VMware Cloud Community
rohitsk
Contributor
Contributor
Jump to solution

Executing a shell command using vmware cli

Is it possible to execute a command using vmware cli? I want to

1. Upload a script on the esxi server - vifs put

2. Execute it and it would create results. - ?

3. Download the results - vifs get

As evident above, the part 2 is not clear how to achieve. My guess is that, because of security it wont be possible. But I want to make sure I am not missing anything.

Let me know if you know a way out using cli or any other alternatives.

Tags (3)
1 Solution

Accepted Solutions
MKguy
Virtuoso
Virtuoso
Jump to solution

To achieve #2 I can think of a few things, most are pretty hack-ish though:

1. You could use plink.exe or whatever automateable ssh client to login to the host and execute the script.

2. Use vifs to download the crontab from /var/spool/cron/crontabs/root, edit it to execute the script and upload it again

3. This is an unsupported VIB that adds arbitrary shell execution to esxcli:

http://www.v-front.de/2013/01/release-esxcli-plugin-to-run-arbitrary.html

-- http://alpacapowered.wordpress.com

View solution in original post

8 Replies
MKguy
Virtuoso
Virtuoso
Jump to solution

To achieve #2 I can think of a few things, most are pretty hack-ish though:

1. You could use plink.exe or whatever automateable ssh client to login to the host and execute the script.

2. Use vifs to download the crontab from /var/spool/cron/crontabs/root, edit it to execute the script and upload it again

3. This is an unsupported VIB that adds arbitrary shell execution to esxcli:

http://www.v-front.de/2013/01/release-esxcli-plugin-to-run-arbitrary.html

-- http://alpacapowered.wordpress.com
lamw
Community Manager
Community Manager
Jump to solution

'vifs' CLI is not meant to run on the ESXi Shell, it's a Perl script which requires the vSphere SDK for Perl or vCLI (vSphere CLI) which includes it. This is meant to run on a client side management system. Please refer to the documentation for more details

Reply
0 Kudos
rohitsk
Contributor
Contributor
Jump to solution

Thanks for the pointers. #2 looks apt for this scenario.

Reply
0 Kudos
rohitsk
Contributor
Contributor
Jump to solution

What is the right way to download the crontab?

vifs.pl --server 9.39.127.121 --get /var/spool/cron/crontabs/root c:\temp\cron_root

GET https://9.39.127.121/folder//var/spool/cron/crontabs/root unsuccessful : 404

Not Found

Error: File can not be downloaded to c:\temp\cron_root.

Reply
0 Kudos
MKguy
Virtuoso
Virtuoso
Jump to solution

Actually, you can forget about vifs for that. It seems to only supports files on datastores, not on the local host filesystem. Besides that was a rather hack-ish approach too.

plink.exe to execute a command via SSH seems to be the most appropriate way here.

Or do you mind telling us what exactly you're trying to achieve by running this script? Maybe it can be done in a more efficient and less hack-ish way through the APIs.

-- http://alpacapowered.wordpress.com
rohitsk
Contributor
Contributor
Jump to solution

I want to find out the ssh private key length on the esxi server. The commands to do so are

openssl rsa -in /etc/ssh/ssh_host_rsa_key -text -noout

or

ssh-keygen -lf /etc/ssh/ssh_host_rsa_key

So the approach i am thinking of is

1. Uploading a script using vifs that writes the key length to a temp file.

2. Since we cannot execute shell commands, get the crontab, modify it to execute this script and put it back.

3. Download the temp file and check the key length

I looked up the vmware docs, there does not seem to be an easier way to do this. Please advice if I missed anything.

Reply
0 Kudos
MKguy
Virtuoso
Virtuoso
Jump to solution

If that is all then you should just execute it remotely though SSH, there is no need to put a script locally:

On Windows with plink.exe:

plink.exe root@esxihost "ssh-keygen -lf /etc/ssh/ssh_host_rsa_key"

On Linux:

# ssh root@esxihost <<< "ssh-keygen -lf /etc/ssh/ssh_host_rsa_key"

-- http://alpacapowered.wordpress.com
Reply
0 Kudos
rohitsk
Contributor
Contributor
Jump to solution

Yes I am aware of the ssh option and it would have made life a lot easier. But we have this restriction of keeping ssh disabled.

Seems there is no other way of doing this apart from using ssh. Thanks for all your help MKguy.

Reply
0 Kudos