The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,861 other subscribers

Archive for the ‘Virtualization’ Category

« Previous Entries
Next Entries »

Keeping your ESXi infrastructure up-to-date: Subscribe to VMware ESXi Patch Tracker RSS Feed

Posted by jpluimers on 2021/06/29

[WayBack] Subscribe to VMware ESXi Patch Tracker RSS Feed has all the post-feedburner (see below) RSS links in a nice table:

Subscribe to VMware ESXi Patch Tracker RSS Feed

For popular web based readers:
Feedly [All] [6.7] [6.5] [6.0] [5.5] [5.1] [5.0]
My Yahoo! [All] [6.7] [6.5] [6.0] [5.5] [5.1] [5.0]
netvibes [All] [6.7] [6.5] [6.0] [5.5] [5.1] [5.0]
For manual subriptions with other web based or offline readers copy-and-paste these links:
manual [All] [6.7] [6.5] [6.0] [5.5] [5.1] [5.0]

Post-feedburner

Parts of feedburner have been deprecated since 2012: FeedBurner – Wikipedia.

There are all sorts of reports of feedburner being unstable, for instance:

–jeroen

Posted in ESXi5, ESXi5.1, ESXi5.5, ESXi6, ESXi6.5, ESXi6.7, Power User, Virtualization, VMware, VMware ESXi | Leave a Comment »

How to rename a VM through SSH on ESXi ? |VMware Communities

Posted by jpluimers on 2021/06/28

From [WayBack] How to rename a VM through SSH on ESXi ? |VMware Communities (numbering and code highlighting mine):

Kindly find the below:

  1. Backup the virtual machine
  2. Power down the virtual machine
  3. Remove the virtual machine from the vSphere host inventory
  4. Open an SSH console session to the vSphere host
  5. Navigate to the storage directory containing the virtual machine: For example: cd /vmfs/volumes/<datastore_name>/<original_vmname>
  6. Rename the primary .vmdk configuration files: vmkfstools -E "<original_vmname>.vmdk" "<new_vmname>.vmdk"
  7. Rename the .vmx configuration file: mv "original_vmname.vmx" "new_vmname.vmx"
  8. Edit the virtual machine .vmx configuration file (Be sure to properly update the directory and file name of the .vswp swap file reference): vi "new_vmname.vmx"
  9. Rename any remaining files in the virtual machine’s folder as needed:
    1. Rename the .vmxf configuration file: mv "original_vmname.vmxf" "new_vmname.vmxf"
    2. Rename the .nvram configuration file: mv "original_vmname.nvram" "new_vmname.nvram"
    3. Rename the .vsd configuration file: mv "original_vmname.vsd" "new_vmname.vmsd"
  10. Rename the virtual machine folder: Move up one directory level to the parent folder ( cd .. ) then rename the virtual machine directory: mv "original_directory" "new_directory"
  11. Add the newly-named virtual machine to the host’s inventory (the newly renamed .vmx configuration file)
  12. Power on the newly renamed virtual machine
  13. Answer “I moved it” to the virtual machine question prompt (not “I copied it”)
  14. Review the virtual machine and all files/folders to make sure it is named as desired and functioning properly

Note: There are other methods to allow for renaming, but this method is fairly quick and easy. It should work on all editions of vSphere from free to Enterprise Plus.

The “Answer question” prompt where you should selected “I moved it”:

->

Prompt with symlink names in the path

On a site note, I need to figure uit how to set the ESXi shell prompt to show the current path like pwd does (with symlink names in it instead of the followed symlink targets):

[root@ESXi-X9SRI-3F:~] cd /vmfs/volumes/EVO860_250GB/
[root@ESXi-X9SRI-3F:/vmfs/volumes/5c9bd516-ef1f6d4c-f1b1-0025907d9d5c] pwd
/vmfs/volumes/EVO860_250GB

The ESXi shell is based on busybox, in fact it uses the ash variety:

[root@ESXi-X9SRI-3F:/vmfs/volumes/5c9bd516-ef1f6d4c-f1b1-0025907d9d5c] `readlink -f \`which readlink\`` | grep ^BusyBox
BusyBox v1.29.3 (2018-11-02 15:37:50 PDT) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
[root@ESXi-X9SRI-3F:/vmfs/volumes/5c9bd516-ef1f6d4c-f1b1-0025907d9d5c] type chdir
chdir is a shell builtin

