Well, just like Top Gear has a cool wall (of hot and not hot cars). It looks like VMware VMworld has its own cool wall of hardware. I picked this up from:
http://www.datacenterknowledge.com/archives/2009/08/28/vmworld-2009-on-site-data-center/
Well, I think enough information entered the public domain for me to comment on the cat-fight that is surround VMworld – so its time for me to step into the breach. I don’t know may you actually have a life (unlike me) and therefor all of this is news to you (and as boring as hell) and the story has gone over your heads.
In brief this the nature of the argument – in a nutshell.
This year VMware changed the T&Cs of being exhibitor/sponsor at VMworld. An event where historically both Citrix & Microsoft have been welcomed. Both Citrix/MS claim that VMware has imposed punitive conditions on them, to the effect that they think VMware is trying to deliberate excluded or inhibit their message. VMware strongly denies this and counter-claims that the T&C are pretty much standard in the event management industry – and they have not sort to limit Citrix/MS. This is has lead some commentators to claim that VMworld is increasing loosing its independence as event, and merely becoming a stage for VMware technologies.
Microsoft has made much of the argument on its virtualization “blog” (deliberate Stephen Fry quotes there by the way)
If you want more detail here’s a ton of links.
http://www.virtualization.info/2009/08/hello-freedom-vmware-adds-more.html
http://www.networkworld.com/news/2009/082509-vmworld-microsoft-citrix-dustup.html?hpg1=bn
http://www.theinquirer.net/inquirer/news/1531693/microsoft-citrix-pull-vmworld-conference
http://blog.scottlowe.org/2009/05/30/this-vmworld-thing-is-like-watching-a-train-wreck/
http://blog.scottlowe.org/2009/05/28/vmware-this-is-wrong/
For me this raises a number of key questions:
Q. What motivated VMware to change the T&Cs?
A. I don’t know, I can only speculate like every other bloody blogger. But perhaps previous events T&C were not as tightly written as they should be. As VMware evolves from being a start-up to fully fledge corporate like all the rest then this need reviewing. Increasing MS and Citrix compete with VMware, and perhaps VMware thought it was time curtail the size & scope of their presannce. Would you run a huge international event, only to run the risk of having it hijacked by competitor (especially Microsoft) who regularly uses its bloggers to espouse blantant FUD? Specifically, many of us felt that MS behaviour last year – handing out casino chips with “VMware Cost Way To Much” was a bit unethical. After, when I get invited to someone house, I try not to take a shit on the living room carpet – I am guest after all aren’t I?
Q. What does the T&C actually state – and are MS/Citrix trying to create a chimeria of a issue as spoiler to VMware’s VMworld.
A. Yes, and no.
YES:
The T&C state are exhibitors can show products that are:
“complementary to VMware products and technologies.” It added that “competing vendors [will be] allowed to exhibit, including exhibiting competing product”. That would seem to go right against what the MS blogs have stated. They claim that VMware has stopped them from showing the next release of System Center. But there doesn’t appear to be any evidence to back this claim up. VMware has tried to clarify its position, but Microsoft especially seems resolute on igoring this. You’ve got to wonder why MS are behaving this way – other than trying to create an internet storm of criticism against VMware/VMworld in attempt set up a web-based spoiler of the show. As the image above shows, they do have a track record in playing fast and loose.
The trouble with this viral campaign is that is being successful. With little hundred of other website picking up the MS blog story – and repeating the MS position as fact. In other words, more lazy fucking journos who believe whatever MS says…
However, on the No side is Citrix. By mean that Citrix is not overacting. There’s a blogpost by Kim Woodward of Citrix, who is there VP of Corporate Marketing. In her blogpost she in very measure way outlines some of the practises they have been experiencing from VMware. Now something makes want to trust Kim’s posts and facts – because she doesn’t in anyway (unlike MS) seek to try make capital out of the situation. I would heartily recommend you read here post – because I couldnt’ possible paraphase her case. But I’m sure you will appreciate her measured and postive response (I’m assuming Kim is lady by the way!)
http://community.citrix.com/pages/viewpage.action?pageId=81134525
In fact I was so impressed by her post – that I decided to comment on it. In post Kim points out very politely the event managers at VMworld:
I’d have to say that think if this turns out to be true (and Kim doesn’t give me any reason to doubt it), it would suggest that VMware’s T&C have been over-zealous. Probably in response to Microsoft antics last year.
