I faced a scenario where I needed to automate the execution of a shell script on VMware (Broadcom) ESXi servers, version 7. The task involved renaming /etc/rc.local.d/local.sh to a .bak extension and restarting all services using /sbin/services.sh restart, which was necessary to resolve VM disconnection issues. Normally, this task is straightforward if you have the root username and password of ESXi.
However, each ESXi server within the vCenter clusters had a different root password stored in CyberArk, which added complexity. Retrieving these credentials required several steps, including obtaining a passcode key and providing Jira numbers for each access, making the process cumbersome.
Since all the ESXi servers were part of the vCenter server clusters, I developed a solution using a VMware PowerCLI (Broadcom) script to create a root-equivalent user account. This user could then SSH using putty plink into the ESXi servers to execute the shell script. Once the task was completed, the user account would be deleted.
Below is a screenshot showing how it looks. Here it shows info Before Add, After Add and After delete.
This script, written using VMware PowerCLI, connects to the vCenter server and establishes a connection to the ESXi hosts using the esxcli command set. It performs actions such as listing users, adding a new user, assigning roles, and finally deleting the user once the task is complete.
Download this script Manage-EsxiUserAccount.ps1 here or it is also available on github.com
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
$vc = 'vCenter.vcloud-lab.com' $esx = 'esxiserver.vcloud-lab.com' $vcUser = '[email protected]' $vcPassword = 'Computer@123' $newUserName = 'testuser' $newUserPassword = 'Computer@123' $permissionRole = 'Admin' Import-Module VMware.VimAutomation.Core Connect-VIServer $vc -User $vcUser -Password $vcPassword $esxcli = Get-EsxCli -VMHost $esx -V2 #List of all esxi accounts Before add $esxiUserListBeforeAdd = @() $esxiUserListBeforeAdd = $esxcli.system.permission.list.Invoke() $esxiUserListBeforeAdd | Format-Table -AutoSize #Create new user on ESXi $esxcliArgs = $esxcli.system.account.add.CreateArgs() $esxcliArgs.id = $newUserName $esxcliArgs.password = $newUserPassword $esxcliArgs.passwordconfiguration = $newUserPassword $esxcliArgs = $esxcli.system.account.add.Invoke($esxcliArgs) $permissionArg = $esxcli.system.permission.set.CreateArgs() $permissionArg.id = $newUserName $permissionArg.role = $permissionRole $permissionArg = $esxcli.system.permission.set.Invoke($permissionArg) #List of all esxi account After add $esxiUserListAfterAdd = @() $esxiUserListAfterAdd = $esxcli.system.permission.list.Invoke() $esxiUserListAfterAdd | Format-Table -AutoSize #Remove the user on ESXi $esxcliArgs = $esxcli.system.account.remove.CreateArgs() $esxcliArgs.id = $newUserName $esxcliArgs = $esxcli.system.account.add.Invoke($esxcliArgs) #List of all esxi account After delete $esxiUserListAfterDelete = @() $esxiUserListAfterDelete = $esxcli.system.permission.list.Invoke() $esxiUserListAfterDelete | Format-Table -AutoSize |
Useful Articles
Resetting root password in VMware vCenter Server Appliance
How to reset vCenter Server SSO [email protected] password
vCenter Server SSH received disconnect Too many authentication failures
vCenter Server Public Key Authentication configuration SSH error received disconnect Too many authentication failures
VMware vCenter server vcsa Setting IP IPv6 configuration failed, IP configuration not allowed
PowerCLI The SSL connection could not be established see inner exception
PowerCLi Connect-VIServer could not connect using the requested protocol
VMware vCenter Server Management Exception in invoking authentication handler user password expired
vCenter ui sorry this website doesn't exist 404 not found
Unable to save IP settings Install Stage 2 Set up vCenter Server configuration
VMware vCenter server Error no healthy upstream
VMware PowerCLI Connect-VIserver Could not connect using the requested protocol
VMware PowerCLI The remote server returned an error: (407) Proxy Authentication Required
VMware PowerCLI Connect-VIServer Object reference not set to an instance of an object
VMware PowerCLI esxcli namespace command elements empty no output
VMware.PowerCLI install update error - Install-Package: Authenticode issuer
Vmware PowerCLI Import-Module message VMware Customer Experience Improvement Program (CEIP)