Query VMware

Query VMware vSphere data centers, hosts, clusters, and ESXi configurations with cnquery

Mondoo's vsphere provider lets you use cnquery to query and inventory your VMware vSphere resources. You can explore data centers, clusters, hosts, ESXi configurations, and network port groups. cnquery also supports VMware Cloud Director environments.

Requirements

To analyze your VMware vSphere environment with cnquery, you must have:

cnquery installed on your workstation
Access to a VMware vSphere environment (vCenter or ESXi host)
A vSphere user account with read permissions

Connect to VMware vSphere

To launch a cnquery shell into your vSphere environment, provide your credentials:

cnquery shell vsphere USER@DOMAIN@HOST --ask-pass

For...	Substitute...
USER	Your vSphere user ID
DOMAIN	The vSphere domain
HOST	The vSphere IP address

For example:

cnquery shell vsphere mwezi@vsphere.local@192.168.5.25 --ask-pass

When prompted, provide your password. cnquery lists the available assets to query. Choose the one you want to explore.

Example queries

Data centers

List all data centers with their names and managed object IDs:

cnquery> vsphere.datacenters { name moid }
vsphere.datacenters: [
  0: {
    name: "Luna Datacenter-2"
    moid: "Datacenter-datacenter-2"
  }
  1: {
    name: "Luna Datacenter-1"
    moid: "Datacenter-datacenter-1"
  }
]

Count the hosts and VMs in each data center:

cnquery> vsphere.datacenters { name hosts.length vms.length }
vsphere.datacenters: [
  0: {
    name: "Luna Datacenter-2"
    hosts.length: 3
    vms.length: 12
  }
  1: {
    name: "Luna Datacenter-1"
    hosts.length: 2
    vms.length: 8
  }
]

Clusters

List clusters and their hosts:

cnquery> vsphere.datacenter.clusters { name hosts { name } }
vsphere.datacenter.clusters: [
  0: {
    name: "Production Cluster"
    hosts: [
      0: {
        name: "esxi-host1.localdomain"
      }
      1: {
        name: "esxi-host2.localdomain"
      }
    ]
  }
]

Virtual machines

List all virtual machines:

cnquery> vsphere.datacenter.vms
vsphere.datacenter.vms: [
  0: vsphere.vm name="web-server-01"
  1: vsphere.vm name="db-server-01"
  2: vsphere.vm name="app-server-01"
  ...
]

Retrieve details about virtual machines including their advanced settings:

cnquery> vsphere.datacenter.vms { name advancedSettings }
vsphere.datacenter.vms: [
  0: {
    name: "web-server-01"
    advancedSettings: {
      isolation.tools.copy.disable: "TRUE"
      isolation.tools.paste.disable: "TRUE"
    }
  }
  ...
]

ESXi host settings

Check the maximum number of failed login attempts before an ESXi user is locked out:

cnquery> esxi.host.advancedSettings['Security.AccountLockFailures']
esxi.host.advancedSettings[Security.AccountLockFailures]: "5"

Services

List ESXi services and their status:

cnquery> vsphere.host.services { key label running policy }
vsphere.host.services: [
  0: {
    key: "DCUI"
    label: "Direct Console UI"
    running: true
    policy: "on"
  }
  1: {
    key: "TSM"
    label: "ESXi Shell"
    running: false
    policy: "off"
  }
  2: {
    key: "TSM-SSH"
    label: "SSH"
    running: false
    policy: "off"
  }
  ...
]

Check that the SLP daemon is not running:

cnquery> vsphere.host.services.none(key == "slpd" && running == true)
vsphere.host.services.none: true

NTP configuration

Check configured NTP servers:

cnquery> vsphere.host.ntp { server }
vsphere.host.ntp: {
  server: [
    0: "0.pool.ntp.org"
    1: "1.pool.ntp.org"
  ]
}

Licenses

List vSphere licenses and their usage:

cnquery> vsphere.licenses { name total used }
vsphere.licenses: [
  0: {
    name: "VMware vSphere 8 Enterprise Plus"
    total: 16
    used: 6
  }
]

Network port groups

Retrieve ESXi port group configuration data:

cnquery> esxi.host.properties['config']['network']['portgroup']
esxi.host.properties.config.network.portgroup: [
  0: {
    computedPolicy: {
      nicTeaming: {
        failureCriteria: {
          checkBeacon: false
          checkDuplex: false
          checkErrorPercent: false
          checkSpeed: "minimum"
          fullDuplex: false
          speed: 10.000000
        }
        nicOrder: {
          activeNic: [
            0: "vmnic1"
          ]
        }
        notifySwitches: true
        policy: "loadbalance_srcid"
        reversePolicy: true
        rollingOrder: false
      }
      offloadPolicy: {
        csumOffload: true
        tcpSegmentation: true
        zeroCopyXmit: true
      }
      security: {
        allowPromiscuous: false
        forgedTransmits: false
        macChanges: false
      }
      shapingPolicy: {
        enabled: false
      }
    }
    key: "key-vim.host.PortGroup-Network-for-virtual-machines"
    spec: {
      name: "Network-for-virtual-machines"
      policy: {
        nicTeaming: {
          failureCriteria: {}
        }
        offloadPolicy: {}
        security: {}
        shapingPolicy: {}
      }
      vlanId: 0.000000
      vswitchName: "vSwitch-Vlan6"
    }
    vswitch: "key-vim.host.VirtualSwitch-vSwitch-Vlan6"
  }
  ...
]

Learn more

To learn more about how the MQL query language works, read Write Effective MQL.
For a list of all the VMware resources and fields you can query, read the VMware vSphere Resource Pack Reference and the VMware Cloud Director Resource Pack Reference.

On this page