Get ESXi CIM via vCenter with PowerCLI.
Update 07/12/2015:Add parameter MaxEnvelopeSizeKB
Default value was too small while working with “OMC_DiscreteSensor” and end up with the error:
Get-CimInstance : The response that the WS-Management service computed exceed the internal limit for envelope size.
There are already many great resources on how to obtain ESXi CIM information.
I have combined many of them to create the script below.
Get-VMhostCimInstance
function Get-VMhostCimInstance{
<#
.DESCRIPTION
This function use a PowerCLI vmhost, member of a vCenter server, as a parameter and return a CimInstance.
.NOTES
Author: Christophe Calvet
Based on scripts from Luc Dekens / Alan Renouf / Carter Shanklin
Blog: http://thecrazyconsultant.com/
.PARAMETER Namespace
Specifies the namespace of the class for the new instance.
The default namespace is root/cimv2.
.PARAMETER VMHost
One or many PowerCli VMHost object
.PARAMETER ClassName
Specifies the name of the CIM class of which the operation creates an instance.
.PARAMETER SkipCACheck
Switch: Indicates that when connecting over HTTPS, the client does not validate that the server certificate is signed by a trusted certification authority (CA).
.PARAMETER SkipCNCheck
Switch: Indicates that the certificate common name (CN) of the server does not need to match the hostname of the server.
.PARAMETER SkipRevocationCheck
Switch: Indicates that the revocation check for server certificates is skipped.
.PARAMETER MaxEnvelopeSizeKB
Specifies the size limit of WsMan XML messages for either direction.
.EXAMPLE
get-vmhost "MyHost" | Get-VMhostCIMInstance -ClassName "VMware_Privilege"
get-vmhost "MyHost" | Get-VMhostCIMInstance -ClassName "OMC_Chassis" -SkipCACheck -SkipCNCheck -SkipRevocationCheck
(get-vmhost "MyHost" | Get-VMhostCIMInstance -namespace 'root/interop' -ClassName "CIM_RegisteredProfile" -SkipCACheck -SkipCNCheck -SkipRevocationCheck).CimSystemProperties
#>
param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)]
[VMware.VimAutomation.ViCore.Impl.V1.Inventory.VMHostImpl]$VMhost,
[string]$Namespace = 'root/cimv2',
[Parameter(Mandatory=$TRUE)]
[string]$ClassName,
[Switch]$SkipCACheck,
[Switch]$SkipCNCheck,
[Switch]$SkipRevocationCheck,
[uint32]$MaxEnvelopeSizeKB = 1024
)
process{
Try{
$SessionID = ($VMhost.extensiondata.AcquireCimServicesTicket()).sessionID
$password = $SessionID | ConvertTo-SecureString -asPlainText -Force
$username = $SessionID
$PSCredential = New-Object System.Management.Automation.PSCredential ($username, $password)
$CimSessionOptionParameters = @{
Encoding = 'Utf8'
UseSsl = $true
MaxEnvelopeSizeKB = $MaxEnvelopeSizeKB
}
if($SkipCACheck){
$CimSessionOptionParameters.Add("SkipCACheck",$true)
}
if($SkipCNCheck){
$CimSessionOptionParameters.Add("SkipCNCheck",$true)
}
if($SkipRevocationCheck){
$CimSessionOptionParameters.Add("SkipRevocationCheck",$true)
}
$CimSessionOption = New-CimSessionOption @CimSessionOptionParameters
$Session = New-CimSession -Authentication Basic -Credential $PSCredential -ComputerName $VMhost -port 443 -SessionOption $CimSessionOption
Switch -wildcard($ClassName){
"VMware_*" {$ResourceUri = "http://schemas.vmware.com/wbem/wscim/1/cim-schema/2/$ClassName"}
"OMC_*" {$ResourceUri = "http://schema.omc-project.org/wbem/wscim/1/cim-schema/2/$ClassName"}
"CIM_*" {$ResourceUri = "http://schemas.dmtf.org/wbem/wscim/1/cim-schema/2/$ClassName"}
}
Get-CimInstance -CimSession $Session -Namespace $Namespace -ResourceUri $ResourceUri
}
Catch{
Write-error $_
}
}
}
Key concepts:
Parameter $VMhost
It must be a VMHostImpl object, in others words a VMHost object returned by Get-VMhost
ValueFromPipeline=$true so it is possible to use this function in this way for example
get-cluster "MyCluster" | get-vmhost | Get-VMhostCIMInstance -ClassName "OMC_Chassis" -SkipCACheck -SkipCNCheck -SkipRevocationCheck
Based on CIM PowerShell cmdlets
AcquireCimServicesTicket()
This is normally used for CIM authentication for Lockdown Mode.
However this is also very convenient to obtain CIM information for ESXi hosts connected to vCenter instead of individual connection to each ESXi host.
PowerShell Splatting
In this script used with $CimSessionOptionParameters.
I discovered this in a script from Luc Dekens. (Please refer to resources)
This is actually very handy and a good reason to not focus only on PowerCLI ressources but learn as much as possible from PowerShell as well.
Switch -wildcard($ClassName)
Prevent many if/else.
ResourceUri
This is based on WS-Management Resource URI
What ClassName are available?
From a VMware point of view please refer to VMware CIM SMASH/Server Management API Reference
Some third party products will also add new ClassName / Namespace. I am doing investigation on this topic but in the meantime it will be necessary to obtain information from third party vendors.
Listing Registered Profile
Listing Registered Profile is possible with:
(get-vmhost "MyHost" | Get-VMhostCIMInstance -namespace 'root/interop' -ClassName "CIM_RegisteredProfile" -SkipCACheck -SkipCNCheck -SkipRevocationCheck).CimSystemProperties
Resources:
VMware documentation
https://www.vmware.com/support/developer/cim-sdk/index.html
http://pubs.vmware.com/vsphere-60/topic/com.vmware.sdk.doc/GUID-4406C028-AD55-4349-A6B8-09150B561438.html
Luc Dekens
https://communities.vmware.com/thread/467436
Alan Renouf
http://www.virtu-al.net/2012/10/29/using-powershell-v3-0-cim-cmdlets-with-vmware-esxi-hosts/
Carter Shanklin
http://blogs.vmware.com/PowerCLI/2009/03/monitoring-esx-hardware-with-powershell.html
Next challenge:
Find a way to list all ClassName available in a Namespace.
It should be possible in one way or another.The VMware CIM Browser Guide
Get-CimClass doesn’t seem to work in this context unfortunately.
Pingback: PowerCLI study guide from rookie to guru - TheCrazyConsultant
Pingback: PowerCLI study guide – core concepts - The Crazy Consultant
Authentication against ESXi 6.5U1 doesn’t work anymore. I’ve get always Permission denied from New-CimSession. 6.0 Hosts are wokring fine in the same vCennter 6.5U1. Does anyone have an idea?