Virtualisation made simple
To unistall the vCD agent (vslad) on an ESXi host:
/opt/vmware/unistallers/vslad-uninstall.sh
VMware vCloud Director (vCD) automatically creates a URL for each organisation that is created in vCD. There is a slight bug which does not create the URL properly and will cause the URL that is displayed under Customer | Administration | Settings | General to be incorrect.
For example, if you create an organisation called Customer1, the default URL that is created will be:
This is of course wrong and if you clicked on the link you would see a page similar to this:
So how do we fix this?
Simple, just add cloud into the URL so the new URL will be:
This WILL work but you will have to do this for every new customer and also remember to publish the correct URL.
However, there is a better way, being much more intelligent, amend the system VCD public URL under System | Administration | System Settings | Public Addresses
This will automatically add cloud into all organisation VCD public URLs.
Most administrative changes to vShield Manager can be done using the command line interface (CLI) by initiating a console session to the vShield Manager virtual machine. You can log in to the CLI by using the default user name admin and password default.
You can also access the CLI by enabling SSH.
manager# en
manager# configure terminal
manager(config)# ssh start
manager(config)# cli ssh allow
vShield Manager uses manager as the default hostname but there is no easy way to change the hostname using the web interface or the vSphere plugin. You can only change vShield Manager’s hostname using the CLI.
manager# en
manager# configure terminal
manager# hostname newhostname
More to follow….
A VMware vCloud Director (vCD) cluster contains one or more vCD servers, these servers are referred to as “Cells” and form the basis of the VMware cloud. A cloud can be formed of multiple cells.
This diagram is a good representation of the vCD Cluster concept.
To enable multiple servers to participate in a cluster, the same pre-requisites exist for a single host as for multiple hosts but the following must be met:
This shared storage could be a NFS mount, mounted to all participating servers with rw access for root. It is important that prior to configuring the first server, a decision must be made on whether a cluster is required. If you intend to use a vCD Cluster, configure the shared transfer server storage before executing the vCD installer.
Check out the vCloud Director Installation and Configuration Guide for pre-requisites.
For this post, I’ve setup an NFS volume on Freenas and given rw permissions for all cluster members to the volume. It is assummed that you have a completely clean installation of RHEL 5 x64 (or if like me you are running this in a lab CENTOS 5 x64), with all the latest updates and pre-requisite packages.
Now to mount the volume on all hosts:
Now you are ready to install vCD onto the first host, making sure that you have met all the pre-requisites as detailed in the vCloud Director Installation and Configuration Guide. Once completed you should have a working cell with its shared transfer server storage folder located on the NFS volume.
At this point you should already have a working cell with the vCD shared transfer server storage located on the NFS volume. Before you install vCD onto a server the following must be done:
The installer will automatically complete most prompts for you, but you will still need to select the correct eth adapter for the http and consoleproxy services, everything else will be automatic.
Go ahead and have a play and maybe even deploy a load balancer on top.
Here’s a screenshot of my two cells working side by side connecting to the same shared transfer server storage, oracle database and managing the same vCenters.
For more information read the overview at Yellow Bricks which also includes links to the product pages.
Configuring an IBM BladeCenter H chassis to accommodate six network cards and two fiber channel ports can be a little confusing with the amount of ports available for use at the rear of the H chassis.
The rear of the H Chassis looks like this.
There are a total of 10 interconnect bays. The vertical bays (Bays 1- 6) are normally referred to as Standard Switch Modules and the horizontal ones (Bays 7-10) are referred to as High Speed Switch Modules.
To utilise the horizontal bays, the Multi Switch Interconnect Module (MSIM) modules are required. What this does is it allows the vertical modules to be installed into bays 7-10. One MSIM modules occupies both bays 7 and 8, or both bays 9 and 10 simultaneously, allowing for two interconnect modules to be installed within a single MSIM module.
The IBM HS22/HS22v server supports two processors, 12 DIMM slots (18 slots for HS22v), two SAS drive bays (two SSD for HS22v), has two onboard network adapters, an internal USB port (for ESXi) and two daughtercard ports – CIOv and CFFh. Similar to how HP C Class blades terminate the network and fiber ports, the HS22/HS22v also has terminations set via the BladeSystem back-plane and this results in a set configuration of the location of the interconnect modules in the rear of the blade chassis.
The HS22/HS22v’s onboard network adapters, always terminate in bays 1 and 2 of the IBM BladeCenter H chassis.
The CIOv daughtercard will terminate in bays 3 and 4, as any CIOv card will always have a maximum of 2 ports. Some of the dual port CIOv cards available are:
The CFFh card is different depending on the exact type of card that is selected. Any dual port CFFh port will terminate in bays 7 and 8, but any quad port CFFh card will terminate in bays 7, 8 and also 9 and 10.
