VMware Cloud Community
ChadAbeln01
Contributor
Contributor
Jump to solution

Invoke-VMScript to interact with vtysh of the NSX L2VPN standalone client

Hi community, I am looking for anyone who may know if it is possible to interact with the guest OS of the NSX L2VPN standalone client (6.4.10-latest) using PowerCli and the Invoke-VMScript cmdlet? I am not having success. The OS underneath appears to be "Linux from Scratch" and when executed, I keep getting "Invoke-VMScript Failed to authenticate with the guest operating system using the supplied credentials." I have tried both the root user and admin user which have the password's created upon Ovf deployment.

I have tried LucD's Invoke-VMScriptPlusv3 as well with no luck. In the logs on the OS I see the following

nsx-l2vpn-edge vmsvc[1655]: [default]: [authpriv.err] pam_access(vmtoolsd:auth): access denied for user 'admin' from 'console'

My end goal is to automate configuring HA on Standalone L2 VPN Clients. After Ovf deployment of two clients, it seems like you still to interact with the OS and perform the following steps outlined in this document: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-9FE3...

Any help here is greatly appreciated. 

NSX Edge 6.4.10 (build 17539626 kernel 4.4.185)

Labels (6)
Reply
0 Kudos
1 Solution

Accepted Solutions
LucD
Leadership
Leadership
Jump to solution

Is that show service a command in the vtysh?

In that case you might try piping that to the command

echo show service l2vpn | /usr/local/bin/vtysh


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

21 Replies
LucD
Leadership
Leadership
Jump to solution

This is most probably a pam issue, where access for admin from console is not allowed.

I don't know which Linux distro is used, but on a regular Linux box making a change in /etc/security/access.conf should help.
Add the entry +:admin:ALL in there.



Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
ChadAbeln01
Contributor
Contributor
Jump to solution

Thanks LucD! That helped get me further but it appears I am interacting with bash and not vtysh that NSX is operating on. Any suggestions to interacting via vtysh?

$command = "show service l2vpn"

VERBOSE: 4/16/2021 10:08:08 AM Invoke-VMScript Finished execution

ScriptOutput
-----------------------------------------------------------------------------------------------------------------------|
| bash: -c: line 0: syntax error near unexpected token `;'
| bash: -c: line 0: ` ; show service l2vpn ; '
|
---------------------------------------------------------------------------------------------------------------------

If I execute again using $command = "uname -a" 
Linux nsx-l2vpn-edge 4.4.185 #1 SMP Sat Jan 30 07:41:59 GMT 2021 x86_64 GNU/Linux

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

The Invoke-VMScript cmdlet places the commands on one line, separated with a semi-column.
Did you try the same with Invoke-VMScriptPlus?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
ChadAbeln01
Contributor
Contributor
Jump to solution

Using v3 it looks like the results are the same.

Start : 4/16/2021 4:29:00 PM
ScriptType : bash
ScriptText : #!/usr/bin/env bash
vtysh;show service l2vpn
PidOwner : admin
Pid : 20229
ScriptOutput : /tmp/vmware-admin_1658-915018462/chad.abeln_329944vmware76/chad.abeln_329944vmware161: line 2: vtysh: command not found
/tmp/vmware-admin_1658-915018462/chad.abeln_329944vmware76/chad.abeln_329944vmware161: line 2: show: command not found

ExitCode : 127
ScriptSize : 42
GuestOS : Linux

If I manually execute from the "start engineer" prompt which drops me into bash as root, I think its trying to send the show command to bash and not the vtysh prompt.

ChadAbeln01_1-1618590772907.png

 

 

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Did you check if the account you use actually logs into the bash shell?
That vtysh doesn't seem to be found.
Is the directory in the Path?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
ChadAbeln01
Contributor
Contributor
Jump to solution

Base deployment of the NSX L2VPN standalone edge

ChadAbeln01_1-1618596560373.png

 

 

Tags (1)
Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Try using the full path to the command.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
ChadAbeln01
Contributor
Contributor
Jump to solution

Much closer...

 

Start : 4/16/2021 6:34:25 PM
ScriptType : bash
ScriptText : #!/usr/bin/env bash
/usr/local/bin/vtysh;show service l2vpn
PidOwner : admin
Pid : 26110
ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185

nsx-l2vpn-edge> nsx-l2vpn-edge> % Unknown command.
nsx-l2vpn-edge> nsx-l2vpn-edge> nsx-l2vpn-edge> /tmp/vmware-admin_1658-915018462/chad.abeln_329944vmware168/chad.abeln_329944vmware229: line 2:
show: command not found

ExitCode : 127
ScriptSize : 63
Finish : 4/16/2021 6:36:28 PM
GuestOS : Linux

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Did you try with the commands on separate lines?

