How to add a splash of color to ESXi DCUI Welcome Screen

Earlier this year I created a simple vSphere SDK for Perl script that allows you to update ESXi's DCUI (Direct Console User Interface) banner with multiple lines of text. I originally thought you could not customize the text color or the background color, though recently I found out that was not the case. While doing some testing on ESXi 4.1, I noticed two files (support,welcome) located under /etc/vmware and looking at the contents of support, it made realize we might be able to change the colors.

Here is the contents of /etc/vmware/support, notice the special formatting of the variables including color tags:

I decided to use one of my favorite UNIX utility, "strings" to take at the dcui binary that is located under /sbin in the Busybox Console (Tech Support Mode) and discovered you can control both the font color and background color. There are also special variables that can be used to display information about the ESXi host such as the product version or IP Address.

Here are the supported colors:

white
black
dark-grey
light-grey
yellow

Here are the special variables:

assettag
BIOSversion
BMCversion
CIM_Chassis
CPLDversion
esxproduct
esxversion
hostname
ip
license
memory
OMC_MCFirmwareIdentity
OMC_SMASHFirmwareIdentity
OtherIdentifyingInfo
PLSAversion
serial-number
servicetag
ssl-thumbprint
supportperiod
supportstart
VersionString
VMware_HHRCSoftwareIdentity

There are two ways of updating the DCUI welcome banner: using local or remote esxcfg-advcfg or manually editing /etc/vmware/welcome file.

Here is an example of using vCLI's esxcfg-advcfg:

Here is what that looks like on the DCUI:

As you can see, this is not easy if you want to update multiple lines. You would need to add a lot more spaces to force newlines, but this becomes tedious and pretty much unreadable. The second method is edit the welcome file that is located in the Busybox Console, which requires you to enable ESXi's Tech Support Mode. I wrote a quick Perl script called generateDCUIScreen.pl which accepts an input file and allows a user to customize the output and the script generates the "welcome" file which is uploaded to your ESXi host.

Here is an example of the input file:

The script will parse the input file which will contain definitions for:

  • bgcolor and color as described above
  • special variables as described above (must use braces for variables to be translated)
  • custom text
  • "=space=" string which is unique to my script which generates the newlines

The script requires that you have Perl, but you do not need to have vSphere SDK for Perl. For ease of use, I executed the script using vMA.

Here is an example execution using the input file from above:


You will need to scp the new"welcome" file to your ESXi host under /etc/vmware which is empty by default. For the changes to take effect, you will need to run the following command at the console:

kill $(ps | grep dcui | awk '{print $1}')

This will kill dcui utility and watchdog process will spawn a new instance causing the change to take effect Note: A reboot will also do the job, but be sure to run /sbin/auto-backup.sh before doing so, that way the change will be backed up.

Here is what DCUI screen looks like:

As you can see, you can control variety of pre-defined variables including hostname and IP Address and custom text for your organization. This is useful for those that do not want to expose all the information that available on the default DCUI screen, which may be a security concern for some organizations. A few things to note, I was not able to fill the entire screen like the default DCUI banner and the "welcome" file is character sensitive and you need to use tabs or white spaces to force the background to get filled. There is also a limit in the number of characters per row before it wraps to the next line.

I am sure there is someone out there that will create some interesting ASCII art, but here is my 5min free hand attempt at it 😉

This can easily be integrated into a scripted install using the new ESXi 4.1 kickstart feature.

Hidden esxcli APIs

A few months back I wrote a three part article about esxcli (part1,part2,part3) and mentioned that no APIs existed. I recently discovered while working on automating ESXi 4.1 installations that this was not the case. I noticed an interesting module called "EsxCLI" that was being loaded while watching the boot logs and that the format of the string match those of the managed object reference names found in vSphere API.

(vim.EsxCLI.corestorage.claiming) ha-cli-handler-corestorage-claiming
(vim.EsxCLI.corestorage.claimrule) ha-cli-handler-corestorage-claimrule
(vim.EsxCLI.corestorage.device) ha-cli-handler-corestorage-device
(vim.EsxCLI.corestorage.plugin) ha-cli-handler-corestorage-plugin

(vim.EsxCLI.network.connection) ha-cli-handler-network-connection
(vim.EsxCLI.network.neighbor) ha-cli-handler-network-neighbor