This seemed to work fine:

[root@ESXi-X9SRI-3F:/vmfs/volumes/5c9bd516-ef1f6d4c-f1b1-0025907d9d5c] PS1="[\u@\h:`pwd`] "
[root@ESXi-X9SRI-3F:/vmfs/volumes/EVO860_250GB]

But in faxt fails, as it only takes a pwd value once, and not every time the prompt is evaluated:

[root@ESXi-X9SRI-3F:/vmfs/volumes/EVO860_250GB] cd ..
[root@ESXi-X9SRI-3F:/vmfs/volumes/EVO860_250GB] pwd
/vmfs/volumes
[root@ESXi-X9SRI-3F:/vmfs/volumes/EVO860_250GB]

So I need to re-visit these links:

–jeroen

Posted in *nix, *nix-tools, BusyBox, ESXi6, ESXi6.5, ESXi6.7, Power User, Virtualization, VMware, VMware ESXi | Leave a Comment »

esxi what is my ip – Google Search

Posted by jpluimers on 2021/06/25

[Archive.is] esxi what is my ip – Google Search:

esxcli network Commands
Command Description
network ip dns server remove Remove a DNS server from the list of DNS servers to use for this ESXi host.
network ip get Get global IP settings
network ip interface add Add a new VMkernel network interface.
network ip interface ipv4 get Get IPv4 settings for VMkernel network interfaces.

60 more rows

More columns and rows of that table in

[WayBack] vSphere Documentation Center: vSphere 5 Command Line Documentation > vSphere Command-Line Interface Documentation > vSphere Command-Line Interface Reference: esxcli network Commands

Not much has changed since, so this still works:

[root@ESXi-X9SRI-3F:/] esxcli network ip interface ipv4 get
Name  IPv4 Address   IPv4 Netmask   IPv4 Broadcast  Address Type  Gateway       DHCP DNS
----  -------------  -------------  --------------  ------------  ------------  --------
vmk0  192.168.71.94  255.255.255.0  192.168.71.255  DHCP          192.168.71.1      true
[root@ESXi-X9SRI-3F:/] network ip interface ipv6 get
Name  IPv6 Enabled  DHCPv6 Enabled  Router Adv Enabled  DHCP DNS  Gateway
----  ------------  --------------  ------------------  --------  -------
vmk0          true           false                true     false  ::

If the box has IPv6 configured, the last command would have shown the IPv6 vmdk information as well.

–jeroen

Posted in ESXi5, ESXi5.1, ESXi5.5, ESXi6, ESXi6.5, ESXi6.7, Power User, Virtualization, VMware, VMware ESXi | Leave a Comment »

VMware VMRC: connect to a remote console without the vSphere Client

Posted by jpluimers on 2021/06/21

Interesting tool: https://www.vmware.com/go/download-vmrc.

Back when scheduling this post in 2019, this was the most recent version: [WayBack] Download VMware vSphere: Download VMware Remote Console 10.0.4

From [WayBack] ovf – How to connect ESXi vm console from ESXi host console – Stack Overflow:

Example of vmrc.exe command :

"C:\Program Files (x86)\VMware\VMware Remote Console\vmrc.exe" vmrc://<ESXi host username>@<ESXi host IP>/?moid=<VM ID>

Basically it uses the vmrc scheme to start a connection to the remote screen for a specific MoRef ID. On ESXi, this is actually the VM ID that you get from vim-cmd vmsvc/getallvms. In that sense this is very similar to getting a single screenshot for the VM from the ESXi host by using the https://%5BHOST%5D:%5BPORT%5D/?id=%5BVM-MOREF%5D like described in ESXi and VMware Workstation: quick way of getting Console screenshots in PNG format; some URLs on your ESXi machine.

 

In MacOS, starting VMware Remote Console is slightly different as you have to start it through a URI using using the vmrc scheme from either a browser or with the open command on the console.

The reason is that there is no vmrc binary on MacOS.

