WilliamLam.com

Minimum vSphere privileges to install or remove patch from ESXi

by // Leave a Comment

I recently got a question from our field inquiring about the minimum vSphere privileges that would be required to either install or remove a patch (VIB/Component) from an ESXi host. The customer was interested in using PowerCLI and specifically the ESXLI interface to automate the installation and removal of a VIB and wanted to create a custom vSphere Role with the minimum privileges, which can be done with vCenter Server or even a standalone ESXi host (properly licensed).

Since I was familiar with the underlying ESXi patch API that is used for these operations, a nice benefit of the vSphere API Reference is that it also lists the specific vSphere Privileges that is required for a given operation and in this case, it is just Host.Config.Patch privilege.

However, when the customer attempted to create a custom vSphere Role with just this privilege and perform the installation operation, they still received an error as shown in the screenshot below, which was a bit cryptic but they had assumed it was still permissions related as full administrative account had worked:

OperationStopped: Response status code does not indicate success: 500 (Internal Server Error)


[Read more...]

PowerCLI automation for VMware Private AI Foundation with NVIDIA (PAIF-N)

by // 2 Comments

With the release of VMware Cloud Foundation (VCF) 5.1.1, customers can now take advantage of the new VMware Private AI Foundation with NVIDIA (PAIF-N) solution, providing an optimized and validated platform by NVIDIA for running modern AL/ML workloads on VCF. To learn more about the PAIF-N solution for VCF, there is a comprehensive PAIF-N Guide that includes the full software build-of-materials (BOM) as well as a step-by-step implementation guide for deploying the solution.

If you are interested in exploring the new PAIF-N solution, I recently came to learn the PowerCLI team have created some really useful PowerCLI scripts which fully automates the deployment of PAIF-N and makes setting up the environment a breeze!

There are 4 PowerCLI scripts that is included in the PAIF-N automation:

[Read more...]

Quick Tip - Audit vSphere VMs configured with USB Controllers

by // 6 Comments

Automation scales Operations, that is a phrase that I have used several times today in various conversations with colleagues and customers. I truly believe organizations can scale more efficiently and consistently when leveraging Automation and not be afraid of it or worse, attempting to avoid it at all cost!

In fact, Automation is a super power when it comes to the various reporting and auditing needs of an organization such as this recent inquiry in auditing all vSphere VMs that have been configured with a USB controller. The following PowerCLI snippet leverages  the vSphere API to check whether there are any VMs that have been configured with either a USB 2.x controller (VirtualUSBController) or USB 3.x controller (VirtualUSBXHCIController) and outputs that in a simple table format, as shown in the example below.

# Retrieve all VMs and only include Name and Device data
$vms = Get-View -ViewType VirtualMachine -Property Name,Config.Hardware.Device

$results = @()
foreach ($vm in $vms) {
    $haveUSB2Controller = $false
    $haveUSB3Controller = $false

    # Filter out devices that have USB 2.x and 3.x controllers & USB Devices (for mapping purposes)
    $devices = $vm.Config.Hardware.Device | where {$_.getType().Name -eq "VirtualUSBController" -or $_.getType().Name -eq "VirtualUSBXHCIController" -or $_.getType().Name -eq "VirtualUSB"}

    $usb2devices = @()
    $usb3devices = @()
    foreach ($device in $devices) {
        # Check whether USB controller is 2.x
        if($device.getType().Name -eq "VirtualUSBController") {
            $haveUSB2Controller = $true

            # Collect any connected USB devices on this controller
            foreach ($deviceKey in $device.device) {
                $usbDevice = $devices | where {$_.key -eq $deviceKey}
                $usbVid = [String]::Format("{0:x}", $usbDevice.Vendor)
                $usbPid = [String]::Format("{0:x}", $usbDevice.Product)
                $usb2devices += "${usbVid}:${usbPid}"
            }
        }

        # Check whether USB controller is 3.x
        if($device.getType().Name -eq "VirtualUSBXHCIController") {
            $haveUSB3Controller = $true

            # Collect any connected USB devices on this controller
            foreach ($deviceKey in $device.device) {
                $usbDevice = $devices | where {$_.key -eq $deviceKey}
                $usbVid = [String]::Format("{0:x}", $usbDevice.Vendor)
                $usbPid = [String]::Format("{0:x}", $usbDevice.Product)
                $usb3devices += "${usbVid}:${usbPid}"
            }
        }
    }
    # Only output VMs that have USB controllers
    if($haveUSB2Controller -or $haveUSB3Controller) {
        $tmp = [pscustomobject] @{
            VM = $vm.Name
            USB2Controller = $haveUSB2Controller
            USB2Devices = $usb2devices
            USB3Controller = $haveUSB3Controller
            USB3Devices = $usb3devices
        }
        $results+=$tmp
    }
}

# Format output (can easily output to CSV/Excel)
$results | ft

Here is an example screenshot listing only the VMs that have a USB controller and you can easily pipe the output to CSV or Excel for further processing rather than displaying the results in the console.

UPDATE (03/11/24) - The script above has been updated to also included all connected USB devices for either USB 2.x or 3.x controller found for a given VM. The format of the connected USB devices are vendorId:productId, which you can then use sites like DeviceHunt to get the friendly vendor/product name.