http://www.virtuallyghetto.com/2010/05/getting-started-with-vma.html - (Getting started guide)
http://www.simonlong.co.uk/blog/2010/05/28/using-vma-as-your-esxi-syslog-server/ - Setting up a syslog srver
Bulk add hosts to the vMA http://www.virtuallyghetto.com/p/vmware-vma-vima.html
name the vMA "domainjoin-cli name <Computername>"
Join the Domain "domainjoin-cli join <username>"
Add the user to the list of sudoers on the vMA
sudo nano /etc/sudoers
at the bottom of the file
add the following
%domainname//domain^admins ALL =(ALL) ALL
This allows the users within the domain admins group to sudo within the VMA
To allow domain admins to log on locally and act as root on the ESX servers , the group ESX Admins must be created in AD , add Domain Admins to this group.
The ESX server periodically check for the existence of this group , if it is present it adds it to the administrators group on the ESX server
We can now log on to the VMA box with our AD account and the ESX servers with our AD account.
unfortunately within the VMA the ESX servers are still configured to use fastpass authentication
( vifp listservers -l )
Run the following for each of the hosts to change them to use adauth instead of fpauth
(fast pass authentication)
vifp reconfigure esxhost.domainname --authpolicy adauth
Each time you logon to vMA set the target as the virtual center and you will not be prompted for your credentials when running commands against the hosts
vifptarget --set <vcentreserver>
Your prompt should be as follows
[domain\username@vmahostname ~][vcenter.domainname]$
you should be able to issue vicfg-nics -l --vihost esxserver and not be prompted for credentials
Resxtop
a limitiation of resxtop is that each time you want to switch between servers you will need to re-enter your credentials, there is no secure way around this.
It is possible to pipe your password in clear text
echo "password" | resxtop --server xxx --username user -b -d 15 -n 9 | ....
No comments:
Post a Comment