Q. Is all just a storm in a teacup? VMworld has always been a vendor dominated event – just like Synergy and TechNet hasn’t?
Yes and Yes. The only thing is – that what started as small storm in teacup a couple weeks/months ago is now spilling over the sides. And right or wrongly the traffic on the web is hurting VMware. Especially, when folks like Kim Woodward take such a moral stance. If it was Microsoft – I could laugh it off merely them crying wolf, but that’s quite hard to do with Kim Woodward’s post.
Clearly, VMware wanted to more tightly control the event this year – but by doing so they have played into the hands of Microsoft (and to much lesser degree Citrix) who have used the T&C to club VMware. In hindsight, it might have much easier if VMware hadn’t bothered changing the T&Cs at all – as the debacle has well and truely backfired on them. Unfortunately, in this case is seems to be that the road to hell is indeed paved with good intentions…
Q, Isn’t VMware World meant to be industry neutral virtualization event?
Er, not quite. You see the fact there’s a vendors name in the title kind of gives the game away. Just like MICROSOFT technet and CITRIX synergy does… Of course techies like me would love a more independent/neutral event. But they don’t seem to do as well as the vendor sponsored events because of the money involved in running them.
Q. Why don’t we all go down to the Solutions Exchange when it opens. Surround the MS booth, and demand we be shown System Center?
OK. I will be there.
OK, well this example is a little obscure admittedly. During the course my travels in powersHell with VMware – I’ve begun to put together my own JACS (Just-Another-Configuration-Script). The idea is to take a clean-factory set ESXi build, and use purely powersHell to configure it. Of course you know when your writing scripts and TESTING them. You always need to reset your tests system against a new revision of the script.
Fortunately, ESXi makes this very easy to do by using the “Reset System Configuration” option
Prior to doing this – I have to drop the ESXi host into maintance mode, and remove it from the vCenter. Being the lazy git I am I thought I would investigate how to do this with powersHell. You see I only have 4-ESX hosts – and use them for all manner of VMware related projects. So in my lab environment I need to be able to wipe configurations to set them up for the rtfm-ed domain, the vi3book or vi4book.com domains – and then there’s the domain name of new SRM book which I start working after VMworld (corp.com). I should have been more smart about this configuration stuff – and just used something vanilla. Starting from the new SRM book everything is going to be corp.com from now on. In means I can work on different projects at the same time without worrying about the screen grabs having the wrong IDs. The other issue have with these ESX hosts – is often go from very simple vSwitch configurations, to very complicated ones. So the work I’ve been doing with powersHell and vSwitches – is going to come in very hand.
Anyway, below is the PS script I use to do a factory reset of my ESXi hosts. Once reset they get a client reservation from my DHCP server – and use this bit of PS at the beginning of my JACS before re-configuring them…
Connect-VIServer esx4.vi4book.com -username root Set-VMHostAccount -UserAccount root -password P@ssw0rd!
I’m quite proud of the script below in a very geeky sad way. Not because it is clever. But because it is the FIRST piece of powersHell I have written on my own, that address the SDK directly that works! I got close with the DPM powersHell script – and it would have worked if I hadn’t been such a dumb ass about password. The same goes with the bulk reset of root passwords. The reason I’m pleased about it – is after 2-3 weeks of slogging away at the SDK, I think I have done enough examples that I now UNDERSTAND the damn SDK. And if I’m looking to PS the script I won’t have to resort to googlewacking and cutting & pasting other peoples work together – for a such crap scripting guy like me – that’s a real achievement!!! 
