使用 GOVC 開啟/關閉 ESXi 主機服務

###### tags: `govc` `vmware` `api` # 使用 GOVC 開啟/關閉 ESXi 主機服務 [toc] ## 準備 GOVC ### 安裝請參考 [**govc@github**](https://github.com/vmware/govmomi/tree/master/govc) 說明進行[下載及安裝](https://github.com/vmware/govmomi/releases)。若是 Linux 平台可以採用下列方式。 ```bash # extract govc binary to /usr/local/bin # note: the "tar" command must run with root permissions $ curl -L -o - "https://github.com/vmware/govmomi/releases/latest/download/govc_$(uname -s)_$(uname -m).tar.gz" | sudo tar -C /usr/local/bin -xvzf - govc ``` 安裝完成後輸入 **`govc version`** 檢視安裝版本。 ```bash $ govc version govc 0.27.1 ``` ### 連接 vCenter Server 資訊至少提供 govc 以下環境變數以利連接 vCenter Server。 | 名稱 | 說明 | | :--- | :--- | | **GOVC_URL** |URL of ESXi or vCenter instance to connect to | | **GOVC_USERNAME** | USERNAME to use if not specified in GOVC_URL | | **GOVC_PASSWORD** | PASSWORD to use if not specified in GOVC_URL | | GOVC_INSECURE | Disable certificate verification | 若使用 Linux(BASH) 系統可以使用 **`export`**，Windows 系統可以使用 **`set`** 來設定系統環境變數。為了簡便後續使用可以將以下資訊儲存至檔案或直接寫入程式中。 ```bash ## connectVc ## Linux(BASH) export GOVC_URL="https://192.168.1.1" export GOVC_USERNAME="administrator@vsphere.local" export GOVC_PASSWORD="password" export GOVC_INSECURE="true" export GOVC_DATACENTER="Datacenter" export GOVC_CLUSTER="Cluster" export GOVC_DATASTORE="Datastore" ## 輸入以下命令便可建立環境變數 $ source connectVc ``` :::info **`GOVC_DATACENTER`**, **`GOVC_CLUSTER`**,**`GOVC_DATASTORE`** 等環境變數並非必要，後續可透過 govc 命令取得，若環境單純為了便利性，最好就直接加上。 ::: :::warning Windows 系統應該也可透過 **Powershell** 或是使用 **WSL(Windows Subsystem for Linux ) - BASH** 來完成相同動作。 ::: ### 連線 vCenter Server ```bash $ source connectVc $ govc about FullName: VMware vCenter Server 7.0.3 build-18700403 Name: VMware vCenter Server Vendor: VMware, Inc. Version: 7.0.3 Build: 18700403 OS type: linux-x64 API type: VirtualCenter API version: 7.0.3.0 Product ID: vpx UUID: c6b3cf98-f987-411b-a1b5-b06c216988f1 ``` 如果顯示 vCenter Server 相關資訊，就表示已正常連接 vCenter。 ## 檢視 ESXi 主機服務 GOVC 透過 vSphere API 在終端環境來達成 vSphere Client 可完成的大多數動作，可以簡化管理者日常維運，進而朝向自動化的目標。要檢視 ESXi 主機服務，可以使用 **`govc host.service.ls`** 進行查看。 ```bash $ govc host.service.ls -host.ip 192.168.100.1 Key Policy Status Label DCUI on Running Direct Console UI TSM on Running ESXi Shell TSM-SSH on Running SSH hbr-agent on Running hbr-agent lbtd on Running Load-Based Teaming Daemon lwsmd on Running Active Directory Service ntpd on Running NTP Daemon pcscd off Stopped PC/SC Smart Card Daemon sfcbd-watchdog on Stopped CIM Server snmpd on Stopped SNMP Server vmsyslogd on Running Syslog Server vmware-fdm on Running vSphere High Availability Agent vpxa on Running VMware vCenter Agent xorg on Stopped X.Org Server ``` :::info - **policy** 指的是服務**啟動原則(Startup Policy)**，一般有 **手動(off)** 和 **自動-隨主機動作(on)**。 - 如果加入叢集（cluster）的 ESXi 主機是透過 IP 位址的，**`-host.ip`** 可以用 **`-host`** 替代。 - 實際環境可以透過 **`govc find / -type h`** 命令查詢。 ```bash $ govc find / -type h /Datacenter/host/Cluster/192.168.100.1 /Datacenter/host/Cluster/192.168.100.2 /Datacenter/host/Cluster/192.168.100.3 ``` ::: 是不是很簡單？只要一行命令，便可輕鬆顯示出 ESXi 主機目前運行的服務。如果使用 ESXi UI 來完成相同動作： 1. 管理者必須先打開瀏覽器 2. 輸入帳密資訊登入 3. 在 **Navigator** 點選 **Manage** > **Services** 相信在管理成本來看，採用那一種方式是比較有效率的？接下來的要進行調整 ESXi 主機服務的動作，更能看出差異。 :::warning 但這種方式並非沒有缺點，除非對於 API 與其開發語言熟悉，要不然使用功能會有所限制。 ::: - ESXi UI ![](https://i.imgur.com/riYZJms.png) - vCSA vSphere Client(HTML 5) ![](https://i.imgur.com/6hxHgvQ.png) ### 調整服務啟閉接著將把重點放在 **TSM**(ESXi Shell) 和 **TSM-SSH**(SSH) 這兩個服務。其他服務也可按此要領進行。另外對於功能也將重點說明，其他詳細部份還請自行研習。 ### 取得服務詳細狀態可以透過 **`govc host.service.ls -json`** 輸出 JSON 格式來檢視較詳細資訊。這裡我們需要了解 **`Running`（執行）** 和 **`Policy`（啟動原則）** 兩個狀態資訊。 :::info **jq** 是用來解析 JSON 格式很棒的工具 [[參考]](https://stedolan.github.io/jq/) ::: ```bash $ govc host.service.ls -json -host.ip 192.168.100.1 | jq '.[] | select(.Key == "TSM" or .Key == "TSM-SSH")' { "Key": "TSM", "Label": "ESXi Shell", "Required": false, "Uninstallable": false, "Running": true, "Ruleset": null, "Policy": "on", "SourcePackage": { "SourcePackageName": "esx-base", "Description": "This VIB contains all of the base functionality of vSphere ESXi." } } { "Key": "TSM-SSH", "Label": "SSH", "Required": false, "Uninstallable": false, "Running": true, "Ruleset": null, "Policy": "on", "SourcePackage": { "SourcePackageName": "esx-base", "Description": "This VIB contains all of the base functionality of vSphere ESXi." } } ``` 從以上資訊可以知道 **TSM** 和 **TSM-SSH** 兩個服務目前**執行**和**啟動原則**的狀態都是**開啟**的。根據這個邏輯，我們只要將 **`Status`** 和 **`Policy`** 狀態取出就好，可以利用下列命令來達成。 ```bash $ govc host.service.ls -json -host.ip 192.168.100.1 | jq '.[] | select(.Key == "TSM" or .Key == "TSM-SSH")' | jq '{Service: .Key, Name: .Label, Status: .Running, Policy: .Policy}' { "Serice": "TSM", "Name": "ESXi Shell", "Status": true, "Policy": "on" } { "Serice": "TSM-SSH", "Name": "SSH", "Status": true, "Policy": "on" } ``` 好了，接著透過 **`govc host.service ACTION ID`** 命令來啟閉 ESXi 主機服務看看。 :::info - **`ACTION`** 包含 start, stop, restart, status, enbable, disable - **`ID`** 指定服務的 Key ::: - 設定 SSH 服務的啟動原則為手動。 ```bash $ govc host.service -json -host.ip 192.168.100.1 disable TSM-SSH $ govc host.service.ls -json -host.ip 192.168.100.1 | jq '.[] | select(.Key == "TSM-SSH")' | jq '{Serice: .Key, Name: .Label, Status: .Running, Policy: .Policy}' { "Serice": "TSM-SSH", "Name": "SSH", "Status": true, "Policy": "off" } ``` - 關閉 SSH 服務 ```bash $ govc host.service -json -host.ip 192.168.100.1 stop TSM-SSH $ govc host.service.ls -json -host.ip 192.168.100.1 | jq '.