6.0
Table Of Contents
- Getting Started with vSphere Command-Line Interfaces
- Contents
- About This Book
- Managing vSphere with Command-Line Interfaces
- Installing vCLI
- Running Host Management Commands in the ESXi Shell
- Running vCLI Host Management Commands
- Overview of Running vCLI Host Management Commands
- Protecting Passwords
- Authenticating Through vCenter Server and vCenter Single Sign-On
- Authenticating Directly to the Host
- Trust Relationship Requirement for ESXCLI Commands
- Common Options for vCLI Host Management Command Execution
- Using vCLI Commands in Scripts
- Running Host Management Commands from a Windows System
- Running Host Management Commands from a Linux System
- Running DCLI Commands
- Index
VMware, Inc. 33
Chapter 4 Running vCLI Host Management Commands
vicfg-ipsec
IfyouhaveproblemsrunningacommandonanESXihostdirectly(withoutspecifyingavCenterServer
target),checkwhetherlockdownmodeisenabledonthathost.SeethevSphereSecuritydocumentation.
Trust Relationship Requirement for ESXCLI Commands
StartingwithvSphere6.0,ESXCLIcheckswhetheratrustrelationshipexistsbetweenthemachinewhereyou
runtheESXCLIcommandandtheESXihost.Anerrorresultsifthetrustrelationshipdoesnotexist.
Toestablishthetrustrelationship,youhavetheseoptions.
Downloading and Installing the vCenter Server Certificate
YoucandownloadthevCenterServerrootcertificateusingaWebbrowserandaddittothetrustedcertificates
onthemachinewhereyouplanonrunningESXCLIcommands.
To download the certificate
1TypetheURLofthevCenterServersystemorvCenterServerVirtualApplianceintoaWebBrowser.
2ClicktheDownloadtrusted
rootcertificateslink.
3 Changetheextensionofthedownloadedfileto.zip.(ThefileisaZIPfileofallcertificatesinthe
TRUSTED_ROOTSstore).
4ExtracttheZIPfile.
Theresultisacertsfolder.Thefolderincludesfileswiththeextension.0..1,andsoon,whichare
certificates,and
fileswiththeextension.r0,r1,andsoonwhichareCRLfilesassociatedwiththe
certificates.
5Addthetrustedrootcertificatestothelistoftrustedroots.Theprocessdiffersdependingontheplatform
youareon.
YoucannowrunESXCLIcommandsagainstanyhostthatismanagedby
thetrustedvCenterServerwithout
supplyingadditionalinformationifyouspecifythevCenterServerinthe--serveroptionandtheESXihost
inthe--vihostoption.
Using the --cacertsfile Option
Usingacertificatetoestablishthetrustrelationshipisthemostsecureoption.Youcanspecifythecertificate
withthe--cacertsfileparameterortheVI_CACERTFILEvariable.
Using the --thumbprint Option
Youcansupplythethumbprintforthetargetserver(ESXihostorvCenterServersystem)inthe--thumbprint
parameter(VI_THUMBPRINTvariable).
Whenyourunacommand,ESXCLIchecksfirstwhetheracertificatefileisavailable.Ifnot,ESXCLIchecks
whetherathumbprintofthetargetserverisavailable.Ifnot,an
errorlikethefollowingresults:
Connect to sof-40583-srv failed. Server SHA-1 thumbprint:
5D:01:06:63:55:9D:DF:FE:38:81:6E:2C:FA:71:BC:Usin63:82:C5:16:51 (not trusted).
Youcanrunthecommandwiththethumbprinttoestablishthetrustrelationship,oraddthethumbprintto
theVI_THUMBPRINTvariable.Forexample,usingthethumbprintoftheESXihostabove,youcanrunthe
followingcommand:
esxcli --server myESXi --username user1 --password 'my_password' --thumbprint
5D:01:06:63:55:9D:DF:FE:38:81:6E:2C:FA:71:BC:63:82:C5:16:51 storage nfs list