$vmhost = "esx4.vi4book.com" $vcname = "virtualcenter4.vi4book.com" #Connect to vCenter & Enter Maintenance Mode Connect-VIServer $vcname -username administrator -password vmware $esxhost = Get-VMHost $vmhost $hostview = $esxhost | Get-View Set-VMHost $esxhost -State maintenance # Remove ESX host from vCenter... Remove-VMHost $vmhost -Confirm:$false # Carry out factory reset... Connect-VIServer $vmhost -username root -password password $esxhost = Get-VMHost $vmhost $hostview = $esxhost | Get-View $ns = Get-View -Id $hostview.ConfigManager.firmwareSystem $ns.ResetFirmwareToFactoryDefaults()
A couple of days ago I commented on MS recent spate of articles about the surface footprint of the hypervisor.
http://www.rtfm-ed.co.uk/?p=1614
One of the comments on my blog pointed out a salient point. That’s if ESXi is so small – how come it needs a 2GB memory stick, and occupies more space than the alleged 30-60MB claimed by VMware?
Well, I think Eric Gray over at vcritical.com has made the definitive answer…
http://www.vcritical.com/2009/08/if-vmware-esxi-4-is-so-small-why-is-it-so-big/
It appears much of what is resident on the stick, does not include what is resident in memory. For example the ESXi stick contains a copy of the Vi Client and also the .ISO images used by VMware to install VMware Tools the guest operating system. Additionally, as ESXi can be “rolled back” after an upgrade/patch – there has to space on the stick to hold this roll back data.
Of course, that might lead to say – “ah, you see VMware are telling fibs”… But IF you recall the original argument/case for a small hypervisor – is to do with its vulnerability/weakness in terms of performance, patching and security. The small the hypervisor is the less vunerable it is. Unfortunately, this view of the hypervisor is decidedly NOT shared by Microsoft. Microsoft firmly believe the virtualization layer should live inside the operating system. It’s an ideology that many Microsoft bloggers public subscribe to and endorse. I don’t.
I subscribe to the VMware ideology – that the hypervisor should be superslim. With APIs like vStorage/vNetwork that allow third parties like EMC, NetApp and Cisco to “hook” into. Without bloating out the hypervisor with 3rd party unchecked code, that responble for so much instability in the Microsoft platform. If you don’t believe in the VMware ideology, what you believe in the same vulnerabilities and patch management that bedevils a vanilla operating system like Windows, Linux, Solaris and Netware…
Update:
I actually wrote this post early in the morning when I couldn’t sleep (does that show?) and this morning I’ve got something add. And its this. And it’s not going to be pretty. IF Microsoft will persist on patiently avioding the ftechncial acts on their blogs in effort to make their product look as good as/better than VMware. I think we can discount this kind claptrap about MS not being free to present their products at next weeks VMworld, as the unmitigate bullshit that it is… (Are you liking this Stu)
This a quick and humourous response to the ishttp://itknowledgeexchange.techtarget.com post by pal, Eric Siebert.
http://itknowledgeexchange.techtarget.com/virtualization-pro/when-will-vmware-p2v-vmworld/
About 2 years ago I cornered John Troyer about the ideas of having a virtual VMworld. It seemed so odd that a company which prioded itself of virtualization, would be so physicalized about its main conferrence. In truth I’d just caught wind of SecondLife, and had thought of setting up an RTFM Education location there – from where millions would drop by to sample my peculair pearls of wisdom.
Anyway, the idea of virtual VMworld was quickly poo-poo’d for a number of reasons. Firstly, there’s concern that you make a virtual experience as good as being there, people will not show up for the physical event. Secondly, there is a geniune belief that face-to-face communication offers a rich set of experience than any virtual hall or web-ex. For fun I thought I would hang out for a moment at the virtual VMWorld that exists at the moment.
