Check root password with PowerCLI (Multi-threading!)

Keeping your root password similar in all of your ESXi hosts, is one of the virtual environment key methods to control and maintain large environments. It will make it easier to connect directly to a host in case of vCenter failure, access SSH for troubleshooting and control it from DCUI.

There is a great one-liner by Kelvin Wong, that allows you to get a list of all of the VMhosts that have different password than the standard one.

In this post, I’ll try to:

  1. Make it simpler for PowerCLI beginners to use this script
  2. Provide advanced users with methods of multi-threading in PowerShell 2.0

First, the script for getting a list of hosts with non standard password :

$vCenterName = "vcenter.company.corp"  # ChangeME
$ExportFileLocation = "F:\Scripts\Harel_CheckrootPassword\PasswordNotMatch.txt" # ChangeME
$rootpassword = Read-host -assecurestring -prompt "Please enter local root password"
 
if (!(get-pssnapin -name VMware.VimAutomation.Core -erroraction silentlycontinue)) {
    add-pssnapin VMware.VimAutomation.Core}
 
Connect-VIServer $vCenterName

$vmhostsView = get-view -ViewType HostSystem -Property Name,Summary.runtime.ConnectionState `
| Where {$_.Summary.runtime.ConnectionState -eq "connected"} | %{$_.Name}

if (Test-Path  ($ExportFileLocation) -pathtype leaf)
{Remove-Item $ExportFileLocation -Confirm:$False}

$vmhostsView | %{ $err = @() ; 
connect-viserver $_ -user root -password $rootpassword -EA silentlycontinue -EV err ; 
if ($err.count -gt 0) { $_ | out-file $ExportFileLocation -append }
else {disconnect-viserver $_ -force -confirm:$false} }

The file created by this script, contains a list of hosts with root password different than the one typed as input.

BUT, the script will test connection to each of the hosts one-by-one, which may take a while if you have more than 10 hosts. In an environment of 74 hosts, for example, it took the script 10:30 min to run (calculated with measure-command of course):

serial-10.30

We will reduce the run time of the script, by using parallelism of the hosts check. Multi-threading in PowerShell.

The script will start the same way as the one above –

$vCenterName = "vcenter.company.corp"  # ChangeME
$ExportFileLocation = "F:\Scripts\Harel_CheckrootPassword\PasswordNotMatch.txt" # ChangeME
$rootpassword = Read-host -assecurestring -prompt "Please enter local root password"
 
if (!(get-pssnapin -name VMware.VimAutomation.Core -erroraction silentlycontinue)) {
    add-pssnapin VMware.VimAutomation.Core}
 
Connect-VIServer $vCenterName

$vmhostsView = get-view -ViewType HostSystem -Property Name,Summary.runtime.ConnectionState `
| Where {$_.Summary.runtime.ConnectionState -eq "connected"} | %{$_.Name}

if (Test-Path  ($ExportFileLocation) -pathtype leaf)
{Remove-Item $ExportFileLocation -Confirm:$False}

And now, adding the interesting part –

function CanWeAddJob(){
$Alljobs=(Get-Job -State "Running" | measure-Object).count
if ($alljobs -lt 10) {return $true}
else {return $false}
}

Foreach ($vmhostname in $vmhostsView){
Do {Start-Sleep -Milliseconds 500}
while (!(CanWeAddJob))

$args = ($vmhostname,$credentials,$ExportFileLocation)

Start-Job -Name $vmhostname -ArgumentList $args -InitializationScript {Add-PSSnapin VMware.VimAutomation.Core} –Scriptblock {$err = @() ;
Connect-VIServer $args[0] -Credential $args[1] -EA silentlycontinue -EV err ; 
if ($err.count -gt 0) { $args[0] | out-file $args[2] -append } 
else {disconnect-viserver $_ -force -confirm:$false} } -RunAs32
}

Explanation:

Function CanWeAddJob() is checking what is the running job count in your PowerShell session, and determine whether to add more job, or not. In this example, it does it to a maximum of 10 parallel jobs.

Foreach is here to split the long VMHosts list to many separated tasks. It will only add task to the running job queue, if the queue have less than 10 jobs.
PSSnapin was added to each of the new powershell.exe instances created, with RunAs32 parameter, to make it take less RAM of your server / workstation.

While the script is running, you should see something like this in your task manager:

task-manager

Can you guess what was the run time of the multi-threaded script?

parallel-2.42

2:42 min, which saved me 75% of the original run time.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.