Some of the CFFh cards available are:
Of course as stated above, to utilise a CFFh daughtercard, the MSIM module will need to be installed first. One MSIM module in bays 7 and 8 for a dual port CFFh card and two MSIM in bays 7 and 8 and 9 and 10 for a quad port CFFh card.
For this configuration though I will use the “Ethernet Expansion Card (CIOv) for IBM BladeCenter – CIOv” and the “QLogic Ethernet and 8Gb Fibre Chanel Exp Card (CFFh) for IBM BladeCenter – CFFh”.
This allows us to meet our 6 NIC and 2 HBA requrements.
The table below shows how the adapters within the HS22/HS22v terminate at the rear of the H Chassis.
| Adapter | Net/Fiber | H Chassis Bay |
| Onboard1 | Network | 1 |
| Onboard2 | Network | 2 |
| CIOv1 | Network | 3 |
| CIOv2 | Network | 4 |
| CFFh1 | Network | 7 |
| CFFh2 | Fiber | 8 |
| CFFh3 | Network | 9 |
| CFFh4 | Fiber | 10 |
This diagram also shows how the adapters within the HS22/HS22v terminate at the rear of the H Chassis.
So there you have it, the HS22/HS22v in a BladeSystem H simplified.
The scenario:
I’m working on a paper, document, anything, (probably just this post now since my schedule is so busy) on something that’s been in the back of my mind for a while now, and every time I speak to a new opportunity or a customer I always wished that I had something substantial to leave behind to show that yes, it is possible to achieve the desired future state without pain.
What I’m talking about is how to get from A to Z without pain, fear, risk, or increased cost and time.
‘A to Z’ is an expression that we all use, but in Lehmann’s terms it is getting to the desired future state from the current state.
What is the future state? For example a server migration project of 1000 Wintel servers into VMware infrastructure in 6 months.
So if A is the origin and Z is the destination, then the journey of getting from A to Z is the experience. It is the experience that is all too important. In a project’s lifecycle, the primary purpose of a project is to bring benefit to something (an organisation for example). But the experience can vary dramatically. Z can be achieved but at what cost? Z can be achieved but it could take a long time. Z can also be achieved but after how many mistakes, issues and actions that were required to achieve Z?
Is there a way to define the experience? To reduce the amount of risk and unplanned change, to limit the exposure to mistakes and unknowns. To cap the amount of time and cost to achieving Z. ‘The Way’ then is called a methodology. A methodology is a collection of processes and frameworks which are used to control the execution of change within a project.
So while I’m in a pessimistic mood, let’s go over why there are difficulties from having a comfortable journey:
• Lack of planning
• Lack of clear objectives
• Lack of support and acceptance (See Steve Chamber’s Barriers to Virtualisation)
• Lack of risk management
• Lack of a business case or project justification
• Lack of change control
Why is change so feared?
Let’s assume that your project justification and initiation are all good and that your project plans, objectives, business case and RAID are all up to scratch and now you are ready to embark on a project that changes your IT infrastructure. Have you considered how you will manage change? Are there push backs from the business or application owners who don’t really need or want anything to happen to their precious server due to changing the way a workload is run?
How can you alleviate their fears and introduce controlled change?
So let’s take the classic CIO/IT Director from a few years ago at a time when x86 consolidation using virtualisation was still in its infancy (there are those that still think transitioning to a virtual infrastructure is a risk too far). These CIOs had fears around change – change of management, change of skills, change of processes and changes with operations. These fears were prevalent then and are still prevalent now. In my view the main enablers for change are the frameworks that can be used to get from A to Z.
Without change, an IT organisation will never be able to evolve into an IT organisation that has more reliable infrastructure, more efficient processes and more streamlined operations. Those companies that do embrace change and evolve are considered to be the most high performing IT Organisations.
The consensus is basically this: change causes fear, therefore projects such as P2V take forever to do, and without the correct methodology your P2V project could fail before it has actually begun. But by introducing controlled change and then putting the processes and governance in place; the strategy controls, manages change and provides a framework for effective management and delivery of the project.
The barrier to evolution is due to a fear of change, we alleviate this fear by controlling change. Change then becomes the enabler for evolution: please welcome Change Evolution.
So what is Change Evolution?
Change Evolution is a framework that uses ITIL/Visible Ops methodologies to control migration to virtualisation projects. It expedites ROI due to enablement of change management as part of BAU/Operations.
Change Evolution is a framework for delivering projects with
How is this accomplished?
By using a defined methodology that integrates with the change control processes it is possible for you to deliver record‐breaking project successes without risk and within strict time scales and budgets and above all with no pain.
1. INTRODUCTION
1.1 Overview
The VI Toolkit (for Windows) provides a powerful yet simple command line interface for task based management of the VMware Infrastructure platform. Windows Administrators can easily manage and deploy the VMware Infrastructure with a familiar, simple to use command line interface.