I went down to the solution exchange. But they must have been setting up – because despite the noise of the crowd it was very quiet. I thought I would drop in the Dell booth to see if I could beg/steal/borrow some hardware of the them. NetApp and EMC have both donated storage to RTFM Labs, but what I could really do with is some new servers that support the vLockstep attribute for VMware Fault Tolerence, and also ready for the day when VMware thinks “Record & Replay” is good enough for ESX. As you can see it was very quiet in the Dell booth. I guess I would have to check out the HP/IBM booths to see if there were any servers to steal there…
So I stumbled on, and decide I would visit the VMware both – catch-up with all the great contacts I have there. They must have saw me coming – because they’d scarpered leaving me with just a video of Paul Martiz…
So I gave up on the solutions exchange, the pretty girls and freebies – and thought I might grab a beer with my pals in the Lounge:
Well, even the bartender had seen me coming, and run away. Fortunately, he left the bar unattend so I could drown my sorrows with hard liquer. A proper “Billy No Mates” as they say where I come from…
By now I was think maybe it was those labs that folks were doing – checking out the kewl technology. So by now somewhat worse for wear for the dwink – I thought I would toddle down there. I mean really a man in my condition should be put anywhere near a keyboard. Not unsuprisingly the HA session was pretty quiet – maybe I arrived to early/late:
There were some folk lottering about outside. Clearly, someone had been busy with vCenter because they looked like linked clones!
Well, I hope the VMworld Physicalization event is NOT so quiet next week…
Some customers I know like to create on each ESX host what they call the uber-vSwitch or the Master-vSwitch. I sometime jokingly the “Lord of the Rings vSwitch” – One vSwitch to rule them all!
The concept is simple. Sometimes they have lack of vmnics (limited PCI bus) or a lack of physical switch ports – so their ESX host only has 4-nics. If you doing Management, VMotion, iSCSI/NAS, HA-Heartbeat and FT-Logging – its quite tricky to keep all of these separate (despite the use of VLANs) whilst offering redundency. So some of my customers opt for the UbervSwitch or MastervSwitch option. It looks like this:
As you can see fault-tolerence is offered by attaching all the NICs to the vSwitch. Each type of network activity resides on different VLAN (Production/10, VMotion&HA-Heartbeat, 11 and IP-Storage/12). Of course the worry here, is that the bandwidth intensive nature of VMotion or IP-Storage could affect your VMs and Management of the ESX host. So that leads people down the route in some cases of using Active/Passive on the Portgroup level to try and control the traffic a little bit more…
As you can see the prefer VMNIC for the “Production” portgroup is vmnic1, with the other nics being standby. This configuration could be repeated so the perferred VMNIC for VMotion/HA-Heartbeat could be vmnic2, with the remain NICs being standby. This way you can have the best of both worlds. Network separation (differnet traffic types prefers its particular VMNIC) but if you have a VMNIC failure there is still redundency through all the network dependent components.
So. I got think how this quite complicated configuration would take ages to do by hand, and quite a challenge to do using the esxcfg-commands or the RCLI/vMA. So I worked out how to do this using powersHell. Many thanks once again to Stuart Radnidge of vInternals which gave me a lot of pointers. Thank Stu, your fucking genius (by the way Stu enjoy gratious swearing in blogposts – sorry if your easily offended)
# Set Variables:
# This version just has all the variables at the top.
# These variables are HOST specific...
$vmhost = "esx4.vi4book.com"
$VMotionIP = "10.0.0.204"
$HAheartbeatIP = "10.0.0.104"
$IPstorageIP = "172.168.3.104"
# Adds vmnic1/2/3 to vSwitch0 and creates the portgroups of Production, VMotion, Ip-Storage, HA-Heartbeat
$vs0 = Get-VirtualSwitch -Name vSwitch0
Set-VirtualSwitch -VirtualSwitch $vs0 -Nic vmnic1, vmnic2, vmnic3
#Add the Production Port Group to vSwitch0
$Production = New-VirtualPortGroup -VirtualSwitch $vs0 -Name Production
# Creates a portgroup for VMotion on vSwitch0
New-VMHostNetworkAdapter -PortGroup VMotion -VirtualSwitch $vs0 -IP $VMotionIP -SubnetMask 255.255.255.0 -VMotionEnabled: $true
# This method will create a vswif interface. -ConsoleNIC ONLY works with ESX "Classic". There is currently no way to set "Management Traffic" on a VMKernel Port in ESXi
# PortGroups added to vSwitch0
$HAheartbeat = New-VirtualPortGroup -VirtualSwitch $vs0 -Name HA-Heartbeat
# New-VMHostNetworkAdapter -PortGroup HA-Heartbeat -VirtualSwitch $vs0 -IP $HAheartbeatIP -SubnetMask 255.255.255.0 -ConsoleNic
New-VMHostNetworkAdapter -PortGroup HA-Heartbeat -VirtualSwitch $vs0 -IP $HAheartbeatIP -SubnetMask 255.255.255.0
# This creates a VMKernel Port Group on vSwitch3 called IP-Storage
$IPstorage = New-VirtualPortGroup -VirtualSwitch $vs0 -Name IP-Storage
New-VMHostNetworkAdapter -PortGroup IP-Storage -VirtualSwitch $vs0 -IP $IPstorageIP -SubnetMask 255.255.255.0
