WilliamLam.com

Using the vSphere API to remotely collect ESXi configuration file (esx.conf)

by // 9 Comments

Last week we took a look at two new Automated solutions here and here that allows us to leverage vCenter Server and the vSphere APIs to remotely extract information that historically required logging in directly into an ESXi host. While working on the two scripts, I was reminded of another use that could also be really useful which builds on top of some information that I had shared back in 2012. ESXi provides a very basic file manipulation capability that is exposed as a simple HTTPS-based interface.

Here is a quick recap of the three URLs which can be accessed by opening a browser and logging into the ESXi host:

  • https://esxi-1.primp-industries.com/host
  • https://esxi-1.primp-industries.com/folder
  • https://esxi-1.primp-industries.com/tmp

For the purpose of this article, we will be focusing on the first url endpoint /host and below is an example screenshot on some of the configuration files (46 in total) that you would be able to access using this interface.

vsphere-api-to-remotely-collect-esx-conf
One of the available ESXi configuration files that you access is the esx.conf file directly where it might be useful to periodically capture the state of this file for either auditing or troubleshooting purposes.

Note: Although esx.conf does contain some amount of the ESXi configurations, it does not represent the full state of the ESXi host. If you wish to perform periodic full backups of your ESXi host (which includes esx.conf by default among other files), there is a vSphere API for this by using the HostFirmwareSystem and the BackupFirmwareConfiguration() method.

Applying the same technique as I have described here, we can easily retrieve the esx.conf for a specific ESXi host being managed by vCenter Server without needing directly login to the ESXi host or worse connecting via SSH. I have created a PowerCLI script called Get-Esxconf.ps1 which just accepts a VMHost object.

Here is an example of how you would use the function and screenshot below of the output:

$esxConf = Get-VMHost -Name "esxi-1" | Get-Esxconf

vsphere-api-to-access-esxconf
If you are interested in a specific key within the esx.conf configuration file, we further process the output. The following snippet below searches for the following key /system/uuid and will return the value as it iterates through the esx.conf output.

$esxConf = Get-VMHost -Name "esxi-1" | Get-Esxconf

$keyToSearchFor = "/system/uuid"

foreach ($line in $esxConf.Split("`n")) {
    $data = $line.split("=").trim().replace('"',"")
    if($data[0] -eq $keyToSearchFor) {
        Write-Host "Key:" $keyToSearchFor 
        write-Host "Value:" $data[1]
    }
}

Hopefully this gave you an idea of just one of the many use cases that can now be enabled through the use of the vSphere API and this ESXi interface. Here are just a few other use cases that I can think of on the top of my mind that could come in handy:

  • Managing ESXi SSH public/private keys, we have mostly been using httpGet, but you can also use an httpPut to upload these files without needing to go to each and every ESXi host
  • Replacing Custom SSL Certificates if you are not using VMCA, you can also use an httpPut request to upload these files (you will need to restart hostd or reboot the host for the new SSL Certificates to go into effect)
  • Quickly access the vpxa.cfg (vCenter Server agent) configuration file for troubleshooting purposes

Using the vSphere API to remotely collect ESXi esxcfg-info

by // 6 Comments

Using the same technique as I have described here, you can now also use the vSphere API to connect to vCenter Server to remotely collect esxcfg-info from ESXi hosts without having to SSH'ing to each and every single host. Historically, the esxcfg-* commands were only available in the classic ESX Service Console (COS) and the ESXi Shell. As part of the ESXi transition, VMware has converted all the commands over to the vSphere API which means that you no longer needed to run those local CLIs commands to manage or configure your ESXi hosts like you used to with classic ESX.

The only exception that still exists today is the esxcfg-info command, which still contains a lot of useful information, for some of which is not currently in the vSphere API today. Similiar to the vm-support.cgi script, there is also an esxcfg-info.cgi script which I had blogged about here back in 2011. To output the esxcfg-info, simply open a web browser and specify the following URL with the Hostname/IP Address of your ESXi host:

https://esxi-1.primp-industries.com/cgi-bin/esxcfg-info.cgi

Once you have authenticated with a valid user, you will see that the output matches the output if you were to manually run esxcfg-info command on the ESXi Shell.

esxcfg-info-regular-output
Instead of the raw output that you are all probably familiar with, you can also format the output using XML simply by appending ?xml to the end of the URL:

https://esxi-1.primp-industries.com/cgi-bin/esxcfg-info.cgi?xml

esxcfg-info-xml-output
With the second formatted option, we can now easily retrieve the result and store that into an XML object for processing using any one of our favorite scripting/programming languages. In the previous article, I demonstrated the use of the vSphere API method AcquireGenericServiceTicket() using a pyvmomi (vSphere SDK for Python) script. In this example, I will demonstrate the exact same use of the vSphere API but now leveraging PowerCLI. I have created a script called Get-Esxcfginfo.ps1 which connects to a vCenter Server and requests a session ticket to a specific ESXi host's esxcfg-info.cgi URL and that will then return us a one time HTTP request to connect to the ESXi host to retrieve the requested information.

Here is an example on how to use the command which will return the XML output which would then require further processing of the XML:

$xmlResult = Get-VMHost -Name "192.168.1.190" | Get-Esxcfginfo

I have also included an example of how to parse the XML return in the script itself. As you can see from the screenshot below, I am extracting the Device Name, Vendor Name & Vendor ID from the esxcfg-info output.

vsphere-api-to-access-esxcfg-info

Pretty cool huh? Stay tuned for one more blog post which I will show you another way in which you can make use of this vSphere API!