  • [WayBack] Using VMware’s Standalone Remote Console for OS X with free ESXi | Der Flounder:

    vmrc://@[HOST]:[PORT]/?moid=[VM-MOREF]

    • HOST = the hostname or IP address of the ESXi server
    • PORT = the HTTPS port of the ESXi server, which is usually 443

    open 'vmrc://@server_name_here:port_number_here/?moid=vmid_number_here'

  • [WayBack] Standalone VMRC now available for Mac OS X:

    just provide the following URI which will prompt for your ESXi credentials

    vmrc://@[HOST]:[PORT]/?moid=[VM-MOREF]

    Once you have generated the VMRC URI, you MUST launch it through a web browser as that is how it is passed directly to the Standalone VMRC application. In my opinion, this is not ideal especially for customers who wish to automatically generate this as part of a VM provisioning workflow to their end users and not having to require a browser to launch the Standalone VMRC application. If you have some feedback on this, please do leave a comment.

    In the mean time, a quick workaround is to use the “open” command on Mac OS X along with the VMRC URI which will automatically load it into your default browser and launch the Standalone VMRC application for you.

    open 'vmrc://@192.168.1.60:443/?moid=vm-18'

On one of my test systems, for VMID 3 (see below), this comes down to this:

open 'vmrc://@192.168.71.94:443/?moid=3'

Note you have to accept the ESXi self generated TLS certificate once on MacOS:

After this, these processes were started (note there is no vmrc like on Windows):

± ps -ax | grep -i "\(vmware\|vmrc\)"
65239 ?? 0:04.15 /Applications/VMware Remote Console.app/Contents/MacOS/VMware Remote Console
65343 ?? 0:00.01 /Applications/VMware Remote Console.app/Contents/Library/services/VMRC Services 3 4
65360 ?? 0:00.16 /Applications/VMware Remote Console.app/Contents/Library/vmware-usbarbitrator
65363 ?? 0:00.01 /Applications/VMware Remote Console.app/Contents/Library/services/VMware USB Arbitrator Service 3 4
65393 ?? 0:01.29 /Applications/VMware Remote Console.app/Contents/Library/vmware-remotemks -@ vmdbPipeHandle=42; vm=_7FD2A461E8E0_3; gui=true -H 44 -R -P 2 -# product=256;name=VMware Remote Console;version=10.0.1;buildnumber=5898794;licensename=VMware Remote Console;licenseversion=10.0; -s libdir=/dev/null/Non-existing DEFAULT_LIBDIRECTORY
65872 ttys001 0:00.00 grep -i \(vmware\|vmrc\)

VM IDs (or VM-MOREFs)

You get the VM IDs using the vim-cmd vmsvc/getallvms command; they appear in the left column:

[root@ESXi-X9SRI-3F:/] vim-cmd vmsvc/getallvms
Vmid         Name                                 File                               Guest OS       Version   Annotation
1      Lampje             [EVO860_250GB] Lampje/Lampje.vmx                       opensuse64Guest    vmx-14              
3      X9SRI-3F-W10P-NL   [EVO860_250GB] X9SRI-3F-W10P-NL/X9SRI-3F-W10P-NL.vmx   windows9_64Guest   vmx-14

Note that in practice, this is much harder so I wrote a script for that which you can find in VMware ESXi console: viewing all VMs, suspending and waking them up: part 1.

bundle files

I did not know about bundle files, but they seem to be sh scripts that precede a binary: [WayBack] What is a .bundle file and how do I run it? – Super User.

Inspecting such a files, shows it starts with this code:

#!/usr/bin/env bash
#
# VMware Installer Launcher
#
# This is the executable stub to check if the VMware Installer Service
# is installed and if so, launch it.  If it is not installed, the
# attached payload is extracted, the VMIS is installed, and the VMIS
# is launched to install the bundle as normal.

# Architecture this bundle was built for (x86 or x64)
ARCH=x64

if [ -z "$BASH" ]; then
   # $- expands to the current options so things like -x get passed through
   if [ ! -z "$-" ]; then
      opts="-$-"
   fi

   # dash flips out of $opts is quoted, so don't.
   exec /usr/bin/env bash $opts "$0" "$@"
   echo "Unable to restart with bash shell"
   exit 1
fi

–jeroen

Posted in Apple, ESXi6, ESXi6.5, ESXi6.7, Mac OS X / OS X / MacOS, macOS 10.12 Sierra, macOS 10.13 High Sierra, Power User, Virtualization, VMware, VMware ESXi, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1 | Leave a Comment »

CloudKey ESXi Appliance – Google Search

Posted by jpluimers on 2021/06/07

Via [Archive.is] CloudKey ESXi Appliance – Google Search:

