The Onyx alternative ?

On Carter’s vSPhere PowerCLI Blog site we learned, just before VMworld, about Project Onyx. The program that will come out of this project will allow users to generate PowerShell code from actions done in the vSphere Client. But while we wait till the program comes in GA, is there an alternative for finding out what API call(s) an action in the vSphere Client generates ? In fact there is. And it’s free !

With the Microsoft tool Fiddler2, and a few manipulations on your vCenter, you can see all the API calls.

Setting it up

This is how to do it:

  • download Fiddler2 and install it on a workstation where you also have the vSphere Client installed.
  • update the proxy.xml on your vCenter. Consult the Developer’s Setup Guide, section To modify the Web proxy service on vCenter Server to support HTTP on page 26. If you connect your vSphere Client directly to an ESX or ESXi server you will have to perform the actions described in sections To modify the Web proxy service on ESX to support HTTP or To modify the Web proxy service on ESXi to support HTTP respectively. Your proxy.xml should look like this. Note that I changed accessMode to httpOnly instead of httpAndHttps as the manual said.

proxy_xml

  • Restart the VMware VirtualCenter Server service to activate the new proxy.xml. Confirm that the system can also restart the VMware VirtualCenter Management WebServices.

vc-service-restart

  • Your vSphere Client will now accept connections over HTTP port 80. You can try this out. Put the URL in the IP Address/Name field when you connect. In the following screenshot the hostname of the vCenter is vSphere. You have to use the http://<vCenter-hostname>:80 notation, otherwise the connection will not work.

vc-port80-logon

  • You will get a warning about the connection not being secure. Click <Yes> to continue.

vc-warning-1

  • You vSphere Client will start up and will be fully functional. The only difference is that now all traffic will go over port 80 (http) instead of over port 443 (https).
  • Stop your vSphere Client for now.
  • Start Fiddler2 and configure the tool as a proxy for the vSphere SOAP traffic. In Fiddler2 select <Rules><Customize Rules> and find the OnBeforeRequest function. In that function add a line which will forward all traffic coming in via port 8888 (the default port that Fiddler2 scans) to port 80.

proxy-redirect

  • Everything is now in place to capture the SOAP traffic.
  • Start Fiddler2.
  • Start the vSphere Client. But use port 8888 in the URL.

vc-port8888-logon

  • You will get the message about the Certificate twice. Ignore it.
  • In the Fiddler2 screen you will now start seeing numerous packets being sent to the vCenter.
  • The best view, in my opinion, to see what is going on is to select <Inspectors><XML>in the top-right pane and <XML> in the bottom-right pane.

fiddler2-screen-layout

  • The above screenshot is of a call to the QueryAssignedLicenses method that was made during the start up of the vSphere Client.
  • The top pane shows the method and the parameters and the bottom pane shows the return value.

sample-method

Practical use

To demonstrate the practical use of this tool, let’s take an elusive feature that is currently being discussed in this thread in theย  PowerCLI community. The author of the thread asked how to script the Reset Alarm to Green function.

alarm-reset-greenIn the current release of the vSphere API Reference there is no method that seems to perform this functionality. Fiddler2 to the rescue !

In the Fiddler2 trace we see that the method used by the vSphere Client is called SetAlarmStatus. And this method is not described in the current release of the vSphere API Reference. That means that there is currently no “standard” way of scripting this functionality ๐Ÿ™

SetAlarmStatus

12 Comments

    Hugo Samayoa

    Did this stop working after the latest client updates?

      LucD

      Not that I know of.
      Which builds did you try to run it against ?

    Pablo

    Luc – thanks for bringing this out ! Very useful !

    Harkamal

    LucD,

    Thank you for “Reset alarm to Green”. Not only you have given us the solution but a great way to intercept SOAP calls.

    You the great!

    Harkamal

    Eric Sloof

    Luc, I enjoyed reading your article, I did me think of a poor manโ€™s solution for capturing the SOAP traffic. If you just need to monitor once without the hassle of installing fiddler you can alter the logging setting of the VpxClient.exe

    http://www.ntpro.nl/blog/archives/918-Eavesdrop-your-VI-Client-traffic.html

    Glenn Sizemore

    okay, so that is cool, I wouldn’t call it an Onyx replacement though… Unless you have an additional step that emits PowerCLI code ๐Ÿ˜‰ See that’s the problem with being a legend we have “expectations”

      LucD

      Glenn, it wasn’t intended as a Onyx replacement, more as an alternative to see the API calls behind a vSphere Client interaction.
      But hey, perhaps someone could use the Fiddler2 output to produce PowerShell scripts ๐Ÿ˜‰

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

Buy the Book