Reporting on VMware Update Manager Baselines with PowerCLI

I’ve mentioned on this blog before that I’ve been using VMware Update Manager a lot recently - and wrote about some of my experiences here. Today I was really pleased to see that Carter Shanklin’s team released some cmdlets for PowerCLI to cover Update Manager which had only previously been available back as a beta in the VI Toolkit days.

They arrived just in time because I am currently preparing for a round of ESX patching and I needed to provide a report of hotfixes I was intending to deploy for a particular version of ESX. In the Update Manager GUI I had already created my baseline and scanned it against a host to produce a compliance report of hotfixes we would need to deploy this time.

You can see below that it produces a nice report for me, but I needed to export that information to a format whereby I can give that information to someone else.

One of the new cmdlets is Get-Baseline. I pointed this at my test baseline and with the code below was quickly able to get the information I needed out into a CSV file. I knew from the above report that I just needed to select any patches since 29/12/2009. One of the properties of the patches returned by Get-Baseline is the date it was published so first of all I set a date for which I could query after and stored it in the $BeginDate variable, I then queried the baseline using that date as a starting point.

$BeginDate = (Get-Date).adddays(-65) Get-Baseline Test | Select-Object -ExpandProperty currentpatches | Where-Object {$\_.'releasedate' -gt $BeginDate} | Select-Object Name,IDByVendor,Description,@{n='Product';e={$\_.product | Select-Object -expandproperty Version}},ReleaseDate | Export-Csv patches.csv -NoTypeInformation

Which produces an output like this:

You’ll notice that I make use of the ExpandProperty parameter for Select-Object which makes it nice and easy to get to properties which are returned in an array, otherwise although they look fine in the console, when you export them to CSV you will not get what you hope for.

It’s days like today when I’m especially glad I started using PowerShell and very thankful that the vendors of technologies I’m using make this stuff so simple by providing cmdlets for managing their products.

Update:

Initially I tried to use the Get-Compliance cmdlet to find these patches rather than by date, however it only seemed to return a status of Compliant or Not Compliant. Thankfully following a post on the communities it has been pointed out that Get-Compliance has a Detailed parameter which returns a lot more information. Consequently there is no need to mess around with dates, instead you can query for NotCompliantPatches. :-)

$ComplianceStatus = Get-Compliance -Entity 'Server1' -Detailed $ComplianceStatus.NotCompliantPatches | Select-Object Name,IDByVendor,Description,@{n='Product';e={$\_.product | Select-Object -expandproperty Version}},ReleaseDate | Export-Csv patches.csv -NoTypeInformation