–jeroen

Posted in *nix, Cloud Key, ESXi6, ESXi6.5, ESXi6.7, Internet, Network-and-equipment, Power User, Unifi-Ubiquiti, Virtualization, VMware, VMware ESXi | Leave a Comment »

VMware ESXi: VMware Tools Installed but not running

Posted by jpluimers on 2021/06/04

Sometimes you get this situation on a Windows VM, usually after a reboot but not logging on:

Networking No network information
VMware Tools Installed but not running

“Windows” “VMware Tools” “Installed but not running” – Google Search mostly gives results about the VMware tools installation ISO being malformed, the registry not being correct, or having Linux as guest:

In practice though, there is a really good change that your default power settings allow Windows to go to sleep after some time of activity. The Windows VM then really sleeps, including services and network adapters. Then VMware ESXi thinks the machine has no VMware tools running:

I have noticed this on ESXi 6.5 and 6.7 with both Windows 7 and Windows 10. It is broader though, as others have seen this in ESXi 5.x as well: [WayBack] VMware Communities : All Content – VMware ESXi 5.

Verifying sleep is enabled

This little trick shows you the various possible sleep states:

C:\>powercfg /availablesleepstates
The following sleep states are available on this system: Standby ( S1 )
The following sleep states are not available on this system:
Standby (S2)
        The system firmware does not support this standby state.
Standby (S3)
        The system firmware does not support this standby state.
Hibernate
        Hibernation has not been enabled.
Hybrid Sleep

Disabling sleep

If you search for “sleep” in the [WayBack] Powercfg command-line options | Microsoft Docs, you have a hard time finding these:

/change or /X

Modifies a setting value in the current power scheme.

Syntax:

/change  setting  value

Arguments:

setting
Specifies one of the following options:

  • monitor-timeout-ac
  • monitor-timeout-dc
  • disk-timeout-ac
  • disk-timeout-dc
  • standby-timeout-ac
  • standby-timeout-dc
  • hibernate-timeout-ac
  • hibernate-timeout-dc
value
Specifies the new value, in minutes.

Examples:

powercfg /change monitor-timeout-ac 5

in order to disable sleep, you hav disable the standby timeouts (suffix -ac means “Plugged in” and -d means “On battery”) by setting their values to 0 (zero) minutes as UAC elevated Administrator:

powercfg /change standby-timeout-ac 0
powercfg /change standby-timeout-dc 0

This is far less than in WayBack – FutureMark forums – windows 7 – how do i disable SLEEP mode via command line ? (via [WayBack] Disable Sleep mode using powercfg – it.megocollector.com), but this is really all you need, as it correctly disables sleeping:

Later I found that [WayBack] windows 7 – How to disable sleep mode via CMD? – Super User also shows this shorter solution.

Note you need to run those on as UAC elevated user, which you can check for using the net session trick in [WayBack] windows – Batch script: how to check for admin rights – Stack Overflow.

–jeroen

Posted in Conference Topics, Conferences, ESXi6.5, ESXi6.7, Event, Power User, Virtualization, VMware, VMware ESXi | Leave a Comment »

Downloading files with wget on ESXi · random writes

Posted by jpluimers on 2021/05/31

Reminder to self to check if wget on ESXi now finally supports https downloading: [WayBack] Downloading files with wget on ESXi · random writes.

In the mean time, ESXi 6.7 Update 2 and up seems to support this; so the below workaround might only be needed for ESXi 6.7 update 1 and below.

[WayBack] VMware ESXi: help downloading large ISO – Server Fault

I will likely not do this, as by now all my ESXi boxes should have been recent enough.

I will keep the article because of the BusyBox commands section below.

If so, I might finally try and write a Python wrapper for this, as I know that Python 3 on ESXi supports https, but the ESXi BusyBox does not have a built-in cURL.

Some links and notes I might need by then:

BusyBox commands

Another cool thing in the above blog post is that it shows how to dump the BusyBox built in commands.

I ran it for ESXi 6.7 with a slight trick to get the full path (using back-ticks and escaped back-ticks) and content.

Since ESXi is BusyBox based, the commands that are in /bin are not actually binaries, but each command is a symlink to the BusyBox binary. BusyBox then knows the original name of the command, so it can deduct what part to execute. This makes for a very space efficient storage scheme.

