In the definition of these systems, there's is a very important word: identical nodes. The computers which are part of a cluster of some sort should be very similar. Ideally same hardware model, same operating system, same applications installed, same OS, network, disk...etc configuration. And not least, same hotfixes installed.
Because Microsoft hotfixes are supposed to be installed at least once a month, a quick tool is always helpful which can tell you the differences between the list of installed hotfixes on two computers. You can get the list of Microsoft patches installed to a host with one line:
$hotfixes = gwmi -query "select HotFixID from Win32_quickfixengineering where hotfixID like 'KB%'" -computer $fsrv | select hotfixid
If you want to compare two lists, PowerShell offers you and easy way with Compare-Object, however, to make the output a bit better and more readable, you can feed the data into an object collection and then make it as the output of the script (see compareHotfixes function in the script below).
Example output:
Some of the interesting parts of the script:
#### Function for enumerating hotfixes
function gethotfixes ([string]$fsrv){
writelog 0 "$fsrv, reading hotfixes data from Win32_quickfixengineering......" "nonew"
$hotfixes = gwmi -query "select HotFixID from Win32_quickfixengineering where hotfixid like 'KB%'" -computer $fsrv | select hotfixid
$strHotfixes = $hotfixes | %{$_.hotfixid.tostring()}
writelog 1 "[done]" "extend"
return $strHotfixes
}
This function reads the list of hotfixes from a remote host (has some logging as well) and returns the results in $strHotfixes variable.
#### Function for comparing hotfixes between 2 hosts
function compareHotfixes ($fobjColl, $fullreport){
writelog 0 "Comparing hotfixes between the 2 hosts......" "nonew"
# compare the list of hotfixes from the 2 hosts
if($fullreport) {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500 -IncludeEqual} #we need the equals for the host details output
else {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500}
# going through the output of compare-object's output and feed the data into an object collection
foreach ($c in $comparedHotfixes) {
$fsObj = new-Object -typename System.Object
$hotfixId = $c.InputObject
switch ($c.SideIndicator)
{
"=>" {
$fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
$fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "Missing"
$fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
}
"<=" {
$fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
$fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
$fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "Missing"
}
"==" {
$fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
$fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
$fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
}
}
if($fsObj.item){
$script:ReturnObjColl += $fsObj
}
}
writelog 1 "[done]" "extend"
}
This is the main part of the script where we take the list of hotfixes on each node (first and second element of the $fobjcoll object collection, which is basically an array of objects and we take the hotfixes property of them: $fobjColl[0].hotfixes, $fobjColl[1].hotfixes.) and then we use the compare-object command to compare the lists. Then there's a bit of data processing with a switch case.
if($hostlistlength -eq 2){
foreach ($srv in $hostlist) {
$sObjHotfixes = new-Object -typename System.Object
$sObjHotfixes | add-Member -memberType noteProperty -name ComputerName -Value $srv
$sObjHotfixes | add-Member -memberType noteProperty -name hotfixes -Value ""
$sObjHotfixes.hotfixes = gethotfixes $srv
$objColl += $sObjHotfixes
}
}
The script checks how any nodes were specified, if 2 then we are good to go. Then we just go through the list and create and object for each which will contain the name of the computer and the hotfixes enumerate from it.
Run it like this:
PS C:\> "host1","host2" | compare-hotfixes.ps1
Clipboard friendly code:
 param (     [string] $log = "",
            [switch] $fullreport = $false)
  
 if (!$log){
      $date = get-date -uformat "%Y-%m-%d-%H-%M-%S"
      $log = "c:\temp\$scriptname-$date.log"
      write-host -foregroundcolor 'yellow' "No logfile is specified, $log will be used." 
 }     
 $logfile = New-Item -type file $log -force
  
 ##################################################### Functions ##################################################### 
 # ================== Logging and reporting functions ==================
 #### Function for creating log entries in a logfile and on standard output
 function writeLog ([int]$type, [string]$message, [string]$modifier) { #usage: writeLog 0 "info or error message"
      # $modifier: <nonew | extend>
      # Value nonew: writes the output the the console and the logfile without carriage return
      # Value extend: writes the message to the output without date and 
      # both values can be used e.g. for writting to the console and logfile and put a status message at the end of the line as a second step
  
