WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud
  • Tanzu
    • Application Modernization
    • Tanzu services
    • Tanzu Community Edition
    • Tanzu Kubernetes Grid
    • vSphere with Tanzu
  • Home Lab
  • Nested Virtualization
  • Apple

Script - hostops-lamw.pl

06.06.2010 by William Lam // 1 Comment

I recently noticed a question on the ESXi forum about trying to add a host to a vCenter server that had the "SSL host certificate verification" enabled while using the vSphere SDK for Perl Utility hostops.pl on vMA. The user encountered the following error when trying to add the host:

Error:
SOAP Fault:
-----------
Fault string: Authenticity of the host's SSL certificate is not verified.
Fault detail: SSLVerifyFault

The SSL host verification is a feature that came with the release of vSphere that provides a security measure to verify the validity of a host before adding it to your VMware infrastructure. This feature is disabled by default, but when it is enabled, a user will need to accept a dialog box to confirm the SHA1 thumbprint of the host in question.

This particular use case was not handled properly by hostops.pl which caused the error message to be thrown. With a small tweak to VMware's canned script, the new and improved hostops-lamw.pl now supports adding an ESX or ESXi host into vCenter with SSL host verification enabled. You'll still be expected to verify the SHA1 thumbprint, but now you can pass this as an additional parameter which will tell vCenter that you have verified the host and add to vCenter management.

Scott Lowe originally wrote an article on how to verify the SHA1 thumbprint for both an ESX and ESXi host.

On ESX you can run the following:

openssl x509 -sha1 -in /etc/vmware/ssl/rui.crt -noout
-fingerprint

On ESXi, the only real way to verify is by looking at the DCUI's "View Support Information":

However, if you truly trust the ESX or ESXi host that you're going to add to vCenter, there is an alternative way of retrieving the SHA1 thumbprint using the vCLI's vifs and the modified hostops-lamw.pl.

By default, you'll be able to point your web browser to https://[hostname]/host/ssl_cert to see actual SSL certificate on your host, assuming this functionality is not disabled. What you can do is download the ssl_cert to vMA or system with vCLI installed and query for the SHA1 hash and provide that as input to hostops-lamw.pl.

Download: hostops-lamw.pl

Step 1. Download hostops-lamw.pl to either vMA or system running vCLI copy it to the following path:

vMA or Linux host /usr/lib/vmware-cli/apps/host
Windows C:\Program Files\VMware\VMware vSphere CLI\Perl\apps\host

Step 2. Download the ssl_cert to vMA:

[[email protected] ~]$ vifs --server esxi4-1.primp-industries.com --username root --get "/host/ssl_cert" esxi4-1.primp-industries.com-ssl_cert
Enter password:

Downloaded file to esxi4-1.primp-industries.com-ssl_cert successfully.

Step 3. Get the SHA1 thumbprint from the ssl_cert you downloaded:

[[email protected] ~]$ openssl x509 -sha1 -in esxi4-1.primp-industries.com-ssl_cert -noout -fingerprint
SHA1 Fingerprint=79:BB:39:09:F6:E5:91:BD:B0:C3:F3:09:B4:38:50:FB:ED:9C:53:A5

Step 4. Use the modified hostops-lamw.pl and the new --sslthumbprint providing the SHA1 thumbprint (remember to double quote it) along with the other required input to add the host to vCenter:

[[email protected] ~]$ ./hostops-lamw.pl --server reflex.primp-industries.com --username primp --operation addhost --target_host esxi4-1.primp-industries.com --target_username root --target_password 'password' --sslthumbprint "79:BB:39:09:F6:E5:91:BD:B0:C3:F3:09:B4:38:50:FB:ED:9C:53:A5" --cluster virtual-cluster
Host 'esxi4-1.primp-industries.com' added successfully

Categories // Uncategorized Tags // esx4, esxi4, perl, sha1

Script - Updated vSphere Health Check 4.0.8

06.05.2010 by William Lam // Leave a Comment

Check the latest update to popular vSphere Health Check Script which has now gone to v4.0.8!

One new change that you'll notice is the two additional menu options at the top of the report when you running the report against a vCenter server.

