VMware Cloud Community
sbourdeaud
Contributor
Contributor
‎04-23-2009 05:52 AM

How to verify/enable/disable lockdown mode in a script?

Hi everyone,

I am looking for a way to control programmatically the lockdown mode on my ESXi servers.

In other words, using one of the available API, I want to know how to verify the lockdown mode status, and how to enable/disable it.

I am sure this modeis controlled by some advanced configuration setting, but I just can't find it.

Thanks to anyone that can help.

Cheers,

Stephane

0 Kudos
5 Replies
lamw
Community Manager
Community Manager
‎04-23-2009 06:58 AM

The lockdown mode is stored in the Advanced Configurations if you're using the VI Client connected directly to the ESXi host, this is exposed through the API at: http://www.vmware.com/support/developer/vc-sdk/visdk25pubs/ReferenceGuide/vim.option.OptionManager.h...

hostSystem->configManager->advancedOptions->VMkernel.Boot.techSupportMode

You can use the functions updateOptions() and queryOptions() to check for these advanced parameters and the VI Perl Toolkit can help with this or VI Toolkit for Windows (Powershell)

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

If you find this information useful, please award points for "correct" or "helpful".

0 Kudos
sbourdeaud
Contributor
Contributor
‎04-23-2009 07:03 AM

Hello and thank you for your reply.

However, the VMkernel.Boot.techSupportMode optionenables/disables the shell access from the console (http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003677).

It does not affect the lockdown mode parameter which prevents the root account from being used using the API or VI Client.

So the question remains opened.

Regards,

Stephane

0 Kudos
lamw
Community Manager
Community Manager
‎04-23-2009 07:19 AM

Taking a look at: www.vmware.com/files/pdf/vmware_esxi_management_wp.pdf

You can enable and disable lockdown mode only via VirtualCenter itself or by using the DCUI on the local console of the server.

I assume if it's available within vCenter, it may be exposed by the VI API. I'll have to take a look some more to see if it's available.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

If you find this information useful, please award points for "correct" or "helpful".

sbourdeaud
Contributor
Contributor
‎04-23-2009 07:47 AM

That is my assumption as well, but so far I have been unable to find a way to expose it using the Powershell API or any of the RCLI commands.

Stephane

0 Kudos
lamw
Community Manager
Community Manager
‎04-23-2009 09:29 AM

I was able to get an answer from VMware, looks like this functionality will be available in an upcoming VI API (vSphere SDK +), so the only method as stated by document is manually when adding the ESXi host to vCenter or doing it through the DCUI as of today and there are no methods through the exisiting VI SDK 2.5.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

If you find this information useful, please award points for "correct" or "helpful".