The VI Toolkit (for Windows) is a tool that system administrators and developers can use to automate the management of VMware Virtual Infrastructure. With the VI Toolkit (for Windows), many tedious and time-consuming tasks can be completely automated in as little as one line of code.
The VI Toolkit (for Windows) takes advantage of Windows PowerShell and .NET to bring unprecedented ease of management and automation to the Virtual Infrastructure platform. The VI Toolkit (for Windows) provides 125 PowerShell cmdlets that cover all aspects of Virtual Infrastructure management.
Some common tasks that the VI Toolkit (for Windows) can be used to perform include:
1.2 System Requirements
The following platforms are supported by the VI Toolkit (for Windows):
1.3 Virtual Infrastructure Platforms Supported
The following platform combinations are supported by the VI Toolkit (for Windows):
1.4 Pre-requisites
The following tables lists the software pre-requisites and the location to each installer. This guide focuses on the most recent releases as dated 05/02/2009, which are Windows PowerShell V2 CTP3, VI Toolkit (for Windows) version 1.5 and the VI Toolkit Community Extensions build 46896.
Windows PowerShell
VI Toolkit (for Windows)
VI Toolkit Community Extensions
Another pre-requisite that is also recommended for general administration is Notepad++. This is used to create and edit scripts that can be run with the VI Toolkit.
Notepad++ can be downloaded from here.
2. INSTALLATION
There are three installation tasks that need to be performed before you can start using the VI-Toolkit to manage a VMware Infrastructure.
Windows PowerShell. The VI Toolkit 1.5 (for Windows) requires Microsoft PowerShell V2 CTP 3.
Please download it from here.
VI Toolkit (for Windows). Can be downloaded from here.
VI Toolkit Community Extensions. Can be downloaded from here.
3. SETTING UP THE VI TOOLKIT
The procedures below go through in detail how to get the VI-Toolkit up and running after installation. Once installed the icon below will be available on the Windows Desktop.
DO NOT LAUNCH IT YET!
Before launching the VMware VI Toolkit application, you must first set up your PowerShell profile. The new desktop shortcut does two things for you: it starts powershell with the VI Toolkit snapin loaded and it runs a script which modifies the look of the Powershell window and adds some cool extra functions. If you want to have the same functionality in your normal Powershell window and your scripts, you have to copy some stuff to your Powershell profile.
3.1 First, set up your profile:
1. Start a normal PowerShell Window by navigating to Start | All Programs | Windows PowerShell V2 (CTP3) | Windows PowerShell V2 (CTP3), the following will be launched:
2. Run the following command:
Test-Path $profile
3. If it returned True then you already have a profile file. If it returned False, then proceed to the next step.
4. Create a profile file by running:
New-Item $profile –ItemType File
5. If an error is returned then create a WindowsPowerShell directory under your My Documents folder and then repeat step 4.
3.2 Adding the snap-in:
1. Open your profile by running:
Invoke-Item $profile
2. Add the following line to the profile file to load the snap-in:
Add-PSSnapIn VMware.VimAutomation.Core -ErrorAction SilentlyContinue
3.3 Adding undocumented functions
1. Open the file C:\Program Files\VMware\Infrastructure\VIToolkitForWindows\Scripts\Initialize-VIToolkitEnvironment.ps1
2. Copy the following Function Blocks to your profile file:
Get-VICommand, New-DatastoreDrive, New-VIInventoryDrive, Get-VIToolkitDocumentation, Get-VIToolkitCommunity
If the steps were performed successfully, then your profile will be present in the folder structure C:\Documents and Settings\Hugo Phan\My Documents\WindowsPowerShell/ Microsoft.PowerShell_profile.ps1
And its contents will look something like this:
3.4 Enabling the execution of scripts
The Set-ExecutionPolicy changes the user preference for the execution policy of the shell. The execution policy is part of the security strategy of Windows PowerShell. It determines whether you can load configuration files (including your Windows PowerShell profile) and run scripts, and it determines which scripts, if any, must be digitally signed before they will run.
You need to set the execution policy to unrestricted using the below cmdlet
set-executionpolicy unrestricted
get-executionpolicy will return the current execution policy.
The default ExecutionPolicy is Restricted. Unrestricted is unnecessarily risky.
Set-ExecutionPolicy RemoteSignedis more secure and works for VI Toolkit 1.5.
3.5 Loading the Community Extensions
The VI Toolkit for Windows Community Extensions is a PowerShell module designed to work with the VI Toolkit for Windows.
1. Download and extract the package and then copy the coreModule folder to the root of C:
2. Open up a Windows PowerShell session and then type in the following command
Import-Module “c:\coreModule\viToolkitExtensions.psm1”
Now you are ready to start using the VI Toolit by either logging into a vCenter environment or by launching scripts.
