> I noticed that PowerCLI, VIX and other vSphere management packages having
> the ability of running scripts on VM and changing IP of VM etc., Do they talk
> to
> guestd of vmtools as they send those commands to VM? What is the architecture
> there?
Yes, any vSphere operation that runs inside the guest goes through vmtoolsd.
> Is there anyway to make guestd to operate only in GET mode, but not SET mode?
No. It sounds to be a new feature but not sure if it really adds any value
because
host anyway controls the guest. Given that all the communication to vmtoolsd is
from host, if host access is controlled through proper role/access control in
VC,
SET mode should not bother you. However, if you want to control VIX
operations from within guest, you can configure tools.conf to disable specific
VIX operations. Here are the examples:
Following two lines will disable all VIX operations:
[ guestoperations ]
disabled=TRUE
Following lines will disable operations like VixVM_RunProgramInGuest ,
VixVM_CopyFileFromHostToGuest , VixVM_CreateDirectoryInGuest ,
VixVM_CreateTempFileInGuest , VixVM_DeleteDirectoryInGuest ,
VixVM_DeleteFileInGuest , VixVM_KillProcessInGuest ,
VixVM_RenameFileInGuest operations :
[ guestoperations ]
StartProgramInGuest.disabled=TRUE
TerminateProcessInGuest .disabled=TRUE
MakeDirectoryInGuest .disabled=TRUE
DeleteFileInGuest .disabled=TRUE
DeleteDirectoryInGuest .disabled=TRUE
MoveDirectoryInGuest .disabled=TRUE
MoveFileInGuest .disabled=TRUE
CreateTemporaryFileInGuest .disabled=TRUE
CreateTemporaryDirectoryInGuest .disabled=TRUE
ChangeFileAttributesInGuest .disabled=TRUE
InitiateFileTransferToGuest .disabled=TRUE
There are some more commands to modify guest registry and running
scripts inside guest etc which (unfortunately) have no control provided
through tools.conf.
> There is limited info guestd module per say. What are the various GETs
> and SETs that can be done with guestd?
vmtoolsd collects resource usage information, provides soft power
operations, performs time synchronization with the host, and provides
backend for VIX APIs (
https://www.vmware.com/support/developer/vix-api/vix112_reference/index2.html
).
Most of the operations are GET. There are some of the VIX operations
that modify things in guest. You can see these from the VIX reference
page above.
> Do any of those need Guest OS's root/admin login credentials?
Typically, all the guest operations require login credentials and run as
that user whose credentials have been provided.
------------------------------------------------------------------------------
AlienVault Unified Security Management (USM) platform delivers complete
security visibility with the essential security capabilities. Easily and
efficiently configure, manage, and operate all of your security controls
from a single console and one unified framework. Download a free trial.
http://p.sf.net/sfu/alienvault_d2d
_______________________________________________
open-vm-tools-devel mailing list
open-vm-tools-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/open-vm-tools-devel
