WilliamLam.com

Quick Tip - How to retrieve deleted VM history?

by // 4 Comments

Here is another question that can be solved by leveraging vCenter Server Events, which provides a lot of useful information, especially for historical operations and auditing purposes. Simliar to identifying where a VM was cloned from use case, we can also use vCenter events to retrieve the historical events for all VM deletions for a given vSphere environment.

One important thing to note is that when a VM or any other vSphere object for that matter that has been deleted, all references to that object is removed from vCenter Server. This means, we can not look for events for a give VM but instead, we need to look at the Task-based Event types to actually retrieve this information.

Putting this together, I have created a PowerCLI function called Get-VmDeleteHistory which can be installed directly from the PowerShell Gallery by running:

Install-Script -Name VmDeleteHistory

After connecting to your vCenter Server using the Connect-VIServer cmdlet, you can then run the Get-VmDeleteHistory function which uses the Get-VIEvent cmdlet and looks at the last 500 events. Below is an example output of what you will see which is the VM that was deleted, the User who performed the action along with the date and time.


If you want to look further back in history, you can provide the optional -MaxSamples parameter and that will allow you to specify the maximum number of events to look through.

Get-VmDeleteHistory -MaxSamples 1000

It is also important to understand that how far back you can go is based on your vCenter Server's Task/Event retention configuration.

Which VM was this vSphere VM cloned from?

by // Leave a Comment

This was a question that I saw back in December on the VMware {code} Slack which was quickly answered by the always awesome Luc Dekens. The solution is to look at vCenter Server Events, which are super rich in information and can be used for a number of things including identifying the source VM that it was cloned from. When I was a customer, this was something I did all the time, using events for auditing purposes but also identifying who, what and when a certain operation was performed including source VMs for cloning operations.

Although this information maybe known to some, there is still not an elegant solution that can help someone quickly identify the source VM for a specific vSphere VM that was cloned. This topic also intrigued me as I have seen this question come up in the past. I figure I might as well add this to my random scripting backlog and take a look when I had some time.

Before taking a look at the solution, it is important to understand the different types of clones that exists in vSphere today and also the respective vCenter Server events that can help us correlate to both the source VM but also the specific clone type.

Cloning Types

  • Full Clone - An independent copy of a virtual machine that shares nothing with the parent virtual machine after the cloning operation. Ongoing operation of a full clone is entirely separate from the parent virtual machine
  • Linked Clone - A copy of a virtual machine that shares virtual disks with the parent virtual machine in an ongoing manner. This conserves disk space, and allows multiple virtual machines to use the same software installation
  • Instant Clone - An independent copy of a virtual machine that starts executing from the exact running state of the source powered on virtual machine. Instant Clone uses rapid in-memory cloning of a running parent virtual machine and copy-on-write, simliar to that of Linked Cloning to rapidly deploy virtual machines

[Read more...]

Mapping between vSphere Container Volume to Persistent Volume Claim (PVC) in vSphere 7.0 Update 1 using PowerCLI

by // Leave a Comment

With the introduction of the vSphere Container Storage Interface (CSI) 2.1, it looks like the previous method outlined by Cormac Hogan no longer applies when looking to map between a vSphere Container Volume (CV), which is a vSphere construct to the underlying Persistent Volume Claim (PVC), which is a Kubernetes construct.


William Arroyo, a K8s Solution Engineer recently noticed this behavior change and was asking if there was a way to use PowerCLI to still perform this look up. Given I had provided the original PowerCLI snippet on Cormac's blog, I was curious myself and since I had just rebuilt my vSphere with Tanzu environment, I figured I take a quick look to see where this new information might now be placed.

I did also want to mention that you can easily find this information using the vSphere UI by just clicking on the "Details" box next to the PVC


With the latest PowerCLI 12.1 release, we have a number of Cloud Native Storage (CNS) cmdlets that we can leverage and after a quick minute of poking around, this new information can be found using the Get-CnsVolume cmdlet and using the ExtensionData property to get more detailed properties.

[Read more...]