Run esxcli Command in a Web Browser: Another ESXi Hack

In my recent consulting projects, I really got into a lot of scripting either command lines or Python with ESXi management. As I mentioned the hidden HTML formatter in esxcli command, you may have speculated what could the usage. The answer is simple: Web. But it’s not quite clear how it can be used. That’s where my curiosity started.

After a bit of researching, here is what I found out on how you can hack it. Like many other hacks, it’s not officially supported by VMware. Please do not call VMware for support or anything like that. The hack may also mess up your ESXi environment, so please take cautions if you decide to proceed. I would recommend you try out with a virtual ESXi or so called nested ESXi. To play even safer, take a snapshot before trying out the following hacks.

As you may recall the vm-support article I wrote a while back, I mentioned there are a few cgi files in the /usr/lib/vmware/hostd/cgi-bin directory as shown in the following:

~ # cd /usr/lib/vmware/hostd/cgi-bin/
/usr/lib/vmware/hostd/cgi-bin # ls
esxcfg-info.cgi  esxcli.cgi       vm-support.cgi

You can access both the esxcfg-info.cgi and vm-support.cgi from the Web with URLs as follows. You can provide many more options to the vm-support.cgi as described in my earlier article.

https://192.168.88.132/cgi-bin/esxcli.cgi

When calling the esxcli.cgi command directly, however, I got login prompt as normal. But after right user/password, it show an empty page. It seems the call to the esxcli.cgi got blocked silently. I was not sure if I typed wrong password so I tried multiple time including intentionally giving a wrong password.

It got me even more curious why esxcfg-info.cgi and vm-support.cgi are allowed but not the esxcli.cgi. There does not seem to be an easy answer. Searching through numerous configuration files resulted no clue. Checking the binary of hostd only got the esxcfg-info.cgi and vm-support.cgi. Interestingly, the hostd binary also has service.cgi and resource.cgi defined, but it’s not clear whether it has a white list or a blacklist. Copying esxcli.cgi to both does not make them accessible from the browser.

The only easy choice is to rename the esxcli.cgi as either esxcfg-info.cgi or the vm-support.cgi. As I think vm-support.cgi is more important than the esxcfg-info.cgi, I just rename esxcli.cgi to esxcfg-info.cgi. To reverse back later, I rename the esxcfg-info.cgi first.

/usr/lib/vmware/hostd/cgi-bin # mv esxcfg-info.cgi esxcfg-info.cgi.original
/usr/lib/vmware/hostd/cgi-bin # cp esxcli.cgi esxcfg-info.cgi
/usr/lib/vmware/hostd/cgi-bin # ls
esxcfg-info.cgi           esxcfg-info.cgi.original  esxcli.cgi                vm-support.cgi

When typing the following URL in a browser:

https://192.168.0.132/cgi-bin/esxcfg-info.cgi/

The page says, “Connect to localhost failed: Cannot complete login due to an incorrect user name or password.”

Here comes the second hack, open esxcfg-info.cgi and add one line with root (line 2) to the top as follows:

1
2
3
#!/bin/sh
VI_USERNAME="root"
/sbin/esxcli.cgi "$@"

After this change, you would see a magic happens. A page would shows up as follows:

This web works just like other Web application. You can click on the link and try out all the esxcli commands. The URL pattern is like the following:

https://192.168.88.132/cgi-bin/esxcfg-info.cgi?&_cmd=esxcli.command.list

After the “=” you can type in any esxcli command with space replaced by “.”. Simple enough. Don’t get confused on the command though. You don’t need to include esxcli itself. The corresponding command for above is “esxcli esxcli command list.” Another sample may be easier:

https://192.168.88.132/cgi-bin/esxcfg-info.cgi?&_cmd=network.ip.interface.ipv4.get

With some commands, you may need to enter info, for example, set an advance setting as follows:

https://192.168.88.132/cgi-bin/esxcfg-info.cgi?&_cmd=system.settings.advanced.set

You can enter the enter the needed info and click on the “Invoke Method” button.

Again, it’s a hack that helps learn esxcli command. To clean up, you may just remove the esxcfg-info.cgi and rename the *.orginal back to esxcfg-info.cgi. I haven’t seen any problem by leaving the hack as it is except that you can no longer get the ESX configuration as it should before.

This entry was posted in Virtualization and tagged , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

2 Comments

  1. Dave Parsons
    Posted December 11, 2013 at 5:05 am | Permalink

    Steve

    Thanks for the hack to make this work. I had been trying to figure it out as could see the Python code for it, but no joy in getting anything back from hostd. Please let us know if you hear of a way to make this work without the hack.

  2. Posted December 11, 2013 at 2:54 pm | Permalink

    Thanks Dave, I think the control/filter is probably in the hostd which is a binary. William Lam pinged a few folks. Hopefully he will come back with a good tweak. I will for sure let you know of it.

    Steve

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • NEED HELP?


    My consulting helps clients with virtualization and cloud computing, including VMware infrastructure automation and orchestration, vSphere management APIs, and deep product integration with hypervisors. Current training offerings include vSphere APIs training, vCenter Orchestrator training, and etc. Should you, or someone you know, need these consulting services or training, please feel free to contact me: steve __AT__ doublecloud.org.

    Me: Steve Jin, VMware vExpert who authored the VMware VI and vSphere SDK by Prentice Hall, and created the de factor open source vSphere Java API while working at VMware engineering. Companies like Cisco, EMC, NetApp, HP, Dell, VMware, are among the users of the API and other tools I developed for their products, internal IT orchestration, and test automation.