当前位置:首页 > 技术分享 > 正文内容

如何在 ESXI 8中开启CIM(存储监控)服务

admin2年前 (2023-12-26)技术分享1236

To be able to monitor the underlying hardware of an ESXi server, the most common method is to use the integrated CIM Server. The CIM Server reads the current operational or health status of each hardware element and represents this in the output.

But since ESXi version 6.5 the CIM Server is stopped and disabled by default. This article shows how to correctly enable and start the CIM Server (aka WBEM service) in ESXi 8.

The official documentation lacks information

The official documentation from VMware is Knowledge Base Article #1025757. According to this KB article, it's enough to start the CIM Server service in the vSphere UI. 

However when trying to start the sfcbd-watchdog (CIM Server) service, the status switches back to "Stopped" after a few seconds.

sfcbd-watchdog (CIM Server) service stopped

The reason for this is that the service itself is administratively disabled (and unable to be started) by default. This his now shown in the UI though and can only be enabled using the esxcli command, directly on the ESXi server.

Enabling CIM Server on the command line using esxcli

To be able to execute commands directly on the ESXi server(s), we first need to be able to connect to the ESXi server using SSH. 

Logged in on the vSphere User Interface (using the browser and the IP address of the ESXi server), click on "Manage" (under the Host entry) in the left-side navigation. On the right side, click on the tab "Services". Scroll down the list of services until you find the "TSM-SSH" service - which is by default stopped.

TSM-SSH service in ESXi 8 is stopped by default

Select the TSM-SSH service and click on Start above. 

Now use your terminal (if you're on Linux or macOS) or a SSH client, such as PuTTY (if you're on Windows) to connect to the IP of the ESXi server. Use the "root" user with the known password (same as you've used to log in to the UI).

ck@desktop ~ $ ssh 192.168.15.115 -l root
The authenticity of host '192.168.15.115 (192.168.15.115)' can't be established.
ECDSA key fingerprint is SHA256:FVX5WJiyiTMzXO+2irzSxItA23n9f65jKnZW66V5L9M.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.15.115' (ECDSA) to the list of known hosts.
Password:
The time and date of this login have been sent to the system logs.

WARNING:
   All commands run on the ESXi shell are logged and may be included in
   support bundles. Do not provide passwords directly on the command line.
   Most tools can prompt for secrets or accept them from standard input.

VMware offers supported, powerful system administration tools.  Please
see www.vmware.com/go/sysadmintools for details.

The ESXi Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[root@localhost:~] 

A manual start of the sfcbd-watchdog service confirms the same behaviour as in the UI:

[root@localhost:~] /etc/init.d/sfcbd-watchdog start
sfcbd-init[134838]: args ('start')
sfcbd-init[134838]: Getting Exclusive access, please wait...
sfcbd-init[134838]: Exclusive access granted.
sfcbd-init[134838]: Request to start sfcbd-watchdog, pid 134838
sfcbd-init[134838]: sfcbd not started, administratively disabled.

To definitely enable this service, we first need to enable the "wbem" service using esxcli:

[root@localhost:~] esxcli system wbem set -e true

To verify the current settings of that service we can show the details:

[root@localhost:~] esxcli system wbem get
   Enabled: true
   WS-Management Service: true
   Enable HTTPS: true
   Authorization Model: password
   Port: 5989
   HTTP Procs: 2
   HTTPS Procs: 4
   Provider Procs: 16
   Keepalive Timeout: 1
   Keepalive Max Requests: 10
   Provider Sample Interval: 30
   Provider Timeout Interval: 120
   HTTP Max Content Length: 1048576
   Max Message Length: 40000000
   Thread Stack Size: 1048576
   Provider Resource Pool Override:
   SSL Cipher List: ECDHE+AESGCM:ECDHE+AES
   Threadpool Size: 5
   Readonly: false
   Log Level: warning
   Service Location Protocol PID: 0
   WS-Management PID: 134939
   CIM Object Manager PID: 134967
   Enabled SSL Protocols:
   Enabled System SSL Protocols: tlsv1.2
   Enabled Running SSL Protocols: tlsv1.2

Enabled is now set to true.

