Last week we took a look at two new Automated solutions here and here that allows us to leverage vCenter Server and the vSphere APIs to remotely extract information that historically required logging in directly into an ESXi host. While working on the two scripts, I was reminded of another use that could also be really useful which builds on top of some information that I had shared back in 2012. ESXi provides a very basic file manipulation capability that is exposed as a simple HTTPS-based interface.
Here is a quick recap of the three URLs which can be accessed by opening a browser and logging into the ESXi host:
- https://esxi-1.primp-industries.com/host
- https://esxi-1.primp-industries.com/folder
- https://esxi-1.primp-industries.com/tmp
For the purpose of this article, we will be focusing on the first url endpoint /host and below is an example screenshot on some of the configuration files (46 in total) that you would be able to access using this interface.
One of the available ESXi configuration files that you access is the esx.conf file directly where it might be useful to periodically capture the state of this file for either auditing or troubleshooting purposes.
Note: Although esx.conf does contain some amount of the ESXi configurations, it does not represent the full state of the ESXi host. If you wish to perform periodic full backups of your ESXi host (which includes esx.conf by default among other files), there is a vSphere API for this by using the HostFirmwareSystem and the BackupFirmwareConfiguration() method.
Applying the same technique as I have described here, we can easily retrieve the esx.conf for a specific ESXi host being managed by vCenter Server without needing directly login to the ESXi host or worse connecting via SSH. I have created a PowerCLI script called Get-Esxconf.ps1 which just accepts a VMHost object.
Here is an example of how you would use the function and screenshot below of the output:
$esxConf = Get-VMHost -Name "esxi-1" | Get-Esxconf
If you are interested in a specific key within the esx.conf configuration file, we further process the output. The following snippet below searches for the following key /system/uuid and will return the value as it iterates through the esx.conf output.
$esxConf = Get-VMHost -Name "esxi-1" | Get-Esxconf $keyToSearchFor = "/system/uuid" foreach ($line in $esxConf.Split("`n")) { $data = $line.split("=").trim().replace('"',"") if($data[0] -eq $keyToSearchFor) { Write-Host "Key:" $keyToSearchFor write-Host "Value:" $data[1] } }
Hopefully this gave you an idea of just one of the many use cases that can now be enabled through the use of the vSphere API and this ESXi interface. Here are just a few other use cases that I can think of on the top of my mind that could come in handy:
- Managing ESXi SSH public/private keys, we have mostly been using httpGet, but you can also use an httpPut to upload these files without needing to go to each and every ESXi host
- Replacing Custom SSL Certificates if you are not using VMCA, you can also use an httpPut request to upload these files (you will need to restart hostd or reboot the host for the new SSL Certificates to go into effect)
- Quickly access the vpxa.cfg (vCenter Server agent) configuration file for troubleshooting purposes
BlueArcher says
I would be interested in a way to put a PowerCLI wrapper around getting some data out of the smbiosDump command. Specifically we have HP blades and we are using logical serial numbers in the blade profiles, but have a need to pull the physical serial numbers via ESXi. The data is available only through smbiosDump as far as I can tell. Do you think this would be feasible?
William Lam says
Hi BlueArcher,
This is definitely feasible and there's actually a few options.
1) Since the data is only available via smbiosDump, you would need to actually rely on SSH to connect to ESXi host, dump the data and then process out what you need. There's variety of tools from plink to even native SSH libraries that PowerShell (not PowerCLI) may have that can help. Best bet is to do some searching online as I'm sure this is something many folks have already done, beyond just for VMware
2) You may also want to investigate CIM-SDK (part of the vSphere Management SDK) https://developercenter.vmware.com/web/sdk/60/vsphere-management which I believe this sort of information should be exposed as part of the CIM interface that ESXi provides to hardware vendors and I have to believe something as basic as Serial Number would be retrievable and this can be done "remotely" without the need for SSH. This would be my recommendation given you should be able to pull everything about the underlying hardware using this interface.
Good luck
William Lam says
Just thought about this a bit more after my reply and realized, there is an easier way to get the smbiosDump info! In fact, you can leverage one of the other articles that was the basis for the last two articles I had on this topic.
A bunch of data is collected as part of an ESXi Support Bundle, which includes smbiosDump info. You can use the technique described here http://www.virtuallyghetto.com/2016/06/using-the-vsphere-api-to-remotely-generate-esxi-performance-support-bundles.html & then just specify the following manifests "Hardware:base" which will give you what you need. Extract the .tgz file and under the commands directory, you'll find smbiosDump.txt which is the output of the command and this can all be done w/o requiring SSH
If I get some time next week, I may do an article on this topic since I know this question has come up from time to time too and provide a simple PowerCLI example which is really based off of the same core code shared in these last two blog posts
Deepak says
Thanks William,informative post.I'm looking on take backup of manage ID(MOID) of vcenter.
Amir says
Hi William.
I'm looking for an API method to backup / restore that is summarized in this VMware KB article:
https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2042141
Many of our clients will not allow us to enable SSH - therefore - we cannot leverage the methodologies described in aforementioned KB article. I try to use big words every chance it get! : )
Could the HostFirmwareSystem and the BackupFirmwareConfiguration() methods be used for this purpose?
Best,
Amir
William Lam says
Amir,
I'm not sure what you mean by enabling SSH, the whole point of using the vSphere API is that you are NOT going through SSH 🙂
The method described in the post does not use SSH. Yes, you could also use the BackupFirmwareConfiguration() method which would give you all the configuration files. If you're only needing a subset, then this method might be useful else you could just download it all and then discard the files you don't need.
Amir says
Hi William,
Thank you so much for your help. Saw you walking the halls at VMworld 2015 in SF last year and didn't want to pester you. You are a poster child when I motivate my 16 and 13 year old to aspire for greatness. And that is NOT a joke.
Since we have a proprietary linux appliance on site at our various clients, I can monitor and manage their vSphere environments via perl and/or python scripts. Since many of the clients are security conscious, they do not enable SSH on their ESXi hosts.
Therefore, I'm unable to easily use the super well written KB article I referenced earlier - specifically the "vim-cmd hostsvc/firmware/backup_config " syntax to backup and restore the ESXi configuration.
So my hope is to script via perl or python and access the API (obviously not using SSH) and utilize the HostFirmwareSystem and the BackupFirmwareConfiguration() methods. My question really is - can I use these API methods to perform backup and restore as easily as I was able to with the vim-cmd hostsvc/firmware/restore_config /tmp/configBundle.tgz?
Does that make sense?
Thanks man!
Amir
William Lam says
Amir,
Thanks for the very kind words and you should have come by and said hello 🙂
Regarding your question, yes, you can use that API to backup without needing SSH. In fact, vicfg-cfgbackup.pl script does exactly this and if you open up that sample, you'll see how the API is exercised. If you're at VMworld this year, I'll be hanging out at the VMware Code booth if you wanted to chat more. Details here https://code.vmware.com/2016/08/17/vmware-code-vmworld-come-geek/
Amir says
Hi William,
I'm jealous that you and your 25k closest friends are in Vegas! Have a great time.
I've written a perl script to enumerate the managed hosts in vCenter and generate a backup based on our earlier conversation. It works great. How can I share that out to you? Not that you need help with scripting! : )
Lastly, I was wondering what the significance of doing this synch is:
Using the ESXi Command Line
To synchronize the configuration changed with persistent storage, run this command:
vim-cmd hostsvc/firmware/sync_config
Best,
Amir