Nithin Titta

vCenter via a salt-proxy minion

Posted on September 25, 2025September 25, 2025 by Nithin Titta

Source code: https://github.com/saltstack/salt/blob/v3006.7/salt/proxy/vcenter.py

Documentation: https://docs.saltproject.io/en/3007/ref/proxy/all/salt.proxy.vcenter.html
module: https://docs.saltproject.io/en/3006/ref/modules/all/salt.modules.vsphere.html

Depending on the version of vsphere, you must install pyvomi

salt-call pip.install pyvmomi==8.0.3.0.1

sample configs:

version:

root@master01:~# salt --versions-report
Salt Version:
          Salt: 3006.16

Packages:

root@master01:~# salt-call pip.list
local:
    ----------
    CherryPy:
        18.10.0
    Jinja2:
        3.1.6
    MarkupSafe:
        2.1.2
    PyJWT:
        2.10.1
    PyNaCl:
        1.6.0
    PyYAML:
        6.0.2
    Pygments:
        2.19.2
    SSEAPE:
        8.17.0.6
    attrs:
        25.3.0
    autocommand:
        2.2.2
    backports.tarfile:
        1.2.0
    bcrypt:
        4.3.0
    certifi:
        2024.7.4
    cffi:
        1.14.6
    charset-normalizer:
        3.2.0
    cheroot:
        8.5.2
    contextvars:
        2.4
    croniter:
        2.0.5
    cryptography:
        42.0.5
    distro:
        1.5.0
    frozenlist:
        1.7.0
    idna:
        3.7
    immutables:
        0.21
    importlib_metadata:
        6.0.0
    invoke:
        2.2.0
    jaraco.classes:
        3.2.1
    jaraco.collections:
        3.4.0
    jaraco.context:
        6.0.1
    jaraco.functools:
        4.2.1
    jaraco.text:
        4.0.0
    jmespath:
        1.0.1
    jsonschema:
        4.25.1
    jsonschema-specifications:
        2025.9.1
    junos-eznc:
        2.7.5
    looseversion:
        1.0.2
    lxml:
        6.0.2
    markdown-it-py:
        4.0.0
    mdurl:
        0.1.2
    more-itertools:
        10.7.0
    msgpack:
        1.0.2
    napalm:
        5.1.0
    ncclient:
        0.7.0
    netaddr:
        1.3.0
    netmiko:
        4.6.0
    netutils:
        1.15.0
    ntc_templates:
        8.1.0
    packaging:
        24.0
    paramiko:
        4.0.0
    pika:
        1.3.2
    pip:
        23.3.2
    portend:
        2.4
    psutil:
        5.8.0
    pyOpenSSL:
        24.0.0
    pycparser:
        2.21
    pycryptodomex:
        3.19.1
    pyeapi:
        1.0.4
    pyparsing:
        3.2.5
    pyserial:
        3.5
    python-dateutil:
        2.8.1
    python-gnupg:
        0.4.8
    pytz:
        2022.1
    pyvmomi:
        8.0.3.0.1
    pyzmq:
        23.2.0
    referencing:
        0.36.2
    relenv:
        0.20.6
    requests:
        2.32.3
    rich:
        14.1.0
    rpds-py:
        0.27.1
    rpm_vercmp:
        0.1.2
    ruamel.yaml:
        0.18.15
    ruamel.yaml.clib:
        0.2.14
    salt:
        3006.16
    scp:
        0.15.0
    setproctitle:
        1.3.2
    setuptools:
        79.0.1
    six:
        1.16.0
    tempora:
        4.1.1
    textfsm:
        2.1.0
    timelib:
        0.3.0
    transitions:
        0.9.3
    ttp:
        0.9.5
    ttp-templates:
        0.3.7
    typing_extensions:
        4.15.0
    urllib3:
        2.5.0
    wheel:
        0.45.1
    yamlordereddictloader:
        0.4.2
    zc.lockfile:
        1.4
    zipp:
        3.6.0

proxy-minion config:

root@master01:/srv/pillar# pwd
/srv/pillar
root@master01:/srv/pillar# ls
top.sls  vcenter-proxy.sls  vyos-router-01.sls
root@master01:/srv/pillar# cat top.sls
base:
  'vyos':
    - vyos-router-01
  'my-vcenter-proxy':
    - vcenter-proxy
root@master01:/srv/pillar# cat vcenter-proxy.sls

proxy:
  proxytype: vcenter
  vcenter: vcsa01.rainpole.local
  username: '[email protected]'
  passwords:
    - 'VMware123!'
  mechanism: userpass


root@master01:/srv/pillar# cat vyos-router-01.sls
proxy:
  proxytype: netmiko
  device_type: vyos # Required for Netmiko to recognize the device type
  host: 192.168.1.254
  username: vyos
  password: 'VMware123!'
  always_alive: True
root@master01:/srv/pillar#

root@master01:/etc/salt/proxy.d# ls
my-vcenter-proxy  vyos
root@master01:/etc/salt/proxy.d# cat my-vcenter-proxy/
_schedule.conf  vc.sls
root@master01:/etc/salt/proxy.d# cat my-vcenter-proxy/vc.sls
master: 192.168.103.45
id: my-vcenter-proxy
add_proxymodule_to_opts: False

start minion:

 salt-proxy --proxyid my-vcenter-proxy

Accept keys

salt-key -A

Test minion:

root@master01:/etc/salt/proxy.d# salt my-vcenter-proxy test.ping
my-vcenter-proxy:
    True

Available module for vCenter:
my-vcenter-proxy:
———-
vsphere.:
vsphere.add_capacity_to_diskgroup:

Adds capacity disks to the disk group with the specified cache disk.

cache_disk_id
The canonical name of the cache disk.

capacity_disk_ids
A list containing canonical names of the capacity disks to add.

safety_checks
Specify whether to perform safety check or to skip the checks and try
performing the required task. Default value is True.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.add_capacity_to_diskgroup
cache_disk_id=’naa.000000000000001′
capacity_disk_ids='[naa.000000000000002, naa.000000000000003]’

vsphere.add_host_to_dvs:

Adds an ESXi host to a vSphere Distributed Virtual Switch and migrates
the desired adapters to the DVS from the standard switch.

host
The location of the vCenter server.

username
The username used to login to the vCenter server.

password
The password used to login to the vCenter server.

vmknic_name
The name of the virtual NIC to migrate.

vmnic_name
The name of the physical NIC to migrate.

dvs_name
The name of the Distributed Virtual Switch.

target_portgroup_name
The name of the distributed portgroup in which to migrate the
virtual NIC.

uplink_portgroup_name
The name of the uplink portgroup in which to migrate the
physical NIC.

protocol
Optionally set to alternate protocol if the vCenter server or ESX/ESXi host is not
using the default protocol. Default protocol is “https“.

port
Optionally set to alternate port if the vCenter server or ESX/ESXi host is not
using the default port. Default port is “443“.

host_names:
An array of VMware host names to migrate

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt some_host vsphere.add_host_to_dvs host=’vsphere.corp.com’
username=’[email protected]’ password=’vsphere_password’
vmknic_name=’vmk0′ vmnic_name=’vnmic0′ dvs_name=’DSwitch’
target_portgroup_name=’DPortGroup’ uplink_portgroup_name=’DSwitch1-DVUplinks-181′
protocol=’https’ port=’443′, host_names=”[‘esxi1.corp.com’,’esxi2.corp.com’,’esxi3.corp.com’]”

Return Example:

somehost:
———-
esxi1.corp.com:
———-
dvs:
DSwitch
portgroup:
DPortGroup
status:
True
uplink:
DSwitch-DVUplinks-181
vmknic:
vmk0
vmnic:
vmnic0
esxi2.corp.com:
———-
dvs:
DSwitch
portgroup:
DPortGroup
status:
True
uplink:
DSwitch-DVUplinks-181
vmknic:
vmk0
vmnic:
vmnic0
esxi3.corp.com:
———-
dvs:
DSwitch
portgroup:
DPortGroup
status:
True
uplink:
DSwitch-DVUplinks-181
vmknic:
vmk0
vmnic:
vmnic0
message:
success:
True

This was very difficult to figure out. VMware’s PyVmomi documentation at

https://github.com/vmware/pyvmomi/blob/master/docs/vim/DistributedVirtualSwitch.rst
(which is a copy of the official documentation here:
https://www.vmware.com/support/developer/converter-sdk/conv60_apireference/vim.DistributedVirtualSwitch.html)

says to create the DVS, create distributed portgroups, and then add the
host to the DVS specifying which physical NIC to use as the port backing.
However, if the physical NIC is in use as the only link from the host
to vSphere, this will fail with an unhelpful “busy” error.

There is, however, a Powershell PowerCLI cmdlet called Add-VDSwitchPhysicalNetworkAdapter
that does what we want. I used Onyx (https://labs.vmware.com/flings/onyx)
to sniff the SOAP stream from Powershell to our vSphere server and got
this snippet out:

<UpdateNetworkConfig xmlns=”urn:vim25″>
<_this type=”HostNetworkSystem”>networkSystem-187</_this>
<config>
<vswitch>
<changeOperation>edit</changeOperation>
<name>vSwitch0</name>
<spec>
<numPorts>7812</numPorts>
</spec>
</vswitch>
<proxySwitch>
<changeOperation>edit</changeOperation>
<uuid>73 a4 05 50 b0 d2 7e b9-38 80 5d 24 65 8f da 70</uuid>
<spec>
<backing xsi:type=”DistributedVirtualSwitchHostMemberPnicBacking”>
<pnicSpec><pnicDevice>vmnic0</pnicDevice></pnicSpec>
</backing>
</spec>
</proxySwitch>
<portgroup>
<changeOperation>remove</changeOperation>
<spec>
<name>Management Network</name><vlanId>-1</vlanId><vswitchName /><policy />
</spec>
</portgroup>
<vnic>
<changeOperation>edit</changeOperation>
<device>vmk0</device>
<portgroup />
<spec>
<distributedVirtualPort>
<switchUuid>73 a4 05 50 b0 d2 7e b9-38 80 5d 24 65 8f da 70</switchUuid>
<portgroupKey>dvportgroup-191</portgroupKey>
</distributedVirtualPort>
</spec>
</vnic>
</config>
<changeMode>modify</changeMode>
</UpdateNetworkConfig>

The SOAP API maps closely to PyVmomi, so from there it was (relatively)
easy to figure out what Python to write.

vsphere.add_license:

Adds a license to the vCenter or ESXi host

key
License key.

description
License description added in as a label.

safety_checks
Specify whether to perform safety check or to skip the checks and try
performing the required task

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.add_license key=<license_key> desc=’License desc’

vsphere.assign_default_storage_policy_to_datastore:

Assigns a storage policy as the default policy to a datastore.

policy
Name of the policy to assign.

datastore
Name of the datastore to assign.
The datastore needs to be visible to the VMware entity the proxy
points to.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.assign_storage_policy_to_datastore
policy=’policy name’ datastore=ds1

vsphere.assign_license:

Assigns a license to an entity

license_key
Key of the license to assign
See “_get_entity“ docstrings for format.

license_name
Display name of license

entity
Dictionary representation of an entity

entity_display_name
Entity name used in logging

safety_checks
Specify whether to perform safety check or to skip the checks and try
performing the required task. Default is False.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.assign_license license_key=AAAAA-11111-AAAAA-11111-AAAAA
license_name=test entity={type:cluster,datacenter:dc,cluster:cl}

vsphere.compare_vm_configs:

Compares virtual machine current and new configuration, the current is the
one which is deployed now, and the new is the target config. Returns the
differences between the objects in a dictionary, the keys are the
configuration parameter keys and the values are differences objects: either
list or recursive difference

new_config:
New config dictionary with every available parameter

current_config
Currently deployed configuration

vsphere.configure_host_cache:

Configures the host cache on the selected host.

enabled
Boolean flag specifying whether the host cache is enabled.

datastore
Name of the datastore that contains the host cache. Must be set if
enabled is “true“.

swap_size_MiB
Swap size in Mibibytes. Needs to be set if enabled is “true“. Must be
smaller than the datastore size.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.configure_host_cache enabled=False

salt ‘*’ vsphere.configure_host_cache enabled=True datastore=ds1
swap_size_MiB=1024

vsphere.create_cluster:

Creates a cluster.

