Archive for the ‘PowersHell’ Category

Well, the licensing part of this took me the better part of day to work out. That’s because I’m more or less crap at decoding the API SDK referrence guide:

http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/index.html

My favourite part of the license script is the $licassman variable. It could be used to describe a number of people I’ve worked with…

I want learned today is the add-host cmd-let has new parameter it didn’t have in the beta/RC1 of vSphere4. The -force switch is used to accept the default/untrusted SSL SHA certificate that comes from clean installation/first boot of an ESX host.

$vmhost = “esx4.vi4book.com”

add-vmhost $vmhost -location (get-datacenter -name ‘SanFran DataCenter’ | get-folder -name ‘AMD Hosts’ | get-cluster -name ‘AMD Cluster 2′) -user root -password password -force: $true

$targethostMoRef = (get-VMHost $vmhost  | get-view).MoRef
$si = Get-View ServiceInstance
$LicManRef=$si.Content.LicenseManager
$LicManView=Get-View $LicManRef
$licassman = Get-View $LicManView.LicenseAssignmentManager
$licassman.UpdateAssignedLicense($targethostMoRef.value,”YOUR LIC KEY”,”vSphere4 Enterprise Plus (1-12 cores per CPU”)

Well, I have been working on how to do this for a couple of days (believe it or not). I find navigating the VI API/SDK a bit a struggle. In the end I google-wacked an obscure part of my powershell that was giving me troubles, and found this community thread:

http://communities.vmware.com/message/1301276

$si = Get-View ServiceInstance

$LicManRef=$si.Content.LicenseManager
$LicManView=Get-View $LicManRef

$license = New-Object VMware.Vim.LicenseManagerLicenseInfo
$license.LicenseKey = “YOUR LICENSE STRING HERE”
$license.EditionKey=”esxEnterprisePlus”
$LicManView.AddLicense($license.LicenseKey,$null)

I found out the editionkey value by using the QueryAssignedLicenses method which is part of LicenseManager. Anyway, I kinda got sidetracked by this – because what I really want to do is license an ESX host after its been added to the vCenter with the add-vmhost cmdlet. This should be a good start to working it out.

Well, last week I set myself the task of trying to do everything I would do with PowerShell that would I normally do the %post script on kickstart install of an ESX host. I’ve made quite a bit of progress mainly on my own, but occasionally with help from google. I discovered a couple of things. The main one being this. Whilst there is a method with ESX “Classic” to crated a second Service Console port for HA, there doesn’t seem to be a corresponding method with ESX4i. In ESX4i under-neath the enable VMotion tick-box, there’s also a tickbox for enabling a VMkernel port for management. It appears that there’s no method for carrying on this task for ESX4i.

The main reason for using PowerShell for this kind of post-configuration rides on a number of conditions:

• Your using ESX4i instead of ESX “Classic”
• You don’t have access to the new “Host Profiles” feature because you not a Enterprize+ customer

Anyway, below is my .ps1 file I use for configuring ESX4i… What I really struggle with in PowerShell is the whole get-view command, and navigating the API/SDK environment. Trying to find the right object and attributes using either the MOB (virtualcenter.corp.com/mob) or the online referrence (http://www.vmware.com/support/developer/vc-sdk/visdk400pubs/ReferenceGuide/index.html) is actually quite difficult if you a novice (like me). For example I was looking for a method to license an ESX host (although a cmd-let exists to add a host, you have to wrestle with the SDK to find the way to assign a license to an ESX host). I manage to find someone who had already worked out how to enable SW iSCSI on host, but I couldn’t get my script to set my IQN…

Anyway, for what its worth – here’s my post-configuration .ps1 file.

ConfigureESXi.ps1

Update 01:

You know what its like just as post to the internet you can’t do something – sods, law dictates you find the option you were looking for sometime. So I have found a method of setting the IQN. And it was dead easy… I added a variable to the ps1 file called - $swiscsiiqn = “iqn.2008-10.com.vi4book:$vmhost” and then call out the storageSystem to UpdateInternetScsiName.

