Script to disable time synchronization in VM… and more!

Document created by eric.senunas on Jul 21, 2014
Version 1Show Document
  • View in full screen mode

By Sebastian Barylo at Script to disable time synchronization in VM... and more! - VMwaremine - Mine of knowledge about virtualization (great blog!)

 

Time synchronization of Guest OS-es running vmware virtual machines is a very important topic that has been extensively covered in VMware documentation.

 

General recommendation for all types of OS-es is to use external (NTP) time source and not to use VMware Tools time synchronization (with vSphere host) whenever possible.


There are many good reasons for that, including but not limited to reduction of CPU overhead when using external time source.

 

Unfortunately it is not that obvious that un-ticking “Synchronize guest time with host” checkbox might not be enough in some scenarios.

 

If you saw Artur’s post from last week, you probably know VMware’s KB 1189 where you can read, that even with above functionality disabled, VMware Tools (by default!) will synchronize time with host upon events like machine (s)vMotion, snapshot creation or restore and Guest OS reboots.

 

Moreover, while “standard” time synchronization with host can only move your time “forward”, Guest OS time can be also set “backward” (in circumstances where host time is “in the past” compared to Guest OS time) after each of the events listed. This in turn can be a source of many unexpected and unwanted situations, included but not limited to Kerberos authentication problems (if time is skewed by more than 5 minutes) or inability to co-relate event timelines from different vms in your enterprise monitoring / log analytics systems.

 

This has been a reoccurring topic in many VMware environments I’ve supported, especially when implemented backup software heavily depends on VMware snapshots and volume of protected data is larger than average.

 

Disabling time synchronization via VMware Tools completely requires change of all 8 advanced settings for each virtual machine. This of course is a weary task if you have anything more than 2 vms in your environment, that’s why I wrote a script to automate this task.

 

Nothing really advanced in this script, it takes vCenter server name and host cluster name as parameters (I assume you want to reconfigure your vms on per cluster basis, but it is really easy to change it to whole datacenter or whatever). Script also expects adv_settings_list.csv file in its working directory. The content of this .csv file are basically parameter name and value pairs, for the use case of disabling vmtools time synchronization the .csv file should look like this:

 

 

1

 

2

3

4

5

6

7

8

9

 

name,value

 

tools.syncTime,0

time.synchronize.continue,0

time.synchronize.restore,0

time.synchronize.resume.disk,0

time.synchronize.shrink,0

time.synchronize.tools.startup,0

time.synchronize.tools.enable,0

time.synchronize.resume.host,0

Values imported from .csv file are fed to New-AdvancedSetting PowerCLI cmdlet, which is executed for every vm found in the cluster, templates are excluded from modification but you can easily revert this condition and modify your templates only. Please note that the first setting (tools.syncTime =0) is corresponding to “Synchronize guest time with host” available directly in GUI.

 

You need PowerCLI 5.1 or higher to use New-AdvancedSetting cmdlet, if you are still in 4.x zone you might be interested in a custom function created by LucD and Alan Renouf some good time ago already.

 

Because I want my scripts to look as pr0 as possible especially for this blog I introduced Write-And-Log function that allows you to write colorful messages both to the console and logfile (well OK – they are not colorful in plain-text log file), to keep track what the script was trying to do and where had it failed. I also make use of PowerShell transcript log capabilities, but you can easily turn transcripting off.

 

Disabling vmtools time synchronization is only one possible use case for this script, in fact you can use it to manipulate any of virtual machine advanced settings, in scenarios like vm security hardening etc.

 

Just know names of parameters to change and values you want to set then save them in adv_settings_list.csv file and you are ready to go.
Well… you should probably be careful with settings that require Guest OS support, like vMemory HotAdd or vCPU HotPlug capabilities :)

 

To be honest – I tried to experiment with New-AdvancedSetting cmdlet a little and tried to use it also to modify “not-so-advanced” settings. For example I tried to modify ethernet0.virtualDev parameter (type of first vnic for virtual machine that is stored in .vmx file) so that all my vms use vmxnet3 but it failed (obviously *-AdvancedSetting cmdlets weren’t build to change “standard” parameters but I still wanted to give it a try ;) ).

 

OK, technically the cmdlet didn’t fail, it hasn’t returned any error, even displayed the new value (vmxnet3) for ethernet0.virtualDev parameter but “in reality” nothing has changed, so it looks like “standard” properties of virtual machine object are protected from being modified by *-AdvancedSetting cmdlets.

I hope you find this script useful, feel free to share and provide your feedback!

 

Read the original article at: http://vmwaremine.com/2014/07/21/script-disable-time-synchronization-vm/#sthash.BNAU92Ed.mwfgy54q.dpuf

1 person found this helpful

Attachments

    Outcomes