Linux Firewall with iptables Command

January 12th, 2014 1 comment

After proxying a service with Nginx, it’s always a good idea to block the service from direct remote access. For example, you have a tomcat server running on port 8080, and you’ve configured Nginx to proxy requests from port 80 to port 8080. The port 8080 should then be blocked from any host except localhost.

To do this on Linux, one of the ways is to just install iptables. On Ubuntu, issue the following commands to install and add rules:

Announcing vijavaNG: Much Lighter and Faster with Commercial License and Support

January 8th, 2014 19 comments

Since I left VCE four months ago, I have been working intensively on a commercial version of the open source vijava API supporting all versions of vSphere APIs (5.5 is the latest). If you have used the open source API, you know the vijava is much faster than other alternatives. Since its debut, it has been used in many commercial products from companies like Cisco, EMC, HP, etc.

Nginx with PAM Authentication

January 7th, 2014 6 comments

As I introduced in last article, Nginx is a lightweight Web and reversed proxy server that is gaining momentum. If you have URLs to be accessed only by authenticated users, you can have many options. In this article, I just introduce a very easy way for the Nginx to leverage the PAM (Pluggable Authentication Module) for user authentication. We will use OS user for authentication (there are many more methods supported by PAM). If you have a valid user with the Linux on which Nginx runs, your request will pass through; otherwise, it would be blocked.

Categories: Applications & Tools Tags: , , ,

Configuring Nginx as Reversed Proxy Server for HTTPS

January 6th, 2014 No comments

Nginx (pronounced as ‘engine x’) is a light-weight HTTP/reverse proxy/mail proxy server written by Igor Sysoe. It is flexible, lightweight compared, and high-performant with Apache. The official nginx site is here. The beginner guide is a very good starting point. The following is based on my hands-on experience with Nginx. If you have similar requirement, you can copy over the scripts and configuration for your environment.

Installing and running Nginx

Categories: Applications & Tools Tags: , ,

Three Ways to Get Certificate and Thumbprint from ESXi

January 2nd, 2014 1 comment

Happy New Year 2014!

When adding a new ESXi host to vCenter server via vSphere API, you can supply the certificate thumbprint of the ESXi server expected to have. Before calling the vSphere API, you can get the thumbprint directly or indirectly from the ESXi server to be added. Here are three different ways to do that. The first two approaches retrieve SSL certificate with which you can generate thumbprint.

Categories: Uncategorized Tags: ,

VMware Open Sourced Python Binding for vSphere API: What Limit Does It Solve

December 24th, 2013 1 comment

As reported in the community, there were quite excitement about the open source of the pyVmomi, the Python equivalent of vijava API. It was heatedly debated whether to open source the API even when I was working at VMware years ago. One camp of people thought it should be open sourced and even supported as Web Service SDKs; while the other group didn’t think it’s mature and would cause a lot of trouble in so doing. So it didn’t go anywhere in the past few years.

Categories: vSphere API Tags: ,

Parsing XML in Python: A Quick Working Sample

December 22nd, 2013 No comments

In my recent consulting projects, I used Python on various projects including the VMware pyVmomi () for managing vSphere. Because XML is ubiqutous these days, I had to use XML for configuration, passing information, etc. Parsing XML is a very basic part of using XML. The following sample code can achieve the same thing (print out may be different) as the C# sample that parses XML I wrote before.

Categories: Software Development Tags: , ,

Why Renaming Datastore Not Working With Command Line and How to Fix it

December 16th, 2013 No comments

I just got into a very interesting problem recently – the vim-cmd does not work as expected when used for renaming a datastore in vSphere.

What is the problem exactly?

The following command, for example, should change the name of a datastore from datastore1 (which is the default datastore name) to doublecloudDS.

# vim-cmd hostsvc/datastore/rename datastore1 doubecloudDS

After the command is executed, there is no error message reported. But the datastore name remains the same as shown in either the vSphere Client or using the following command:

Categories: Virtualization Tags: , ,

Run esxcli Command in A Browser: Hidden But Probably Better Hack

December 12th, 2013 No comments

My article “Run esxcli Command in a Web Browser: Another ESXi Hack” got quite some interests from the community. Although it works, I am not quite satisfied with the fact that the real esxcfg-info.cgi is disabled to run the esxcli.cgi.

Categories: Virtualization Tags: ,

Setting Up vSphere Web Client SDK: A Few Mistakes to Avoid

December 10th, 2013 5 comments

With the vSphere Web Client, VMware has really made the system complicated and slower. The extension mechanism is more flexible, but forces developers to use more libraries/frameworks/languages, therefore represents a much deeper learning curve than before with the Web based plugins. Installing and configuring the development environment itself could be intimidating for some developers. That is why I wanted to avoid it as long as possible, until I got a consulting project that may involve developing plugin for the Web Client.

Run esxcli Command in a Web Browser: Another ESXi Hack

December 8th, 2013 2 comments

In my recent consulting projects, I really got into a lot of scripting either command lines or Python with ESXi management. As I mentioned the hidden HTML formatter in esxcli command, you may have speculated what could the usage. The answer is simple: Web. But it’s not quite clear how it can be used. That’s where my curiosity started.