Note: cluster_dict[‘name’] will be overridden by the cluster param value

config_dict
Dictionary with the config values of the new cluster.

datacenter
Name of datacenter containing the cluster.
Ignored if already contained by proxy details.
Default value is None.

cluster
Name of cluster.
Ignored if already contained by proxy details.
Default value is None.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

# esxdatacenter proxy
salt ‘*’ vsphere.create_cluster cluster_dict=$cluster_dict cluster=cl1

# esxcluster proxy
salt ‘*’ vsphere.create_cluster cluster_dict=$cluster_dict

vsphere.create_datacenter:

Creates a datacenter.

Supported proxies: esxdatacenter

datacenter_name
The datacenter name

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.create_datacenter dc1

vsphere.create_diskgroup:

Creates disk group on an ESXi host with the specified cache and
capacity disks.

cache_disk_id
The canonical name of the disk to be used as a cache. The disk must be
ssd.

capacity_disk_ids
A list containing canonical names of the capacity disks. Must contain at
least one id. Default is True.

safety_checks
Specify whether to perform safety check or to skip the checks and try
performing the required task. Default value is True.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.create_diskgroup cache_disk_id=’naa.000000000000001′
capacity_disk_ids='[naa.000000000000002, naa.000000000000003]’

vsphere.create_dvportgroup:

Creates a distributed virtual portgroup.

Note: The “portgroup_name“ param will override any name already set
in “portgroup_dict“.

portgroup_dict
Dictionary with the config values the portgroup should be created with
(example in salt.states.dvs).

portgroup_name
Name of the portgroup to be created.

dvs
Name of the DVS that will contain the portgroup.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.create_dvportgroup portgroup_dict=<dict>
portgroup_name=pg1 dvs=dvs1

vsphere.create_dvs:

Creates a distributed virtual switch (DVS).

Note: The “dvs_name“ param will override any name set in “dvs_dict“.

dvs_dict
Dict representation of the new DVS (example in salt.states.dvs)

dvs_name
Name of the DVS to be created.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.create_dvs dvs dict=$dvs_dict dvs_name=dvs_name

vsphere.create_storage_policy:

Creates a storage policy.

Supported capability types: scalar, set, range.

policy_name
Name of the policy to create.
The value of the argument will override any existing name in
“policy_dict“.

policy_dict
Dictionary containing the changes to apply to the policy.
(example in salt.states.pbm)

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.create_storage_policy policy_name=’policy name’
policy_dict=”$policy_dict”

vsphere.create_vm:

Creates a virtual machine container.

CLI Example:

salt vm_minion vsphere.create_vm vm_name=vmname cpu='{count: 2, nested: True}’ …

vm_name
Name of the virtual machine

cpu
Properties of CPUs for freshly created machines

memory
Memory size for freshly created machines

image
Virtual machine guest OS version identifier
VirtualMachineGuestOsIdentifier

version
Virtual machine container hardware version

datacenter
Datacenter where the virtual machine will be deployed (mandatory)

datastore
Datastore where the virtual machine files will be placed

placement
Resource pool or cluster or host or folder where the virtual machine
will be deployed

devices
interfaces

interfaces:
adapter: ‘Network adapter 1’
name: vlan100
switch_type: distributed or standard
adapter_type: vmxnet3 or vmxnet, vmxnet2, vmxnet3, e1000, e1000e
mac: ’00:11:22:33:44:55′
connectable:
allow_guest_control: True
connected: True
start_connected: True

disks

disks:
adapter: ‘Hard disk 1’
size: 16
unit: GB
address: ‘0:0’
controller: ‘SCSI controller 0’
thin_provision: False
eagerly_scrub: False
datastore: ‘myshare’
filename: ‘vm/mydisk.vmdk’

scsi_devices

scsi_devices:
controller: ‘SCSI controller 0’
type: paravirtual
bus_sharing: no_sharing

serial_ports

serial_ports:
adapter: ‘Serial port 1’
type: network
backing:
uri: ‘telnet://something:port’
direction: <client|server>
filename: ‘service_uri’
connectable:
allow_guest_control: True
connected: True
start_connected: True
yield: False

cd_drives

cd_drives:
adapter: ‘CD/DVD drive 0’
controller: ‘IDE 0’
device_type: datastore_iso_file
datastore_iso_file:
path: path_to_iso
connectable:
allow_guest_control: True
connected: True
start_connected: True

advanced_config
Advanced config parameters to be set for the virtual machine

vsphere.create_vmfs_datastore:

Creates a ESXi host disk group with the specified cache and capacity disks.

datastore_name
The name of the datastore to be created.

disk_id
The disk id (canonical name) on which the datastore is created.

vmfs_major_version
The VMFS major version.

safety_checks
Specify whether to perform safety check or to skip the checks and try
performing the required task. Default is True.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.create_vmfs_datastore datastore_name=ds1 disk_id=
vmfs_major_version=5

vsphere.delete_advanced_configs:

Removes extra config parameters from a virtual machine

vm_name
Virtual machine name

datacenter
Datacenter name where the virtual machine is available

advanced_configs
List of advanced config values to be removed

service_instance
vCenter service instance for connection and configuration

vsphere.delete_vm:

Deletes a virtual machine defined by name and placement

name
Name of the virtual machine

datacenter
Datacenter of the virtual machine

placement
Placement information of the virtual machine

service_instance
vCenter service instance for connection and configuration

CLI Example:

salt ‘*’ vsphere.delete_vm name=my_vm datacenter=my_datacenter

vsphere.disconnect:

Disconnects from a vCenter or ESXi host

Note:
Should be used by state functions, not invoked directly.

service_instance
Service instance (vim.ServiceInstance)

CLI Example:

See note above.

vsphere.erase_disk_partitions:

Erases the partitions on a disk.
The disk can be specified either by the canonical name, or by the
scsi_address.

disk_id
Canonical name of the disk.
Either “disk_id“ or “scsi_address“ needs to be specified
(“disk_id“ supersedes “scsi_address“.

scsi_address
Scsi address of the disk.
“disk_id“ or “scsi_address“ needs to be specified
(“disk_id“ supersedes “scsi_address“.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.erase_disk_partitions scsi_address=’vmhaba0:C0:T0:L0′

salt ‘*’ vsphere.erase_disk_partitions disk_id=’naa.000000000000001′

vsphere.get_advanced_configs:

Returns extra config parameters from a virtual machine advanced config list

vm_name
Virtual machine name

datacenter
Datacenter name where the virtual machine is available

service_instance
vCenter service instance for connection and configuration

vsphere.get_host_cache:

Returns the host cache configuration on the proxy host.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.get_host_cache

vsphere.get_host_datetime:

Get the date/time information for a given host or list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to tell
vCenter the hosts for which to get date/time information.

If host_names is not provided, the date/time information will be retrieved for the
“host“ location instead. This is useful for when service instance connection
information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.get_host_datetime my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.get_host_datetime my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.get_ntp_config:

Get the NTP configuration information for a given host or list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to tell
vCenter the hosts for which to get ntp configuration information.

If host_names is not provided, the NTP configuration will be retrieved for the
“host“ location instead. This is useful for when service instance connection
information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.get_ntp_config my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.get_ntp_config my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.get_proxy_type:

Returns the proxy type retrieved either from the pillar of from the proxy
minion’s config. Returns “<undefined>“ otherwise.

CLI Example:

salt ‘*’ vsphere.get_proxy_type

vsphere.get_service_instance_via_proxy:

Returns a service instance to the proxied endpoint (vCenter/ESXi host).

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

Note:
Should be used by state functions not invoked directly.

CLI Example:

See note above

vsphere.get_service_policy:

Get the service name’s policy for a given host or list of hosts.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

service_name
The name of the service for which to retrieve the policy. Supported service names are:
– DCUI
– TSM
– SSH
– lbtd
– lsassd
– lwiod
– netlogond
– ntpd
– sfcbd-watchdog
– snmpd
– vprobed
– vpxa
– xorg

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to tell
vCenter the hosts for which to get service policy information.

If host_names is not provided, the service policy information will be retrieved
for the “host“ location instead. This is useful for when service instance
connection information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.get_service_policy my.esxi.host root bad-password ‘ssh’

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.get_service_policy my.vcenter.location root bad-password ‘ntpd’ host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.get_service_running:

Get the service name’s running state for a given host or list of hosts.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

service_name
The name of the service for which to retrieve the policy. Supported service names are:
– DCUI
– TSM
– SSH
– lbtd
– lsassd
– lwiod
– netlogond
– ntpd
– sfcbd-watchdog
– snmpd
– vprobed
– vpxa
– xorg

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to tell
vCenter the hosts for which to get the service’s running state.

If host_names is not provided, the service’s running state will be retrieved
for the “host“ location instead. This is useful for when service instance
connection information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.get_service_running my.esxi.host root bad-password ‘ssh’

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.get_service_running my.vcenter.location root bad-password ‘ntpd’ host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.get_ssh_key:

Retrieve the authorized_keys entry for root.
This function only works for ESXi, not vCenter.