Communication with CIM Server

Enabling the "wbem" service should also have auto-started the sfcbd-watchdog service:

[root@localhost:~] /etc/init.d/sfcbd-watchdog status
sfcbd-init[134989]: args ('status')
sfcbd-init[134989]: Getting Exclusive access, please wait...
sfcbd-init[134989]: Exclusive access granted.
sfcbd is running

If the service was not started, you can now either start the service in the vSphere UI or on the command line:

[root@localhost:~] /etc/init.d/sfcbd-watchdog start

CIM Service is started on ESXi 8

You should now be able to communicate with the CIM server using tcp/5989:

ck@desktop ~ $ telnet 192.168.15.115 5989
Trying 192.168.15.115...
Connected to 192.168.15.115.
Escape character is '^]'.
^]
telnet> quit
Connection closed.

This now also allows the check_esxi_hardware monitoring plugin to read the hardware status from the ESXi server.

For security reasons, don't forget to disable SSH service once the CIM Server was enabled.


扫描二维码推送至手机访问。

版权声明:本文由信安苑发布,如需转载请注明出处。

本文链接:http://www.cmznet.cn/?id=34

标签: exsicimssh
分享给朋友:

“如何在 ESXI 8中开启CIM(存储监控)服务” 的相关文章

Linux 报错hung_task_timeout_secs disables this message处理方法

Linux 报错hung_task_timeout_secs disables this message处理方法

报错echo 0 > /proc/sys/kernel/hung_task_timeout_secs disables this message.    默认情况下, Linux会最多使用40%的可用内存作为文件系统缓存。当超过这个阈值后,文件系统会把将缓存中的内存全部...

Windows 11 无法加载.NET 3.5应用程序的安装及使用时的解决方法

Windows 11 无法加载.NET 3.5应用程序的安装及使用时的解决方法

最近因公司部分电脑升级至 Windows 11之后,重新安装某些需要加载.net3.5组件的应用软件时,都提示无法完成加载或安装.net 3.5而导致无法完成安装。使用离线安装包亦一样无法完成安装。一直提示如下错误:无法安装以下功能:.NET Framework 3.5 (包括.NET 2.0和3....

Linux磁盘查看的命令lsblk/df/du不同特点及用法

Linux磁盘查看的命令lsblk/df/du不同特点及用法

一、lsblk1.功能:列出系统上的所有的磁盘列表2.命令格式lablk  [选项]  [设备文件名]3.选项-d:仅列出磁盘本身,并不会列出该磁盘的分区信息-f:同时列出该磁盘内的文件系统名称-i:使用ASCII的字符输出,不要使用使用复杂的编码(在某些环境...

收集到最全的交换机知识点

收集到最全的交换机知识点

今天想带你温顾一番交换机的基础知识,顺便说说,如何选择交换机,分享一波交换机选型要点,实现最优选。01交换机制式当前的交换机主要分为盒式和框式。    盒式交换机样例图    框式交换机样例图01 盒式交换机盒式交换机皆可以理解成一个铁盒子...

Linux操作指南

Linux操作指南

    Linux简介Linux是一种自由和开放源码的操作系统,存在着许多不同的Linux版本,但它们都使用了Linux内核。Linux可安装在各种计算机硬件设备中,比如手机、平板电脑、路由器、台式计算机。    【Linux起源】Linu...

企业内的最实用的工作方法

企业内的最实用的工作方法

在职场中,判断一个人工作能力的强弱,可以从六个方面来看:1)接到任务:绝不盲目接受工作2)遇到困难:自带方案请示工作3)工作动力:自我驱动,主动干活4)工作过程:擅用工具,事半功倍5)时间分配:聪明的时间管理大师6)向上关系:擅长经营领导(1)接到任务:绝不盲目接受工作职场是一个注重效率至上的地方。...

发表评论

访客

◎欢迎参与讨论,请在这里发表您的看法和观点。