The various bits of the tricks to get the location of the BusyBox binary, so the --list parameter can be passed to it:

  • The which wget gives the full path of wget.
  • The ls -l `which wget` shows the full path of wget and the symlink target (but there is no way for ls to only show the symlink target).
  • The readlink -f `which wget` shows the full path of where /bin/wget points to: the BusyBox binary.

The main trick consists of backtick evalution, and knowing that ls cannot get you just the symlink target, but readlink can:

Now the back-tick escapes, because you cannot nest back-ticks:

  • The `readlink -f \`which wget\`` executes the BusyBox binary without arguments.
  • The `readlink -f \`which wget\`` --list executes the BusyBox binary with the --list parameter.

Note I do not like the cat --help (see [WayBack] How do I check busybox version (from busybox)? – Unix & Linux Stack Exchange) way of getting the BusyBox version, as that gets echoed to stderr.

This is the output:

Read the rest of this entry »

Posted in *nix, *nix-tools, cURL, ESXi6, ESXi6.5, ESXi6.7, Power User, Virtualization, VMware ESXi, wget | Leave a Comment »

“FIPS mode initialized” when you ssh out of an ESXi box

Posted by jpluimers on 2021/05/28

The once per console/shell logon output of FIPS mode initialized to stderr when you ssh out of an ESXi box seems to be something new since ESXi 6.7.

Since I hardly do this, it took a while to reproduce and track back the version where it was introduced and to realise why it is on stderr.

stderr in retrospect is logical: if you need to parse stdout of a job running across an ssh channel, you do not want it to get interfered with “side channel” output, hence stderr.

For a longer explanation see, for instance [WayBack] ssh “FIPS mode initialized” message to stderr – Why? – Unix and Linux | DSLReports Forums:

Keep in mind that “ssh” is used to transport a stream, as with “rsync”. What you put on “stdout” becomes part of the stream. That’s why this sort of informational message needs to go to “stderr”.

Parsing is hard, so bugs like [WayBack] Git fetcher fails on machine with FIPS enabled machines · Issue #3664 · inspec/inspec · GitHub got [WayBack] fixed in [WayBack] pull request like [WayBack] not parsing stderr, but checking for exitstatus.

Stock OpenSSH portable does not contain FIPS support

Finding back when and how FIPS support for OpenSSH was introduced provide a bit harder than I hoped for.

It appears that stock [WayBack] OpenSSH: Portable Release does not support FIPS. But there are patches on top of these files:

Many (most?) Linux distributions include a patched version like [WayBack] ssh.c in openssh located at /openssh-5.9p1 (git://pkgs.fedoraproject.org/openssh).

They integrate the patches like [WayBack] File openssh.spec of Package openssh – openSUSE Build Service.

Patches for instance look like [WayBack] openssh/openssh-5.3p1-fips.patch at master · gooselinux/openssh · GitHub which is more than a decade old (see the 2009 message [WayBack] rpms/openssh/devel openssh-5.3p1-fips.patch, NONE, 1.1 openssh-5.3p1-mls.patch, NONE, 1.1 openssh-5.3p1-nss-keys.patch, NONE, 1.1 openssh-5.3p1-selabel.patch, NONE, 1.1 openssh-5.3p1-skip-initial.patch, NONE, 1.1 .cvsignore, 1.24, 1.25 openssh.spec, 1.170, 1.171 sources, 1.24, 1.25 openssh-3.8.1p1-krb5-config.patch, 1.1, NONE openssh-4.7p1-audit.patch, 1.2, NONE openssh-5.1p1-mls.patch, 1.1, NONE openssh-5.1p1-skip-initial.patch, 1.1, NONE openssh-5.2p1-fips.patch, 1.6, NONE openssh-5.2p1-nss-keys.patch, 1.3, NONE openssh-5.2p1-selabel.patch, 1.2, NONE).

The patches seem to originate at the (now defunct) WayBack Index of /export/openssh of http://openssl.com/export/openssh/ .

In the end I found [WayBack] Mailing List Archive: OpenSSH FIPS 140-2 support using OpenSSL FIPS modules? having these quotes:

vanilla OpenSSH doesn’t support running OpenSSL in FIPS-140 mode. Some
downstream providers patch OpenSSH they deliver with their distributions
with changes to enable FIPS-140 mode.

