Thanks in advance for helping me
I have few commands that I can run for ESXi using SSH. But not sure how to do it from powershell. Can you help?
My intention is
I have copied a file (firewall.xml) in the shared datastore of esxi hosts. I want to copy this file for all the ESXi hosts directory: '/etc/vmware/firewall/' and then restart the Firewall and syslog.
These are the commands :
cp /vmfs/volumes/5dfgert-90fyuiy787-0546-00345dfg3f9/Firewall_Rule/firewall.xml /etc/vmware/firewall/
esxcli network firewall refresh
esxcli system syslog reload
I am looking something like. (But not sure if there is an easy method):
1. Connect the vCenter
2. Get the ESXi hosts
3. Connect the ESXi hosts using its root account
4. Run the commands for copy and restart firewall / syslog
5. Disconnect the session from ESXi host and then select the next esxi host
6. Repeat the steps for all the ESXi hosts
7. Disconnect the vCenter
Use the Posh-SSH module for steps 3-5
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Use the Posh-SSH module for steps 3-5
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I have installed the latest version of Posh-SSH. But not sure what are the right commands that I can use. This is the first time I am going to use posh-ssh. So can you pls do little help?
After you establish an SSH session (with New-SshSession), you can use the Invoke-SshCommand cmdlet to pass commands (the 3 lines you mentioned earlier).
See examples in my Use Posh-SSH instead of PuTTY dive (also look at the comments).
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
@LucD , this is what I got it with my knowledge. But it is not working. Can you please help me to correct it?
#Connect the vCenter
Connect-VIServer -Server vCenter -User name -password password
#Enable SSH
Get-VMHost | Foreach { Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} ) }
$VMHosts = @(Get-VMHost)
$user = 'root'
$Password = 'xxxx'
$pswdSec = ConvertTo-SecureString -String $Password -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($user,$pswdSec)
Foreach ($VMHost in $VMHosts){
$session = New-SSHSession -ComputerName $VMHost -Credential $cred -AcceptKey
$cmd1 = 'cp /vmfs/volumes/5a0f3ea1-90fa0d08-05f0-0025b50803f9/Firewall_Rule/Firewall.xml /etc/vmware/firewall/'
$cmd2 = 'esxcli network firewall refresh'
$cmd3 = 'esxcli system syslog reload'
Invoke-SSHCommand -SessionId $session.SessionId -Command $cmd1
Invoke-SSHCommand -SessionId $session.SessionId -Command $cmd2
Invoke-SSHCommand -SessionId $session.SessionId -Command $cmd3
Remove-SSHSession -SSHSession $session | Out-Null
}
#Disable SSH
Get-VMHost | Foreach { Stop-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} ) }
Disconnect-VIServer -Server * -Force –Confirm:$false
When I tested the above script for one ESXi host, this is what I am getting:
The above 3 commands are working fine from the putty session. But not from powershell using Posh-ssh
Your code works flawlessly in my lab.
The only difference, I get an ExitStatus = 0 on the cp command.
There must be something going wrong with the cp command.
Minor remark, I would add a Confirm to the Stop-VMHostService cmdlet, just t avoid a prompt.
Get-VMHost | ForEach-Object { Stop-VMHostService -Confirm:$false -HostService ($_ | Get-VMHostService | Where-Object { $_.Key -eq "TSM-SSH" } ) }
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
@LucD , Thank you for helping me.
Thats what I am confused. I am able to run the same cp command from putty and it is working fine. But not in powershell via posh-ssh command. Also tried the other 2 commands (restarting firewall and syslog). None of them are working. Dont know what to do.
Hard to anylse your issue since it is all working in my environment.
Which ESXi version are you running?
You could do some debugging in the code.
Something like this (only run $cmd1 with those extra lines)
$cmd1 = 'echo $USER; ls -l /etc/vmware/firewall/; cp /vmfs/volumes/5a0f3ea1-90fa0d08-05f0-0025b50803f9/Firewall_Rule/Firewall.xml /etc/vmware/firewall/; ls -l /etc/vmware/firewall/'
$result = Invoke-SSHCommand -SessionId $session.SessionId -Command $cmd1 -Verbose
$result.ExitStatus
$result.Output
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Looks like you don't have write access to that folder, only read.
You could confirm by running the following in $cmd1
$cmd1 = 'ls -l /etc/vmware'
$result = Invoke-SSHCommand -SessionId $session.SessionId -Command $cmd1 -Verbose
$result.Output | where{$_ -match 'firewall'}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
I'm not sure what is happening in your environment, but the snippet works for me.
I can't debug your environment from where I'm sitting.
There is another script of mine that does the same as you are trying to do, and that also works.
See Solved: Re: Adding a new Firewall Rule in each ESX hosts - Page 2 - VMware Technology Network VMTN
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hello @LucD
Found the issue. When I mentioned the actual datastore name it worked: cp /vmfs/volumes/Datastore1/
Thank you again for your guidance!