ESXCLI Overview
This section gives an overview of ESXCLI commands and how to use them. See Getting Started with vSphere Command-Line Interfaces for details.
ESXCLI Commands Available on Different ESXi Hosts
When you run an ESXCLI vCLI command, you must know the commands supported on the target host. For example, if you run commands against ESXi 5.x hosts, ESXCLI 5.x commands are supported. If you run commands against ESXi 6.0 hosts, ESXCLI 6.0 commands are supported.
Some commands or command outputs are determined by the host type. In addition, VMware partners might develop custom ESXCLI commands that you can run on hosts where the partner VIB has been installed.
Run esxcli --server <target> --help for a list of namespaces supported on the target. You can drill down into the namespaces for additional help.
Important ESXCLI on ESX 4.x hosts does not support targeting a vCenter Server system. You can therefore not run ESXCLI commands with --server pointing to a vCenter Server system even if you install vCLI 5.0.
Trust Relationship Requirement for ESXCLI Commands
Starting with vSphere 6.0, ESXCLI checks whether a trust relationship exists between the machine where you run the ESXCLI command and the ESXi host. An error results if the trust relationship does not exist.
To establish the trust relationship, you have these options.
Downloading and Installing the vCenter Server Certificate
You can download the vCenter Server root certificate using a Web browser and add it to the trusted certificates on the machine where you plan on running ESXCLI commands.
To download the certificate
1
2
Click the Download trusted root certificates link.
3
4
The result is a certs folder. The folder includes files with the extension .0. .1, and so on, which are certificates, and files with the extension .r0, r1, and so on which are CRL files associated with the certificates.
5
You can now run ESXCLI commands against any host that is managed by the trusted vCenter Server without supplying additional information if you specify the vCenter Server in the --server option and the ESXi host in the --vihost option.
Using the --cacertsfile Option
Using a certificate to establish the trust relationship is the most secure option. You can specify the certificate with the --cacertsfile parameter or the VI_CACERTFILE variable.
Using the --thumbprint Option
You can supply the thumbprint for the target server (ESXi host or vCenter Server system) in the --thumbprint parameter (VI_THUMBPRINT variable).
When you run a command, ESXCLI checks first whether a certificate file is available. If not, ESXCLI checks whether a thumbprint of the target server is available. If not, an error like the following results:
Connect to sof-40583-srv failed. Server SHA-1 thumbprint: 5D:01:06:63:55:9D:DF:FE:38:81:6E:2C:FA:71:BC:Usin63:82:C5:16:51 (not trusted).
You can run the command with the thumbprint to establish the trust relationship, or add the thumbprint to the VI_THUMBPRINT variable. For example, using the thumbprint of the ESXi host above, you can run the following command:
esxcli --server myESXi --username user1 --password 'my_password' --thumbprint 5D:01:06:63:55:9D:DF:FE:38:81:6E:2C:FA:71:BC:63:82:C5:16:51 storage nfs list
Using the Credential Store
Your vCLI installation includes a credential store. You can manage the credential store with the credstore-admin utility application, which is located in the /Perl/apps/general directory inside the VMware vSphere CLI directory.
To establish trust for a user with the credential store
1
credstore_admin.pl add --server <esxi_HOSTNAME_OR_IP> --username <user> --password <pwd>
2
credstore_admin.pl add --server <esxi_HOSTNAME_OR_IP> --thumbprint <thumbprint>
3
If you are using a non-default credential store file, you have to pass it in with the --credstore option. Otherwise, this user will be able to access the host without authentication going forward.
Using ESXCLI Output
Many ESXCLI commands generate output you might want to use in your application. You can run esxcli with the --formatter dispatcher option and send the resulting output as input to a parser.
The --formatter options supports three values, csv, xml, and keyvalue and is used before any namespace.
esxcli --formatter=csv storage filesystem list
Lists all file system information in CSV format.
You can pipe the output to a file.
esxcli --formatter=keyvalue storage filesystem list > myfilesystemlist.txt