Categories: Virtualization Tags: , ,

Lab Automation Made Easy for Training and Testing with VMware Tools for Nested ESXi

December 4th, 2013 No comments

For those who run ESXi on a virtual machine, it’s a great news that VMware has released VMware Tools for nested ESXi as a fling in VMware Labs. Why? With the VMware Tools, you can get guest OS (really the ESXi here) information, like the IP address directly. It may sounds trivial as you can see the IP address from the virtual machine console of a virtualized ESXi. But for automation, it’s pretty hacky to get it programatically. Some people may wonder, “why not run commands via SSH?” It’s true that it’s easy to get the IP by running esxcli command, but you have to get IP first before running the command. With the VMware Tools, you can easily get the IP from vSphere Java API as would with any other normal virtual machines. Even more, you can also run commands like vim-cmd/esxcli in the virtual ESXi via APIs.

Hidden esxcli Command Output Formats You Probably Don’t Know

December 3rd, 2013 No comments

Besides the vim-cmd command I covered earlier, there is another powerful set of commands in ESXi – esxcli. As you can find from the help of the command, it covers 10 namespaces and drills down several layers down. The typical operations with the namespaces are get, set, and list. If you are familiar with REST API, you can think of the bottom level namespaces are resources.

Categories: Virtualization Tags: , ,

Powerful Hacks With ESXi vim-cmd Command, Together With Shell Commands

December 1st, 2013 10 comments

If you have read my previous article on the vim-cmd, you may have realized how handy it is, especially when it comes to manage virtual machines. There is however a pretty challenging problem to use it – for most commands for a virtual machine, it requires vmid which is an integer that uniquely identifies the virtual machine in the context of an ESXi server. It’s like primary key in SQL database to locate a record (virtual machine instance) in a table (virtual machine type). For people who are familiar with vSphere APIs, the vmid is the same as the value of ManagedObjectReference value of a virtual machine in ESXi. Because most administrators who use commands are not necessarily familiar with vSphere API, it doesn’t help much.

Categories: Virtualization Tags: , , ,

vSphere Support Bundle: How to Collect Anything You Want From ESXi, Not Just Logs

November 25th, 2013 No comments

vSphere Client and vSphere Web Client allow administrators to download system logs from different ESXi hosts with choices of predefined groups of information like System, Storage, Network, UserWorld, etc. Under each group, there could be multiple types. For example, under the UserWorld, there are HostAgent and ProcessInformation.

Categories: Virtualization Tags: , , ,

Hacking ESXi For SSH Login Without Password

November 22nd, 2013 4 comments

As a powerful virtualization server, ESXi has a built-in SSH server even though it’s not enabled by default. That is what most system adminstrators use to remotely run commands there. ESXi also has a built-in SSH client so that you can ssh to other servers from ESXi. To use SSH as either server or client, you need to open up firewall. You can use vSphere Client to do it ( on host’s Configuration tab, check out the Security Profile in Software section), or simple with command line as follows.

Categories: Virtualization Tags: , ,

Hacking VMware Private Python API for vSphere with a Quick Sample

November 21st, 2013 7 comments

It’s not a secret that VMware has a private Python API or so called Python binding for vSphere API. If you haven’t heard about it before, no worry. Here is a link to Hostd General Architecture. Somehow it’s not publicly released as a product for customers or partners. Over the years, I only heard a big bank uses it for internal IT automation. But it’s super easy to get it if you want – it’s part of every ESXi installation. Just check it out at /lib/python26-visor.zip if you SSH to your ESXi box. Update: in ESXi 5.5, look at the /lib/python2.6/site-packages.

Categories: vSphere API Tags: , ,

Dummy Virtual Machine For Dummies: How To Create Hundreds of Them with Several Lines of Scripts

November 20th, 2013 No comments

As I introduced in the article on vim-cmd commands, you can use a very simple command as follows to create a new virtual machine. Alternatively, you can ignore the path after the datastore and provide only datastore name (The [ and ] are still needed).

# vim-cmd vmsvc/createdummyvm testVM “[datastore1] testVM/testVM.vmx"

Other than the name and configuration file path in data store, there is no additional information provided such as the size of the disk, memory capacity, etc. Normally, you have to go through a wizard of several pages to create a new virtual machine.

Building Linux Virtual Machine Templates: Tips and Checklist

November 18th, 2013 2 comments

While preparing for my home lab, I have created several virtual machine templates. Here are a few tips I found useful to smoothen the process and make your virtual machine templates easy to be deployed than otherwise.

Install VMware Tools
As you may have known, VMware Tools brings many features to the table, for example,

Significantly faster graphics performance and Windows Aero on operating systems that support Aero
Copying and pasting text, graphics, and files between the virtual machine and the host or client desktop
Improved mouse performance
Synchronization of the clock in the virtual machine with the clock on the host or client desktop
Scripting that helps automate guest operating system operations

Wait, it does not even mention APIs. For Guest APIs in vSphere 5.0 and later to work, you must have VMware Tools installed in your virtual machines.

Agent VM, ESX Agent Manager API, and vijava Support

November 17th, 2013 1 comment

To understand the ESX Agent Manager API, we have to first explain the Agent, which is essentially Agent Virtual Machine. The agent virtual machine can be hardware drivers for your ESXi server, or simply software, i.e, virus scan, that should be deployed on each ESXi. They could have been designed and installed directly on ESXi via VIB, but it would increase the risk of destablizing ESXi due to access to lower level APIs of ESXi. To lower the risk, the driver VM idea came up – if the driver VM crashes the ESXi is still solid even though some service may be affected.