:param host: The location of the ESXi Host
:param username: Username to connect as
:param password: Password for the ESXi web endpoint
:param protocol: defaults to https, can be http if ssl is disabled on ESXi
:param port: defaults to 443 for https
:param certificate_verify: If true require that the SSL connection present
a valid certificate. Default: True
:return: True if upload is successful

CLI Example:

salt ‘*’ vsphere.get_ssh_key my.esxi.host root bad-password certificate_verify=True

vsphere.get_vm:

Returns vm object properties.

name
Name of the virtual machine.

datacenter
Datacenter name

vm_properties
List of vm properties.

traversal_spec
Traversal Spec object(s) for searching.

parent_ref
Container Reference object for searching under a given object.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

vsphere.get_vm_config:

Queries and converts the virtual machine properties to the available format
from the schema. If the objects attribute is True the config objects will
have extra properties, like ‘object’ which will include the
vim.vm.device.VirtualDevice, this is necessary for deletion and update
actions.

name
Name of the virtual machine

datacenter
Datacenter’s name where the virtual machine is available

objects
Indicates whether to return the vmware object properties
(eg. object, key) or just the properties which can be set

service_instance
vCenter service instance for connection and configuration

vsphere.get_vm_config_file:

Queries the virtual machine config file and returns
vim.host.DatastoreBrowser.SearchResults object on success None on failure

name
Name of the virtual machine

datacenter
Datacenter name

datastore
Datastore where the virtual machine files are stored

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

vsphere.get_vmotion_enabled:

Get the VMotion enabled status for a given host or a list of host_names. Returns “True“
if VMotion is enabled, “False“ if it is not enabled.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter which hosts to check if VMotion is enabled.

If host_names is not provided, the VMotion status will be retrieved for the
“host“ location instead. This is useful for when service instance
connection information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.get_vmotion_enabled my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.get_vmotion_enabled my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.get_vsan_eligible_disks:

Returns a list of VSAN-eligible disks for a given host or list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter which hosts to check if any VSAN-eligible disks are available.

If host_names is not provided, the VSAN-eligible disks will be retrieved
for the “host“ location instead. This is useful for when service instance
connection information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.get_vsan_eligible_disks my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.get_vsan_eligible_disks my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.get_vsan_enabled:

Get the VSAN enabled status for a given host or a list of host_names. Returns “True“
if VSAN is enabled, “False“ if it is not enabled, and “None“ if a VSAN Host Config
is unset, per host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter which hosts to check if VSAN enabled.

If host_names is not provided, the VSAN status will be retrieved for the
“host“ location instead. This is useful for when service instance
connection information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.get_vsan_enabled my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.get_vsan_enabled my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.list_assigned_licenses:

Lists the licenses assigned to an entity

entity
Dictionary representation of an entity.
See “_get_entity“ docstrings for format.

entity_display_name
Entity name used in logging

license_keys:
List of license keys to be retrieved. Default is None.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_assigned_licenses
entity={type:cluster,datacenter:dc,cluster:cl}
entiy_display_name=cl

vsphere.list_capability_definitions:

Returns a list of the metadata of all capabilities in the vCenter.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_capabilities

vsphere.list_cluster:

Returns a dict representation of an ESX cluster.

datacenter
Name of datacenter containing the cluster.
Ignored if already contained by proxy details.
Default value is None.

cluster
Name of cluster.
Ignored if already contained by proxy details.
Default value is None.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

# vcenter proxy
salt ‘*’ vsphere.list_cluster datacenter=dc1 cluster=cl1

# esxdatacenter proxy
salt ‘*’ vsphere.list_cluster cluster=cl1

# esxcluster proxy
salt ‘*’ vsphere.list_cluster

vsphere.list_clusters:

Returns a list of clusters for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_clusters 1.2.3.4 root bad-password

vsphere.list_datacenters:

Returns a list of datacenters for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_datacenters 1.2.3.4 root bad-password

vsphere.list_datacenters_via_proxy:

Returns a list of dict representations of VMware datacenters.
Connection is done via the proxy details.

Supported proxies: esxdatacenter

datacenter_names
List of datacenter names.
Default is None.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_datacenters_via_proxy

salt ‘*’ vsphere.list_datacenters_via_proxy dc1

salt ‘*’ vsphere.list_datacenters_via_proxy dc1,dc2

salt ‘*’ vsphere.list_datacenters_via_proxy datacenter_names=[dc1, dc2]

vsphere.list_datastore_clusters:

Returns a list of datastore clusters for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_datastore_clusters 1.2.3.4 root bad-password

vsphere.list_datastores:

Returns a list of datastores for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_datastores 1.2.3.4 root bad-password

vsphere.list_datastores_via_proxy:

Returns a list of dict representations of the datastores visible to the
proxy object. The list of datastores can be filtered by datastore names,
backing disk ids (canonical names) or backing disk scsi addresses.

Supported proxy types: esxi, esxcluster, esxdatacenter

datastore_names
List of the names of datastores to filter on

backing_disk_ids
List of canonical names of the backing disks of the datastores to filer.
Default is None.

backing_disk_scsi_addresses
List of scsi addresses of the backing disks of the datastores to filter.
Default is None.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_datastores_via_proxy

salt ‘*’ vsphere.list_datastores_via_proxy datastore_names=[ds1, ds2]

vsphere.list_default_storage_policy_of_datastore:

Returns a list of datastores assign the storage policies.

datastore
Name of the datastore to assign.
The datastore needs to be visible to the VMware entity the proxy
points to.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_default_storage_policy_of_datastore datastore=ds1

vsphere.list_default_vsan_policy:

Returns the default vsan storage policy.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_default_vsan_policy

vsphere.list_disk_partitions:

Lists the partitions on a disk.
The disk can be specified either by the canonical name, or by the
scsi_address.

disk_id
Canonical name of the disk.
Either “disk_id“ or “scsi_address“ needs to be specified
(“disk_id“ supersedes “scsi_address“.

scsi_address`
Scsi address of the disk.
“disk_id“ or “scsi_address“ needs to be specified
(“disk_id“ supersedes “scsi_address“.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_disk_partitions scsi_address=’vmhaba0:C0:T0:L0′

salt ‘*’ vsphere.list_disk_partitions disk_id=’naa.000000000000001′

vsphere.list_diskgroups:

Returns a list of disk group dict representation on an ESXi host.
The list of disk groups can be filtered by the cache disks
canonical names. If no filtering is applied, all disk groups are returned.

cache_disk_ids:
List of cache disk canonical names of the disk groups to be retrieved.
Default is None.

use_proxy_details
Specify whether to use the proxy minion’s details instead of the
arguments

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_diskgroups

salt ‘*’ vsphere.list_diskgroups cache_disk_ids='[naa.000000000000001]’

vsphere.list_disks:

Returns a list of dict representations of the disks in an ESXi host.
The list of disks can be filtered by disk canonical names or
scsi addresses.

disk_ids:
List of disk canonical names to be retrieved. Default is None.

scsi_addresses
List of scsi addresses of disks to be retrieved. Default is None

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_disks

salt ‘*’ vsphere.list_disks disk_ids='[naa.00, naa.001]’

salt ‘*’ vsphere.list_disks
scsi_addresses='[vmhba0:C0:T0:L0, vmhba1:C0:T0:L0]’

vsphere.list_dvportgroups:

Returns a list of distributed virtual switch portgroups.
The list can be filtered by the portgroup names or by the DVS.

dvs
Name of the DVS containing the portgroups.
Default value is None.

portgroup_names
List of portgroup names to look for. If None, all portgroups are
returned.
Default value is None

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_dvportgroups

salt ‘*’ vsphere.list_dvportgroups dvs=dvs1

salt ‘*’ vsphere.list_dvportgroups portgroup_names=[pg1]

salt ‘*’ vsphere.list_dvportgroups dvs=dvs1 portgroup_names=[pg1]

vsphere.list_dvs:

Returns a list of distributed virtual switches for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_dvs 1.2.3.4 root bad-password

vsphere.list_dvss:

Returns a list of distributed virtual switches (DVSs).
The list can be filtered by the datacenter or DVS names.

datacenter
The datacenter to look for DVSs in.
Default value is None.

dvs_names
List of DVS names to look for. If None, all DVSs are returned.
Default value is None.

CLI Example:

salt ‘*’ vsphere.list_dvss

salt ‘*’ vsphere.list_dvss dvs_names=[dvs1,dvs2]

vsphere.list_folders:

Returns a list of folders for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_folders 1.2.3.4 root bad-password

vsphere.list_hosts:

Returns a list of hosts for the specified VMware environment.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_hosts 1.2.3.4 root bad-password

vsphere.list_hosts_via_proxy:

Returns a list of hosts for the specified VMware environment. The list
of hosts can be filtered by datacenter name and/or cluster name

hostnames
Hostnames to filter on.

datacenter_name
Name of datacenter. Only hosts in this datacenter will be retrieved.
Default is None.

cluster_name
Name of cluster. Only hosts in this cluster will be retrieved. If a
datacenter is not specified the first cluster with this name will be
considerred. Default is None.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_hosts_via_proxy

salt ‘*’ vsphere.list_hosts_via_proxy hostnames=[esxi1.example.com]

salt ‘*’ vsphere.list_hosts_via_proxy datacenter=dc1 cluster=cluster1

vsphere.list_licenses:

Lists all licenses on a vCenter.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_licenses

vsphere.list_networks:

Returns a list of networks for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_networks 1.2.3.4 root bad-password

vsphere.list_non_ssds:

Returns a list of Non-SSD disks for the given host or list of host_names.

Note:

In the pyVmomi StorageSystem, ScsiDisks may, or may not have an “ssd“ attribute.
This attribute indicates if the ScsiDisk is SSD backed. As this option is optional,
if a relevant disk in the StorageSystem does not have “ssd = true“, it will end
up in the “non_ssds“ list here.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter the hosts for which to retrieve Non-SSD disks.

If host_names is not provided, Non-SSD disks will be retrieved for the
“host“ location instead. This is useful for when service instance
connection information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.list_non_ssds my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.list_non_ssds my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.list_resourcepools:

Returns a list of resource pools for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_resourcepools 1.2.3.4 root bad-password

vsphere.list_ssds:

Returns a list of SSDs for the given host or list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter the hosts for which to retrieve SSDs.

