PowerCLI – ESXi CIM Permissions

hw_status_logo-1-300x192-7313097

Using HP’s IRS (Insight Remote Support) to monitor  your ESXi nodes hardware ?

Setting this up was not as straight forward as you think it should be. Turns out that the permissions required as outlined on VMware’s site here is not enough to get HP’s IRS to work.

Use this script to configure the correct accounts and permissions.

Param ([string]$filename)

################################
# Global environment variables #
################################
$esxi_user = "root"
$esxi_pass = "yourpass"
$command = ".ScriptESXicmd.txt"
$putty_exe = ".ScriptESXiplink.exe"
$esxi_hosts = Import-Csv $filename

foreach ($esxi_host in $esxi_hosts){
try {
Connect-VIServer $esxi_host.name -User $esxi_user -Password $esxi_pass -ErrorAction:Stop
}
catch {
"Unbale to connect to the ESXi node. Please check node connectivity"
}
# start the SSH Services
Get-VMHost -Name $esxi_host.name | Get-VMHostService | Where-Object {$_.Key -eq "TSM-SSH"} | Start-VMHostService

#Create the hpris user account on the ESxi node.
New-VMHostAccount -Id $irs_user -Password $irs_pass -GrantShellAccess:$false

#Create a new role with CIM privileges
New-VIRole $vi_role -Privilege "CIM","System Management"

#Assign the hpris user account the role we just created.
Get-VMHost | New-VIPermission -Principal $irs_user -Role $vi_role -Propagate:$true

#SSH to the host and apply some security restrcition to the new user.

$ssh_host = $esxi_host.name
echo y | .plink.exe -ssh root@$ssh_host -P 22 -pw $esxi_pass -m $command

#Stop the SSH services
Get-VMHost -Name $esxi_host.name | Get-VMHostService | Where-Object {$_.Key -eq "TSM-SSH"} | Stop-VMHostService -Confirm:$false

#Disconnect from the ESXi node.
Disconnect-VIServer -Confirm:$false
}

Before executing the script you will need these files in the root of the script

  • Source input file containing the host DNS or IP info. You can get a sample here (sample)
  • plink.exe is required to execute some commands on the ESXi node. You can get that here.
  • You need a text file that contains all the commands that are executed remotely on the ESXi node. You can get a sample here (cmd.txt)

Leave a Reply

Your email address will not be published. Required fields are marked *