Connecting To An ESXi Host With No Root Password Set

As part of some automated deployment work for ESXi I was assisting a colleague with, they had hit an issue with an out of the box deployment of ESXi beginning with a blank password for the root account.

The automation tool of choice Ansible was using an SSH connection to ESXi to make the initial configuration and was blocked at the first step since it was unable to connect because the fresh ESXi install had no password set. Consequently, an SSH connection was not permitted.

While considering a few different possibilities for ways around this problem (there’s a bit of a discussion about it here), I dug back into some PowerCLI code I had written back in 2010 for the automated deployment of a fresh ESXi host; initial configuration, adding to vCenter and then some post-vCenter changes.

I recalled that it was possible to connect directly to an ESXi host via PowerCli with no password configured. So the problem was easily solved by having a first step in the playbook with something similar to the following:

After that, it was possible to continue with the existing configuration playbook via the SSH connection.

This was all made a lot easier by the fact that PowerCLI is available on PowerShell Core and consequently simple to have present on the Ansible server.