(vim.EsxCLI.nmp.boot) ha-cli-handler-nmp-boot
(vim.EsxCLI.nmp.device) ha-cli-handler-nmp-device
(vim.EsxCLI.nmp.fixed) ha-cli-handler-nmp-fixed
(vim.EsxCLI.nmp.path) ha-cli-handler-nmp-path
(vim.EsxCLI.nmp.psp) ha-cli-handler-nmp-psp
(vim.EsxCLI.nmp.roundrobin) ha-cli-handler-nmp-roundrobin
(vim.EsxCLI.nmp.satp) ha-cli-handler-nmp-satp

(vim.EsxCLI.swiscsi.nic) ha-cli-handler-swiscsi-nic
(vim.EsxCLI.swiscsi.session) ha-cli-handler-swiscsi-session
(vim.EsxCLI.swiscsi.vmknic) ha-cli-handler-swiscsi-vmknic
(vim.EsxCLI.swiscsi.vmnic) ha-cli-handler-swiscsi-vmnic

(vim.EsxCLI.vaai.device) ha-cli-handler-vaai-device

(vim.EsxCLI.vms.vm) ha-cli-handler-vms-vm

As you can see, all six current namespaces are implemented within the vSphere API with a new managed object called "EsxCLI" just like the esxcli utility:

These APIs of course are hidden and have not been exposed in any of the vSphere SDKs (vSphere SDK for Perl, PowerCLI, VI Java, etc), however, you can access them via the vSphere MOB. As far as I can tell, this is new with vSphere 4.1 and was not available with vSphere 4.0 (unconfirmed).

To access these API methods, you just need to open up a browser and use either an ESX or ESXi host and generate the following url (https://[esx_or_esxi_server]/mob/?moid=ha-cli-handler-vms-vm) and appending one of the above managed object path that begin with ha-

Here is an example of using esxcli's VM namespace:

We can invoke one of the two supported methods for this namespace. We'll query for any available running VMs by just clicking on the method which will open up a new window. You will now click on the "Invoke Method" as it does not require any additional paramters:

You can see this output matches that of esxcli:

I heard that esxcli API would eventually be exposed but may not be available for public consumption, it looks this is not entirely true. VMware, why are you holding out on us? Make your APIs public!

What is VMware vsish?

Recently while I was working on testing automated ESXi kickstart installations, I needed to extract some information as part of the build process, but the utilities that were used no longer existed in ESXi's Busybox console. Looking around, I found another way to extract the information I needed, which was using VMware's undocumented vsish utility, also known as the VMkernel Sys Info Shell. There is not much information around the web regarding this vsish utility (probably for good reason), but it has been described by few as a representation of classic Service Console /proc nodes and allows the ability to extract system reliability information similar to mcelog in Linux.

If I recall correctly, the vsish utility used to be bundled with classic ESX, but at some point it was removed. However, in ESXi, the utility is included and that is also true for latest release of ESXi 4.1. When you generate vm-support log, a dump of the vsi nodes are generally included which provides VMware support with the state of your system. To read the vsi node dump, you need a matching version of the vsish utility based on the version of ESX or ESXi you are running. Currently for classic ESX, to obtain the vsish utility, it must be provided by VMware support via debugging package that needs to be installed.

Note: A word of caution before using this utility, you should not make any changes that you are unfamiliar with. Always consult with VMware support before making changes as it can severely impact your host and virtual machines. Okay, now on to the fun stuff 🙂

On ESXi Busybox Console, you can launch the vsish utility by just typing "vsish":

You can perform various operations such as listing the various nodes, get and set parameters, etc. to see the available options, just type "help":

There is a huge amount of information that can be retrieved from vsish. One interesting leaf node within vsish is called "config", this actually maps to the Advanced Settings found on an ESX(i) host:

As you can see, the majority of the sub leaf nodes within "config" is exposed in the Advanced Settings, but there are some that are hidden. In fact, with ESX(i) 4.1, there is a total of 771 configurable options with 250 of those hidden that can only be seen using vsish (more on the configuration option later)!

There are two ways to interact with vsish, you can interactively login to VSI shell and perform ls, get or set operations or perform the same operation through non-interactive mode.