# By default all portgroups would default to originating port id, and the traffic could go through any nic.
# This could mean your VMotion traffic could go on the same NIC as your storage traffic
# Using active & standby on portgroups would allow us to stop this..
# Script assumes you have ESXi and using a management port group called "Management Network"
# Replace "Management Network" with Service Console if your using ESX "Classic"
# Set VLAND ID as you see appropriate
# Management Network (vmnic0 - Active, vmnic1,2,3 - standby)
$vSwitch = "vSwitch0"
$esxhost = Get-VMHost $vmhost
$hostview = $esxhost | Get-View
$ns = Get-View -Id $hostview.ConfigManager.NetworkSystem
$pgspec = New-Object VMware.Vim.HostPortGroupSpec
$pgspec.vswitchName = "vSwitch0"
$pgspec.Name = "Management Network"
$pgspec.vlanId = "0"
$pgspec.Policy = New-Object VMware.Vim.HostNetworkPolicy
$pgspec.Policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy
$pgspec.Policy.NicTeaming.nicOrder = New-Object VMware.Vim.HostNicOrderPolicy
$pgspec.Policy.NicTeaming.nicOrder.activeNic = @("vmnic0")
$pgspec.Policy.NicTeaming.nicOrder.standbyNic = @("vmnic1","vmnic2","vmnic3")
$ns.UpdatePortGroup($pgspec.Name,$pgspec)
# Production (vmnic1 - Active, vmnic0,2,3 - standby)
$vSwitch = "vSwitch0"
$esxhost = Get-VMHost $vmhost
$hostview = $esxhost | Get-View
$ns = Get-View -Id $hostview.ConfigManager.NetworkSystem
$pgspec = New-Object VMware.Vim.HostPortGroupSpec
$pgspec.vswitchName = "vSwitch0"
$pgspec.Name = "Production"
$pgspec.vlanId = "10"
$pgspec.Policy = New-Object VMware.Vim.HostNetworkPolicy
$pgspec.Policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy
$pgspec.Policy.NicTeaming.nicOrder = New-Object VMware.Vim.HostNicOrderPolicy
$pgspec.Policy.NicTeaming.nicOrder.activeNic = @("vmnic1")
$pgspec.Policy.NicTeaming.nicOrder.standbyNic = @("vmnic0","vmnic2","vmnic3")
$ns.UpdatePortGroup($pgspec.Name,$pgspec)
# VMotion (vmnic2 - Active, vmnic0,1,3 - standby)
$vSwitch = "vSwitch0"
$esxhost = Get-VMHost $vmhost
$hostview = $esxhost | Get-View
$ns = Get-View -Id $hostview.ConfigManager.NetworkSystem
$pgspec = New-Object VMware.Vim.HostPortGroupSpec
$pgspec.vswitchName = "vSwitch0"
$pgspec.Name = "VMotion"
$pgspec.vlanId = "11"
$pgspec.Policy = New-Object VMware.Vim.HostNetworkPolicy
$pgspec.Policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy
$pgspec.Policy.NicTeaming.nicOrder = New-Object VMware.Vim.HostNicOrderPolicy
$pgspec.Policy.NicTeaming.nicOrder.activeNic = @("vmnic2")
$pgspec.Policy.NicTeaming.nicOrder.standbyNic = @("vmnic0","vmnic1","vmnic3")
$ns.UpdatePortGroup($pgspec.Name,$pgspec)
# VMotion (vmnic2 - Active, vmnic0,1,3 - standby)
$vSwitch = "vSwitch0"
