PowerCLI

 View Only

  • 1.  Configure SNMPv3 on ESXi using PowerCLI

    Posted Mar 27, 2020 07:28 PM

    I'm trying to configure SNMPv3 in ESXi.  I've been able to accomplish this on a host using ESXCLI.  I need to convert this to a powercli script to deploy to the rest of our environment.   The code below works for all snmp parameters except for "users."  I'm struggling with the syntax.  Note that I'm using ESXCLI version 1 as this is being added to a massive configuration script that was written using version 1.

     

     

    If I try the following code using a string to enter the "users" properties I get the an error.

     

    PS C:\Users\user1> $esxhost = "labhost.domain.net"

    $esxCli = Get-EsxCli -VMHost $esxhost

    $esxCli.system.snmp.set("SHA1", "1a2b3c4d5e", $true, "1234567890", "indications", $true, "info", $null, 161, "AES128", $null, $null, $null, $null, "Servmon/123456789/123456789/priv", $null) | out-null

    # test outside postinstall

    $esxCli.system.snmp.get()

    Message: EsxCLI.CLIFault.summary;

    InnerText: Can not resolve target destination to IP address: ServmonEsxCLI.CLIFault.summary

    At line:3 char:1

    + $esxCli.system.snmp.set("SHA1", "1a2b3c4d5e", $true, "1234567890", "i ...

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        + CategoryInfo          : OperationStopped: (:) [], MethodFault

        + FullyQualifiedErrorId : VMware.VimAutomation.Sdk.Types.V1.ErrorHandling.VimException.MethodFault

     

     

    authentication : SHA1

    communities    : {1a2b3c4d5e}

    enable         : true

    engineid       : 1234567890

    hwsrc          : indications

    largestorage   : true

    loglevel       : info

    notraps        :

    port           : 161

    privacy        : AES128

    remoteusers    :

    syscontact     :

    syslocation    :

    targets        :

    users          :

    v3targets      :

     

     

     

    If I use $null for "users" property it works.

     

    PS C:\Users\user1> $esxhost = "labhost.domain.net"

    $esxCli = Get-EsxCli -VMHost $esxhost

    $esxCli.system.snmp.set("SHA1", "1a2b3c4d5e", $true, "1234567890", "indications", $true, "info", $null, 161, "AES128", $null, $null, $null, $null, $null, $null) | out-null

    # test outside postinstall

    $esxCli.system.snmp.get()

     

     

    authentication : SHA1

    communities    : {1a2b3c4d5e}

    enable         : true

    engineid       : 1234567890

    hwsrc          : indications

    largestorage   : true

    loglevel       : info

    notraps        :

    port           : 161

    privacy        : AES128

    remoteusers    :

    syscontact     :

    syslocation    :

    targets        :

    users          :

    v3targets      :

     

     

    This is the ESXCLI code that works.

    Configuring SNMP v1/v2c/v3 Using ESXCLI 5.1 - VMware vSphere Blog 

     

    esxcli system snmp set –engineid 766d77617265

    esxcli system snmp set –authentication SHA1

    esxcli system snmp set –privacy AES128

    esxcli system snmp hash -r -A secret1234 -X secret5678

    esxcli system snmp set –users william/f9f7311379046ebcb5d134439ee5b7754da8a90f/d300f16eec59fb3b7ada7844ff764cbf4641fe5f/priv

    esxcli system snmp set –v3targets pod23-esx-01a.pml.local@161/william/priv/trap

    esxcli system snmp set –enable true

    esxcli system snmp test



  • 2.  RE: Configure SNMPv3 on ESXi using PowerCLI

    Posted Mar 27, 2020 07:33 PM

    Before digging in deeper, just a quick question.
    Why can't you use the V2 version of the Get-EsxCli cmdlet.
    It would make your life a lot easier, especially for passing parameters.

    Since you are using the Get-EsxCli it would just be a matter of adding the V2 switch.



