esxhpcli is used to access the host profiles on a given ESXi 5 host:
~ # esxhpcli
Usage: esxhpcli
This program serves as a CLI tool to access Host Profiles. The CLI tool
is designed to test at various levels in the Host Profiles stack.
Based on the operation level chosen, this CLI can invoke host profiles
through Hostd via VI API, by invoking the Host Profile Engine directly,
or bypassing the Host Profile Engine and invoking profile plug-ins
directly.
To get help for an individual command, use the --help option, e.g.:
esxhpcli
Commands:
atl, applytasklist -- Performs an apply task list operation.
gtl, tasklist -- Performs a generate task list operation.
qprof, queryprofilemeta -- Queries for profile metadata.
cc, checkcompliance -- Performs a check host compliance operation.
vp, verify -- Performs a verify profile operation.
ppl, posprofilelist -- Retrieves a list of profiles that can be used in a profile list.
qpol, querypolicymeta -- Queries for policy metadata.
gd, gatherdata -- Performs a host profile data gather operation.
gaf, genanswerfile -- Generates an Answer File for the given profile.
ep, extractprofile -- Performs a profile extraction operation.
qexpr, queryexpressionmeta -- Queries for compliance expression metadata.
Available Modules:
hpengine -- Module that executes the CLI commands by
invoking the Host Profile Engine directly (i.e. does not
go through hostd).
Default Module: hpengine
esxhpedit is used to edit host profiles generated from esxhpcli:
~ # esxhpedit
Usage: esxhpedit [command] [options]
This program serves as an editor for host profiles that have been exported
by the esxhpcli utility's "extractprofile" command. If no command is
specified on the command line, then the interactive host profile editor
will automatically be launched.
To get help for an individual command, use the --help option, e.g.:
esxhpedit
Commands:
se, setenabled -- Sets the enabled status of a profile or profile type.
rp, removeprofile -- Removes the specified profile.
cp, createprofile -- Creates a new instance of the specified profile.
gopt, getpolicyopt -- Displays the currently selected option for a policy of the specified profile
gpos, getpossible -- Displays the possible options for a policy of the specified profile
fp, findprofiles -- Finds paths for profiles matching some criteria
eaf, editanswerfile -- Edits an answer file.
dp, displayprofile -- Displays a profile
epol, editpolicy -- Edits the policy option and parameters of a policy.
gpol, getpolicies -- Lists the policy Ids for a specified profile
gparms, getparameters -- Displays the current parameters for a policy of the specified profile
daf, answerfile -- Displays the values currently set in an answer file
Available Modules:
hpengine -- Module that executes the CLI commands by
invoking the Host Profile Engine directly (i.e. does not
go through hostd).
Default Module: hpengine
You now have three methods of accessing host profiles: using vCenter & vSphere APIs, new Host Profile engine or bypassing the host profile engine and directly accessing host profile plugins. Currently the default available plugin is the host profile engine module but I suspect there will be others from 3rd party vendors.
Disclaimer: This interface is an undocumented and most likely unsupported from VMware, please use this in a test/development environment before applying to any critical or production system.
As mentioned above, these are undocumented interfaces, but there is an hidden API on the ESXi host for this new host profile engine controlled by /etc/vmware/hostd/cmdMo.xml. The three managed objects are: ha-image-config-manager, ha-hostprofileengine-hostprofilemanager and ha-hostprofileengine-compliancemanager.
I spent some time playing with the two utilities and I have gotten some of the commands to work, but you may get some odd warning messages when trying to apply a profile that has been exported. I will walk you through a very simple example of how to configure an existing ESXi 5 host and export a profile to be applied to another host.
The host profile engine has a concept of different types of profiles such as Authentication, Users, vSwitch, etc. to get a listing of the available profiles, you will run the following command: esxhpcli ppl
Note: The output from both of these commands are pretty verbose, you may want to pipe the output to either less or a file.
To extract a profile from an ESXi host, you will using the esxhpcli ep and you can extract a specific type of profile as listed above using "ppl" option or extract all profiles for the host.
Here is an example of extracting the ActiveDirectoryProfile from an ESXi 5 host:
If you wanted to extract all profiles, you would just run the following command esxhpcli ep and the output will be displayed on the screen. If you wanted to export the host profile and store it into a file to be used later, you will need to run the following command: esxhpcli ep -o /tmp/ghetto-profile where -o specifies an output file to be generated. You can also export a specific profile using the -p option in conjunction
Here is an example of exporting the ActiveDirectoryProfile and storing the profile in /tmp/ghetto-profile
To view the exported host profile, we can use the following command esxhpedit dp
To edit the answer file and fill in the meta data, we will need to use esxhpedit eaf and we will store the output into the same answer file /tmp/ghetto-answer. First let's update the "authentication.activeDirectory.JoinDomainMethodPolicy.userName" which will be the username to use to join the ESXi host to AD domain.
First we will need to scp over the ghetto-profile and ghetto-answer to the ESXi host and we'll store it in /tmp
0 comments:
Post a Comment