Hi community, I am looking for anyone who may know if it is possible to interact with the guest OS of the NSX L2VPN standalone client (6.4.10-latest) using PowerCli and the Invoke-VMScript cmdlet? I am not having success. The OS underneath appears to be "Linux from Scratch" and when executed, I keep getting "Invoke-VMScript Failed to authenticate with the guest operating system using the supplied credentials." I have tried both the root user and admin user which have the password's created upon Ovf deployment.
I have tried LucD's Invoke-VMScriptPlusv3 as well with no luck. In the logs on the OS I see the following
nsx-l2vpn-edge vmsvc[1655]: [default]: [authpriv.err] pam_access(vmtoolsd:auth): access denied for user 'admin' from 'console'
My end goal is to automate configuring HA on Standalone L2 VPN Clients. After Ovf deployment of two clients, it seems like you still to interact with the OS and perform the following steps outlined in this document: https://docs.vmware.com/en/VMware-NSX-Data-Center-for-vSphere/6.4/com.vmware.nsx.admin.doc/GUID-9FE3...
Any help here is greatly appreciated.
NSX Edge 6.4.10 (build 17539626 kernel 4.4.185)
Is that show service a command in the vtysh?
In that case you might try piping that to the command
echo show service l2vpn | /usr/local/bin/vtysh
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
This is most probably a pam issue, where access for admin from console is not allowed.
I don't know which Linux distro is used, but on a regular Linux box making a change in /etc/security/access.conf should help.
Add the entry +:admin:ALL in there.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks LucD! That helped get me further but it appears I am interacting with bash and not vtysh that NSX is operating on. Any suggestions to interacting via vtysh?
$command = "show service l2vpn"
VERBOSE: 4/16/2021 10:08:08 AM Invoke-VMScript Finished execution
ScriptOutput
-----------------------------------------------------------------------------------------------------------------------|
| bash: -c: line 0: syntax error near unexpected token `;'
| bash: -c: line 0: ` ; show service l2vpn ; '
|
---------------------------------------------------------------------------------------------------------------------
If I execute again using $command = "uname -a"
Linux nsx-l2vpn-edge 4.4.185 #1 SMP Sat Jan 30 07:41:59 GMT 2021 x86_64 GNU/Linux
The Invoke-VMScript cmdlet places the commands on one line, separated with a semi-column.
Did you try the same with Invoke-VMScriptPlus?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Using v3 it looks like the results are the same.
Start : 4/16/2021 4:29:00 PM
ScriptType : bash
ScriptText : #!/usr/bin/env bash
vtysh;show service l2vpn
PidOwner : admin
Pid : 20229
ScriptOutput : /tmp/vmware-admin_1658-915018462/chad.abeln_329944vmware76/chad.abeln_329944vmware161: line 2: vtysh: command not found
/tmp/vmware-admin_1658-915018462/chad.abeln_329944vmware76/chad.abeln_329944vmware161: line 2: show: command not found
ExitCode : 127
ScriptSize : 42
GuestOS : Linux
If I manually execute from the "start engineer" prompt which drops me into bash as root, I think its trying to send the show command to bash and not the vtysh prompt.
Did you check if the account you use actually logs into the bash shell?
That vtysh doesn't seem to be found.
Is the directory in the Path?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Base deployment of the NSX L2VPN standalone edge
Try using the full path to the command.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Much closer...
Start : 4/16/2021 6:34:25 PM
ScriptType : bash
ScriptText : #!/usr/bin/env bash
/usr/local/bin/vtysh;show service l2vpn
PidOwner : admin
Pid : 26110
ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185
nsx-l2vpn-edge> nsx-l2vpn-edge> % Unknown command.
nsx-l2vpn-edge> nsx-l2vpn-edge> nsx-l2vpn-edge> /tmp/vmware-admin_1658-915018462/chad.abeln_329944vmware168/chad.abeln_329944vmware229: line 2:
show: command not found
ExitCode : 127
ScriptSize : 63
Finish : 4/16/2021 6:36:28 PM
GuestOS : Linux
Did you try with the commands on separate lines?