[WayBack] Secure Shell and FIPS 140-2 – Managing Secure Shell Access in Oracle® Solaris 11.4 explains a bit of background of them.

ESXi 6.7

Binary searching for the version where this was introduced could have been a lot shorter if I had done a “FIPS mode initialized” “ESXi” – Google Search, resulting in for instance:

The final two links made me discover XSIBackup

They see be one of the few (only one?!) free backup solutions for the bare ESXi:

In addition, they have a binary for rsync version 3.1.0: [WayBack] 33HOPS | Rsync for VMWare Backup, so lees need to go to Source: ESXi 5.1 and rsync – damiendebin.net

jeroen

Posted in *nix, *nix-tools, ESXi6.5, ESXi6.7, Power User, ssh/sshd, Virtualization, VMware, VMware ESXi | Leave a Comment »

Forgot the ESXi root password? No problems, here are 4 ways to reset it! – VMWARE BLOG

Posted by jpluimers on 2021/05/24

I only needed one of the standalone ways for the many ways in [WayBack] Forgot the ESXi root password? No problems, here are 4 ways to reset it! – VMWARE BLOG

Passwords are the things people tend to forget. Well, ESXi root passwords are not an exception either! Without the root password, you lose control over your hosts, so it’s good to know how to reset it. Well, resetting an ESXi host password is the thing I gonna talk about in this article.

Resetting root password on the standalone ESXi hosts

Now, as we know how to reset the password with vCenter, let’s look at some tough cases. Let’s say, you don’t have vCenter installed on the host. Once again, I do not want to re-install the server OS as VMware says. Seriously, that’s not fun! Let’s look at something more interesting instead. Well, let’s say, what about changing the password right on the node itself?

Before I start, I’d like to mention that you won’t be able to trick ESXi security and change the root password on the node without shutting it down. This means that you, like it or not, do need to shut down each VM from the inside! If you screw things up, you won’t be able to start VMs without ESXi re-installation.

Also, you need the boot the CD image. I used Ubuntu GNOME in this article. Find out how to create a boot CD and download Ubuntu GNOME here. You also need Rufus to write the boot CD image on the flash drive.

C:\21a983d22b51938355d6c52e7f69741e

So, you need to boot from the flash disk, mount the required ESXi datastore, unpack the archive, and edit the file with passwords. Next, you upload the file back into the initial directory, and, after rebooting the host, you can access the it without the password.

Editing the “shadow” file

What’s “shadow” is?

For safety concerns, ESXi keeps passwords encrypted in some file… whatever, here’s how you still can reset the password. According to some unofficial sources, this file is called “shadow”. You can find it in one of those booting volumes in the /etc directory. Before the host boots, /etc is in the local.tgz archive. Here’s the path: /etc => local.tgz => state.tgz. You can find it in one of those booting volumes in the /etcdirectory. Before the host boots, /etc is in the local.tgz archive. Here’s the path: state.tgz => local.tgz => /etc.

Here’s how the disk is formatted in ESXi 6.0 or higher:

Volume name What it is for? Volume size in my case
/dev/sda1 Starts the system 4 MB
/dev/sda2: /scratch: System volume that is created while installing ESXi on the over-5 GB disk. 4 GB
/dev/sda3: VMFS datastore: Represents all the remaining disk space
/dev/sda5: /bootbank: The ESXi image 250 MB
/dev/sda6: /altrbootbank: The older system version image. You’ll see it as an empty volume if you have never updated the system 250 MB
/dev/sda7: vmkDiagnostic (the first volume) Keeps the core dump 110 MB
/dev/sda8: /store VMware Tools image 286 MB
/dev/sda9: vmkDiagnostic (the second volume) Keeps all the information connected with vSAN diagnostics. You can observe this volume only in over-8 GB datastores 2.5 GB

Among of all those volumes, we need only the /bootbank one as it keeps the ESXi archive. In this way, “shadow” should be somewhere there.

Chasing the “shadow”

So, let’s boot the host from the flash disk first and start the terminal.

Run the following cmdlet to acquire root privileges:

# sudo su

Next, deploy the command below to look through the sda directory.

# fdisk –l | grep /dev/sda*

C:\c7eb70e4332b280e897bc91da2843eb5

Well, it seems that we need that 250 MB /dev/sda5 directory. Create the mnt directory.

