• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Yellow Bricks

by Duncan Epping

  • Home
  • ESXTOP
  • Stickers/Shirts
  • Privacy Policy
  • About
  • Show Search
Hide Search

Automating ESXi host level changes without opening SSH

Duncan Epping · Jan 8, 2013 ·

I have been asked by many if it is possible automating ESXi host level changes without opening SSH. In many organizations people are prohibited to open SSH however they do have the need to make certain changes on a host level. One of those changes for instance is in a stretched cluster environment where “disk.terminateVMOnPDLDefault” needs to be set to true. This setting can only be configured in /etc/vmware/settings unfortunately. So how do you automate this?

Andreas Peetz from V-Front.de came up with an awesome solution. He created a plugin to esxcli allowing you to run commands on an ESXi host. So in other words, when you install his plugin (it is a vib) you can remotely fire off a command on an ESXi host as if you are sitting behind that host.

How does that work? Well first of all you install the vib Andreas created. (Or include it in your image.) When it is installed you can simply run the following on any machine that has the vSphere CLI installed:

esxcli -s hostname -u username -p password shell cmd -c "command"

Awesome right?! I think so, this is probably one of the coolest things I have seen in a while. Very clever solution, once again… awesome work Andreas and head over to V-Front.de to get more details and the actually download of this plugin!

** Disclaimer: implementing this solution could result in an unsupported configuration. This article was published to demonstrate the capabilities of esxcli and for educational purposes **

Share it:

  • Tweet

Related

powerCLI, Various automation, esxi

Reader Interactions

Comments

  1. Doug B says

    8 January, 2013 at 18:20

    This is definitely very cool, but I’m wondering how many companies that restrict the usage of SSH would allow additional (unsupported) software to be loaded on the ESXi host itself.

    It is very nice that this plugin leverages the vSphere CLI connection rather than opening another port on the hosts, so it actually maintains the minimal attack surface.

    • Andreas Peetz says

      8 January, 2013 at 22:45

      I would not call this package “real software”, because it just includes an XML file and a quite simple shell script. That means It does not really increase the attack surface and should survive any audit of paranoid security officers 😉
      – Andreas (the author of the plugin)

  2. t0i says

    9 January, 2013 at 00:18

    How does it log to syslog in this case?
    When normal shell commands are run it logs like this:
    2013-01-08T00:18:59Z localhost.localdomain shell[436379]: du -sh /scratch/log/

    Can you confirm it logs commands executed by this method, and how it looks like when logging to syslog?

    Thanks

  3. David Chung says

    9 January, 2013 at 04:55

    I am going to try this out soon. I’ve been using Quest version of plink.exe to execute esxi cli commands for my scripts. I think this plugin may be more secure to use on scripts.

Primary Sidebar

About the author

Duncan Epping is a Chief Technologist in the Office of CTO of the Cloud Platform BU at VMware. He is a VCDX (# 007), the author of the "vSAN Deep Dive", the “vSphere Clustering Technical Deep Dive” series, and the host of the "Unexplored Territory" podcast.

Upcoming Events

Feb 9th – Irish VMUG
Feb 23rd – Swiss VMUG
March 7th – Dutch VMUG
May 24th – VMUG Poland
June 1st – VMUG Belgium

Recommended Reads

Sponsors

Want to support Yellow-Bricks? Buy an advert!

Advertisements

Copyright Yellow-Bricks.com © 2023 · Log in