VMware vidm api: “User is not authorized to perform the task” [Generate OAuth Bearer Token]

issue: For one of the automation task for vmware vidm get attribute api, for admin user the code was failing.
It was giving error message “User is not authorized to perform the task”

After creating the Remote App Access client, generate an OAuth bearer token.

Create Remote app client:


Download and install the Postman app. You can download Postman from https://getpostman.com

Steps to generate Oatuh Bearer token

VMware VCSA 6.x backup using ansible

Recently, I have one project requirement where i have to use vmware rest api and ansible to take the vcsa backup. In this blog we will first explore vcsa apiexplorer and traverse to rest api for backup

we need to open: https:<vcsa fqdn or ip>/apiexplorer

Select the appliance from the drop down and traverse to the backup job

explore POST /appliance/recover/backup/job . It will have parameter values

These are the option we will be using while coding in ansible. parts option you can get from vcsa vami console.

SEAT is optional.

After exploring api, its time to look into ansible. First part would be login to vcsa apiexplore. This require authentication.

VCSA login using rest api /ansible code snip

As explain above for backup request body, same way for ansible we need write json file

Now we need to write the backup task in ansible yaml file

So backup.yaml will contain login and backup task. Backup task will be calling json file , which contain vcsa backup config info.

Check VMware VCSA certs validity using Ansible and RestAPI

Recently a requirement came, where VMware VCSA 6.x compliance need to be checked using Ansible.  Vendor wants to use VMware RestApi [Not interested to use VMware Python SDK].

Note: VMware Ansible module comes with VMware Python SDK [PyVmomi]. This compliance check was having

ssh , ipv6, ntp, CA certs, DNS check and set (in case of value has changed).  Most of the option was available except CA cert check. Below yaml code has three parts;

  • VCSA login
  • cert fetch
  • logging


This is used for Product hardening!!


Autodeploy Image: An error occurred while generating the image [Entry is too large to be added]

This issue occurred with below environment:

vcsa 6.5, embedded vum,autodeploy and image builder service enabled.

  • For image customization we mapped more images [ approx 2 GB] so it was not allowing to map new image, and throwing below error message
Error while Autodeploy Image... An error occurred while generating the image : Error : An error occurred while performing the task Entry is too large to be added to cache, please remove any imported depots you are not using...
  • Delete the images, which are not in-use, or apply the below workaround [increase the cacheSize]
cat /etc/vmware-imagebuilder/sca-config/imagebuilder-config.propsloglevel=INFO

ls -lh /storage/imagebuilder/exports/
total 361M

Go in vcsa --> Administrator-->System Configuration-->Services

Restart Auto Deploy

Restart ImageBuilder Service



How to set vrops [vrealize operation manager] forgotten root password

Recently, in my testing environment i forgot the root password. I did the following step to reset password:

-Restart the vrops node

-Edit the Boot option “init=/bin/bash”

Boot Options vga=0x311 elevator=noop noexec=on nousb audit=1 init=/bin/bash

-Once system boots, type below command:

"passwd root"

It will prompt for new password. Provide the new password and reboot the system!!!

pyVmomi module: Script for fetching hardware information from ESXi

import argparse
from pyVmomi import vim
from pyVim.connect import SmartConnect,Disconnect
import atexit
import ssl

def validate_options():
  parser = argparse.ArgumentParser(description='input parameters')
  parser.add_argument('-d','--dest_host',dest='dhost',required=True,help='The ESxi destination host IP')
  parser.add_argument('-v','--vc_host',dest='vchost',required=False,help='The VC ip')
  parser.add_argument('-u','--vc_user',dest='vcuser',required=True,help='VC username')
  parser.add_argument('-p','--vc_pass',dest='vcpasswd',required=True,help='VC passwd')
  args = parser.parse_args()
  return args

def getHostID(content,dhost):
  if content.searchIndex.FindByIp(None,dhost,False):
    host = content.searchIndex.FindByIp(None,dhost,False)
    host = content.searchIndex.FindByDnsName(None,dhost,False)
  return host