      $date = get-date -uformat "%Y/%m/%d %H:%M:%S"
      if($modifier -eq "extend"){
           switch ($type) {
                "0"     {$color = "Green"}
                "1"     {$color = "Yellow"}
                "2"     {$color = "Red"}
           }
      }
      else{
           switch ($type) {
                "0"     {$message = $date + ", INF, " + $message; $color = "Green"}
                "1"     {$message = $date + ", WAR, " + $message; $color = "Yellow"}
                "2"     {$message = $date + ", ERR, " + $message; $color = "Red"}
           }
      }
      if($modifier -eq "nonew"){
           write-host $message -ForegroundColor $color -NoNewLine
           $bytes = [text.encoding]::ascii.GetBytes($message)
           $bytes | add-content $logfile -enc byte
      }
      else{
           write-host $message -ForegroundColor $color
           Add-Content $logfile $message
      }
 }
  
 #### Function for enumerating hotfixes
 function gethotfixes ([string]$fsrv){
      writelog 0 "$fsrv, reading hotfixes data from Win32_quickfixengineering......" "nonew"
      $hotfixes = gwmi -query "select HotFixID from Win32_quickfixengineering where hotfixid like 'KB%'" -computer $fsrv | select hotfixid
      $strHotfixes = $hotfixes | %{$_.hotfixid.tostring()}
      writelog 1 "[done]" "extend"
      return $strHotfixes
 }
  
 #### Function for comparing hotfixes between 2 hosts
 function compareHotfixes ($fobjColl, $fullreport){
      writelog 0 "Comparing hotfixes between the 2 hosts......" "nonew"
      # compare the list of hotfixes from the 2 hosts
      if($fullreport)     {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500 -IncludeEqual} #we need the equals for the host details output
      else               {$comparedHotfixes = compare-object $fobjColl[0].hotfixes $fobjColl[1].hotfixes -SyncWindow 500}
  
      # going through the output of compare-object's output and feed the data into an object collection
      foreach ($c in $comparedHotfixes) { 
           $fsObj = new-Object -typename System.Object
           $hotfixId = $c.InputObject
 
           switch ($c.SideIndicator) 
           {
                "=>" {
                     $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "Missing"
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
                } 
                "<=" {
                     $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "Missing"
                } 
                "==" {
                     $fsObj | add-Member -memberType noteProperty -name "Item" -Value $hotfixId
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[0].ComputerName) -Value "OK"
                     $fsObj | add-Member -memberType noteProperty -name $($fobjColl[1].ComputerName) -Value "OK"
                } 
           }
           if($fsObj.item){
                $script:ReturnObjColl += $fsObj
           }
      } 
      writelog 1 "[done]" "extend"
}
  
##################################################### Body #####################################################
  
 writelog 0 "Syntax: $($MyInvocation.MyCommand.Path)$($myinvocation.line.substring(($myInvocation.InvocationName).length ))"
 writelog 0 "Invoked by: $([Security.Principal.WindowsIdentity]::GetCurrent().Name)"
  
 $hostlist = @($Input)
 $objColl = $script:ReturnObjColl = @()
 $hostlistlength = $hostlist.length
  
 if($hostlistlength -eq 2){
      foreach ($srv in $hostlist) {
           $sObjHotfixes = new-Object -typename System.Object
           $sObjHotfixes | add-Member -memberType noteProperty -name ComputerName -Value $srv
           $sObjHotfixes | add-Member -memberType noteProperty -name hotfixes -Value ""
           $sObjHotfixes.hotfixes = gethotfixes $srv
           $objColl += $sObjHotfixes
      }
 }
  
 compareHotfixes $objColl $fullreport
 $script:ReturnObjColl
  
Have a look and let me know what you think.
May the Force...
t

 
Why don't you use the built-in cmdlet Get-Hotfix? It does the same thing but helps to reduce the number of lines needed for scripts like yours.
ReplyDeleteYou are right, get-hotfix does the same thing. I wrote this originally when only PS 1.0 was available where you had to write your own function for almost everything, especially when you wanted to handle remoting, so either way, you achieve the same thing.
ReplyDelete