In environments with many ESXi hosts, managing hosts with scripts is faster and less error prone than managing the hosts from the vSphere Client.
vSphere includes scripting languages for ESXi host management. VMware PowerCLI is a Windows PowerShell interface to the vSphere API, and includes PowerShell cmdlets for administering vSphere components. ESXCLI includes a set of commands for managing ESXi hosts and virtual machines. See https://developer.vmware.com for reference information and programming tips. The vSphere Administrator documentation focuses on using the vSphere Client for management.
You can also use one of the scripting interfaces to the vSphere Automation SDK such as the vSphere Automation SDK for Python.
Procedure
- Create a custom role that has limited privileges.
For example, consider creating a role that has a set of privileges for managing hosts but no privileges for managing virtual machines, storage, or networking. If the script you want to use only extracts information, you can create a role with read-only privileges for the host.
- From the vSphere Client, create a service account and assign it the custom role.
You can create multiple custom roles with different levels of access if you want access to certain hosts to be fairly limited.
- Write scripts to perform parameter checking or modification, and run them.
For example, you can check or set the shell interactive timeout of a host as follows:
Language |
Commands |
ESXCLI |
esxcli <conn_options> system settings advanced get /UserVars/ESXiShellTimeOut esxcli --formatter=csv --format-param=fields="Path,Int Value"
system settings advanced list | grep /UserVars/ESXiShellTimeOut |
PowerCLI |
#List UserVars.ESXiShellInteractiveTimeOut for each host
Get-VMHost | Select Name,
@{N="UserVars.ESXiShellInteractiveTimeOut";E={$_
| Get-AdvancedSetting -Name UserVars.ESXiShellInteractiveTimeOut
| Select -ExpandProperty Value}}
# Set UserVars.ESXiShellTimeOut to 900 on all hosts
Get-VMHost
| Foreach { Get-AdvancedSetting -Entity $_ -Name UserVars.ESXiShellInteractiveTimeOut | Set-AdvancedSetting -Value 900 }
|
- In large environments, create roles with different access privileges and group hosts into folders according to the tasks that you want to perform. You can then run scripts over different folders from different service accounts.
- Verify that the changes happened after you run the command.