Run check_esxi_hardware.py with readonly user on esxi not working

[Elvon]

Before actually creating a new issue I confirm, I have read the FAQ (https://www.claudiokuenzler.com/blog/308/check-esxi-hardware-faq-frequently-asked-questions): Y I confirm, I have restarted the CIM server (/etc/init.d/sfcbd-watchdog restart) on the ESXi server and the problem remains: Y I confirm, I have cleared the server's local IPMI cache (localcli hardware ipmi sel clear) and restarted the services (/sbin/services.sh restart) on the ESXi server and the problem remains: Y

Describe the bug If i'm using this script with an ESXi user which has "read only" Role assigned. The script fails to connect. If i'm using the ESXi root user, it works.

Show the full plugin output, including the command with -V parameter Run the plugin with -V parameter and show the full output (including command) here. Obviously obfuscate credentials.

[user1@nagioshost ~]$ /usr/local/nagios/libexec/check_esxi_hardware-20210809.py -H vms07.domain.local -U nagiosusr -P XXXXXXXXXXXXXXXX -V hp -i '.*Unconfigured Disk' -r -v
20220425 09:54:53 LCD Status: True
20220425 09:54:53 Chassis Intrusion Status: True
20220425 09:54:53 Connection to https://vms07.domain.local
20220425 09:54:53 Found pywbem version 0.7.0
20220425 09:54:55 Connection error, disable SSL certificate verification (probably patched pywbem)
Traceback (most recent call last):
  File "/usr/local/nagios/libexec/check_esxi_hardware-20210809.py", line 721, in <module>
    wbemclient = pywbem.WBEMConnection(hosturl, (user,password), no_verification=True)
TypeError: __init__() got an unexpected keyword argument 'no_verification'

Expected behavior A clear and concise description of what you expected to happen.

[user1@nagioshost ~]$ /usr/local/nagios/libexec/check_esxi_hardware-20210809.py -H vms07.domain.local -U root -P XXXXXXXXXXXX -V hp -i '.*Unconfigured Disk' -r -v
20220425 09:41:48 LCD Status: True
20220425 09:41:48 Chassis Intrusion Status: True
20220425 09:41:48 Connection to https://vms07.domain.local
20220425 09:41:48 Found pywbem version 0.7.0
20220425 09:41:48 Connection worked
20220425 09:41:48 Check classe OMC_SMASHFirmwareIdentity
20220425 09:41:48   Element Name = System BIOS
20220425 09:41:48     VersionString = U32
20220425 09:41:48 Check classe CIM_Chassis
20220425 09:41:49   Element Name = Chassis
20220425 09:41:49     Manufacturer = HPE
20220425 09:41:49     SerialNumber = XXXXXXXXXXXX
20220425 09:41:49     Model = ProLiant DL360 Gen10

Versions:

• check_esxi_hardware plugin: 20210809
• VMware ESXi: 6.7.0 Update 3 (Build 15160138)
• pywbem: 0.7.0
• Python: Python 2.6.6
• Third party tools (Dell OMSA, HP Offline Bundle, etc): ESXi installed with HP-ISO

Additional context Add any other context about the problem here.

[Napsty]

Hi @Elvon and thanks for the well-described issue. I sincerely wish I could give you a great answer or solution, but I can only refer to #29 . If you have a VMware support contract, you could create a ticket and send a request that they allow read-only users to access the CIM server.

[Napsty]

Added to FAQ, too. https://www.claudiokuenzler.com/blog/308/check-esxi-hardware-faq-frequently-asked-questions

[Napsty]

Quick update, which definitely works with ESXi 8 and likely other versions, too: https://www.claudiokuenzler.com/blog/1288/how-to-use-check_esxi_hardware-cim-server-esxi-without-root-user