$VMhost = "esx4.vi4book.com"
$iscsiHba = "vmhba34"
$swiscsiiqn = "iqn.2008-10.com.vi4book:$vmhost"
$h = Get-VMHost $VMhost

Foreach ($hostView in ( Get-View -VIObject $h))
{
$storageSystem = Get-View $hostView.configManager.storageSystem
$storageSystem.UpdateInternetScsiName($iscsihba,$swiscsiiqn)
}

Update 02: Added Firewall Configuration

Added to the .ps1 file a method for changing the firewall with:

Foreach ($hostView in ( Get-View -VIObject $h))
{
$firewallSystem = Get-View $hostView.configManager.firewallSystem
$firewallSystem.EnableRuleset("sshClient")
}

Update 03: Added Licensing Process to the Script…

$vmhost = "esx4.vi4book.com"
$targethostMoRef = (get-VMHost $vmhost  | get-view).MoRef
$si = Get-View ServiceInstance
$LicManRef=$si.Content.LicenseManager
$LicManView=Get-View $LicManRef
$licassman = Get-View $LicManView.LicenseAssignmentManager
$licassman.UpdateAssignedLicense($targethostMoRef.value,"YOUR LIC KEY","vSphere4 Enterprise Plus (1-12 cores per CPU")

Update 04: Added Configuring DPM to the Script…

$vmhost = "esx4.vi4book.com"
$login = "vmware_dpm_user"
$password = "password"
$hostview = get-vmhost $vmhost | % {Get-View $_.Id}
$IpmiInfo = New-Object Vmware.Vim.HostIpmiInfo
$IpmiInfo.BmcIpAddress = "192.168.3.204"
$IpmiInfo.BmcMacAddress = "00:16:35:37:F8:02"
$IpmiInfo.Login = $login
$IpmiInfo.Password = $password
$hostview.UpdateIpmi($IpmiInfo)

Update 05: Added Setting the Root password on ESXi Hosts & Creating Local User Accounts

You might notice that the connect-viserver -password field is missing. That’s because all cleanly “installed” or “factory reset” ESXi host default to having no password. So initially I authenticate without a password, and the first thing I do is set a password.

$esxhost = Connect-VIServer $vmhost -username root
Set-VMHostAccount -UserAccount root -password password
New-VMHostAccount -ID lavericm-admin -Password password -UserAccount

Update 06: Enable FT Logging on a VMkernel Port

This uses the data object virtualNicManager to set the VMKernal Port (vmk2) to be enabled for “FaultTolerenceLogging”

$FTlogging = New-VirtualPortGroup -VirtualSwitch $vs3 -Name FT-Logging
New-VMHostNetworkAdapter -PortGroup FT-Logging -VirtualSwitch $vs3 -IP $FTloggingIP -SubnetMask 255.255.255.0
$h = Get-VMHost $vmhost | Get-View -Property configManager
$nicManager = Get-View $h.configManager.virtualNicManager
$nicManager.SelectVnicForNicType("faultToleranceLogging", "vmk3")

Update 07: Enable “Management Traffic” on VMkernel Port for the HA Heartbeat

This uses the data object virtualNicManager to set the VMKernal Port (vmk2) to be enabled for “Management Traffic”

New-VMHostNetworkAdapter -PortGroup HA-Heartbeat -VirtualSwitch $vs3 -IP $HAheartbeatIP -SubnetMask 255.255.255.0
$h = Get-VMHost $vmhost | Get-View -Property configManager
$nicManager = Get-View $h.configManager.virtualNicManager
$nicManager.SelectVnicForNicType("management", "vmk2")

I’m kinda running my labs in hybrid environment – deliberately using ESX4 “Classic” on half of my boxes, and ESX4i on the rest. It means I can validate my experiences on both platforms and spot differences in configuration/behaviour. So, for the most part I’m still doing scripted installations with the UDA, and using esxcfg- commands in the %post to handle the networking.

(more…)

Well, carrying on with my theme of reporting the new stuff I learn each day. Here’s what I learned in the last couple of hours.

ESX4i doesn’t have Web-Access:

Not that this really matters too much… But ESX4i doesn’t have web-access front end – where you can do VM Management – but ESX4 does. To be honest if your using this functionality its best delivered from the vCenter web-pages because, well, its Active Directory “aware” in the first place. Interestingly, in the place of the link for the web-access page – VMware has put download links to the vSphere Remote Command Line

Roles and Help from VMware:

Normally, if I create a new role – I use an existing sample – clone it and then modify it from that clone. In fact I’ve never ever create a new role from scratch. In vSphere4 if you create a new role and select a couple of privileges the system will offer suggestions of additional privileges that will be probably required for the whole task to be completed. Personally, I will be sticking with my cloning method – but its nice to know. What I would like to see VMware do is take this idea a step futher and make some kind of “delegation wizard” (I’m borrowing a term for Microsoft AD) to guide people thru the steps of some of the main permissions tasks – something that would really, really benefit VMware SRM customers!