# mkdir /mnt/sda5

Create the directory for the temporary files now.

# mkdir /temp

And, mount the /dev/sda5 directory using the cmdlet below.

# mount /dev/sda5 /mnt/sda5

Now, look for that state.tgz archive I was talking above.

# ls -l /mnt/sda5/state.tgz

Extract both state.tgz and local.tgz. Here are the commands you can use for that purpose:

# tar -xf /mnt/sda5/state.tgz –C /temp/

# tar -xf /temp/local.tgz –C /temp/

Once you are done with unpacking, get rid of those old archives with the cmdlet below:

# rm /temp/local.tgz

Now, you are ready to do some magic with “shadow”. Open the file, edit it, and close it. As simple as it! To double-check the changes, open the file one more time.

# vi /temp/etc/shadow

Actually, here’s how “shadow” looks like inside. See, it contains all users’ passwords.

C:\5cfa53db6df27f3419c38304e61a1937

To reset the password, just delete everything between the double colons. Remember, everything is encrypted? That’s why passwords look that weird.

C:\569ce0a0bd6088cfe538f3b76c1872b3

# vi /temp/etc/shadow

Next, go to the work directory.

# cd /temp

Now, add the “shadow” back to the archive.

# tar -czf local.tgz etc

# tar -czf state.tgz local.tgz

Move the new archive to the initial directory.

# mv state.tgz /mnt/sda5/

Unmount the /sda5 disk with the cmdlet below:

# umount /mnt/sda5

And, eventually reboot the host.

# reboot

Well, to make the stuff I’ve just written above more reader-friendly, here’re all commands you need to deploy step-by-step.

C:\786a70bf9387ec447bd86ea06e01bd12

Well, you are almost there. Reboot the server now, and try accessing the host without any password. Well, check out what I’ve got.

C:\67ddfd5b95a9399d71561e4f7e82fe71

Now, select Configure Password, and type a new password in the self-titled field.

C:\659a2f378848ab4f9e11135e321968d9

Ok, this time, please write the root password, or just try no to forget it!

Replace one “shadow” with another

There’s another way to reset the ESXi root password using “shadow”. Actually, that’s nothing more than a variation of the method I described above.

So, another thing you can do to reset the ESXi password is just using another host “shadow” file! Yes, you can just copy the “shadow” file from another host with the known root password to the one more flask disk. To get the file with passwords from another host, you need WinSCP. The utility is available here. The nice thing is that you can retrieve that file from the host with the unknown ESXi root password without even shutting it down.

C:\c538c5686ddc4ba551ea1f5237280e1b

Next, call the terminal with the Ubuntu GNOME and reset the password.

Update user privileges to root first. You can run the following command for that purpose:

# sudo su

Now, let’s see what you have on the disk.

# fdisk –l | grep sd 

Create two temporary volumes afterward.

# mkdir /mnt/sda5

# mkdir /mnt/sdb1

Mount the ESXi disk and flash disk where the “shadow” resides using the following cmdlet.

# mount /dev/sda5 /mnt/sda5

# mount /dev/sdb1 /mnt/sdb1

Now, create the temporary volume for further work with archives.

# mkdir /temp

Create the volume where you are going to keep the state.tgz copy just in case something goes wrong.

# mkdir /mnt/sdb1/save

Find the necessary file in the archive.

# ls -l /mnt/sda5/state.tgz

Copy the archive.

# cp /mnt/sda5/state.tgz /mnt/sdb1/save

Run the following command to double-check whether the file has been copied:

# ls -l /mnt/sdb1/save

Extract state.tgz using the cmdlet below:

# tar -xf /mnt/sda5/state.tgz –C /temp/

Find the temp file.

# ls –l /temp

Extract local.tgz.

# tar -xf /temp/local.tgz –C /temp/

Make sure that you extracted the /etc directory.

# ls –l /temp

C:\8b102fd08f266e9fca099d664a77e2c6

Now, delete the local.tgz volume to ensure that it won’t be included into the new archive by accident.

# rm /temp/local.tgz

Find “shadow” in the /etc directory.

# ls -l /temp/etc

Replace the original “shadow” with the one from the host with known root password. Type the following cmdlet:

# cp /mnt/sdb1/shadow /temp/etc

C:\8045c097389c9a0cbc8a78ed1e5805fe

Now, deploy the following command to open the file and look through the saved credentials.

