vim_host_security¶
Per-ESXi security and storage config via SOAP.
Companion to vim_host_config (NTP/AD/services/advanced). This
module covers:
Lockdown mode (
HostAccessManager)Local account CRUD (
HostLocalAccountManager)iSCSI software initiator (
HostStorageSystem+ iSCSI manager)
- saltext.vcf.clients.vim_host_security.lockdown_get(opts, host, profile=None)[source]¶
Return
{"mode": "lockdownDisabled"|"lockdownNormal"|"lockdownStrict", "exception_users": [...]}.
- saltext.vcf.clients.vim_host_security.lockdown_set(opts, host, mode, profile=None)[source]¶
Set lockdown mode (
lockdownDisabled|lockdownNormal|lockdownStrict).
- saltext.vcf.clients.vim_host_security.lockdown_set_exception_users(opts, host, users, profile=None)[source]¶
Replace the exception-user list (users exempt from lockdown).
- saltext.vcf.clients.vim_host_security.user_list(opts, host, search_str='', exact=False, find_users=True, profile=None)[source]¶
List local accounts matching search_str (empty = all).
Uses
UserDirectory.RetrieveUserGroupson the host’s userDirectory. Returns a list of{principal, full_name, id, group, ...}dicts.
- saltext.vcf.clients.vim_host_security.user_create(opts, host, username, password, description='', profile=None)[source]¶
Create a local user on host. Returns nothing on success.
- saltext.vcf.clients.vim_host_security.user_update(opts, host, username, password=None, description=None, profile=None)[source]¶
Update a local user (password and/or description).
- saltext.vcf.clients.vim_host_security.iscsi_status(opts, host, profile=None)[source]¶
Return software iSCSI initiator status.
Shape:
{"enabled": bool, "hba_device": str|None, "iqn": str|None, "static_targets": [...], "send_targets": [...], "auth_type": "chap"|"none"}
- saltext.vcf.clients.vim_host_security.iscsi_enable(opts, host, profile=None)[source]¶
Enable the software iSCSI initiator. Returns the HBA device name.
- saltext.vcf.clients.vim_host_security.iscsi_add_send_target(opts, host, address, port=3260, profile=None)[source]¶
Add a Send Targets discovery address; the initiator will discover LUNs from it.
- saltext.vcf.clients.vim_host_security.iscsi_set_chap(opts, host, *, name, password, direction='prohibited', profile=None)[source]¶
Configure CHAP on the software iSCSI initiator.
direction is one of
required(mutual CHAP),preferred(mutual if peer supports),discouraged(per-target settings win), orprohibited(CHAP off).