Throughout the years, our customers have continuously asked how to execute PowerCLI scripts as vSphere alarm actions. Out of the box, the vCenter Server Appliance (VCSA) supports executing bash, python scripts, but not PowerShell ones. Even if it’s possible to install PowerShell Core on the VCSA and execute scripts directly there this is not recommended because running a complex script that consumes more resources could have an impact on the performance of the vCenter Server. There are also other options using remote execution through WMI or other VMware products like vRO, which both require some complex setup, but now there is also a pretty straightforward way to achieve the same result using the recently released Script Runtime Service (SRS).
SRS is a Kubernetes-based application that allows you to manage PowerCLI instances and invoke PowerCLI cmdlets or scripts via REST APIs. It is an open-source project that you can find here and you can read more about it in this blog post. If you’re a Kubernetes expert you can install SRS on a pre-deployed Kubernetes cluster, but I used the easier way that is provided here – with a host VM that is provided as an OVF.
After you have installed SRS successfully comes the next task – to create a script on the VCSA that calls the REST API that SRS provides and execute the PowerCLI script that you want and attach it to an alarm action. Let’s understand this with a use-case, I have several VMs on the host and some of them are business-critical and others are not. I want to set up an alarm on the vCenter such that when the host memory utilization becomes too high the non-essential VMs are powered off. I have created two tags – “essential” and “non-essential” and have tagged the VMs accordingly.
To make the script more universal I have separated it into three parts – the configuration part, the script itself, and the PowerCLI script that is stored in a separate .ps1 file. Here are what the three files look like:
config.sh – this is the file where you define the SRS endpoint address, the vCenter username, and password
|
1 2 3 4 5 6 |
#!/bin/bash ################################################## srs_address="<SRS_Address>" username="<VC_username>" password="<VC_password>" ################################################## |
ExecutePowerCLIScript.sh – this is the BASH script that makes the actual REST API calls to the SRS to initiate the script execution. Disclaimer: I’m not a big expert in writing BASH scripts so this might not be the most optimal script. Feel free to improve it and suggest improvements in the comments. My purpose was to provide a script that does not require any additional software to be installed on the VCSA and only uses what’s there by default.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
#!/bin/bash . /root/config.sh encodedauthinfo=$(echo -n $username:$password | base64) #login to SRS srsapikey=$(curl -X POST "https://${srs_address}/api/auth/login" -H "accept: \*/\*" \ -H "Authorization: Basic ${encodedauthinfo}" -H "content-length: 0" -i -k \ | grep X-SRS-API-KEY: | awk {'print $2'}) #create runspace runspaceInfo=$(curl -X POST "https://${srs_address}/api/runspaces" --http1.1 \ -H "accept: application/json" -H "X-SRS-API-KEY:${srsapikey}" \ -H "Content-Type: application/json" \ -d "{\"name\":\"MyRunspace\",\"run_vc_connection_script\":\"true\"}" -k) #extract the runspace ID runspaceId=$(echo $runspaceInfo | pcregrep -o '"id":.*?[^\\]"' |awk -F':' '{print $2}' | tr --delete \") #wait for the runspace to become ready state="" while [ "$state" != "ready" ] do sleep 3 response=$(curl -X GET "https://${srs_address}/api/runspaces/${runspaceId}" \ -H "accept: application/json" -H "X-SRS-API-KEY:${srsapikey}" -k) state=$(echo $response | pcregrep -o '"state":.*?[^\\]"' |awk -F':' '{print $2}' | tr --delete \") done #read the PowerCLI script placed under /root. Script name is passed as the first parameter via vSphere Client UI scriptText=$(</root/$1) #Initiate script execution curl -X POST "https://${srs_address}/api/script-executions" --http1.1 \ -H "accept: application/json" -H "X-SRS-API-KEY:${srsapikey}" -H "Content-Type: application/json" \ -d "{\"runspace_id\":\"${runspaceId}\",\"name\":\"My script exectution\",\"script\":\"${scriptText}\"}" -k |
You can download the two bash files from the SRS GitHub repository here: https://github.com/vmware/script-runtime-service-for-vsphere/tree/master/clients/vcva
TurnOffNonEssentialVMs.ps1 – this is the PowerCLI script that you want to execute and it is copied under /root
|
1 |
Get-VM -Tag 'non-essential' | Stop-VM -confirm:$false |
Note that when using the SRS to execute a script you don’t need the Connect-VIServer part. SRS does the server connection for you with the vCenter that it’s registered with.
The next step is to save these three files in the /root folder on the VCSA and then create the alarm that executes them. Before that you need to set the script to an executable by running the following command:
|
1 |
chmod +x ExecutePowerCLIScript.sh |
Here is what my created alarm rule looks like:
When host memory utilization grows above 80%, the bash script will get executed. This will trigger the execution of the PowerCLI script in SRS and will lead to the non-essential VMs being powered off.
SUMMARY
Script Runtime Service is a new open-source Kubernetes-based application that provides a REST API interface for executing PowerCLI scripts. In this blog post, I demonstrate one of its possible usages that makes it easy to run a PowerCLI script as an action of a vCenter alarm. If you have such a use case try it out and let us know what you think.