If host_names is not provided, SSDs will be retrieved for the
“host“ location instead. This is useful for when service instance
connection information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.list_ssds my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.list_ssds my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.list_storage_policies:

Returns a list of storage policies.

policy_names
Names of policies to list. If None, all policies are listed.
Default is None.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_storage_policies

salt ‘*’ vsphere.list_storage_policies policy_names=[policy_name]

vsphere.list_uplink_dvportgroup:

Returns the uplink portgroup of a distributed virtual switch.

dvs
Name of the DVS containing the portgroup.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.list_uplink_dvportgroup dvs=dvs_name

vsphere.list_vapps:

Returns a list of vApps for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# List vapps from all minions
salt ‘*’ vsphere.list_vapps 1.2.3.4 root bad-password

vsphere.list_vms:

Returns a list of VMs for the specified host.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.list_vms 1.2.3.4 root bad-password

vsphere.power_off_vm:

Powers off a virtual machine specified by its name.

name
Name of the virtual machine

datacenter
Datacenter of the virtual machine

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.power_off_vm name=my_vm

vsphere.power_on_vm:

Powers on a virtual machine specified by its name.

name
Name of the virtual machine

datacenter
Datacenter of the virtual machine

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.power_on_vm name=my_vm

vsphere.register_vm:

Registers a virtual machine to the inventory with the given vmx file.
Returns comments and change list

name
Name of the virtual machine

datacenter
Datacenter of the virtual machine

placement
Placement dictionary of the virtual machine, host or cluster

vmx_path:
Full path to the vmx file, datastore name should be included

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

vsphere.remove_capacity_from_diskgroup:

Remove capacity disks from the disk group with the specified cache disk.

cache_disk_id
The canonical name of the cache disk.

capacity_disk_ids
A list containing canonical names of the capacity disks to add.

data_evacuation
Specifies whether to gracefully evacuate the data on the capacity disks
before removing them from the disk group. Default value is True.

safety_checks
Specify whether to perform safety check or to skip the checks and try
performing the required task. Default value is True.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.remove_capacity_from_diskgroup
cache_disk_id=’naa.000000000000001′
capacity_disk_ids='[naa.000000000000002, naa.000000000000003]’

vsphere.remove_datastore:

Removes a datastore. If multiple datastores an error is raised.

datastore
Datastore name

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.remove_datastore ds_name

vsphere.remove_diskgroup:

Remove the diskgroup with the specified cache disk.

cache_disk_id
The canonical name of the cache disk.

data_accessibility
Specifies whether to ensure data accessibility. Default value is True.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.remove_diskgroup cache_disk_id=’naa.000000000000001′

vsphere.remove_dvportgroup:

Removes a distributed virtual portgroup.

portgroup
Name of the portgroup to be removed.

dvs
Name of the DVS containing the portgroups.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.remove_dvportgroup portgroup=pg1 dvs=dvs1

vsphere.rename_datastore:

Renames a datastore. The datastore needs to be visible to the proxy.

datastore_name
Current datastore name.

new_datastore_name
New datastore name.

service_instance
Service instance (vim.ServiceInstance) of the vCenter/ESXi host.
Default is None.

CLI Example:

salt ‘*’ vsphere.rename_datastore old_name new_name

vsphere.service_restart:

Restart the named service for the given host or list of hosts.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

service_name
The name of the service for which to set the policy. Supported service names are:
– DCUI
– TSM
– SSH
– lbtd
– lsassd
– lwiod
– netlogond
– ntpd
– sfcbd-watchdog
– snmpd
– vprobed
– vpxa
– xorg

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to tell
vCenter the hosts for which to restart the service.

If host_names is not provided, the service will be restarted for the “host“
location instead. This is useful for when service instance connection information
is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.service_restart my.esxi.host root bad-password ‘ntpd’

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.service_restart my.vcenter.location root bad-password ‘ntpd’ host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.service_start:

Start the named service for the given host or list of hosts.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

service_name
The name of the service for which to set the policy. Supported service names are:
– DCUI
– TSM
– SSH
– lbtd
– lsassd
– lwiod
– netlogond
– ntpd
– sfcbd-watchdog
– snmpd
– vprobed
– vpxa
– xorg

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to tell
vCenter the hosts for which to start the service.

If host_names is not provided, the service will be started for the “host“
location instead. This is useful for when service instance connection information
is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.service_start my.esxi.host root bad-password ‘ntpd’

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.service_start my.vcenter.location root bad-password ‘ntpd’ host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.service_stop:

Stop the named service for the given host or list of hosts.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

service_name
The name of the service for which to set the policy. Supported service names are:
– DCUI
– TSM
– SSH
– lbtd
– lsassd
– lwiod
– netlogond
– ntpd
– sfcbd-watchdog
– snmpd
– vprobed
– vpxa
– xorg

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to tell
vCenter the hosts for which to stop the service.

If host_names is not provided, the service will be stopped for the “host“
location instead. This is useful for when service instance connection information
is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.service_stop my.esxi.host root bad-password ‘ssh’

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.service_stop my.vcenter.location root bad-password ‘ssh’ host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.set_advanced_configs:

Appends extra config parameters to a virtual machine advanced config list

vm_name
Virtual machine name

datacenter
Datacenter name where the virtual machine is available

advanced_configs
Dictionary with advanced parameter key value pairs

service_instance
vCenter service instance for connection and configuration

vsphere.set_ntp_config:

Set NTP configuration for a given host of list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

ntp_servers
A list of servers that should be added to and configured for the specified
host’s NTP configuration.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to tell
vCenter which hosts to configure ntp servers.

If host_names is not provided, the NTP servers will be configured for the
“host“ location instead. This is useful for when service instance connection
information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.ntp_configure my.esxi.host root bad-password ‘[192.174.1.100, 192.174.1.200]’

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.ntp_configure my.vcenter.location root bad-password ‘[192.174.1.100, 192.174.1.200]’ host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.set_service_policy:

Set the service name’s policy for a given host or list of hosts.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

service_name
The name of the service for which to set the policy. Supported service names are:
– DCUI
– TSM
– SSH
– lbtd
– lsassd
– lwiod
– netlogond
– ntpd
– sfcbd-watchdog
– snmpd
– vprobed
– vpxa
– xorg

service_policy
The policy to set for the service. For example, ‘automatic’.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to tell
vCenter the hosts for which to set the service policy.

If host_names is not provided, the service policy information will be retrieved
for the “host“ location instead. This is useful for when service instance
connection information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.set_service_policy my.esxi.host root bad-password ‘ntpd’ ‘automatic’

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.set_service_policy my.vcenter.location root bad-password ‘ntpd’ ‘automatic’ host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.system_info:

Return system information about a VMware environment.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.system_info 1.2.3.4 root bad-password

vsphere.test_vcenter_connection:

Checks if a connection is to a vCenter

CLI Example:

salt ‘*’ vsphere.test_vcenter_connection

vsphere.unregister_vm:

Unregisters a virtual machine defined by name and placement

name
Name of the virtual machine

datacenter
Datacenter of the virtual machine

placement
Placement information of the virtual machine

service_instance
vCenter service instance for connection and configuration

CLI Example:

salt ‘*’ vsphere.unregister_vm name=my_vm datacenter=my_datacenter

vsphere.update_cluster:

Updates a cluster.

config_dict
Dictionary with the config values of the new cluster.

datacenter
Name of datacenter containing the cluster.
Ignored if already contained by proxy details.
Default value is None.

cluster
Name of cluster.
Ignored if already contained by proxy details.
Default value is None.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

# esxdatacenter proxy
salt ‘*’ vsphere.update_cluster cluster_dict=$cluster_dict cluster=cl1

# esxcluster proxy
salt ‘*’ vsphere.update_cluster cluster_dict=$cluster_dict

vsphere.update_dvportgroup:

Updates a distributed virtual portgroup.

portgroup_dict
Dictionary with the values the portgroup should be update with
(example in salt.states.dvs).

portgroup
Name of the portgroup to be updated.

dvs
Name of the DVS containing the portgroups.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.update_dvportgroup portgroup_dict=<dict>
portgroup=pg1

salt ‘*’ vsphere.update_dvportgroup portgroup_dict=<dict>
portgroup=pg1 dvs=dvs1

vsphere.update_dvs:

Updates a distributed virtual switch (DVS).

Note: Updating the product info, capability, uplinks of a DVS is not
supported so the corresponding entries in “dvs_dict“ will be
ignored.

dvs_dict
Dictionary with the values the DVS should be update with
(example in salt.states.dvs)

dvs
Name of the DVS to be updated.

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.update_dvs dvs_dict=$dvs_dict dvs=dvs1

vsphere.update_host_datetime:

Update the date/time on the given host or list of host_names. This function should be
used with caution since network delays and execution delays can result in time skews.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter which hosts should update their date/time.

If host_names is not provided, the date/time will be updated for the “host“
location instead. This is useful for when service instance connection
information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.update_date_time my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.update_date_time my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.update_host_password:

Update the password for a given host.

Note: Currently only works with connections to ESXi hosts. Does not work with vCenter servers.

host
The location of the ESXi host.

username
The username used to login to the ESXi host, such as “root“.

password
The password used to login to the ESXi host.

new_password
The new password that will be updated for the provided username on the ESXi host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

salt ‘*’ vsphere.update_host_password my.esxi.host root original-bad-password new-bad-password

vsphere.update_storage_policy:

Updates a storage policy.

Supported capability types: scalar, set, range.

policy
Name of the policy to update.

policy_dict
Dictionary containing the changes to apply to the policy.
(example in salt.states.pbm)

service_instance
Service instance (vim.ServiceInstance) of the vCenter.
Default is None.

CLI Example:

salt ‘*’ vsphere.update_storage_policy policy=’policy name’
policy_dict=”$policy_dict”

vsphere.update_vm:

Updates the configuration of the virtual machine if the config differs

vm_name
Virtual Machine name to be updated

cpu
CPU configuration options

memory
Memory configuration options

version
Virtual machine container hardware version

image
Virtual machine guest OS version identifier
VirtualMachineGuestOsIdentifier

interfaces
Network interfaces configuration options

disks
Disks configuration options

scsi_devices
SCSI devices configuration options

serial_ports
Serial ports configuration options

datacenter
Datacenter where the virtual machine is available

datastore
Datastore where the virtual machine config files are available

cd_dvd_drives
CD/DVD drives configuration options

advanced_config
Advanced config parameters to be set for the virtual machine

service_instance
vCenter service instance for connection and configuration

vsphere.upload_ssh_key:

Upload an ssh key for root to an ESXi host via http PUT.
This function only works for ESXi, not vCenter.
Only one ssh key can be uploaded for root. Uploading a second key will
replace any existing key.

:param host: The location of the ESXi Host
:param username: Username to connect as
:param password: Password for the ESXi web endpoint
:param ssh_key: Public SSH key, will be added to authorized_keys on ESXi
:param ssh_key_file: File containing the SSH key. Use ‘ssh_key’ or
ssh_key_file, but not both.
:param protocol: defaults to https, can be http if ssl is disabled on ESXi
:param port: defaults to 443 for https
:param certificate_verify: If true require that the SSL connection present
a valid certificate. Default: True
:return: Dictionary with a ‘status’ key, True if upload is successful.
If upload is unsuccessful, ‘status’ key will be False and
an ‘Error’ key will have an informative message.

CLI Example:

salt ‘*’ vsphere.upload_ssh_key my.esxi.host root bad-password ssh_key_file=’/etc/salt/my_keys/my_key.pub’

vsphere.vmotion_disable:

Disable vMotion for a given host or list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter which hosts should disable VMotion.

If host_names is not provided, VMotion will be disabled for the “host“
location instead. This is useful for when service instance connection
information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.vmotion_disable my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.vmotion_disable my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.vmotion_enable:

Enable vMotion for a given host or list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter which hosts should enable VMotion.

If host_names is not provided, VMotion will be enabled for the “host“
location instead. This is useful for when service instance connection
information is used for a single ESXi host.

device
The device that uniquely identifies the VirtualNic that will be used for
VMotion for each host. Defaults to “vmk0“.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.vmotion_enable my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.vmotion_enable my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.vsan_add_disks:

Add any VSAN-eligible disks to the VSAN System for the given host or list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter which hosts need to add any VSAN-eligible disks to the host’s
VSAN system.