/usr/local/bin/vtysh
show service l2vpn
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
$pScript = @'
/usr/local/bin/vtysh
show service l2vpn
'@
Pid : 3068
ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185
nsx-l2vpn-edge> nsx-l2vpn-edge> % Unknown command.
nsx-l2vpn-edge>
/tmp/vmware-admin_1655-3346586392/chad.abeln_15516vmware18/chad.abeln_15516vmware33: line 3: show: command not found
ExitCode : 127
ScriptSize : 69
Start : 4/16/2021 9:00:23 PM
ScriptType : bash
PidOwner : admin
OutFiles :
Finish : 4/16/2021 9:01:28 PM
GuestOS : Linux
ScriptText : #!/usr/bin/env bash
/usr/local/bin/vtysh
show service l2vpn
No dice. Checking the log file it looks like it gets into the vtysh...
Is that show service a command in the vtysh?
In that case you might try piping that to the command
echo show service l2vpn | /usr/local/bin/vtysh
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Nice, that worked! Any suggestions how I would address having to pass a password to get into privileged mode?
This works:
$pScript = @'
echo show service l2vpn | /usr/local/bin/vtysh
'@
ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185
nsx-l2vpn-edge> enable
Password:
Authentication failed!
nsx-l2vpn-edge>
/tmp/vmware-admin_1655-3346586392/chad.abeln_15516vmware144/chad.abeln_15516vmware21: line 3: <password omitted>: command not found
If you change the echo string to include all that, including the password, each separated by \n, does that work?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
$pScript = @'
echo enable \n password \n configure terminal | /usr/local/bin/vtysh
'@
Pid : 29237
ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185
nsx-l2vpn-edge> enable n password n configure terminal n
% Unknown command.
nsx-l2vpn-edge>
ExitCode : 0
ScriptSize : 117
Start : 4/17/2021 4:04:38 PM
ScriptType : bash
PidOwner : admin
OutFiles :
Finish : 4/17/2021 4:04:39 PM
GuestOS : Linux
ScriptText : #!/usr/bin/env bash
echo enable \n password \n configure terminal | /usr/local/bin/vtysh
The newline (\n) doesn't seem to work in that shell.
You'll have to find out which combination does.
I don't have access to that shell right now.
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Beginning to think it may just not be possible. Tried many different variations to try and have it pass the password but they always seem end up on the next line or never passed. Closest example below.
Pid : 12287
ScriptOutput : Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185
nsx-l2vpn-edge> enable
Password:
Authentication failed!
nsx-l2vpn-edge>
Password
ScriptText : #!/usr/bin/env bash
echo -e 'enable' | /usr/local/bin/vtysh && echo -e 'Password\r'
echo -e 'configure terminal' | /usr/local/bin/vtysh
Did you already try the password with a redirect?
echo -e 'enable' | /usr/local/bin/vtysh < password
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Ultimately you could try with Set-VMKeystrokes, see Automating VM keystrokes using the vSphere API & PowerCLI
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Thanks Luc, I did try with the redirect as well.
ScriptOutput : /tmp/vmware-admin_1655-3346586392/chad.abeln_15516vmware222/chad.abeln_15516vmware41: line 2: PASSWORDHERE: No such file or directory
/tmp/vmware-admin_1655-3346586392/chad.abeln_15516vmware222/chad.abeln_15516vmware41: line 2: echo: write error: Broken pipe
Name: NSX Edge
Version: 6.4.10
Build number: 17539626
Kernel: 4.4.185
nsx-l2vpn-edge> configure terminal
% Unknown command.
nsx-l2vpn-edge>
ExitCode : 0
ScriptText : #!/usr/bin/env bash
echo -e 'enable' | /usr/local/bin/vtysh < PASSWORDHERE
echo -e 'configure terminal' | /usr/local/bin/vtysh
The Set-VMKeystrokes is great but I don't believe it allows me to capture the output.