def get_HostInfo(content,dhost):
   search_index = content.searchIndex
   root_folder =  content.rootFolder
   view_ref = content.viewManager.CreateContainerView(container=root_folder,type=[vim.HostSystem], recursive=True)
   host = view_ref.view[0]
   #print host.name
   print 'UUID INFO %s' %(host.summary.hardware.uuid)
   print 'Hardware Model %s' %(host.summary.hardware.model)
   print '%s Server has %s Biosversion'%(host.hardware.biosInfo.vendor,host.hardware.biosInfo.biosVersion)
   print '{0}'.format("Vendor Name").ljust(20)+ '{0}'.format("Device Name").ljust(120)+ '{0}'.format("Slot").ljust(30)+ '{0}'.format('Device ID').ljust(10)
   print '*************************************************************************************************************************************************************************************************'
   for i in pcilist:
     a = i.vendorName
     b = i.deviceName
     c = i.deviceId
     d = i.slot
     print '{0}'.format(a).ljust(20)+ '{0}'.format(b).ljust(120)+ '{0}'.format(d).ljust(30)+ '{0}'.format(c).ljust(10)
     #print '%s has devicename %s and  device ID %s'%(i.vendorName,i.deviceName,i.deviceId)
   print '*********************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************' 
def main():
  opts = validate_options()
  if opts.vchost:
    print 'Connecting to vcenter and collecting sensor info for %s' %opts.dhost
    print 'Connecting to esxi host for %s' %opts.dhost
    opts.vchost = opts.dhost
  si = SmartConnect(host=opts.vchost, user=opts.vcuser, pwd=opts.vcpasswd)
  content = si.RetrieveContent()
  #print content
  hostinfo = get_HostInfo(content,opts.dhost)
  hostid = getHostID(content,opts.dhost)
  print '{0}'.format("Sensor").ljust(30)+ '{0}'.format("Sensor Detail").ljust(90)+ '{0}'.format('Status').ljust(10)+ '{0}'.format('Reading').ljust(10) +'{0}'.format('Units').ljust(13)+ '{0}'.format('Summary').ljust(20)
  print '**************************************************************************************************************************************************************************************************************'
  for i in sensorinfo:
    j = i.healthState
    print '{0}'.format(c).ljust(30)+ '{0}'.format(i.name).ljust(90)+ '{0}'.format(j.label).ljust(10)+ '{0}'.format(a).ljust(10) + '{0}'.format(b).ljust(13)+ '{0}'.format(j.summary).ljust(20)

if __name__ =='__main__':
How to run this script : 

python <name of script> -v <vc server> -d <esxi host which hardware want to list> -u <vc user name> -p <vc password>

This script is written in python. I have used the  pyVmomi module.

vSphere On-disk Metadata Analyzer (VOMA)

VOMA helps in performing VMFS file system metadata checks. This utility scans the VMFS volume metadata and highlights any inconsistencies.

VOMA provides four modules, and except for lvm, each of them has a fix function:

lvm-  Checks datastore’s logical device header,logical volume header and physical extent mapping

  • vmfs – This module checks vmfs hearder,resource file, heartbeat region, file descriptor ,connectivity etc.0
  • ptbl –  Module checks the partition table and provide table structure.
    • Phase 1: Checking device for valid primary GPT
    • Phase 2: Checking device for a valid backup GPT
    • Phase 3: Checking device for valid MBR table
    • Phase 4: Searching for valid file system headers
voma [OPTIONS] -m module -d device

-m, --module      Name of the module to run.

                    Available Modules are

                      1. lvm

                      2. vmfs

                      3. ptbl

-f, --func        Function(s) to be done by the module.

                     Options are

                       query   - list functions supported by module

                       check   - check for Errors

                       fix     - check & fix

                       dump    - collect metadata dump

-d, --device      Device/Disk to be used

-s, --logfile     Path to file, redirects the output to given file

-x, --extractDump Extract the dump collected using VOMA

-D, --dumpfile    Dump file to save the metadata dump collected

-v, --version     Prints voma version and exit.

-h, --help        Print this help message.

voma -m vmfs -f check -d /vmfs/devices/disks/naa.xxxx:x

voma -m vmfs -f dump -d /vmfs/devices/disks/naa.xxxx:x -D dumpfilename
voma -m vmfs -f check -d /vmfs/devices/disks/<device-id>

Checking if device is actively used by other hosts

Initializing VMFS Checker..|Scanning for VMFS-3/VMFS-5 host activity (512 bytes/HB, 2048 HBs).

Found 3  actively heartbeating hosts on device '/vmfs/devices/disks/<device id>

1): MAC address

2): MAC address

3): MAC address
voma -m ptbl -f check -d /vmfs/devices/disks/<device id>

Running Partition table checker version 0.1 in check mode

Phase 1: Checking device for valid primary GPT

Phase 2: Checking device for a valid backup GPT

Phase 3: Checking device for valid MBR table

Phase 4: Searching for valid file system headers

No valid LVM headers detected

pyVmomi rpm for centos7

pyVmomi is the Python SDK for the VMware vSphere API that allows you to manage ESX, ESXi, and vCenter. pyVmomi is available on git.


I have created a rpm format of same pyVmomi SDK for centos7.  This rpm will be installed in the /opt folder on your centos 7.

