WilliamLam.com

Quick Tip - Automating ESXi local user passwords using SHA512 encrypted hashes

01.17.2023 by William Lam // Leave a Comment

For those that automate their ESXi installations using Kickstart aka ESXi scripted installation should be quite familiar with the ability to configure the root password as part of the installation. As described in the official ESXi documentation, the --rootpw option can either contain a plain text password (not recommended) or with the use of the additional --iscrypted option, a SHA512 hash of the password can also be used, which is definitely recommended and more secure.

However, when managing additional local users via ESXCLI system account, which I recently blogged about here, I noticed that you can only provide a plain text password either on the command-line (not recommended) or interactively, which prevents this process from being automated. As mentioned in the blog post, you could store the password and the commands into another script file and this will at least hide the password from being stored in the ESXi Shell log file (/var/log/shell.log) but this is far from ideal.

While sharing this feedback with Engineering as part of a feature enhancement request, I came to learn about a nice little utility that can be used with both ESXi 7.x and 8.x that can update local user by simply providing the encrypted SHA512 hash.

[Read more...]

Nested ESXi installation using HTTPS boot over VirtualEFI in vSphere 8

01.13.2023 by William Lam // 2 Comments

In vSphere 7.0 Update 2, an enhancement was made to the Virtual Machine's UEFI firmware called VirtualEFI that would enable ESXi to run in a VM (Nested ESXi) and perform an HTTP Boot given the ESXi bootloader URL without requiring any traditional PXE infrastructure.

This was especially useful for anyone testing or developing ESXi automation for use with ESXi Kickstart, where you can quickly prototype your automation without additional infrastructure dependencies and once the automation has been vetted, you can then leverage that exact same automation in your physical ESXi provisioning infrastructure.

The original solution had only supported HTTP and I recently came to learn that we can now also support HTTPS in vSphere 8!

[Read more...]

How to recover ESXi installed on USB device after disabling vmkusb module?

01.12.2023 by William Lam // Leave a Comment

I have to say, this is one of the more interesting challenges that I have come across in quite some time. A user was looking for assistance after they accidentally disabled the vmkusb module, which is the USB driver for ESXi and allows it to communicate with USB devices that are connected to the system.

The vmkusb module also plays a very critical role if you have ESXi installed on a USB device, as the driver is required for proper functionality such as being able to save the ESXi state and configurations to the USB device. So what happens when you disable the vmkusb module and you reboot the ESXi host, which is also installed on a USB device?

Well, everything continues to work including VMs since ESXi by design runs in memory after the initial boot from the USB device. However, any configuration changes made after that is lost after a system reboot including the attempt to re-enable the vmkusb module since ESXi is unable save any of the settings to the USB device. Fortunately, I was able to help the user out as I had a few ideas on how we could fully recover from this type of scenario and hence the blog post.

Hopefully a lesson can be learned here, do not make changes or disable things that you are not familiar with 🙂

[Read more...]