$esxhost = Get-VMHost $vmhost
$hostview = $esxhost | Get-View
$ns = Get-View -Id $hostview.ConfigManager.NetworkSystem
# HA-Heartbeat same network as VMotion...
$pgspec = New-Object VMware.Vim.HostPortGroupSpec
$pgspec.vswitchName = "vSwitch0"
$pgspec.Name = "HA-Heartbeat"
$pgspec.vlanId = "11"
$pgspec.Policy = New-Object VMware.Vim.HostNetworkPolicy
$pgspec.Policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy
$pgspec.Policy.NicTeaming.nicOrder = New-Object VMware.Vim.HostNicOrderPolicy
$pgspec.Policy.NicTeaming.nicOrder.activeNic = @("vmnic2")
$pgspec.Policy.NicTeaming.nicOrder.standbyNic = @("vmnic0","vmnic1","vmnic3")
$ns.UpdatePortGroup($pgspec.Name,$pgspec)
# IP Storage (vmnic3 - Active, vmnic0,1,2 - standby)
$pgspec = New-Object VMware.Vim.HostPortGroupSpec
$pgspec.vswitchName = "vSwitch0"
$pgspec.Name = "IP-Storage"
$pgspec.vlanId = "12"
$pgspec.Policy = New-Object VMware.Vim.HostNetworkPolicy
$pgspec.Policy.NicTeaming = New-Object VMware.Vim.HostNicTeamingPolicy
$pgspec.Policy.NicTeaming.nicOrder = New-Object VMware.Vim.HostNicOrderPolicy
$pgspec.Policy.NicTeaming.nicOrder.activeNic = @("vmnic3")
$pgspec.Policy.NicTeaming.nicOrder.standbyNic = @("vmnic0","vmnic1","vmnic2")
$ns.UpdatePortGroup($pgspec.Name,$pgspec)
# Removes "VM Network" from the vSwitch0
get-VirtualPortGroup | where { $_.Name -like "VM Network"} | Remove-VirtualPortGroup -Confirm:$false
I first heard this song whilst watching the movie “I’m not there”. It’s the film where Kate Blancet (amongst) others plays Bob Dylan and his various incarnations. It’s really a terrific movie, well, its if you a Bob Dylan nut like I am. It encouraged me to go through my Dylan back catalog and rediscover him as one of my early influences.
Anyway, Jim James and Calexico did this wonderful cover of “Goin’ to Acapulco” for the movie. I really wish I could show you the segment of the film – but unfortunately it isn’t the complete song and quality is not good enough. In the film the Richard Gere character stumbles upon a band of disposed peoples about to be driven from their land. It has such moving atmosphere. In the end I plumbed for this “video” (there actually no video elements to it!) because the quality of the recording is much better!
Also in my play list for sometime there is Club Thing by Yoav. I first saw this Isreali guitarist on Jools Holland’s “Later” and was bowled over by his abilities – sure there are digital effects and delays – but the sheer sonic array of sounds this guy makes is impressive.
Over on youtube.com the Product Manager for VMware’s PowerCLU (aka PowerShell for VMware) has a interesting demo of beta product called “Onyx”. What does on Onyx do for you. Well, do you remember years ago that before VBA, applications like Word/Excel would have like “macro recorder”. You could carry out tasks and the macro recorder would create all that code for you without having to type it all in or learn complicated syntax.
Well, imagine that with the vSphere Client, and the output being raw powersHell that you could just cut and paste into a PS1 file and re-use… Pretty darn neat I can tell you, especially if like me you have been trying to navigate the complexities of the SDK with its Managed Object Types, Data Object Types, Enumerated Types, and Methods.
You can see a quick demo of Onyx in the youtube video below. A more extensive demo can be seen at VMworld which is on Tuesday of next week, between 12:00-5.30 (VM2241). If you bring your business card, you will put in the lottery to all you be part of the beta testing group.