Here is an example of an interactive session listing config's under "COW" leaf node and getting and setting the value for "COWDiskSizeIncrement" which is one of the 250 hidden configuration options:

Here is an example of an non-interactive session performing the same operation as the one listed above:

With the release of vSphere 4.1, there have been a few new additions to the VSI nodes. Here is an excerpt slide from vSphere 4.1 to 4.0 differences presented by Iwan Rahabok - Senior Systems Consultant at VMware listing some of the new Storage I/O Control features:

Here is a screenshot on some of these values if you can not make it out in the slide:

For more details on differences between vSphere 4.0 and vSphere 4.1 - Check out the detailed 2 part deep-dive power point presentation here.

vsish provides an enormous amount of information and I have only begin to scratch the surface. Having said that I did manage to capture all the advanced host settings which includes both public and hidden options. Using a few for loops and some shell scripting, I have generated the following two lists:

Complete vSphere ESXi 4.1 vsish configurations including hidden options - 771 Total:

For the complete list, take a look at https://s3.amazonaws.com/virtuallyghetto-download/complete_vsish_config.html

Hidden vSphere ESXi 4.1 vsish configurations only - 250 Total:

For the hidden list only, take a look at https://s3.amazonaws.com/virtuallyghetto-download/hidden_vsish_config.html

There are definitely some interesting options that can be configured and I can see why VMware would want to hide these from the general public. What is nice about the compiled output, is that it clearly states the path to the configuration item, the current, default, min, max, is hidden or description of the parameter. Again, use at your own risk Hopefully this these two documents will be useful for curious users to explore vsish advanced configs.

Using the table above, you can actually query and modify these values using the standard esxcfg-advcfg utility that exists both on ESX(i). The following example will show you how to translate the vsish node path to proper format that is required for local esxcfg-advcfg utility.

In the example, we will be using vsish path "/config/COW/intOpts/COWDiskSizeIncrement"

Using a local copy of esxcfg-advcfg on ESX or ESXi, you will need to convert the above to the following:

[[email protected] ]# esxcfg-advcfg -g /COW/COWDiskSizeIncrement
Value of COWDiskSizeIncrement is 32768

Note: You just need to extract the root node and the individual config leaf node in "/config/COW/intOpts/COWDiskSizeIncrement" which is highlighted in green and blue.

Some other interesting nodes that I found that might be useful are under /system:
/system/bootOption
/system/bootCmdLine
/system/systemUuid
/system/bootFsUUID

One other interesting tidbit of information that I found was under /system/version which actually shows the build date and time of vSphere ESXi 4.1:

Now that we have a better understanding of the vsish utility, how does this help with my original inquiry? I found that you can extract networking information from your vNICs by looking at /net/tcpip/* nodes:

As you can see from the output above, it's format is in hexidecimal but when converted, you will get the IP Address, netmask and the gateway for a given VMkernel interface. To accomplish this, I used a modified python script to convert these entries to their human readable addresses:

Here some additional links referencing vsish that may be of interest:

How to kill a stuck VM on ESX(i) 4.1 using esxcli

With so many new features in vSphere 4.1, you might have not noticed the new additions to the esxcli utility. One new feature is the ability to remotely kill a stuck or hung virtual machine running on ESX or ESXi. Prior to vSphere 4.1, the process of killing a stuck VM meant you had to use a variety of methods and tools that included vmware-cmd, vm-support, vmkload_app and ps/kill and required the use of either Service Console on ESX or Tech Support Mode for ESXi. Depending on how "stuck" your VM was, you would start from the most gentle method to killing your VM with prejudice (kill -9 [pid]).

A new namespace called "vms" has now been added and there are two available operations: list running VMs on a host or killing a specific VM. To kill a VM, you will need to specify the kill type and VM's world id.

Here is an example of listing all running VMs on an ESXi host:

When a VM gets into a stuck state in which you have no other option than to forcefully stop the VM, you will have three types of options to kill a VM: soft, hard and force. Per the help command, you should always perform the kill operations in the following order:

soft - Will give the VMX process a chance to shutdown cleanly (like kill or kill -SIGTERM)
hard - Will shutdown the process immediately (like kill -9 or kill -SIGKILL)
force - Should be used as a last resort attempt to kill the VM

The final resort, is to reboot the host if none of the above work.

Here is an example of various kill types:

Here is an example of killing a VM using the "soft" method, you should see the value of "true" if the operation was successful.

This was one feature users have been asking for with regards to managing VMs on ESXi, where the Service Console was no longer available. You do not need to login to Tech Support Mode to forcefully kill a VM and from what I have been told, if the above does not work, it will not work in Tech Support Mode either. I am hoping a public API for esxcli operations will be exposed which can be leverage by the various vSphere SDK's (e.g. vSphere SDK for Perl, PowerCLI, VI Java, etc.)