Generating vCenter Server & Platform Services Controller deployment topology diagrams

by // 16 Comments

A really useful capability that vCenter Server used to provide was a feature called vCenter Maps. I say "used to" because this feature was only available when using the vSphere C# Client and was not available in the vSphere Web Client. vCenter Maps provided a visual representation of your vCenter Server inventory along with the different relationships between your Virtual Machines, Hosts, Networks and Datastores. There were a variety of use cases for this feature but it was especially useful when it came to troubleshooting storage or networking connectivity. An administrator could quickly identify if they had an ESXi host that was not connected to the right datastore for example with just a few clicks.

vcenter_server_and_platform_services_controller_topology_diagram_3
Although much of this information can be obtained either manually or programmatically using the vSphere API, the consumption of this data can sometimes be more effective when it is visualized.

I was recently reminded of the vCenter Maps feature as I have seen an increase in discussions around the different vSphere 6.0 deployment topology options. This is an area where I think we could have leveraged visualizations to provide a better user experience to help our customers understand what they have deployed as it relates to install, upgrade and expansion of their vSphere environment. Today, this information is spread across a variety interfaces ranging from the vSphere Web Client (here and here) as well as across different CLIs (here and here) and there is nothing that aggregates all of this dispart information into an easy to consume manner. Collecting this information can also be challenging as you scale up the number of environments you are managing or dealing with complex deployments that can also span multiple sites.

Would it not be cool if you could easily extract and visualize your vSphere 6.0 deployment topology? 🙂

Well, this was a little side project I recently took up. I have created a small python script called extract_vsphere_deployment_topology.py that can run on either a Windows Platform Services Controller (PSC) or a vCenter Server Appliance (VCSA) PSC and from that system extract the current vSphere deployment topology which includes details about the individual vCenter Servers, SSO Sites as well as the PSC replication agreements. The result of the script is outputted in the DOT format, a popular graph description language which can then be used to generate a diagram like the example shown below.vcenter_server_and_platform_services_controller_topology_diagram_0Requirements:

  • vSphere 6.0 environment
  • Access to either a Windows or VCSA PSC as a System Administrator
  • SSO Administrator credentials

Step 1 - Download the extract_vsphere_deployment_topology.py python script to either your Windows vCenter Server PSC or vCenter Server Appliance (VCSA) PSC.

Step 2 - To run on a vCenter Server Appliance (VCSA) PSC, you will need to first set the script to an executable by running the following command:

chmod +x extract_vsphere_deployment_topology.py

To run on a vCenter Server for Windows PSC, you will need to first update your environmental PATH variable to include the python interpreter. Follow the directions here if you have never done this before and add C:\Program Files\VMware\vCenter Server\python

Step 3 - The script requires that you provide an SSO Administrator username and password. You can specify everything in the command-line or you omit the password in which you would then be prompted to enter.

To run the script on a VCSA PSC, run the following command specifying your credentials:

./extract_vsphere_deployment_topology.py  -u *protected email* -p VMware1!

To run the script on Windows VC PSC, run the following command specifying your credentials:

python C:\Users\primp\Desktop\extract_vsphere_deployment_topology.py  -u *protected email* -p VMware1!

Here is an example output from one of my environments.

graph vghetto_vsphere_topology_extraction {
   graph [fontsize = 20,label = "\nSSO Domain: vsphere.local"];
   subgraph cluster_0 {
      style=filled;
      node [style=filled];
      "vcenter60-5.primp-industries.com" -- "psc-06.primp-industries.com"
      label = "Site: East-Coast";
    }
   subgraph cluster_1 {
      style=filled;
      node [style=filled];
      "vcenter60-4.primp-industries.com" -- "psc-05.primp-industries.com"
      "psc-05.primp-industries.com";
      label = "Site: West-Coast";
    }
   "psc-06.primp-industries.com" -- "psc-05.primp-industries.com"
   "vcenter60-4.primp-industries.com" [color="0.578 0.289 1.000"]
   "vcenter60-5.primp-industries.com" [color="0.578 0.289 1.000"]
   "psc-06.primp-industries.com" [color="0.355 0.563 1.000"];
   "psc-05.primp-industries.com" [color="0.355 0.563 1.000"];
}

Step 4 - Save the output from the script and then open a browser that has internet access to the following URL: http://www.webgraphviz.com Paste the output and then click on the "Generate Graph" which will generate a visual diagram of your vSphere deployment. Hopefully it is pretty straight forward to understand and I have also colorized the nodes to represent the different functionality such as Blue for a vCenter Server and Green for Platform Services Controller.

vcenter_server_and_platform_services_controller_topology_diagram_4
In addition, if you have deployed an Embedded vCenter Server which is replicating with an External PSC (which is considered a deprecated topology and will not be supported in the future), you will notice the node is colored Orange instead as seen in the example below.

vcenter_server_and_platform_services_controller_topology_diagram_1
This is pretty cool if you ask me! 😀 Just imagine the possibilities if you could use such an interface to also manage operations across a given vSphere deployment when it comes to install, upgrade and expansion of your existing environment. What do you think, would this be useful?

I have done a limited amount of testing across Windows and the VCSA using a couple of deployment scenarios. It is very possible that I could have missed something and if you are running into issues, it would be good to provide some details about your topology to help me further troubleshoot. I have not done any type of testing using load balancers, so it is very likely that the diagram may not be accurate for these scenarios but I would love to hear from folks if you have tried running the script in such environments.