Looks like our friends at MS PR wee bit culturally insensitive. They (actually probably some 3rd party ad company in reality) removed a black guy from Polish MS advert. I guess who ever did this thinks that Polish people are against black people – but they have nothing against chinese guys and hot-chicks in IT… I like the way she is able to delete files on her computer, whilst giving the presenter her full attention and wide smile…
Let on I began to think about IT adverts. The people are always SO happy in them. Clearly, no-one in the advertising business has spent much time IT office where work and happiness are sometime infrequent bedfellows…
Followers of this blog will know I’ve been trying to port all of post-configuration work from the older kickstart/%post method using esxcfg- commands to using PowerShell. The really agenda being behind this is that one day they will take my COS away (that’s the Service Console to you folks!) – because one day there will be only an ESXi version of ESX and nothing else. Rather than reacting to the loss of the COS in a toys in a pram way, I thought I better get working with this PowersHell thing. Why PowersHell, will I’m totally convinced that is infinitely more powerful than the RCLI or vMA appliance. You can just do soooooo much more with it them.
Anyway, last week I switched over to configuring the IP settings of my ESXi hosts with DHCP for the Management Network only (by only mean, that the vmkernel ports for VMotion/IP Storage and the HA Heartbeat are still be configured statically). So now I never have to interact with the console of the ESXi host at all. EXCEPT to set the password on the thing. You see a clean install of ESXi to a memory stick or factory reset – still leaves you with a passwordless ESX host. So I decided to look into how to do set the password of the root account.
First thing I learned was that connecting to vCenter, to then try do a bulk password reset is not allowed by PowersHell. You have connect directly to the ESX host, otherwise you get this error message
Set-VMHostAccount : 8/26/2009 3:52:13 PM Set-VMHostAccount 8E894753-1749-413B-9B4B-E9BC5DF57FF3 The requested operation can only be perfonnected directly to an ESX server.
So the correct method is to use the set-VMhostAccount cmd-let to set the initial password like so:
Connect-VIServer esx4.vi4book.com -username root Set-VMHostAccount -UserAccount root -password P@ssw0rd!
Notice how in the Connect-ViServer command, I’m not using the -password parameter because a newly installed ESXi doesn’t have a password.
Update:
Also notice how my password is complex one.
I learnt something new today. During the installation of ESX “Classic” a password of 6 characters or more is valid. Therefore if you set “vmware” as the root password (obiviously not a very good choice) it would work. BUT, if you later change the password after the installation, and try something like vmware it would fail due to lack of complexity. It seems like higher level of complexity is enforced after the install, than is imposed during. If you set a password that is not complex enough, and you are doing the password reset via powersHell you will get this message:
Set-VMHostAccount : 8/26/2009 7:41:42 PM Set-VMHostAccount 52b28080-8b4f-2b1b-bbd3-400a5348a06b A general system error occurred: passwd: Authentication token manipulation error
Anyway, all this came to light by comment left on this post by RTFM Reader, Rob Shaw-Fuller. Rob’s added a powersHell script that will go through and reset the password on all your ESX hosts (providing they have the identifical root passwords to begin with…) I want to reproduce here – because I’m interested in single host configuration with powersHell (as if you were deploying a new ESX host) and also so called “bulk administration” tasks that can be automated with powersHell. Here’s Rob’s script below:
# Connect to the VI Server
Write-Host "Connecting to vCenter"
Connect-VIServer "virtualcenter4.vi4book.com" -user administrator -password vmware
$VMHosts = Get-VMHost | Sort-Object Name
Disconnect-VIServer -Confirm:$False
ForEach ($VMHost in $VMHosts)
{
$HostName = $VMHost.Name
Connect-VIServer $HostName -User root -password P@ssw0rd
Set-VMHostAccount -UserAccount root -password Password1
Disconnect-VIServer -Confirm:$False
}
Thanks Rob… I would got there myself – if I hadn’t have been so stupid to test my bulk script with vmware as the darn password!!!
If you want to add Mike Laverick on LinkedIn, click on this button:
RSS
iTunes