[] | select(.Key == "TSM-SSH")' | jq '{Serice: .Key, Name: .Label, Status: .Running, Policy: .Policy}' { "Serice": "TSM-SSH", "Name": "SSH", "Status": false, "Policy": "off" } ``` 很好，讓我們最後一次從 ESXi UI 跟 vSphere Client 確認這些資訊了。 - 顯示 **TSM-SSH** 服務已經關閉。 ![](https://i.imgur.com/aOWcmMZ.png) - 顯示 **TSM-SSH** 服務已關閉及啟動原則已改為手動。 ![](https://i.imgur.com/XYmcrj1.png) ## 利用程式啟閉服務讓我們將程式的功能簡單一些，就是單純的啟閉服務，先暫時不管錯誤檢測。根據上面測試的經驗可以撰寫 BASH 腳本檔。 ### 環境參數檔 **`env.conf`** ```txt= GOVC_URL="https://192.168.1.1" GOVC_USERNAME="administrator@vsphere.local" GOVC_PASSWORD="yourpassword" GOVC_INSECURE="true" HOSTS=("192.168.100.1" "192.168.100.2" "192.168.100.3") SERVICES=("TSM" "TSM-SSH") ``` ### 關閉服務 **`stopService.sh`** ```bash= #!/bin/bash ## set environment env_conf='env.conf' source "${env_conf}" ## disable and stop TSM, TSM-SSH services for host in ${HOSTS[@]}; do for service in ${SERVICES[@]}; do govc host.service -host.ip ${host} disable ${service} echo -e " - disabled:\t[OK]" govc host.service -host.ip ${host} stop ${service} echo -e " - stopped:\t[OK]" done done ``` **執行結果** ```bash $ stopService.sh * ESXi: 192.168.100.1 - disabled: [OK] - stopped: [OK] - disabled: [OK] - stopped: [OK] * ESXi: 192.168.100.2 - disabled: [OK] - stopped: [OK] - disabled: [OK] - stopped: [OK] * ESXi: 192.168.100.3 - disabled: [OK] - stopped: [OK] - disabled: [OK] - stopped: [OK] ``` ### 開啟服務 **`startService.sh`** ```bash= #!/bin/bash ## set environment env_conf='env.conf' source "${env_conf}" ## start TSM, TSM-SSH services for host in ${HOSTS[@]}; do echo -e "\n* ESXi: ${host}" for service in ${SERVICES[@]}; do echo " > [${service}]" govc host.service -host.ip ${host} start ${service} echo -e " - started:\t[OK]" done ``` **執行結果** ```bash $ startService.sh * ESXi: 192.168.100.1 > [TSM] - started: [OK] > [TSM-SSH] - started: [OK] * ESXi: 192.168.100.2 > [TSM] - started: [OK] > [TSM-SSH] - started: [OK] * ESXi: 192.168.100.3 > [TSM] - started: [OK] > [TSM-SSH] - started: [OK] ``` ### 檢視服務 **`statusService.sh`** ```bash= #!/bin/bash ## set environment env_conf='env.conf' source "${env_conf}" ## check TSM, TSM-SSH services for host in ${HOSTS[@]}; do echo "> Check services on [${host}]" govc host.service.ls -json -host.ip ${host} \ | jq '.[] | select(.Key == "TSM" or .Key == "TSM-SSH")' | jq '{Service: .Key, Name: .Label, Status: .Running, Policy: .Policy}' done ``` **執行結果** ```bash > Check services on [192.168.100.1] { "Service": "TSM", "Name": "ESXi Shell", "Status": true, "Policy": "on" } { "Service": "TSM-SSH", "Name": "SSH", "Status": true, "Policy": "off" } > Check services on [192.168.100.2] { "Service": "TSM", "Name": "ESXi Shell", "Status": true, "Policy": "off" } { "Service": "TSM-SSH", "Name": "SSH", "Status": true, "Policy": "off" } > Check services on [192.168.100.3] { "Service": "TSM", "Name": "ESXi Shell", "Status": true, "Policy": "off" } { "Service": "TSM-SSH", "Name": "SSH", "Status": true, "Policy": "off" } ``` 希望未來 VMware 對於 **GOVC** 能夠增加更多功能，透過這種方式至少可以簡化一般管理工作。