# vi /temp/etc/shadow

If you do not want some users to access the host, go ahead and just remove them from the listing! Here, I removed Test from the users that can access the host. Wait, why did I delete only Test? At this point, I’d like to warn you against deleting any users you are not familiar with. In my case, all users except Test are system ones. If you delete any of those guys, you may destabilize the OS!

C:\91a5a7a5552948a084c9c8bbbd4c4d1c

Here’s how the “shadow”: file looks like once the unnecessary user.

C:\601a3512f8477b298365221f92dcfed7

Check whether all changes have been applied.

# vi /temp/etc/shadow

Type the following line to navigate to the /temp directory.

# cd /temp

Archive the /etc directory.

# tar -czf local.tgz etc

Check whether archiving has run smoothly.

# ls -l /temp/

Now, create the state.tgz volume.

# tar -czf state.tgz local.tgz

Again, check whether the volume has been created.

# ls -l /temp/

Move the archive to the working ESXi directory.

# mv state.tgz /mnt/sda5/

Check the result one more time.

# ls -l /mnt/sda5/

Unmount the sda5 directory.

# umount /mnt/sda5

Eventually, reboot the host.

# reboot

Enjoy! If everything is done right, you can access the host with the known password. Well, to make everything more or less convenient here’s the entire set of commands I used for this method.

C:\aa3e81917d7434ea1863f161d7985514

If the host starts acting weird after reboot, there’s still a copy of the initial state.tgz. Well, it should be. You can mount both /sda5 and /sdb1 and retrieve the original state.tgz using the following cmdlet… and try again!

# cp /mnt/sdb1/save/state.tgz /mnt/sda5/

–jeroen

Posted in Power User, Virtualization, VMware, VMware ESXi | Leave a Comment »

How to Copy files between ESXi hosts using SCP Command

Posted by jpluimers on 2021/05/21

Derived the bits below from [WayBack] How to Copy files between ESXi hosts using SCP Command.

Recursive copy from a remote machine to an existing local directory:

scp -rp root@192.168.71.97://vmfs/volumes/EVO860_500GB/VM1/ /vmfs/volumes/EVO860_250GB/VM2/

After this you need to edit the .vmxf files in the VM2 directory to ensure these are not duplicates.

One thing to remember is that you need the current host to allow the SSH client in the firewall, which is disabled by default:

After enabling:

Be really careful with the -3 option to scp; it allows you to transfer from one remote machine to another remote machine, but when using keyboard-interactive, you have a high change to lock-out your accounts: SSH will try to keyboard-interactive to both hosts at the same time.

If you lock-out root, then you have to go through the local DCUI console (use ALT-F2 to go there), then reset the root account failure count using pam_tally2 --user root --reset.

So this can be bad:

scp -3 -rp root@192.168.71.97://vmfs/volumes/EVO860_500GB/VM1/ root@192.168.71.91://vmfs/volumes/EVO860_250GB/VM2/

This works, but assumes the SSH client is enabled from the first host:

scp -rp root@192.168.71.97://vmfs/volumes/EVO860_500GB/VM1/ root@192.168.71.91://vmfs/volumes/EVO860_250GB/VM2/

See these links:

 

[root@ESXi-X9SRI-F:~] esxcli network firewall get
   Default Action: DROP
   Enabled: true
   Loaded: true
[root@ESXi-X9SRI-F:~] esxcli network firewall ruleset list --ruleset-id sshClient
Name       Enabled
---------  -------
sshClient    false
[root@ESXi-X9SRI-F:~] esxcli network firewall ruleset set --ruleset-id sshClient --enabled true
[root@ESXi-X9SRI-F:~] esxcli network firewall ruleset list --ruleset-id sshClient
Name       Enabled
---------  -------
sshClient     true
[root@ESXi-X9SRI-F:~] esxcli network firewall ruleset set --ruleset-id sshClient --enabled false
[root@ESXi-X9SRI-F:~] esxcli network firewall ruleset list --ruleset-id sshClient
Name       Enabled
---------  -------
sshClient    false

–jeroen

Posted in *nix, *nix-tools, ESXi6, ESXi6.5, ESXi6.7, Power User, ssh/sshd, Virtualization, VMware, VMware ESXi | Leave a Comment »

« Previous Entries
Next Entries »