PowerCLI: Scripting ESXi

As the service console is moved further away from the hypervisor, people are finding it harder to configure ESX in the same way as has been done in previous versions.

Moving forward the only way to do this really is by accessing ESXi through the API using scripting toolkits such as PowerCLI or the Perl toolkit.

There are two basic versions of ESXi “free” and “licensed”, the scripting toolkits are limited to read-only access for the free version of VMware ESXi. When the host is upgraded to vSphere Essentials, vSphere Essential Plus, vSphere Standard, vSphere Advanced, vSphere Enterprise, or vSphere Enterprise Plus these toolkits have write-access enabled and provide a scriptable method for managing ESXi hosts.

So what can we do ?  I have collated some useful ESXi methods into this blog post to help you when looking towards the future and trying to automate your configuration and management process of your ESXi hosts, all of the PowerCLI cmdlets will work in exactly the same way they would do with ESX but the below are a subset of useful functions and scripts which are either unique to ESXi or enable the easier management of ESXi.

The initial build of ESXi has no password so lets start there, how do we connect to the host ?

We connect in the normal way but we specify a username of root and no password as follows:

Connect-VIServer MyESXiHost -username root

Once connected we may want to change the password to something more secure, when doing this remember ESXi has a stricter password policy so make sure you have a password full of special characters, for more information on the default password rules and how to change these make sure you check out this link.

Set-VMHostAccount -UserAccount root -password MyPa$$!

We can view the hostd, messages and vpxa log files of the host by using one of the following:

Get-Log hostd | select -ExpandProperty Entries
Get-Log messages | select -ExpandProperty Entries
Get-Log vpxa | select -ExpandProperty Entries

Or search for a particular string in these files by using the following:

Get-Log hostd | select -ExpandProperty Entries | Select-String WARNING

Or we could create a diagnostic bundle by using:

Get-Log -Bundle -DestinationPath C:\Temp

What about some of the cooler functions like Lockdown Mode or sometimes known as Admin mode ?

When connected to a vCenter we can list the ESXi hosts to see if this feature is enabled by using:

Get-View -ViewType HostSystem | Select Name, @{N="Version";E={$_.Summary.Config.Product.Name}}, @{N="State";E={$_.Runtime.ConnectionState}}, @{N="LockedMode";E={$_.Config.AdminDisabled}},@{N="MaintenanceMode";E={$_.Runtime.InMaintenanceMode}} | Where { $_.Version -match "i"} 

With the help of the excellent function in the ‘VI Toolkt Extensions’ (get them now!) we can even enable and disable lockdown mode:

Get-VMHost | Set-TkeVMHostLockdown $True

Or to disable

Get-VMHost | Set-TkeVMHostLockdown $False

We can backup the firmware or configuration so that we can easily restore it again after all our hard work:

Get-VMHost MyESXiHost | Set-VMHostFirmware -BackupConfiguration -DestinationPath C:\Temp

Once downloaded don’t forget you can always extract the files, edit them, re-compress and upload them back to the host !

(see this video from Eric Sloof)

And with the help of another cool function in the VITKE we can upload the firmware file and apply it:

$ESXiHost = Get-VMHost MyESXiHost
If ($ESXiHost.MaintenanceMode -eq $false) {
   Set-VMHost $ESXiHost.Name -State maintenance }
   Set-TKEVMHostFirmware -vmhost $ESXiHost –localfile “C:\temp\backup.tgz” -credential (get-credential)

If you like you can also set the firmware back to default and get rid of all the changes you have made to the host:

Get-VMHost MyESXiHost | Set-VMHostFirmware -ResetToDefaults

These are but a few of the cmdlets we can use against our ESXi host, do you really need a better reason to start learning PowerCLI ?!

A reminder that some of these actions are also available via my VESI/PowerGUI PowerPack, these can be activated from the GUI when selecting the “ESXi Hosts” node and are available on the right hand side of the screen under “ESXi Utils” as seen below:


13 thoughts on “PowerCLI: Scripting ESXi”

  1. I stumbled across this way to enable and disable lockdown mode.

    $hostview = get-vmhost $host | get-view



  2. Just a note about setting the password

    Powershell will interpret the $ in the password as a string reference. You can see this if you type:

    echo MyPa$$!

    The solution is to create a variable like this:

    $password = ‘MyPa$$!’
    Set-VMHostAccount -UserAccount root -password $password


    Set-VMHostAccount -UserAccount root -password ‘MyPa$$!’

Leave a Reply