另外也希望大家能集思廣益，看看 **GOVC** 還有哪些功能可以發揮，以增加管理工作效能！ ## 參考可以修改內容撰寫簡單的執行錯誤判斷，增加程式可用性。 ### 範例程式1 **`stopService.sh`** ```bash= #!/bin/bash env_conf='env.conf' source "${env_conf}" for host in ${HOSTS[@]}; do echo -e "\n* ESXi: ${host}" for service in ${SERVICES[@]}; do echo " - [${service}]" govc host.service -host.ip ${host} disable ${service} 2> /dev/null if [ $? -ne 0 ]; then echo -e " - disabled:\t[Failed]" else echo -e " - disabled:\t[OK]" fi govc host.service -host.ip ${host} stop ${service} 2> /dev/null if [ $? -ne 0 ]; then echo -e " - stopped:\t[Failed]" else echo -e " - stopped:\t[OK]" fi done done ``` **執行結果** ```bash $ ./stopService.sh * ESXi: 192.168.100.1 - [TSM] - disabled: [Failed] - stopped: [Failed] - [TSM-SSH] - disabled: [Failed] - stopped: [Failed] * ESXi: 192.168.100.2 - [TSM] - disabled: [OK] - stopped: [OK] - [TSM-SSH] - disabled: [OK] - stopped: [OK] * ESXi: 192.168.100.3 - [TSM] - disabled: [OK] - stopped: [OK] - [TSM-SSH] - disabled: [OK] - stopped: [OK] ``` ### 範例程式2 **`statusService.sh`** ```bash= #!/bin/bash env_conf='env.conf' source "${env_conf}" function checkStatus () { status=$(govc host.service.ls -json -host.ip ${host} | jq -r ".[] | select(.Key == \"${service}\") | (.Running|tostring) + \":\" + .Policy") running=$(echo ${status} | cut -d: -f1 | sed -e 's/true/開啟/' -e 's/false/關閉/') policy=$(echo ${status} | cut -d: -f2 | sed -e 's/on/自動/' -e 's/off/手動/') } for host in ${HOSTS[@]}; do echo -e "\n* ESXi: ${host}\n" printf " %-12s %-10s %-10s\n" "服務" "狀態" "啟用原則" printf " %-10s %-8s %-10s\n" "--------" "------" "--------" for service in ${SERVICES[@]}; do checkStatus printf " %-10s %-10s %-10s\n" "${service}" "${running}" "${policy}" done done ``` **執行結果** ```bash * ESXi: 192.168.100.1 服務狀態啟用原則 -------- ------ -------- TSM 關閉手動 TSM-SSH 關閉手動 * ESXi: 192.168.100.2 服務狀態啟用原則 -------- ------ -------- TSM 關閉手動 TSM-SSH 關閉手動 * ESXi: 192.168.100.3 服務狀態啟用原則 -------- ------ -------- TSM 關閉手動 TSM-SSH 關閉手動 ``` ## 其他分享 ### [GOVC 安裝及基礎測試](https://hackmd.io/@farmer87/govc) ### [使用 GOVC 更新 ESXi 主機 root 密碼](https://hackmd.io/@farmer87/govc_account_update) ### [使用即時克隆 (Instant Clone) 複製虛擬機 - Part 3 (GOVC)](https://hackmd.io/@farmer87/instantclone-3) ### [使用 GOVC 安裝 Fedora CoreOS 於 vSphere 環境](https://hackmd.io/@farmer87/govc-coreos) ### [使用 Docker 方式來操作 GOVC](https://hackmd.io/@farmer87/podman_govc)