VPX Settings - All configured vCenter settings

VMware/3rd Party Applications - Display any registered VMware/3rd party applications running within a VM

For a list of other changes, please take a look at the vSphere Health Check Script change log.

Give the new script a try and let me know if have any problems or would like to see other features included in a future release.

Categories // Uncategorized Tags // health check script, perl, vSphere

Script - ipmiConfig.pl

06.03.2010 by William Lam // 1 Comment

There was a question on the VMTN community asking about automating the configuration of IPMI/iLO Settings for Power Management via kickstart. Unfortunately, this cannot be configured directly on an ESX/ESXi host, it requires vCenter server. This configuration is a prerequisite to VMware's DPM (Distributed Power Management) which is only available with vCenter and DRS enabled cluster.

Although this configuration can't be added to kickstart, you can create a script that is executed as part of the "post configurations". Before starting, make sure that you have IPMI enabled over LAN which is generally found within your iDRAC/iLO or other out-of-band management console.

Here are two posts on popular hardware (Dell/HP) for configuring IPMI/iLO settings:

Dell configuration
HP configuration

In general, the actual configuration for the host is the same but will differ based on the server vendor and out-of-band management console.

Here is a vSphere SDK for Perl script that allows you to configure IPMI/iLO settings for an ESX or ESXi host:

Download: ipmiConfig.pl

You'll need to provide the following variables:

  • vihost = ESX or ESXi host
  • ipaddress = IP Address of your iDRAC/iLO/etc.
  • macaddress = MAC Address of your iDRAC/iLO/etc. interface
  • bmcusername = Username to login to your iDRAC/iLO/etc.
  • bmcpassword = You'll be prompted to provide the password

Here is an example run:

[[email protected] ~]$ ./ipmiSettings.pl --server reflex.primp-industries.com --username primp --vihost dev-esxi1.primp-industries.com --ipaddress 172.50.0.45 --macaddress 00:22:E8:71:C5:47 --bmcusername admin
Please enter your BMC Password:

Trying to configure IPMI/iLO Settings for Power Management on dev-esxi1.primp-industries.com ...

If you've entered everything correctly, the prompt should return right away. If it sits there for more than 20 seconds, then something went wrong and you may have entered something incorrectly. Due to the limitation of this API method, no tasks are returned back to properly handle these errors. You may want to manually configure this via the vSphere Client to double check your settings before re-using the script.


Here is an example of a bad run (entered wrong username + password):

[[email protected] ~]$ ./ipmiSettings.pl --server reflex.primp-industries.com --username primp --vihost dev-esxi1.primp-industries.com --ipaddress 172.50.0.45 --macaddress 00:22:E8:71:C5:47 --bmcusername root
Please enter your BMC Password:

Trying to configure IPMI/iLO Settings for Power Management on dev-esxi1.primp-industries.com ...

Error: Unable to configure IPMI/iLO Settings: SOAP request error - possibly a protocol issue: 500 SSL read timeout:

Categories // Uncategorized Tags // dpm, esx4, esxi4, ipmi, perl, sdk

  • « Previous Page
  • 1
  • …
  • 479
  • 480
  • 481
  • 482
  • 483
  • 484
  • Next Page »

Search

Author

William Lam is a Senior Staff Solution Architect working in the VMware Cloud team within the Cloud Infrastructure Business Group (CIBG) at VMware. He focuses on Cloud Native technologies, Automation, Integration and Operation for the VMware Cloud based Software Defined Datacenters (SDDC)

Connect

  • Email
  • GitHub
  • LinkedIn
  • RSS
  • Twitter
  • Vimeo

Recent

  • How to enable passthrough for USB Network Adapters claimed by ESXi CDCE Driver? 03/30/2023
  • Self-Contained & Automated VMware Cloud Foundation (VCF) deployment using new VLC Holodeck Toolkit 03/29/2023
  • ESXi configstorecli enhancement in vSphere 8.0 Update 1 03/28/2023
  • ESXi on Intel NUC 13 Pro (Arena Canyon) 03/27/2023
  • Quick Tip - Enabling ESXi Coredumps to be stored on USB 03/26/2023

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2023