If host_names is not provided, VSAN-eligible disks will be added to the hosts’s
VSAN system for the “host“ location instead. This is useful for when service
instance connection information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.vsan_add_disks my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.vsan_add_disks my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.vsan_disable:

Disable VSAN for a given host or list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter which hosts should disable VSAN.

If host_names is not provided, VSAN will be disabled for the “host“
location instead. This is useful for when service instance connection
information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.vsan_disable my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.vsan_disable my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

vsphere.vsan_enable:

Enable VSAN for a given host or list of host_names.

host
The location of the host.

username
The username used to login to the host, such as “root“.

password
The password used to login to the host.

protocol
Optionally set to alternate protocol if the host is not using the default
protocol. Default protocol is “https“.

port
Optionally set to alternate port if the host is not using the default
port. Default port is “443“.

host_names
List of ESXi host names. When the host, username, and password credentials
are provided for a vCenter Server, the host_names argument is required to
tell vCenter which hosts should enable VSAN.

If host_names is not provided, VSAN will be enabled for the “host“
location instead. This is useful for when service instance connection
information is used for a single ESXi host.

verify_ssl
Verify the SSL certificate. Default: True

CLI Example:

# Used for single ESXi host connection information
salt ‘*’ vsphere.vsan_enable my.esxi.host root bad-password

# Used for connecting to a vCenter Server
salt ‘*’ vsphere.vsan_enable my.vcenter.location root bad-password host_names='[esxi-1.host.com, esxi-2.host.com]’

Delete Dead ALB from VCD

Posted on September 14, 2025 by Nithin Titta

Alb records are normally stored in the below tables, Since in my case, my ALB env was unrecoverable, delete the below record from VCD be fore adding a new integration

delete from gateway_lb_virtual_service;
delete from lb_seg_assignment;
delete from load_balancer_seg;
delete from gateway_load_balancer;
delete from load_balancer_cloud;
delete from load_balancer_controllers;

here’s the DB schema (from VCD10.6.1)

vcloud=# \d load_balancer_cloud
Table “public.load_balancer_cloud”
Column | Type | Collation | Nullable | Default
——————+————————+———–+———-+———
id | uuid | | not null |
name | character varying(128) | | not null |
description | character varying(256) | | |
lb_controller_id | uuid | | not null |
network_pool_id | uuid | | |
type | character varying(128) | | not null |
backing_id | character varying(128) | | not null |
Indexes:
“pk_load_bala_clo_id” PRIMARY KEY, btree (id)
“uq_load_bala_clo_lb_co_id_ba_i” UNIQUE CONSTRAINT, btree (lb_controller_id, backing_id)
“uq_load_bala_clo_name” UNIQUE CONSTRAINT, btree (name)
Foreign-key constraints:
“fk_load_bala_clo2load_bala_con” FOREIGN KEY (lb_controller_id) REFERENCES load_balancer_controllers(id)
“fk_load_bala_clo2network_pool” FOREIGN KEY (network_pool_id) REFERENCES network_pool(id)
Referenced by:
TABLE “gateway_load_balancer” CONSTRAINT “fk_gate_load_bal2load_bala_clo” FOREIGN KEY (lb_cloud_id) REFERENCES load_balancer_cloud(id) ON DELETE CASCADE
TABLE “load_balancer_seg” CONSTRAINT “fk_load_bala_seg2load_bala_clo” FOREIGN KEY (lb_cloud_id) REFERENCES load_balancer_cloud(id)

Proxmox! set persistent USB NIC bindings

Posted on July 5, 2025July 5, 2025 by Nithin Titta

find the ID_USB_SERIAL_SHORT of the USB NIC:

root@pve03:~# udevadm info /sys/class/net/enx803f5dfb4b73 | grep ID_USB_SERIAL_SHORT
E: ID_USB_SERIAL_SHORT=4013000001

grab mac address

root@pve03:~# ip a | grep -A 1  enx803f5dfb4b73
3: enx803f5dfb4b73: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 80:3f:5d:fb:4b:73 brd ff:ff:ff:ff:ff:ff
    inet 172.16.35.203/24 scope global enx803f5dfb4b73
       valid_lft forever preferred_lft forever

Create a new File with the below content

cat /etc/systemd/network/10-vusb2.link
[Match]
Property=ID_USB_SERIAL_SHORT=4013000001
[Link]
Name=enx7eth2
MACAddress=80:3f:5d:fb:4b:73

Nested Esxi, Silence unsupported controller health

Posted on December 11, 2024July 5, 2025 by Nithin Titta

Check check all

SSH to VCSA, USE rvc to log in to vcsa

vsan.health.silent_health_check_status vcsa01.ntitta.local/Cloud-DC01/computers/mgm02/

