Tuesday, August 18, 2015

vMA 6.0 esxcli thumbprint

By now everyone should be upgraded to the vMA 6.0 and you've got your ESXi hosts linked in through vifastpass. But now you get those stupid thumbprint error messages ala KB2108416.

Do not fear, the fix is simple ish.
  • gather together your esxi thumbprints. There's probably a one-liner that could do this, I found this 2012 virtuallyghetto link that'll hook it together: lamw saves the day again
  • ~> cd /usr/lib/vmware-vcli/apps/general
  • ~> ./credstore_admin.pl add --server <server name in vifp> --thumbprint <thumbprint>
Now,  something interesting happened after the first time I ran this command. The default credstore is /home/vi-admin/.vmware/credstore/vmacredentials.xml and I thought that there would be a new line in the xml with the thumbprint but there wasn't.. a new file is created in that directory called vicredentials.xml (version 1.1 vs version 1.0 in vmacredentials.xml) and has the host you just ran the credstore_admin script in <thumbprintEntry>.

So your next step can be to run credstore_admin.pl against all the ESXi hosts you have OR you can manually edit the vicredentials.xml file with all the info. Your choice. Use William's option 3 to gather the thumbprints and just add the credstore command to the for loop. Easy peasy.

If I was really smart I'd update /opt/vmware/vma/samples/perl/bulkAddServers.pl to get the thumbprint. Looks like it doesn't enter it...

1 comment:

  1. Why is such an old version of Bash the one running on the current build of vMA 6? Vuln to Shellshock CVE-2014-6277 (probably, tested as vuln).