vShield/vCNS 5.1x CLI Operations using Expect

The vCNS(vShield) practical CLI use is limited from a configuration perspective, but you may need to interact with these from time to time.  Troubleshooting /debugging sessions/log purging come to mind.

The options for getting the job done:

1.  Interact with the vCNS Manager virtual machine console in vCenter (not great for debugging, or reading the long exception output)

2.  SSH (ssh server is enabled from the console: vsm> enable, vsm# ssh start)

Expect works well with the vtysh pseudo-terminal used for the vCNS Manager console.   I tried and failed (due to errors interacting with the terminal).   If you manage multiple vCNS environments, it makes sense to wrap the interactions into these expect scripts.  Here’s a small example expect script to change the CLI password from the default.

#!/usr/bin/expect -f
# Synop: SSH to vCNS Appliance console. Auth. Enter priv mode. Auth Enter global config. Change the 
# default password.
# SSH <vsm#ip> # enable [enter] # default [enter] # config t [enter]
# cli password %passwword> [enter] # end [enter] # wr mem
spawn ssh admin@
expect "password: "
send "default\r"
expect ">"
send "en\r"
expect "Password: "
send "default\r"
expect "#"
send "config t\r"
expect "#"
send "cli password mYn3wp@ssw0rd\r"
expect "#"
send "\r"
send "exit\r"

If your operational policy is to update your password every few months; you will find yourself revisiting a script like this.  For passing commands to multiple vCNS Managers, you can extend the script to spawn connections based on a list (outside the scope of this post).



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s