Below is the Spec file:

%define BUILD pyvmomi_master.1.0.1.x86_64
Summary: Pyvmomi package
Name: pyvmomi_master
Release: 1.0
Version: 1
License: Apache License 2.0
Requires: python-six
Requires: python-requests
Requires: python-setuptools
BuildArch: noarch

This package contains the vSphere python SDK

* Fri Jul 14 2017 Amit <amit@openwriteup.com> 1-1.0
- Pyvmomi 6.5

Once you install the rpm, it will be in the /opt/pyvmomi-master folder.

 rpm -ivh pyvmomi_master-1-1.0.noarch.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:pyvmomi_master-1-1.0             ################################# [100%]

################################# [100%]
[root@devbox noarch]# ls /opt/pyvmomi-master/
docs  LICENSE.txt  MANIFEST.in  NOTICE.txt  pyVim  pyVmomi  README.rst  requirements.txt  sample  setup.cfg  setup.py  test-requirements.txt  tests  tox.ini

Post installation of the package, we need to run following step:

[root@devbox pyvmomi-master]# python setup.py –help
Common commands: (see ‘–help-commands’ for more)

setup.py build      will build the package underneath ‘build/’
setup.py install    will install the package

 python setup.py install
running install
running bdist_egg
running egg_info
creating pyvmomi.egg-info
writing requirements to pyvmomi.egg-info/requires.txt
writing pyvmomi.egg-info/PKG-INFO
writing top-level names to pyvmomi.egg-info/top_level.txt
writing dependency_links to pyvmomi.egg-info/dependency_links.txt
writing manifest file 'pyvmomi.egg-info/SOURCES.txt'
reading manifest file 'pyvmomi.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'pyvmomi.egg-info/SOURCES.txt'

What’s New in vSphere 6.5: vCenter management clients

vSphere 6.5 VMware introduced html5 support.

In older release VMware was providing two types of clients:

– vSphere Client [ exe installer]

– vSphere Web client [flash based]

vSphere Client, from vSphere 5.5 onwards started  providing lot of restriction. VMware stopped latest virtual hardware vendor support, other core feature configuration from vSphere client.

In case of vSphere Web client [flash based], its performance was not up to mark to handle big environment. This flash based solution has lot of performance issues.

In vSphere 6.5, VMware has two types of clients:

HTML5 [vSphere client]

Flash [vSphere Web Client]

HTML5 [vSphere client]:VMware agrees that Flash is not the solution for the long-term. Our long-term direction is to utilize HTML5. In vSphere 6.5, we have released a supported version of an HTML5 based web client which we call “vSphere Client”. The vSphere Client is part of the vCenter Server (both appliance and Windows) and is configured to work out of the box.

Access Url:  https://<ip or fqdn of VC>/ui

Note:This HTML5 based client was originally released as a fling back in March 2016 and has been releasing a new version every week.


vSphere Web Client: The vSphere Client (HTML5) released in vSphere 6.5 has a subset of features of the vSphere Web Client (Flash/Flex). Until the vSphere Client achieves feature parity, we might continue to enhance and/or add new features to vSphere Web Client.


Cloud Foundry

Cloud Foundry is an open platform as a service, providing a choice of clouds, developer frameworks and application services.

In cloud era, the application platform will be delivered as a service, often described as Platform as a Service (PaaS).Cloud Foundry is an open source project and is available through a variety of private cloud distributions and public cloud instances.

Cloud native stack , this is layered stack. Below diagram shows the cloud native stack of cloud foundry.

Cloud native stack

Its a stack, which provides your software  a environment to run. This layer provides a platform to run developer software. This is four layer stack.

Infrastructure layer [ IAAS]: This enables the complete stack. This layer provides resource. This layer can be aws,vmware vSphere,vCloud air or openstack or Microsoft azure. The kind of operation this layer provides :Provision a server, install vm on server, install os on the vm and operations on the vm [ start,stop]. This layer automate all the operation.Basically all the vendor provides the api to automate the complete IAAS layer operations. This API provide is cloud provide interface [CPI]

Infrastructure Automation: This layer takes care of CPI automation. In case of cloud foundry Bosh take care of automating Cloud provider interface. This will take care of provisioning of vm, creating of database vm,patching,upgrading or high availability etc, This layer will automate all the infrastructure operations task. In case of cloud foundry, BOSH automates all the infra task. If we package our software and provides to BOSH,  BOSH will take care of all the provisioning and configuration

RUNTIME Layer: This is cloud foundry layer. This layer is also called Elastic run time layer as well. This layer containerized the application. It takes care of Domain,routing and complete orchestration. This layer of take care of all the the orchestration task. All kind of scaling can be also orchestrated in this layer.

Application Layer: In this layer all the programming languages comes. This provides the environment for programming languages. This not only provides the environment also provide the supported library as well. It also contains lot of middleware,databases . As developer, need to take care of application rest of the stuff will be take are.

Just like aws lamda, it only provide the environment to developer. You need not to worry about which OS its running, what networking etc. Every thing is fully orchestrated. It has scaling , HA kind of features as well…

This link provides details : https://github.com/cloudfoundry