Add raw device to VM in ESXi

So I’ve added a disk of one of my Linux machines to my ESXi host, created a new VM and wanted to add the physical disk to the VM as a raw device. (As a means of quick and dirty P2V.) However I found out that the “New raw disk” option is greyed out in my (stand alone) ESXi, so there is no way to add the physical disk to the VM.

Well, there is an option, using the CLI.

Enable SSH on your host, login and first find the device you added. In my case a Seagate device, so easily recognizable:

[root@localhost:~] ls /dev/disks/
t10.ATA_____KINGSTON_SA400M8120G_..._
t10.ATA_____KINGSTON_SA400M8120G_..._:1
t10.ATA_____KINGSTON_SA400M8120G_..._:5
t10.ATA_____KINGSTON_SA400M8120G_..._:6
t10.ATA_____KINGSTON_SA400M8120G_..._:7
t10.ATA_____KINGSTON_SA400M8120G_..._:8
t10.ATA_____ST8000DM0042D2CX188_...
t10.ATA_____ST8000DM0042D2CX188_...:1
t10.ATA_____ST8000DM0042D2CX188_...:2
t10.ATA_____ST8000DM0042D2CX188_...:3
vml.0100000000...
...

As you can see by listing the “/dev/disks” folder, there are 2 devices. The Kingston device is my boot SSD, the Seagate device (ST…) is the device I added.
The :1, :5, etc numbering refers to the partitions on the device. We want to passthrough the while disk, so we use “t10.ATA_____ST8000DM0042D2CX188_… ” (without any colon after it).

Now create the pointer file:

vmkfstools -z /vmfs/devices/disks/t10.ATA_____ST8000DM0042D2CX188_... /vmfs/volumes/datastore1/vm/seagate.vmdk

The first parameter is the disk we want to passthrough, the second parameter is the location where we want to save the vmdk (preferably save it with your VM).
(/vmfs/devices is a symlink to /dev, so you are actually working on the same location)

Close your SSH console, do not forget to disable your SSH service.

Now, edit your VM, add an existing disk, and select the VMDK you just created (seagate.vmdk in our example).

A tip, add the VMDK to the SATA controller of the VM, or it may not boot due to missing drivers.

Have fun, and don’t break production environments! 😉

Reduce ESXi OS partition size

When installing ESXi 7.0u2 to an internal SSD of 120GB, I noticed the system allocated all available storage as Virtual Flash. This leaves no space for a datastore, thus no local datastore is created. Pretty annoying, because this means you cannot have local VMs if you don’t install a second drive.

The good thing is, we can limit the OS partition size. The bad thing is, we can only do this at installation time. (Another bad thing, this is unsupported, but that’s not really an issue in a lab environment.)

How do we go about it?
Boot to the installer, at the ESXi boot screen press crtl+o to append additional setup parameters. The parameter you are looking for to set a custom size (example is 8GB) is:
autoPartitionOSDataSize=8192

According to KB81166, there also are other (more supported options):

  • Set the “minimal” size (33GB):
    systemMediaSize=min
  • Set the “small” size (69GB):
    systemMediaSize=small
  • Set the “max” size (uses all space available):
    systemMediaSize=max

Keep in mind, YMMV, and please keep the original (supported) default values when working in production environments.

Disable ESXi CVE-2018-3646 warning

When testing things in the homelab, I frequently work with older hardware.

This means that when you use ESXi, you might get the following warning:

This host is potentially vulnerable to issues described in CVE-2018-3646, please refer to https://kb.vmware.com/s/articles/55636 for details and VMware recommendations.

I typically chose to ignore the warning, as this is a lab anyway. And this is fine on a stand alone host, but it is pretty annoying when using vCenter.

So if you are in the same situation, here is how to disable the warning:
Open your host configuration, go to System, Advanced System Settings, click “Edit…”
The key you are looking for is:

UserVars.SuppressHyperthreadWarning

Set this to a value of 1, press “OK” and refresh the host. The warning should now disappear.

Please do keep in mind that the vulnerability is still present, you did not eliminate the risk, you only disabled the warning.