Standard & Distributed Portgroups – Drag & Drop:

Say you want to move a whole bunch of VMs from portgroup to another – well in the past you would have edit each VM (tedious) or used some whizzy bit of PowerShell like this:

get-vm | get-networkadapter | sort-object -property “NetworkName” | where {‘VLAN10′ -contains $_.NetworkName} | Set-NetworkAdapter -NetworkName ‘VLAN11′

I still like that. But what I learn today is if your using vCenter4, you can in the “Network View” drag-and-drop many VMs to their correct portgroup. You can do a similiar kind of task using the “migrate” wizard from the DvSwitch…

It may as some suprise to the readers of my blog, that I don’t know everything about VMware (sic). Only last week I was on the VMware Trainers forums asking a question – and someone said “I’m surprised you don’t know that, Mike – but it at least it makes you more human in my eyes”. Quite what it means to be “more human” is debatable – perhaps I’m extrahuman! In fact one of the occupational hazards of being the self-proclaimed “Mr RTFM” is the impish delight that others take in correcting my mistakes and misunderstandings. So it goes.

Anyway, what I like to do during my training course is admit that EVERY DAY I learn something new about VMware which I’ve never come across. It goes to remind everyone that old dogs like me do learn new tricks everyday. So with that spirit in mind I want to try every week tell you what I learned about VMware that week. You know the kinda of thing like tidbits that make you go “ahhhhh, I didn’t know that”. Of course, you free to comment “Jesus, Mike! Didn’t you know that – its on page 28 of the admin guide…”

RDMs and the 2TB Limit:

OK, I’m ashamed to say that I didn’t know that RDMs like virtual disks (.vmdks) are limited to being 2TB in size. I ass-um-ed that ESX4 had smashed thru this limitation. But no, it still there. To be more accurate the limitation is 2TB – 512B = 4294967295 blocks (512B per block). The limitation doesn’t come from VMFS but from the fact that VMware Logical Volume Manager still uses CHS (cyclinders-heads-sectors as the method enumerating LUN size, rather than GPT (GUID Partition Table). Despite the fact that the GPS method is supported in Windows (since Windows 2003 SP1), it is not supported by VMware. Of course there work-arounds if you do need >2TB but the restriction remains…

Some Nice Bits of PowerShell:

Whilst helping some people on the forums I came across some sweet piece of powershell. I’m collecting sample of common tasks – so I can call them up from a personal library in my lab environment. So here’s what I found last week:

Find VMs on Local Storage:

Get-Datastore |where {$_.Name -match “store|local|storage”} |Get-VM |Get-HardDisk |select Filename |Export-Csv c:\LocalVMs.csv

Force an ESX into Maintenance Mode:

Get-VMHost -Name esx1.rtfm-ed.co.uk | Set-VMHost -State maintenance

List all VMs with their IP Address:

Get-VM | select name, @{Name=”IP”; expression={foreach($nic in (Get-View $_.ID).guest.net) {$nic.ipAddress}}}

vApps on a stand-alone ESX host:

In case you don’t know vApps in vSphere4 is glorified resource pool – which allows you to gather a bunch of related VMs into a single object (called the vApp). From there you can set resource settings (like resource pool) but also do funky stuff like start-up/power-down orders and different methods of allocating IP address (say if you were an ISV delivery a multi-tier application in the .OVF format). NOW, if you create a vApps on a stand-alone host, and then subsequently try to add to a DRS enabled cluster, you will have a problem (see graphic below) as the vApp is destroyed during the process. Moral of the story? Create VMware Cluster first, then create vApps…

Manual invention required in Update Manager if vCenter4/VUM run in a VM:

I’m big advocate of running vCenter/VUM and other VMware Infrastructure components in a virtual machine. In fact I’m often horrified to discover that people physicalize those roles. Anyway, I don’t want to get into that debate – instead flag up anolmaly in VUM in vCenter4. If you go to do a remediate on the ESX host which is running the virtualized vCenter4/VUM instance you will see the error below. To resolve it you must manually move the VMs to different ESX host in the cluster. Normally, I run my virtual infrastructure components in a different ESX host (esx4) in a different environment to esx1,esx2 and esx3 but last week to keep everything up and running and patched to the SAME level. I joined ESX4 to the DRS enabled cluster and so the warning:

This is a rather cute (if that’s the right expression) piece of powershell – that can be used to do a bulk export guest customization specifications out into the .XML format…

http://www.van-lieshout.com/2009/07/export-and-import-customization-profiles-using-powershell/