> vsan.health.silent_health_check_status vcsa01.ntitta.local/Cloud-DC01/computers/mgm02/
/opt/vmware/rvc/lib/rvc/lib/vsanhealth.rb:108: warning: calling URI.open via Kernel#open is deprecated, call URI.open directly or use URI#open
Silent Status of Cluster mgm02:
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Health Check                                                                                       | Health Check Id                       | Silent Status |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Capacity utilization                                                                               |                                       |               |
|   Cluster and host component utilization                                                           | nodecomponentlimit                    | Normal        |
|   Read cache reservations                                                                          | rcreservation                         | Normal        |
|   Storage space                                                                                    | diskspace                             | Normal        |
|   What if the most consumed host fails                                                             | limit1hf                              | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Cluster                                                                                            |                                       |               |
|   Advanced vSAN configuration in sync                                                              | advcfgsync                            | Normal        |
|   Disk format version                                                                              | upgradelowerhosts                     | Normal        |
|   ESA prescriptive disk claim                                                                      | ddsconfig                             | Normal        |
|   Host Maintenance Mode                                                                            | mmdecominsync                         | Normal        |
|   Maximum host number in vSAN over RDMA                                                            | rdmanodes                             | Normal        |
|   Resync operations throttling                                                                     | resynclimit                           | Normal        |
|   Software version compatibility                                                                   | upgradesoftware                       | Normal        |
|   Time is synchronized across hosts and VC                                                         | timedrift                             | Normal        |
|   VMware vCenter state is authoritative                                                            | vcauthoritative                       | Normal        |
|   VSAN ESA Conversion Health                                                                       | esaconversionhealth                   | Normal        |
|   vSAN Direct homogeneous disk claiming                                                            | vsandconfigconsistency                | Normal        |
|   vSAN Disk Balance                                                                                | diskbalance                           | Normal        |
|   vSAN Managed disk claim                                                                          | hcldiskclaimcheck                     | Normal        |
|   vSAN cluster configuration consistency                                                           | consistentconfig                      | Normal        |
|   vSAN daemon liveness                                                                             | clomdliveness                         | Normal        |
|   vSAN disk group layout                                                                           | dglayout                              | Normal        |
|   vSAN extended configuration in sync                                                              | extendedconfig                        | Normal        |
|   vSAN optimal datastore default policy configuration                                              | optimaldsdefaultpolicy                | Normal        |
|   vSphere Lifecycle Manager (vLCM) configuration                                                   | vsanesavlcmcheck                      | Normal        |
|   vSphere cluster members match vSAN cluster members                                               | clustermembership                     | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Data                                                                                               |                                       |               |
|   vSAN object format health                                                                        | objectformat                          | Normal        |
|   vSAN object health                                                                               | objecthealth                          | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Data-at-rest encryption                                                                            |                                       |               |
|   CPU AES-NI is enabled on hosts                                                                   | hostcpuaesni                          | Normal        |
|   VMware vCenter and all hosts are connected to Key Management Servers                             | kmsconnection                         | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.dualcloudhealth.testname                                 | dualencryption                        | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Data-in-transit encryption                                                                         |                                       |               |
|   Configuration check                                                                              | ditconfig                             | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| File Service                                                                                       |                                       |               |
|   File Server Health                                                                               | fileserver                            | Normal        |
|   Infrastructure Health                                                                            | host                                  | Normal        |
|   Share Health                                                                                     | sharehealth                           | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Hardware compatibility                                                                             |                                       |               |
|   Controller disk group mode is VMware certified                                                   | controllerdiskmode                    | Normal        |
|   Controller driver is VMware certified                                                            | controllerdriver                      | Normal        |
|   Controller firmware is VMware certified                                                          | controllerfirmware                    | Normal        |
|   Controller is VMware certified for ESXi release                                                  | controllerreleasesupport              | Normal        |
|   Controller with pass-through and RAID disks                                                      | mixedmode                             | Normal        |
|   HPE NVMe Solid State Drives - critical firmware upgrade required                                 | vsanhpefwtest                         | Normal        |
|   Host issues retrieving hardware info                                                             | hclhostbadstate                       | Normal        |
|   Host physical memory compliance check                                                            | hostmemcheck                          | Normal        |
|   NVMe device is VMware certified                                                                  | nvmeonhcl                             | Normal        |
|   Network (RDMA NIC: RoCE v2) driver/firmware is vSAN certified                                    | rdmanicsupportdriverfirmware          | Normal        |
|   Network (RDMA NIC: RoCE v2) is certified for ESXi release                                        | rdmanicsupportesxrelease              | Normal        |
|   Network (RDMA NIC: RoCE v2) is vSAN certified                                                    | rdmaniciscertified                    | Normal        |
|   Physical NIC link speed meets requirements                                                       | pniclinkspeed                         | Normal        |
|   RAID controller configuration                                                                    | controllercacheconfig                 | Normal        |
|   SCSI controller is VMware certified                                                              | controlleronhcl                       | Normal        |
|   vSAN HCL DB Auto Update                                                                          | autohclupdate                         | Normal        |
|   vSAN HCL DB up-to-date                                                                           | hcldbuptodate                         | Normal        |
|   vSAN and VMFS datastores on a Dell H730 controller with the lsi_mr3 driver                       | mixedmodeh730                         | Normal        |
|   vSAN configuration for LSI-3108 based controller                                                 | h730                                  | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Hyperconverged cluster configuration compliance                                                    |                                       |               |
|   Host compliance check for hyperconverged cluster configuration                                   | hosthciconfig                         | Normal        |
|   VDS compliance check for hyperconverged cluster configuration                                    | dvshciconfig                          | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Network                                                                                            |                                       |               |
|   Active multicast connectivity check                                                              | multicastdeepdive                     | Normal        |
|   All hosts have a dedicated vSAN Max Client vmknic configured in server cluster                   | vsanexternalvmknic                    | Normal        |
|   All hosts have a vSAN vmknic configured                                                          | vsanvmknic                            | Normal        |
|   All hosts have matching multicast settings                                                       | multicastsettings                     | Normal        |
|   Hosts disconnected from VC                                                                       | hostdisconnected                      | Normal        |
|   Hosts with LACP issues                                                                           | lacpstatus                            | Normal        |
|   Hosts with connectivity issues                                                                   | hostconnectivity                      | Normal        |
|   Hosts with duplicate IP addresses                                                                | duplicateip                           | Normal        |
|   Hosts with pNIC TSO issues                                                                       | pnictso                               | Normal        |
|   Multicast assessment based on other checks                                                       | multicastsuspected                    | Normal        |
|   Network latency check                                                                            | hostlatencycheck                      | Normal        |
|   No hosts in remote vSAN have multiple vSAN vmknics configured                                    | multiplevsanvmknic                    | Normal        |
|   Physical network adapter link speed consistency                                                  | pnicconsistent                        | Normal        |
|   RDMA Configuration Health                                                                        | rdmaconfig                            | Normal        |
|   Remote VMware vCenter network connectivity                                                       | xvcconnectivity                       | Normal        |
|   Server Cluster Partition                                                                         | serverpartition                       | Normal        |
|   vMotion: Basic (unicast) connectivity check                                                      | vmotionpingsmall                      | Normal        |
|   vMotion: MTU check (ping with large packet size)                                                 | vmotionpinglarge                      | Normal        |
|   vSAN Max Client Network connectivity check                                                       | externalconnectivity                  | Normal        |
|   vSAN cluster partition                                                                           | clusterpartition                      | Normal        |
|   vSAN: Advanced (https) connectivity check                                                        | interhostconnectivity                 | Normal        |
|   vSAN: Basic (unicast) connectivity check                                                         | smallping                             | Normal        |
|   vSAN: MTU check (ping with large packet size)                                                    | largeping                             | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Online health                                                                                      |                                       |               |
|   A possible storage capacity limitation with vSAN OSA versions 8.0U2 and 8.0U2b                   | lsomadvconfig                         | Normal        |
|   Advisor                                                                                          | advisor                               | Normal        |
|   Audit CEIP Collected Data                                                                        | auditceip                             | Normal        |
|   CNS Critical Alert - Patch available with important fixes                                        | cnspatchalert                         | Normal        |
|   Controller with pass-through and RAID disks                                                      | mixedmode                             | Normal        |
|   Coredump partition size check                                                                    | coredumpartitionsize                  | Normal        |
|   Critical vSAN patch is available for vSAN ESA                                                    | laurelalert                           | Normal        |
|   Customer advisory for HPE Smart Array                                                            | vsanhpesmartarraytest                 | Normal        |
|   Disks usage on storage controller                                                                | diskusage                             | Normal        |
|   Dual encryption applied to VMs on vSAN                                                           | dualencryption                        | Normal        |
|   ESXi system logs stored outside vSAN datastore                                                   | scratchconfig                         | Normal        |
|   End of general support for lower vSphere version                                                 | eoscheck                              | Normal        |
|   Fix is available for a critical vSAN software defect with Guest Trim/Unmap configuration enabled | unmaptest                             | Normal        |
|   HPE NVMe Solid State Drives - critical firmware upgrade required                                 | vsanhpefwtest                         | Normal        |
|   HPE SAS Solid State Drive                                                                        | hpesasssd                             | Normal        |
|   Hardware compatibility issue for witness appliance                                               | witnesshw                             | Normal        |
|   Important patch available for vSAN issue                                                         | fsvlcmpatchalert                      | Normal        |
|   Maximum host number in vSAN over RDMA                                                            | rdmanodesalert                        | Normal        |
|   Multiple VMs share the same vSAN home namespace                                                  | vmns                                  | Normal        |
|   Patch available for critical vSAN issue for All-Flash clusters with deduplication enabled        | patchalert                            | Normal        |
|   Physical network adapter link speed consistency                                                  | pnicconsistent                        | Normal        |
|   Proper vSAN network traffic shaping policy is configured                                         | dvsportspeedlimit                     | Normal        |
|   RAID controller configuration                                                                    | controllercacheconfig                 | Normal        |
|   Thick-provisioned VMs on vSAN                                                                    | thickprovision                        | Normal        |
|   Update release available for vSAN ESA                                                            | marigoldalert                         | Normal        |
|   Update release available for vSAN ESA                                                            | lavenderalert                         | Normal        |
|   Upgrade vSphere CSI driver with caution                                                          | csidriver                             | Normal        |
|   VM storage policy is not-recommended                                                             | policyupdate                          | Normal        |
|   VMware vCenter up to date                                                                        | vcuptodate                            | Normal        |
|   vSAN Advanced Configuration Check for Urgent vSAN ESA Patch                                      | zdomadvcfgenabled                     | Normal        |
|   vSAN Critical Alert - Release available for critical vSAN issue                                  | lilypatchalert                        | Normal        |
|   vSAN Support Insight                                                                             | vsanenablesupportinsight              | Normal        |
|   vSAN and VMFS datastores on a Dell H730 controller with the lsi_mr3 driver                       | mixedmodeh730                         | Normal        |
|   vSAN configuration check for large scale cluster                                                 | largescalecluster                     | Normal        |
|   vSAN configuration for LSI-3108 based controller                                                 | h730                                  | Normal        |
|   vSAN critical alert regarding a potential data inconsistency                                     | lilacdeltacomponenttest               | Normal        |
|   vSAN management server system resource check                                                     | vsanmgmtresource                      | Normal        |
|   vSAN max component size                                                                          | smalldiskstest                        | Normal        |
|   vSAN storage policy compliance up-to-date                                                        | objspbm                               | Normal        |
|   vSAN v1 disk in use                                                                              | v1diskcheck                           | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Performance service                                                                                |                                       |               |
|   All hosts contributing stats                                                                     | hostsmissing                          | Normal        |
|   Network diagnostic mode                                                                          | diagmode                              | Normal        |
|   Performance data collection                                                                      | collection                            | Normal        |
|   Performance service status                                                                       | perfsvcstatus                         | Normal        |
|   Stats DB object                                                                                  | statsdb                               | Normal        |
|   Stats DB object conflicts                                                                        | renameddirs                           | Normal        |
|   Stats primary election                                                                           | masterexist                           | Normal        |
|   Verbose mode                                                                                     | verbosemode                           | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Physical disk                                                                                      |                                       |               |
|   Component metadata health                                                                        | componentmetadata                     | Normal        |
|   Congestion                                                                                       | physdiskcongestion                    | Normal        |
|   Disk capacity                                                                                    | physdiskcapacity                      | Normal        |
|   Disks usage on storage controller                                                                | diskusage                             | Normal        |
|   Memory pools (heaps)                                                                             | lsomheap                              | Normal        |
|   Memory pools (slabs)                                                                             | lsomslab                              | Normal        |
|   Operation health                                                                                 | physdiskoverall                       | Normal        |
|   Physical disk component utilization                                                              | physdiskcomplimithealth               | Normal        |
|   Physical disk health retrieval issues                                                            | physdiskhostissues                    | Normal        |
|   Storage Vendor Reported Drive Health                                                             | phmhealth                             | Normal        |
|   vSAN max component size                                                                          | smalldiskstest                        | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| Stretched cluster                                                                                  |                                       |               |
|   Hardware compatibility issue for witness appliance                                               | witnessupgissue                       | Normal        |
|   Invalid preferred fault domain on witness host                                                   | witnesspreferredfaultdomaininvalid    | Normal        |
|   Invalid unicast agent                                                                            | hostwithinvalidunicastagent           | Normal        |
|   No disk claimed on witness host                                                                  | witnesswithnodiskmapping              | Normal        |
|   Preferred fault domain unset                                                                     | witnesspreferredfaultdomainnotexist   | Normal        |
|   Shared witness per cluster component limit scaled down                                           | sharedwitnesscomponentlimitscaleddown | Normal        |
|   Site latency health                                                                              | siteconnectivity                      | Normal        |
|   Unexpected number of data node in shared witness cluster                                         | sharedwitnessclusterdatahostnumexceed | Normal        |
|   Unexpected number of fault domains                                                               | clusterwithouttwodatafaultdomains     | Normal        |
|   Unicast agent configuration inconsistent                                                         | clusterwithmultipleunicastagents      | Normal        |
|   Unicast agent not configured                                                                     | hostunicastagentunset                 | Normal        |
|   Unsupported host version                                                                         | hostwithnostretchedclustersupport     | Normal        |
|   Witness appliance upgrade to vSphere 7.0 or higher with caution                                  | witnessupgrade                        | Normal        |
|   Witness host fault domain misconfigured                                                          | witnessfaultdomaininvalid             | Normal        |
|   Witness host not found                                                                           | clusterwithoutonewitnesshost          | Normal        |
|   Witness host within VMware vCenter cluster                                                       | witnessinsidevccluster                | Normal        |
|   Witness node is managed by vSphere Lifecycle Manager                                             | vlcmwitnessconfig                     | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| com.vmware.vsan.health.test.cloudhealth                                                            |                                       |               |
|   Patch available for critical vSAN issue for All-Flash clusters with deduplication enabled        | patchalert                            | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.checksummismatchcount.testname                           | checksummismatchcount                 | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.cloudhealthconfig.testname                               | vumconfig                             | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.cloudhealthrecommendation.testname                       | vumrecommendation                     | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.clusternotfound.testname                                 | clusternotfound                       | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.pausecount.testname                                      | pausecount                            | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.releasecataloguptodate.testname                          | releasecataloguptodate                | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.rxcrcerr.testname                                        | rxcrcerr                              | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.rxerr.testname                                           | rxerr                                 | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.rxfifoerr.testname                                       | rxfifoerr                             | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.rxmisserr.testname                                       | rxmisserr                             | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.rxoverr.testname                                         | rxoverr                               | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.txcarerr.testname                                        | txcarerr                              | Normal        |
|   com.vmware.vsan.health.test.cloudhealth.txerr.testname                                           | txerr                                 | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
| vSAN iSCSI target service                                                                          |                                       |               |
|   Home object                                                                                      | iscsihomeobjectstatustest             | Normal        |
|   LUN runtime health                                                                               | iscsilunruntimetest                   | Normal        |
|   Network configuration                                                                            | iscsiservicenetworktest               | Normal        |
|   Service runtime status                                                                           | iscsiservicerunningtest               | Normal        |
+----------------------------------------------------------------------------------------------------+---------------------------------------+---------------+
>

vsan.health.silent_health_check_configure vcsa01.ntitta.local/Cloud-DC01/computers/mgm-01 -a controlleronhcl

> vsan.health.silent_health_check_configure vcsa01.ntitta.local/Cloud-DC01/computers/mgm02 -a controlleronhcl
/opt/vmware/rvc/lib/rvc/lib/vsanhealth.rb:108: warning: calling URI.open via Kernel#open is deprecated, call URI.open directly or use URI#open
Successfully update silent health check list for mgm02
> vsan.health.silent_health_check_configure vcsa01.ntitta.local/Cloud-DC01/computers/mgm -a controlleronhcl
vcsa01.ntitta.local/Cloud-DC01/computers/mgm-01  vcsa01.ntitta.local/Cloud-DC01/computers/mgm02
> vsan.health.silent_health_check_configure vcsa01.ntitta.local/Cloud-DC01/computers/mgm -a controlleronhcl
vcsa01.ntitta.local/Cloud-DC01/computers/mgm-01  vcsa01.ntitta.local/Cloud-DC01/computers/mgm02
> vsan.health.silent_health_check_configure vcsa01.ntitta.local/Cloud-DC01/computers/mgm-01 -a controlleronhcl
/opt/vmware/rvc/lib/rvc/lib/vsanhealth.rb:108: warning: calling URI.open via Kernel#open is deprecated, call URI.open directly or use URI#open
Successfully update silent health check list for mgm-01

