This blog is related to my earlier blog vSphere ESXi security best practices: Time configuration - (NTP) Network Time Protocol, This is Powercli part of same article. Login into vCenter server, For more details check VMWARE VSPHERE POWERCLI INSTALLATION AND CONFIGURATION STEP BY STEP.
To add ntpserver on esxi server run below command, For adding multiple NTP addresses, run same command with different server IP twice or use array as given format @('192.168.34.11','pool.ntp.org').
Add-VMHostNtpServer -VMHost esxi001.vcloud-lab.com -NtpServer 192.168.34.11
Once NTP IP addresses are added, Start ntpd service (daemon).
Get-VmHostService -VMHost esxi001.vcloud-lab.com | ? {$_.key -eq "ntpd"} | Start-VMHostService
Next setup ntpd service policy on (Start or Stop with esxi host)
Get-VmHostService -VMHost esxi001.vcloud-lab.com | ? {$_.key -eq "ntpd"} | Set-VMHostService -policy "on"
Next step check NTP client status in the esxi firewall. This step might not be required.
Get-VMHostFirewallException -VMHost esxi001.vcloud-lab.com | ? {$_.Name -eq "NTP client"}
If in case firewall port 123 is not enabled execute below command.
Get-VMHostFirewallException -VMHost esxi001.vcloud-lab.com | ? {$_.Name -eq "NTP client"} | Set-VMHostFirewallException -Enabled:$true
I have combined all above commands and created one single Powercli function, To execute it either copy paste script code on console directly as shown or store it in powershell profile (reopen Powershell). (Get-VMHost).Name contains the all esxi server names in vCenter server. Once script is executed successfully, it shows the progress.
Set-VMHostNTPServer -VMHost (Get-VMHost).Name -NtpServer @('192.168.34.11','192.168.34.12')
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
function Set-VMHostNTPServer { [CmdletBinding()] ##################################### ## http://vcloud-lab.com ## Version: 1 ## Tested this script on successfully ## 1) Powershell v6 ## 2) Windows 10 ## 3) vSphere 6.5 (vcenter, esxi, powercli) ##################################### Param ( [Parameter(Mandatory=$true, ValueFromPipelineByPropertyName=$true, Position=0)] [ValidateNotNullOrEmpty()] [Alias("Name")] [string[]]$VMHost, [string[]]$NtpServer ) begin {} Process { foreach ($esxi in $VMHost) { Write-Host "Working on $esxi" foreach ($Ntp in $NtpServer) { Add-VMHostNtpServer -VMHost $esxi -NtpServer $Ntp | Out-Null } $NTPService | Set-VMHostService -Policy 'on' | Out-Null Get-VMHostFirewallException -VMHost $esxi | ? {$_.Name -eq "NTP client"} | Set-VMHostFirewallException -Enabled:$true | Out-Null $AllServices = Get-VMHostService -VMHost $esxi $NTPService = $AllServices | Where-Object {$_.Key -eq 'ntpd'} if ($NTPService.running -eq $false) { $NTPService | Start-VMHostService -confirm:$false | Out-Null } else { Write-Host -BackgroundColor DarkGreen -Object "ntpd service on $esxi is already running" } } } end {} } |