6.0
Table Of Contents
- Getting Started with vSphere Command-Line Interfaces
- Contents
- About This Book
- Managing vSphere with Command-Line Interfaces
- Installing vCLI
- Running Host Management Commands in the ESXi Shell
- Running vCLI Host Management Commands
- Overview of Running vCLI Host Management Commands
- Protecting Passwords
- Authenticating Through vCenter Server and vCenter Single Sign-On
- Authenticating Directly to the Host
- Trust Relationship Requirement for ESXCLI Commands
- Common Options for vCLI Host Management Command Execution
- Using vCLI Commands in Scripts
- Running Host Management Commands from a Windows System
- Running Host Management Commands from a Linux System
- Running DCLI Commands
- Index
Getting Started with vSphere Command-Line Interfaces
28 VMware, Inc.
AccessthevMALinuxconsole.SetuptargetserversandrunvCLIcommandsagainstthetargetswithout
additionalauthentication.
PreparescriptsthatcontainvCLIcommands.ThenrunthescriptsfromasystemthathasthevCLI
packageinstalledorfromthevMALinuxconsole.See“UsingvCLICommandsinScripts”onpage 36.
WhenyouruncommandsagainstanESXihost,youmustbeauthenticatedforthathost.
Target a Host That is Managed by a vCenter Server System
WhenyoutargetahostthatismanagedbyavCenterServersystem,youcanruncommandsindifferentways.
SpecifythevCenterSingleSign‐Onservicewith--pscand,ifmultiplevCenterServersystemsare
associatedwiththevCenterSingleSign‐Onservice,thevCenterServersystemwith--server.Specify
alsothehostwith--vihost.
SpecifythevCenterServersystemwith--serverandtheESXihostwith--vihost.
SpecifyonlytheESXihostwith--vihost.
WhenyoucanauthenticatetoavCenterSingleSign‐OnserviceortoavCenterServersystem,youcantarget
allESXihoststhatvCenterServermanageswithoutadditionalauthentication.See“AuthenticatingThrough
vCenterServerandvCenterSingleSign‐On”onpage 29.
Protecting Passwords
Followoneofthefollowingapproachesforprotectingpasswords.
IfyouuseavCLIhostmanagementcommandinteractivelyanddonotspecifyausernameandpassword,
youarepromptedforthem.Thescreendoesnotechothepasswordyoutype.
Fornoninteractiveuse,youcancreateasessionfileusingthesave_sessionoption.See“UsingaSession
File”onpage 30.
TargetavCenterServersystemandauthenticatetovCenterSingleSign‐On.Youcansavethe
correspondingsessionanduseitforsubsequentconnections.See“AuthenticatingThroughvCenter
ServerandvCenterSingleSign‐On”onpage 29.
Usevariablesorconfigurationfiles.
IfyouarerunningonaWindowssystem,youcanusethe--passthroughauthoption.Iftheuserwho
runsthecommandwiththatoptionisaknownActiveDirectoryuser,nopasswordisrequired.
IfyouarerunningvMA,youcansetuptargetserversandrunmostvCLIcommandsagainst
targetservers
withoutadditionalauthentication.SeethevSphereManagementAssistantGuide.
vCLIallowsyoutorunscriptsagainstmultipletargetserversfromthesameadministrationserver.Youmust
havethecorrectprivilegestoperformtheactionsoneachtarget,andyoumustauthenticatetothetarget.
N
OTEDifferentcommandsetsinthevCLIpackagerequiredifferentconnectionoptions.
CAUTIONIfyouspecifypasswordsinplaintext,youriskexposingthepasswordtootherusers.Thepassword
mightalsobecomeexposedinbackupfiles.Donotprovideplain‐textpasswordsonproductionsystems.
IMPORTANTAdministratorscanplaceESXihostsinlockdownmodeforenhancedsecurity.Bydefault,not
eventherootusercanrunvCLIcommandsdirectlyagainstESXihostsinlockdownmode.See“vCLIand
LockdownMode”onpage 32andthevSphereSecuritydocumentation.