Skip to content

Tag: Automation

Automating VCSA Configuration

If you have deployed the VCSA a couple of dozen times like me then you quickly realize that it is necessary to script the initial configuration of the device. I would highly recommend taking a look at William Lam’s blog for some great setup scripts including:

Something that I noticed was missing from William’s scripts was the ability to configure application layer services such as NTP and Syslog. As such, I put together a couple quick scripts shared below.

Bug in PowerCLI 4.1.1: Set-VIRole

I was trying to set up some permissions on vCenter Server using PowerCLI. Here is an example of a command I was running:

PowerCLI returned the following:

WARNING: There were one or more problems with the server certificate:
* The X509 chain could not be built up to the root certificate.
* The certificate’s CN name does not match the passed value.
Name IsSystem
—- ——–
newTestRole False
newTestRole False
newTestRole False

This looks like it worked, however upon looking at the permissions on vCenter Server, the checkboxes for these three options were not selected. If you attempt the command with any other permissions it works as expected (i.e. the checkboxes are selected).
Why was this not working?

Permanently enabling SSH on ESXi via PowerShell

As you all know by now, ESXi comes with SSH, which VMware now refers to as Tech Support Mode, disabled. The reasons behind this include security and the removal of the service console. While the service console has been removed, a shell called BusyBox remains. According to VMware best practice, SSH should not be enabled as it should not be needed. Of course, customers require this kind of access to install agents and to troubleshoot problems. VMware’s response was to enable remote access to the systems via vCenter Server, vMA, or an API and to recommend reinstalling ESXi should troubleshooting become necessary. If you want to read more about this, I would recommend seeing Duncan’s post over at yellow-bricks: http://www.yellow-bricks.com/2010/03/01/disable-tech-support-on-esxi/.
Recently, I ran into an issue where several potential ESXi bugs were discovered, which required SSH access to the ESXi host as the logs were lacking information (one of the reported bugs) and the commands that needed to be executed could not be done remotely (e.g. df -h). As such, I was asked to enable SSH on 64 ESXi hosts. Performing this task manually was not an option so I turned to PowerCLI to automate the task.
This raises the question, how do you enable SSH on ESXi via PowerCLI?