Nginx Proxy manager config for VMware Cloud Director 10.5

Posted on June 25, 2024 by Nithin Titta

Tested with VCD 10.5.1

In proxy host > advanced > add the below.

fastcgi_buffers 16 200k;
fastcgi_buffer_size 100k;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;

Nested Esxi vSAN sample scripts

Posted on June 15, 2023 by Nithin Titta

#! /usr/bin/pwsh
$user = '[email protected]'
# Import password from an encrypted file
$encryptedPassword = Import-Clixml -Path '/glabs/spec/vcsa_admin.xml'
$decryptedPassword = $encryptedPassword.GetNetworkCredential().Password



# Function to check if vCenter services are running
function Test-VCenterServicesRunning {
    $serviceInstance = Connect-VIServer -Server vcsa01.glabs.local -Username  $user -Password  $decryptedPassword -ErrorAction SilentlyContinue
    
    if ($serviceInstance -eq $null) {
        return $false
    }
    
    $serviceContent = Get-View -Id $serviceInstance.ExtensionData.content.ServiceInstance
    
    $serviceContent.serviceInfo.service | ForEach-Object {
        if ($_.running -eq $false) {
            Disconnect-VIServer -Server $vcServer -Confirm:$false
            return $false
        }
    }
    
    Disconnect-VIServer -Server $vcServer -Confirm:$false
    return $true
}

# Wait for vCenter services to start
Write-Host "Waiting for vCenter services to start..."

while (-not (Test-VCenterServicesRunning)) {
    Start-Sleep -Seconds 5
}

Write-Host "vCenter services are running. Connecting to vCenter..."




#connect to vc and add hosts
Connect-viserver vcsa01.glabs.local -User $user -Password $decryptedPassword

#crate datacenter and cluster
New-Datacenter -Location Datacenters  -Name cloud
New-Cluster -Name "management" -Location "cloud"

Add-VMHost -Name esxi01.Glabs.local -Location management -user 'root' -password 'bAdP@$$' -Force -Confirm:$false 
Add-VMHost -Name esxi02.Glabs.local -Location management -user 'root' -password 'bAdP@$$' -Force -Confirm:$false 
Add-VMHost -Name esxi03.Glabs.local -Location management -user 'root' -password 'bAdP@$$' -Force -Confirm:$false 
get-vmhost | Get-VMHostStorage -RescanAllHba -RescanVmfs


$cache = 'mpx.vmhba0:C0:T1:L0'
$data = 'mpx.vmhba0:C0:T2:L0'

#mask cache disk as ssd
$esx = Get-VMHost -Name esxi01.glabs.local
$storSys = Get-View -Id $esx.ExtensionData.ConfigManager.StorageSystem
$uuid = $storSys.StorageDeviceInfo.ScsiLun | where {$_.CanonicalName -eq $cache} 
$storSys.MarkAsSsd($uuid.Uuid)
$esx = Get-VMHost -Name esxi02.glabs.local
$storSys = Get-View -Id $esx.ExtensionData.ConfigManager.StorageSystem
$uuid = $storSys.StorageDeviceInfo.ScsiLun | where {$_.CanonicalName -eq $cache} 
$storSys.MarkAsSsd($uuid.Uuid)
$esx = Get-VMHost -Name esxi03.glabs.local
$storSys = Get-View -Id $esx.ExtensionData.ConfigManager.StorageSystem
$uuid = $storSys.StorageDeviceInfo.ScsiLun | where {$_.CanonicalName -eq $cache} 
$storSys.MarkAsSsd($uuid.Uuid)

#add vSAN service to portgroup
$VMKNetforVSAN = "iscsi_1"
Get-VMHostNetworkAdapter -VMKernel | Where {$_.PortGroupName -eq $VMKNetforVSAN }|Set-VMHostNetworkAdapter -VsanTrafficEnabled $true -Confirm:$false



#Create vSAN cluster
get-cluster management | Set-Cluster -VsanEnabled:$true -VsanDiskClaimMode Manual -Confirm:$false -ErrorAction SilentlyContinue

#wait for previous task to finish
start-sleep 60

#add disk disk groups
New-VsanDiskGroup -VMHost esxi01.glabs.local -SSDCanonicalName $cache -DataDiskCanonicalName $data
New-VsanDiskGroup -VMHost esxi02.glabs.local -SSDCanonicalName $cache -DataDiskCanonicalName $data
New-VsanDiskGroup -VMHost esxi03.glabs.local -SSDCanonicalName $cache -DataDiskCanonicalName $data

#mount nfs 
get-vmhost | New-Datastore -Nfs -Name iso -Path /volume1/iso -NfsHost iso.glabs.local -ReadOnly

#noidea why the above does not work for vsphere7 but running the below manualy on a deployed env preps it for vSAN, dont touch it if it aint broken?
get-cluster management | Set-Cluster -VsanEnabled:$true -VsanDiskClaimMode Manual -Confirm:$false -ErrorAction SilentlyContinue


disconnect-viserver -confirm:$false

vRA8, Sample blueprint to Deploy a Windows AD with Cloudinit.

Posted on June 15, 2023 by Nithin Titta

formatVersion: 1
inputs: {}
resources:
  Cloud_NSX_Network_1:
    type: Cloud.NSX.Network
    properties:
      networkType: existing
      constraints:
        - tag: net:vlan7
  Cloud_vSphere_Machine_1:
    type: Cloud.vSphere.Machine
    properties:
      imageRef: w22-cloudinit-instaclone/base
      cpuCount: 2
      totalMemoryMB: 3024
      networks:
        - network: ${resource.Cloud_NSX_Network_1.id}
          assignment: static
      cloudConfig: |
        #cloud-config
        users: 
          - 
            name: labadmin
            primary_group: administrators
            passwd: bAdP@$$  
            inactive: false            
          - 
            name: tseadmin
            primary_group: administrators
            passwd: bAdP@$$
            inactive: false
          -
            name: administrator
            primary_group: administrators
            passwd: bAdP@$$
            inactive: false
          -
        set_hostname: dc01
        runcmd: 
         - powershell.exe net user Administrator /passwordreq:yes
         - powershell.exe Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
         - powershell.exe Install-ADDSForest -CreateDnsDelegation:$false -DatabasePath "C:\Windows\NTDS" -DomainMode "WinThreshold" -DomainName "glabs.local" -DomainNetbiosName "GS" -ForestMode "WinThreshold" -InstallDns:$true -LogPath "C:\Windows\NTDS" -NoRebootOnCompletion:$false -SysvolPath "C:\Windows\SYSVOL" -Force:$true -SafeModeAdministratorPassword (ConvertTo-SecureString -AsPlainText "bAdP@$$" -Force)

IP ALLOCATE failed: Action run failed with the following error: (‘Error allocating in network or range: Failed to generate hostname. DNS suffix missing’, {})

Posted on May 4, 2023May 4, 2023 by Nithin Titta

Earlier this week, I was trying to integrate my test vRA deployment with Infoblox and all deployments failed with the error:

IP ALLOCATE failed: Action run failed with the following error: ('Error allocating in network or range: Failed to generate hostname. DNS suffix missing', {})

When looking at the Extensibility tab > action runs > (filter) change from user runs to all runs and look for a failed action: Infoblox_AllocateIP.

2023-05-04 15:01:07,914] [ERROR] - Error allocating in network or range: Failed to generate hostname. DNS suffix missing

[2023-05-04 15:01:07,914] [ERROR] - Failed to allocate from range network/ZG5zLm5ldHdvcmskMTAuMTA5LjI0LjAvMjEvMA:10.109.24.0/21/default: ('Error allocating in network or range: Failed to generate hostname. DNS suffix missing', {})

[2023-05-04 15:01:07,914] [ERROR] - No more ranges. Raising last error

('Error allocating in network or range: Failed to generate hostname. DNS suffix missing', {})

Finished running action code.

Exiting python process.

Traceback (most recent call last):

  File "/polyglot/function/source.py", line 171, in allocate_in_network_or_range

    host_record = HostRecordAllocation(range_id, resource, allocation, network_view, next_available_ip, context, endpoint)

  File "/polyglot/function/source.py", line 457, in __init__

    super().__init__(range_id, resource, allocation, network_view, next_available_ip, context, endpoint)

  File "/polyglot/function/source.py", line 392, in __init__

    self.hostname = generate_hostname(self.resource, self.range_id, self.allocation, self.context, self.endpoint["id"]) if self.dns_enabled else self.resource["name"]

  File "/polyglot/function/source.py", line 307, in generate_hostname

    raise Exception("Failed to generate hostname. DNS suffix missing")

Exception: Failed to generate hostname. DNS suffix missing



During handling of the above exception, another exception occurred:



Traceback (most recent call last):

  File "main.py", line 146, in <module>

    main()

  File "main.py", line 83, in main

    result = prepare_inputs_and_invoke(inputs)

  File "main.py", line 119, in prepare_inputs_and_invoke

    res = handler(ctx, inputs)

  File "/polyglot/function/source.py", line 29, in handler

    return ipam.allocate_ip()

  File "/polyglot/function/vra_ipam_utils/ipam.py", line 91, in allocate_ip

    result = self.do_allocate_ip(auth_credentials, cert)

  File "/polyglot/function/source.py", line 51, in do_allocate_ip

    raise e

  File "/polyglot/function/source.py", line 42, in do_allocate_ip

    allocation_result.append(allocate(resource, allocation, self.context, self.inputs["endpoint"]))

  File "/polyglot/function/source.py", line 78, in allocate

    raise last_error

  File "/polyglot/function/source.py", line 70, in allocate

    return allocate_in_network(range_id, resource, allocation, context, endpoint)

  File "/polyglot/function/source.py", line 155, in allocate_in_network

    endpoint)

  File "/polyglot/function/source.py", line 210, in allocate_in_network_or_range

    raise Exception(f"Error allocating in network or range: {str(e)}", result)

Exception: ('Error allocating in network or range: Failed to generate hostname. DNS suffix missing', {})

Python process exited.

There are 2 ways to remediate this.