  • 3.  RE: Configure SNMPv3 on ESXi using PowerCLI

    Posted Mar 27, 2020 08:35 PM
    Good question.  This is being added to our primary configuration script which is currently writter using version 1.  Its a little over 800 lines of code and we just haven't had a good enough reason to spend time updating it.  This may prove to be a good enough reason if we can't get this to work.


  • 4.  RE: Configure SNMPv3 on ESXi using PowerCLI

    Posted Mar 27, 2020 08:45 PM

    This is the syntax listed in the help

    PS C:\GitRepo\esx-build\hosts-clusters> $esxCli.system.snmp

     

    ===================

    EsxCliElement: snmp

     

       Methods:

       --------

       AgentConfig get()

       SNMPv3Hash hash(string authhash, string privhash, boolean rawsecret)

       boolean set(string authentication, string communities, boolean enable, string engineid, string hwsrc, boolean largestorage, string loglevel, string notraps, long

    port, string privacy, string remoteusers, boolean reset, string syscontact, string syslocation, string targets, string users, string v3targets)

       AgentTest test(string authhash, string privhash, boolean rawsecret, string user)

       string Help()

       string Help(string methodName)

     

     

    PS C:\Users\user1> $esxcli.system.snmp.help("set")

     

    - users              | Set up to five local users. Format is: user/-|auth-hash/-|priv-hash/model[,...] Where user is 32 chars max. '-' indicates no hash. Model is one of (none|auth|priv).



  • 5.  RE: Configure SNMPv3 on ESXi using PowerCLI

    Posted Mar 27, 2020 09:03 PM

    There are a couple of advantages, imho, when using the V2 version.

    - You can get a list with all the required arguments for a method. This includes the names and attributes of each argument

    - You don't have to provide all the arguments. No more counting arguments and juggling with $null values.

    For example, the get the arguments for the call you are trying to do, you can call the CreateArgs methods.

    This output can be captured and used as a parameter to the Invoke method.

    $esxCli = Get-EsxCli -VMHost $esxhost -V2

    $esxcli.system.snmp.set.CreateArgs()

    This outputs

    Name             Value

    ----             -----

    privacy          Unset, ([string], optional)

    enable           Unset, ([boolean], optional)

    syslocation      Unset, ([string], optional)

    engineid         Unset, ([string], optional)

    notraps          Unset, ([string], optional)

    remoteusers      Unset, ([string], optional)

    hwsrc            Unset, ([string], optional)

    reset            Unset, ([boolean], optional)

    authentication   Unset, ([string], optional)

    syscontact       Unset, ([string], optional)

    users            Unset, ([string], optional)

    v3targets        Unset, ([string], optional)

    communities      Unset, ([string], optional)

    port             Unset, ([long], optional)

    loglevel         Unset, ([string], optional)

    targets          Unset, ([string], optional)

    largestorage     Unset, ([boolean], optional)


    As you notice all properties are optional.
    When we capture this output in a variable, we can assign values.

    $esxCli = Get-EsxCli -VMHost $esxhost -V2

    $a = $esxcli.system.snmp.set.CreateArgs()

    $a['authentication'] = 'SHA1'

    $a['users'] = 'william/f9f7311379046ebcb5d134439ee5b7754da8a90f/d300f16eec59fb3b7ada7844ff764cbf4641fe5f/priv'

    $a['v3targets'] = 'pod23-esx-01a.pml.local@161/william/priv/trap'

    $a['enable'] = $true

    $esxcli.system.snmp.set.Invoke($a)

    To check the result we call the get

    $esxcli.system.snmp.get.Invoke()

    A more detailed explanation of the V2 version can be found in PowerCLI 6.3 R1: Get-ESXCLI Why the V2?



  • 6.  RE: Configure SNMPv3 on ESXi using PowerCLI

    Posted Mar 01, 2024 10:12 PM

    I created a PowerShell script to configure the SNMPv3 for the ESXi hosts. It's available in https://github.com/sfitpro/ESXi.SNMP3



  • 7.  RE: Configure SNMPv3 on ESXi using PowerCLI

    Posted Mar 01, 2024 10:25 PM

    Please don't cross-post on multiple threads