I want to shutdown a ESXi server automatically when battery on my APC Symmetra is 10% of runtime.
In ESX 3.5 I install APC Networkshutdown and with some script I shutdown VM and then ESX Server....
But in ESX3i how I can to do this?
Thanks
You can use the VI API to script the shutdown when you get to a critical power level. I assume you can get the APC information from a script as well. Here is a pointer to the VI Perl Toolkit:
http://www.vmware.com/support/developer/viperltoolkit/
Also for most configuration options have a look at the RCLI, it can be used to script configuration steps for ESXi:
http://www.vmware.com/go/remotecli
Here is the documentation for the RCLI:
http://www.vmware.com/pdf/vi3_35/esx_3i_e/r35/vi3_35_25_3i_server_config.pdf
Please reply to me if you have questions, I accidentally posted that from another account.
gabyam,
I'm in the same situation as you. What did you end up using as your solution?
Thanks
John
APC Networkshutdown is only installable in ESX 3.x not in ESX 3i.
At the moment, I install APC Network Shutdown in every VM; but nothing in ESX 3i.. at the moment....
You should also be able to use an iLO or IPMI script to do the poweroff or put the machine in maintence mode from VC through VI API (we have a freely available Perl toolkit) if you want to migrate prior to shutdown. Is this not possible from APC? Basically, I don't understand why APC would need an agent running on the system itself?
I solved the problem with a Web/SNMP network management card connected via IP to a VM box.
Then I compiled the apcupsd driver () inside a Linux VM box and in case of a
power failure I send the /sbin/poweroff command to the ESXi host via ssh using an identity file.
The trick is to enable the SSH server inside the ESXi host, build a dropbear and openSSH RSA
root key with at least 768 bit on it, put all the keys inside the oem.tgz file, disable root login and
for safety reasons enable only the execution of remote commands (append -g to ssh line inside
inetd.conf) and configure the shutdown and startup sequence of every VM boxes.
Beforehand I tried the PERL Toolkit and stumpled over the problem that sending a shutdown command
using the vmcontrol.pl command prevents the ESXi host to shutdown itself properly.
Please consider to use a big UPS in case you have plenty VM boxes to shutdown and don't forget to plan
the startup and shutdown sequence of all involved VM boxes with care.
Hi, i am trying to configure an esxi server to remotely shutdown via ssh.
I don't know where to put authorized_keys file for dropbear. Could you help me
thanks
I understand enabling SSH on ESXi works, but it's not supported by VMware (and it could be disabled in the future, no one knows). VMware itself tells you to use the remote CLI tools for this.. You must have a good reason to persist the ssh solution
gi-minni,
Can you elaborate on how you made the keypair?
Thanks!
This isn't supported but here you go. I used puttykeygen to create the key pair.
-
1) Generate the public / private key pair
2) Edit /etc/passwd - add "root" to the root entry so the line will be like this
root:x:0:0:Administrator:/root:/bin/ash
3) Run mkdir -p /root/.ssh
4) Copy the public key to /root/.ssh/authorized_keys
5) Run chmod -R 700 /root
Attempt to login with your SSH client.
The bundle the /root folder into oem.tgz. You could also do /etc/passwd and /etc/inetd.conf, but I only tested the /root folder.
Dave,
Simple instructions, appreciate it!
I am getting a message from dropbear saying server refused my key? I tried generating the keys with dropbearkey and putty.
I ended up making them on my CentOS vm and that worked...
Thanks!
Puttykeygen generated both a public key file and text to paste into authorized_keys. I used the text part (the public key file was formatted differently) so I end up with this in the file on ESXi.
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAor/Mm2qGkHZRNbjx/3e0Qz2cNEKEbzsFiYTO3znvwfWqJjzb7sD1bue9VnyyUEBu5ylMs0md9xZpZ/U6HIKwoDwckZQr4/48sHv7B3dU6I4pyD5H7bvpvnfK2Qh5/VCad5aGGKvdDrDzIv4K/l1uPso9PNIpzch9lEuD7il0k= rsa-key-20081106
Good to know, I suspected it was the formatting.
I tried posting a reply on your page about the oem.tgz file and see you issue a chown 201:201 on /etc inside the tar file before you package it. I would need to add /root and /etc/passwd to my tar file but I don't understand who group 201 is? I don't even have a 201?
Thanks for all the help!
Sorry for the delay, but it is not to late for any useful answer
Here we are, there are different ways to accomplish this task. I tried all them and revert back to
the one creating SSH keys inside an ESXi box.
First of all I discovered that the minimum keysize between SSH and dropbear keys are 768 BITS! Keep this
info everytime in your mind. Then creating the root keys is simpler, than creating the SSH-keys for other non-root
users. The later task tends to be tedious but not impossible. I gonna try to explain the simpler way (root SSH-Keys), if
you need advice for creating non-root SSH keys inside an ESXi box, come back to me.
Prerequisites:
You must have enabled the SSH server to login into the ESXi box. (Look here in this community forum for detailed explanation)
You must have set for security reasons a root password anyway
Do not enable lockdown mode, otherwise you can only login via the DCUI.
If you need more security restrictions you can put at the end of the ssh row a -g allowing root only to login using the identity file, not interactive anymore!
Security advice:
Keep your keys expecially the private one secure by placing it inside encrypted filesystems or limit the usage by chmod 600 for user root
Steps:
login as root into a fresh booted ESXi box.
create an hidden directory called /.ssh with mkdir /.ssh
create the dropbear key by executing /bin/dropbearkey -t rsa -f id_rsa -s 768 > id_rsa.pub
make a copy of your private key by executing cp id_rsa Id_rsa.db
now convert the dropbearkey to SSH format by executing dropbearconvert dropbear openssh id_rsa id_rsa.ssh.
NOTE: This is your private SSH-Key the public key remains the same.In other Linux/Windows Environement copy id_rsa.ssh to id_rsa and you can use the same keys everywhere:-)
Copy the public key to authorized_keys with cp id_rsa.pub authorized_keys
NOTE: Please check that ALL private keys MUST have chmod 600 otherwise every SSH server refuse to use it, because other chmod are INSECURE!
If you plan to use PuTTY as I do always, copy the id_rsa.pub and id_rsa.ssh to a PuTTY environment, rename id_rsa.ssh to Id_rsa and use PuTTY to create an id_rsa.ppk (Putty Private Key) file
Copy the newly created id_rsa.ppk key to your ESXi box under /.ssh in case you need it elsewhere and forgot how to build it again
Now put all the /.ssh stuff inside the oem.tgz
Reboot and get the message file out of an ESXi box trying from another place scp -i id_rsa root@<esxi-ip>:/var/log/messages .
NOTE: If everything went fine you will never be asked to provide the root password and can now execute batch commands via cron
Try it and give me feedback, if this works for you!
BTW I created a shared document for all the other people in this community.
If this answer was helpful consider giving me some credit points! Thx.
gi-minni,
I just ssh'ed into one of my CentOS boxes and created a keypair that I used unmodified.
That also worked without all the conversions etc.
There is some ambiguity surrounding which oem.tgz so I just copied it to all 3 locations.
Thanks
Hello.
Returning to topic.
I setup shutdown by document similar to this topic http://communities.vmware.com/docs/DOC-9308
Key ssh authorization work fine, but executing "/sbin/poweroff" of ESXi host does a hard shutdown (not gracefull).
What command i must send to gracefully shutdown virtual machines inside ESXi?