6.0
Table Of Contents
- Getting Started with vSphere Command-Line Interfaces
- Contents
- About This Book
- Managing vSphere with Command-Line Interfaces
- Installing vCLI
- Running Host Management Commands in the ESXi Shell
- Running vCLI Host Management Commands
- Overview of Running vCLI Host Management Commands
- Protecting Passwords
- Authenticating Through vCenter Server and vCenter Single Sign-On
- Authenticating Directly to the Host
- Trust Relationship Requirement for ESXCLI Commands
- Common Options for vCLI Host Management Command Execution
- Using vCLI Commands in Scripts
- Running Host Management Commands from a Windows System
- Running Host Management Commands from a Linux System
- Running DCLI Commands
- Index
Getting Started with vSphere Command-Line Interfaces
32 VMware, Inc.
Linux
esxcli --server <esxi_HOSTNAME_OR_IP> --username snow\-white --password dwarf\$ network ip
interface list
esxcli --server <esxi_HOSTNAME_OR_IP> --username snow\-white --password ‘dwarf$’ network ip
interface list
vicfg-mpath --server <esxi_HOSTNAME_OR_IP> --username snow\-white --password dwarf\$ --list
vicfg-mpath --server <esxi_HOSTNAME_OR_IP> --username ‘snow-white’ --password ‘dwarf$’ --list
Windows
esxcli --server <esxi_HOSTNAME_OR_IP> --username “snow-white” --password “dwarf$” network ip
interface list
vicfg-mpath.pl --server <esxo_HOSTNAME_OR_IP> --username “snow-white” --password “dwarf$” --list
Using Microsoft Windows Security Support Provider Interface
The--passthroughauthoption,whichisavailableifyourunvCLIcommandsfromaMicrosoftWindows
system,allowsyoutousetheMicrosoftWindowsSecuritySupportProviderInterface(SSPI).SeetheMicrosoft
WebsiteforadetaileddiscussionofSSPI.
Youcanuse--passthroughauthtoestablishaconnectionwithavCenterServer
system.Aftertheconnection
hasbeenestablished,authenticationforthevCenterServersystemoranyESXisystemitmanagesisnolonger
required.Using--passthroughauthpassesthecredentialsoftheuserwhorunsthecommandtothetarget
vCenterServersystem.Noadditionalauthenticationisrequirediftheuserwhoruns
thecommandisknown
bythecomputerfromwhichyouaccessthevCenterServersystemandbythecomputerrunningthevCenter
Serversoftware.
IfvCLIcommandsandthevCenterServersoftwarerunonthesamecomputer,theuserneedsonlyalocal
accounttorunthecommand.Ifthe
vCLIcommandandthevCenterServersoftwarerunondifferent
machines,theuserwhorunsthecommandmusthaveanaccountinadomaintrustedbybothmachines.
SSPIsupportsseveralprotocols.Bydefault,itselectstheNegotiateprotocol,whereclientandservertryto
findaprotocolthatbothsupport.
Youcanuse--passthroughauthpackagetoexplicitlyspecifyaprotocol
thatissupportedbySSPI.Kerberos,theWindowsstandardfordomain‐levelauthentication,isused
frequently.IfthevCenterServersystemisconfiguredtoacceptonlyaspecificprotocol,specifyingtheprotocol
with --passthroughauthpackagemightberequiredforsuccessfulauthentication.Ifyou
use
--passthroughauth,youdonothavetospecifyauthenticationinformationbyusingotheroptions.
Example
esxcli --server <vc_HOSTNAME_OR_IP> --passthroughauth --passthroughauthpackage “Kerberos”
--vihost <esxi_HOSTNAME_OR_IP> network ip interface list
vicfg-mpath.pl --server <vc_HOSTNAME_OR_IP> --passthroughauth --passthroughauthpackage
“Kerberos” --vihost <esxi_HOSTNAME_OR_IP> --list
ConnectstoaserverthatissetuptouseSSPI.Whenatrusteduserrunsthecommand,thesystemcallsthe
ESXCLIcommandorvicfg-mpathwiththe--listoption.Thesystemdoesnotpromptforausernameand
password.
vCLI and Lockdown Mode
LockdownmodecandisablealldirectrootaccesstoESXimachines.TomakechangestoESXisystemsin
lockdownmodeyoumustgothroughavCenterServersystemthatmanagestheESXisystem.Youcanusethe
vSphereWebClientorvCLIcommandsthatsupportthe--vihostoption.Thefollowingcommands
cannot
runagainstvCenterServersystemsandarethereforenotavailableinlockdownmode:
vifs
vicfg-user
vicfg-cfgbackup
vihostupdate
vmkfstools