The vCNS(vShield) practical CLI use is limited from a configuration perspective, but you may need to interact with these from time to time. Troubleshooting /debugging sessions/log purging come to mind.
The options for getting the job done:
1. Interact with the vCNS Manager virtual machine console in vCenter (not great for debugging, or reading the long exception output)
2. SSH (ssh server is enabled from the console: vsm> enable, vsm# ssh start)
Expect works well with the vtysh pseudo-terminal used for the vCNS Manager console. I tried and failed (due to errors interacting with the terminal). If you manage multiple vCNS environments, it makes sense to wrap the interactions into these expect scripts. Here’s a small example expect script to change the CLI password from the default.
#!/usr/bin/expect -f # Synop: SSH to vCNS Appliance console. Auth. Enter priv mode. Auth Enter global config. Change the # default password. # SSH <vsm#ip> # enable [enter] # default [enter] # config t [enter] # cli password %passwword> [enter] # end [enter] # wr mem # spawn ssh admin@1.2.3.4 expect "password: " send "default\r" expect ">" send "en\r" expect "Password: " send "default\r" expect "#" send "config t\r" expect "#" send "cli password mYn3wp@ssw0rd\r" expect "#" send "\r" send "exit\r"
If your operational policy is to update your password every few months; you will find yourself revisiting a script like this. For passing commands to multiple vCNS Managers, you can extend the script to spawn connections based on a list (outside the scope of this post).
@gabe_rosas