/usr/local/bin/vtysh
show service l2vpn


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
ChadAbeln01
Contributor
Contributor
Jump to solution

$pScript = @'
         /usr/local/bin/vtysh
         show service l2vpn
'@

Pid : 3068
ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185

nsx-l2vpn-edge> nsx-l2vpn-edge> % Unknown command.
nsx-l2vpn-edge>
/tmp/vmware-admin_1655-3346586392/chad.abeln_15516vmware18/chad.abeln_15516vmware33: line 3: show: command not found

ExitCode : 127
ScriptSize : 69
Start : 4/16/2021 9:00:23 PM
ScriptType : bash
PidOwner : admin
OutFiles :
Finish : 4/16/2021 9:01:28 PM
GuestOS : Linux
ScriptText : #!/usr/bin/env bash
/usr/local/bin/vtysh
show service l2vpn

No dice. Checking the log file it looks like it gets into the vtysh...

ChadAbeln01_0-1618607224031.png

 

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Is that show service a command in the vtysh?

In that case you might try piping that to the command

echo show service l2vpn | /usr/local/bin/vtysh


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

ChadAbeln01
Contributor
Contributor
Jump to solution

Nice, that worked! Any suggestions how I would address having to pass a password to get into privileged mode?

This works:

$pScript = @'
         echo show service l2vpn | /usr/local/bin/vtysh
'@

ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185

nsx-l2vpn-edge> enable
Password:
Authentication failed!
nsx-l2vpn-edge>
/tmp/vmware-admin_1655-3346586392/chad.abeln_15516vmware144/chad.abeln_15516vmware21: line 3: <password omitted>: command not found

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

If you change the echo string to include all that, including the password, each separated by \n, does that work?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
ChadAbeln01
Contributor
Contributor
Jump to solution

$pScript = @'
echo enable \n password \n configure terminal | /usr/local/bin/vtysh
'@

Pid : 29237
ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185

nsx-l2vpn-edge> enable n password n configure terminal n
% Unknown command.
nsx-l2vpn-edge>

ExitCode : 0
ScriptSize : 117
Start : 4/17/2021 4:04:38 PM
ScriptType : bash
PidOwner : admin
OutFiles :
Finish : 4/17/2021 4:04:39 PM
GuestOS : Linux
ScriptText : #!/usr/bin/env bash
echo enable \n password \n configure terminal | /usr/local/bin/vtysh

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

The newline (\n) doesn't seem to work in that shell.
You'll have to find out which combination does.
I don't have access to that shell right now.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
ChadAbeln01
Contributor
Contributor
Jump to solution

Beginning to think it may just not be possible. Tried many different variations to try and have it pass the password but they always seem end up on the next line or never passed. Closest example below.

Pid : 12287
ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185

nsx-l2vpn-edge> enable
Password:
Authentication failed!
nsx-l2vpn-edge>
Password

ScriptText : #!/usr/bin/env bash
echo -e 'enable' | /usr/local/bin/vtysh && echo -e 'Password\r'
echo -e 'configure terminal' | /usr/local/bin/vtysh

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Did you already try the password with a redirect?

echo -e 'enable' | /usr/local/bin/vtysh < password

 


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
LucD
Leadership
Leadership
Jump to solution

Ultimately you could try with Set-VMKeystrokes, see Automating VM keystrokes using the vSphere API & PowerCLI


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Reply
0 Kudos
ChadAbeln01
Contributor
Contributor
Jump to solution

Thanks Luc, I did try with the redirect as well. 

ScriptOutput : /tmp/vmware-admin_1655-3346586392/chad.abeln_15516vmware222/chad.abeln_15516vmware41: line 2: PASSWORDHERE: No such file or directory
/tmp/vmware-admin_1655-3346586392/chad.abeln_15516vmware222/chad.abeln_15516vmware41: line 2: echo: write error: Broken pipe
Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185

nsx-l2vpn-edge> configure terminal
% Unknown command.
nsx-l2vpn-edge>

ExitCode : 0
ScriptText : #!/usr/bin/env bash
echo -e 'enable' | /usr/local/bin/vtysh < PASSWORDHERE
echo -e 'configure terminal' | /usr/local/bin/vtysh

The Set-VMKeystrokes is great but I don't believe it allows me to capture the output.

Reply
0 Kudos