenter -username $username -password $password
$sourceSession

Microsoft Powershell Vmware vsphere powercli vcenter server profiles $psversiontable psversion major minor get-vCenterAPIsessionID vmware-api-session-id guid value invoke-webrequest rest api.png

Next command is the list the profile configuration (Appliacne Management, Appliance network, Auth Management). Information is in JSON format. Second command export entire vCenter server configuration to a file, again its in JSON format.

#List vCenter Profiles
List-vCenterAPIProfile -vCenter $sourcevCenter -session $sourceSession

#Export vCenter profile to JSON file
$jsonProfile = Export-vCenterAPIProfile -vCenter $sourcevCenter -session $sourceSession
$jsonProfile | Out-File C:\Temp\BaseProfile.json

Microsoft Powershell vCenter Server Profile vmware vsphere vcenter appliance management network configuration authmangement authorization json rest api session export.png

When I open the json file in notepad it is huge file with all JSON configuration data. I will use this configuration to apply on remote target servers.

Vmware vsphere vCenter server vcsa vcenter server 7.0 profiles json configuration file auth network configuration management esxi Microsoft powershell rest api invoke-restmethod select-object.png

Next step is to connect to remote target VC server and grab its vmware-api-session-id and read json profile file.

#Log into Target vCenter and get session token
$targetvCenter = '192.168.34.20'
$username = 'administrator@vsphere.local'
$password = 'Computer@1'

$targetsession = Get-vCenterAPISessionID -vCenter $targetvCenter -username $username -password $password
$targetsession

#Read vCenter Profile JSON file
$jsonFile = Get-Content C:\Temp\BaseProfile.json

Microsoft Powershell rest api session token id vmware-api-session-id vmware vsphere vcenter profiles json file bearer export json file list validate import.png

Here I will once connected to Remote vCenter Import and Validate JSON configuration.

#Import vCenter Profile on Target Server
Import-vCenterAPIProfile -vCenter $targetvCenter -session $targetsession -JsonProfile $jsonFile

#Validate vCenter Profile on Target Server 
Validate-vCenterAPIProfile -vCenter $targetvCenter -session $targetsession -JsonProfile $jsonFile

Microsoft azure powershell powercli Import vCenter server profiles on target validate vmware vsphere vcenter server rest api profiles infraprofile configs configuration appliance source vcenter.png

Download this script here or it is also available on github.com.

Note: vCenter Profile related activites are logged under file path /var/log/vmware/infraprofile/infraprofile-svcs.log

Useful articles
VMWARE VSPHERE UPDATE MANAGER (VUM) - IMPORTING ESXI ISO AND CREATE UPGRADE BASELINE 
VMWARE VSPHERE UPDATE MANAGER (VUM) - UPGRADE ESXI OS 
ESXi 6.0 update offline bundle via esxcli commandline: DependencyError VIB bootbank requires VSAN ImageProfile
ESXi 6.5 upgrade bundle via command line: No Space Left On Device Error
Registering HPE ILO amplifier pack (Hardware support manager) with vCenter 7 Lifecycle manager
VMware LifeCycle Manager import updates bundle and patch ESXi server
How to update a patch on an ESXi host via command line
Add a Trusted Root Certificate to the Certificate Store VMware Photon OS
Patching update VMware vCenter Server Appliance from a zipped update bundle Web server
Backup VMware vCenter server using SMB protocol
VMware vCenter server backup error Path not exported by the remote filesystem

Go Back

Comment

Blog Search

Page Views

5885045

Follow me on Blogarama