Workaround 1: (if you do not care about adding the domain suffix to the records created on infoblox)
update your blueprint, add “Infoblox.IPAM.Network.enableDns: false” under properties for every type: cloud.vSphere.machine

resources:
  vCenterServer:
    type: Cloud.vSphere.Machine
    properties:
      Infoblox.IPAM.Network.enableDns: false
      name: Test
      imageRef: ${input.img_image_url}
      flavor: ${input.flavor}

The above deployment will ignore DNS suffix and will create a DNS record with the custom naming template as defined in the project (host name alone)

Workaround 2: If you do want the DNS records to be created with hostname + domain, then add the below to the blueprint:

resources:
  vCenterServer:
    type: Cloud.vSphere.Machine
    properties:
      Infoblox.IPAM.Network.dnsSuffix: lab.local
      name: Test
      imageRef: ${input.img_image_url}
      flavor: ${input.flavor}

with the above, the deployment will suffix the domain “lab.local” with the hostname and the respective DNS records will be created.

It took me a long time to figure this out. hopefully, this saves you a lot of time!

Cheers!

Troubleshooting saltconfig (aria config) Minion Deployment Failure

Posted on April 19, 2023June 15, 2023 by Nithin Titta

When troubleshooting a minion deployment failure, I would recommend hashing out the salt part of the blueprint and run this as a day2 task. This would help save significant deployment time and help focuss on the minion deployment issue alone.

So in my scenario, I Finished my deployment and run the salt as a day2 task which failed:

Navigate to Aria config(salt-config) web UI > activity > jobs > completed > Look for a deploy.minion task click on the JID (the long number to the right table of the job) and then click on raw:

so, this tells us that the script that was being executed failed and hence “Exit code: 1”

SSH to salt master and navigate to /etc/salt/cloud.profiles.d, you should see a conf with the the same vRA deployment name. in my case it was the second one from the below screenshot.

at this stage, you can manually call on salt-cloud with the debug flag so that you have realtime logging as the script attempts to connect to the remote host and bootstrap the minion.

The basic syntax is

salt-cloud -p profile_name VM_name -l debug

in my case:

salt-cloud -p ssc_Router-mcm770988a1-d535-4b24-b78b-2318f14911cd_profile test -l debug

Note: do not include the .conf in the profile name and the VM_name can be anything, it really does not matter in the current senario.

Typically, you want to look at the very end for the errors, In my case it was bad DNS.

[email protected]'s password: [DEBUG   ] [email protected]'s password:

[sudo] password for labadmin: [DEBUG   ] [sudo] password for labadmin:

 *  INFO: Running version: 2022.08.12
 *  INFO: Executed by: /bin/sh
 *  INFO: Command line: '/tmp/.saltcloud-3e1d4338-c7d1-4dbb-8596-de0d6bf587ec/deploy.sh -c /tmp/.saltcloud-3e1d4338-c7d1-4dbb-8596-de0d6bf587ec -x python3 stable 3005.1'
 *  WARN: Running the unstable version of bootstrap-salt.sh

 *  INFO: System Information:
 *  INFO:   CPU:          AuthenticAMD
 *  INFO:   CPU Arch:     x86_64
 *  INFO:   OS Name:      Linux
 *  INFO:   OS Version:   5.15.0-69-generic
 *  INFO:   Distribution: Ubuntu 22.04

 *  INFO: Installing minion
 *  INFO: Found function install_ubuntu_stable_deps
 *  INFO: Found function config_salt
 *  INFO: Found function preseed_master
 *  INFO: Found function install_ubuntu_stable
 *  INFO: Found function install_ubuntu_stable_post
 *  INFO: Found function install_ubuntu_res[DEBUG   ]  *  INFO: Running version: 2022.08.12
 *  INFO: Executed by: /bin/sh
 *  INFO: Command line: '/tmp/.saltcloud-3e1d4338-c7d1-4dbb-8596-de0d6bf587ec/deploy.sh -c /tmp/.saltcloud-3e1d4338-c7d1-4dbb-8596-de0d6bf587ec -x python3 stable 3005.1'
 *  WARN: Running the unstable version of bootstrap-salt.sh

 *  INFO: System Information:
 *  INFO:   CPU:          AuthenticAMD
 *  INFO:   CPU Arch:     x86_64
 *  INFO:   OS Name:      Linux
 *  INFO:   OS Version:   5.15.0-69-generic
 *  INFO:   Distribution: Ubuntu 22.04

 *  INFO: Installing minion
 *  INFO: Found function install_ubuntu_stable_deps
 *  INFO: Found function config_salt
 *  INFO: Found function preseed_master
 *  INFO: Found function install_ubuntu_stable
 *  INFO: Found function install_ubuntu_stable_post
 *  INFO: Found function install_ubuntu_res
tart_daemons
 *  INFO: Found function daemons_running
 *  INFO: Found function install_ubuntu_check_services
 *  INFO: Running install_ubuntu_stable_deps()
Ign:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
Ign:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
Ign:3 https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1 focal InRelease
Ign:4 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:5 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:6 http://in.archive.ubuntu.com/ubuntu jammy-security InRelease
[DEBUG   ] tart_daemons
 *  INFO: Found function daemons_running
 *  INFO: Found function install_ubuntu_check_services
 *  INFO: Running install_ubuntu_stable_deps()
Ign:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
Ign:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
Ign:3 https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1 focal InRelease
Ign:4 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:5 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:6 http://in.archive.ubuntu.com/ubuntu jammy-security InRelease
Ign:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
Ign:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
Ign:3 https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1 focal InRelease
Ign:4 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:5 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:6 http://in.archive.ubuntu.com/ubuntu jammy-security InRelease
[DEBUG   ] Ign:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
Ign:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
Ign:3 https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1 focal InRelease
Ign:4 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:5 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:6 http://in.archive.ubuntu.com/ubuntu jammy-security InRelease
Ign:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
Ign:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
Ign:3 https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1 focal InRelease
Ign:4 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:5 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:6 http://in.archive.ubuntu.com/ubuntu jammy-security InRelease
[DEBUG   ] Ign:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
Ign:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
Ign:3 https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1 focal InRelease
Ign:4 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
Ign:5 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
Ign:6 http://in.archive.ubuntu.com/ubuntu jammy-security InRelease
Err:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
  Temporary failure resolving 'in.archive.ubuntu.com'
Err:3 https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1 focal InRelease
  Temporary failure resolving 'repo.saltproject.io'
Err:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
  Temporary failure resolving 'packages.microsoft.com'
Err:4 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
  Temporary failure resolving 'in.archive.ubuntu.com'
Err:5 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
  Temporary failure resolving 'in.archive.ubuntu.com'
Err:6 http://in.archive.ubuntu.com/ubuntu jammy-security InRelease
  Temporary failure resolving 'in.archive.ubuntu.com'
Reading package lists...[DEBUG   ] Err:1 http://in.archive.ubuntu.com/ubuntu jammy InRelease
  Temporary failure resolving 'in.archive.ubuntu.com'
Err:3 https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1 focal InRelease
  Temporary failure resolving 'repo.saltproject.io'
Err:2 https://packages.microsoft.com/ubuntu/22.04/prod jammy InRelease
  Temporary failure resolving 'packages.microsoft.com'
Err:4 http://in.archive.ubuntu.com/ubuntu jammy-updates InRelease
  Temporary failure resolving 'in.archive.ubuntu.com'
Err:5 http://in.archive.ubuntu.com/ubuntu jammy-backports InRelease
  Temporary failure resolving 'in.archive.ubuntu.com'
Err:6 http://in.archive.ubuntu.com/ubuntu jammy-security InRelease
  Temporary failure resolving 'in.archive.ubuntu.com'
Reading package lists...
Connection to 10.109.30.5 closed.
[DEBUG   ] Connection to 10.109.30.5 closed.

 *  WARN: Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems.
Reading package lists...
Building dependency tree...
Reading state information...
wget is already the newest version (1.21.2-2ubuntu1).
ca-certificates is already the newest version (20211016ubuntu0.22.04.1).
gnupg is already the newest version (2.2.27-3ubuntu2.1).
apt-transport-https is already the newest version (2.4.8).
The following packages were automatically installed and are no longer required:
  eatmydata libeatmydata1 python3-json-pointer python3-jsonpatch
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 62 not upgraded.
 * ERROR: https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1/salt-archive-keyring.gpg failed to download to /tmp/salt-gpg-UclYVAky.pub
 * ERROR: Failed to run install_ubuntu_stable_deps()!!!
[DEBUG   ]  *  WARN: Non-LTS Ubuntu detected, but stable packages requested. Trying packages for previous LTS release. You may experience problems.
Reading package lists...
Building dependency tree...
Reading state information...
wget is already the newest version (1.21.2-2ubuntu1).
ca-certificates is already the newest version (20211016ubuntu0.22.04.1).
gnupg is already the newest version (2.2.27-3ubuntu2.1).
apt-transport-https is already the newest version (2.4.8).
The following packages were automatically installed and are no longer required:
  eatmydata libeatmydata1 python3-json-pointer python3-jsonpatch
Use 'sudo apt autoremove' to remove them.
0 upgraded, 0 newly installed, 0 to remove and 62 not upgraded.
 * ERROR: https://repo.saltproject.io/py3/ubuntu/20.04/amd64/archive/3005.1/salt-archive-keyring.gpg failed to download to /tmp/salt-gpg-UclYVAky.pub
 * ERROR: Failed to run install_ubuntu_stable_deps()!!!

The same can be done for windows minion deployment troubleshooting too!!

VMware PowerCli installation fails

Posted on September 7, 2022 by Nithin Titta

VMware powerCli installation fails with the below:

PS C:\Users\Administrator> Install-Module -Name VMware.PowerCLI                                                                                                                                                                                 NuGet provider is required to continue                                                                                  PowerShellGet requires NuGet provider version '2.8.5.201' or newer to interact with NuGet-based repositories. The NuGet  provider must be available in 'C:\Program Files\PackageManagement\ProviderAssemblies' or                               'C:\Users\Administrator\AppData\Local\PackageManagement\ProviderAssemblies'. You can also install the NuGet provider by  running 'Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force'. Do you want PowerShellGet to install   and import the NuGet provider now?                                                                                      [Y] Yes  [N] No  [S] Suspend  [?] Help (default is "Y"): y

Untrusted repository
You are installing the modules from an untrusted repository. If you trust this repository, change its
InstallationPolicy value by running the Set-PSRepository cmdlet. Are you sure you want to install the modules from
'PSGallery'?
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help (default is "N"): y
PackageManagement\Install-Package : The module 'VMware.VimAutomation.Sdk' cannot be installed or updated because the
authenticode signature of the file 'VMware.VimAutomation.Sdk.cat' is not valid.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:1809 char:21
+ ...          $null = PackageManagement\Install-Package @PSBoundParameters
+                      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (Microsoft.Power....InstallPackage:InstallPackage) [Install-Package],
   Exception
    + FullyQualifiedErrorId : InvalidAuthenticodeSignature,ValidateAndGet-AuthenticodeSignature,Microsoft.PowerShell.P
   ackageManagement.Cmdlets.InstallPackage

Workaround: install PowerShell by skipping publisher checks:

install-module vmware.powercli -scope AllUsers -force -SkipPublisherCheck -AllowClobber

Cause: This is due to the fact that the certificate we used to sign the modules was replaced with a new one from a new publisher.

A self hosted blog

Author: Nithin Titta