Details here.
There are three ways in which to upgrade to VMware vSphere, these are
This post goes through the upgrade process using the vSphere Host Update Utility 4.0. A 10 minute video is available here:
The vSphere Host Update Utility 4.0 is an application that is installed as part of the vSphere vCenter installation package.
Following on from vinternals post about what a terrabyte of RAM looked like. Here is what 2Tb of RAM looks like installed in 16 BL685c servers.
Heres a picture of the box…
Notes on using vRanger Pro & ESXi for Disaster Recovery
Just succesffully proved vRanger Pro to restore backups taken from Production (ESX 3.5, vRanger Pro on physical with VCB) to infrastructure in DR (ESXi 3.5, vRanger Pro on a VM, non VCB). All this from provisioning DR Infrastructure (ESXi Servers, Storage, vCenter VM) within 1 hour. Silver tier recovery just got “sESXi”!
Infrastructure at Production
Infrastructure at DR
Important points to note
If you are running vRanger in a virtual machine to restore workloads backed up by vRanger installed on a physical host, with either traditional LAN based backup or VCB based backup. It is important that the software is installed in the correct order and all the necessary software is installed to enable vRanger to restore both types of backup. If the physical vRanger server performed a backup of a workload using the VCB framework, then you will not be able to restore that workload using another vRanger server unless the VCB framework is also installed. For example, you wish to perform a restore at a DR site.
The correct installation order is
Tips
Steps in order to progress
1) Login in the affected ESX server using Putty
2) service mgmt-vmware restart
If this doesn’t work then the vmware-hostd daemon has to be killed.
3) ps -e | grep vmware-hostd
Look for the process_id associated with vmware-hostd
4) kill process_id
i.e. if 3) returned:
32470 ? 00:01:12 vmware-hostd
the command would be:
kill 32470
5) service mgmt-vmware status
if the service is started use
service mgmt-vmware restart
if it’s stopped use:
service mgmt-vmware start
vmware-vim-cmd
For those of you familiar with vimsh and used it to configure a scripted install of ESX 3.5, have you noticed that the following error would occur when launching commands using /usr/bin/vimsh ?
/usr/bin/vimsh -n -e “hostsvc/maintenance_mode_enter
Alternatively, by using the wrapper developed for ESX 3.5, vmware-vim-cmd, you would get the following:
/usr/bin/vmware-vim-cmd hostsvc/maintenance_mode_enter
The two commands are detailed in the Xtravirt whitepapers, vimsh and vimsh for ESX 3.5. I would recommend at least having a quick browse to see what can be achieved with these commands. Using vmware-vim-cmd in conjunction with esxcfg- can achieve some very interesting results, especially if you love to create the perfect KickStart build script.
If only it is possible to launch vmware-vim-cmd commands using the RCLI just as esxcfg- can be launched using vicfg-. Anyone have an idea?
A few more examples
Refreshing the network settings
/usr/bin/vmware-vim-cmd hostsvc/net/refresh
Refreshing the storage
/usr/bin/vmware-vim-cmd hostsvc/storage/refresh
The all important enabling VMotion
/usr/bin/vmware-vim-cmd hostsvc/vmotion/vnic_set vmk0
And how about setting vSwitch1 to use Route Based on IP Hash?
/usr/bin/vmware-vim-cmd hostsvc/net/vswitch_setpolicy –nicteaming-policy=loadbalance_ip vSwitch1
And setting vSwitch0 to use Route Based on the Originating Virtual PortID. (vSwitch0 has two portgroups using VLAN tagging, 1 for Service Console and 1 for VMotion, we wish to use active-passive nic teaming policy)
Set active vmnic0 and standby vmnic2 for Service Console
/usr/bin/vmware-vim-cmd hostsvc/net/portgroup_set –nicorderpolicy-active=vmnic0 vSwitch0 ‘Service Console’
/usr/bin/vmware-vim-cmd hostsvc/net/portgroup_set –nicorderpolicy-standby=vmnic2 vSwitch0 ‘Service Console’
Set active vmnic2 and standby vmnic0 for VMkernel network
/usr/bin/vmware-vim-cmd hostsvc/net/portgroup_set –nicorderpolicy-active=vmnic2 vSwitch0 VMkernel
/usr/bin/vmware-vim-cmd hostsvc/net/portgroup_set –nicorderpolicy-standby=vmnic0 vSwitch0 VMkernel
Set vSwitch overide load balancing policy
/usr/bin/vmware-vim-cmd hostsvc/net/portgroup_set –nicteaming-policy=loadbalance_srcid vSwitch0 ‘Service Console’
/usr/bin/vmware-vim-cmd hostsvc/net/portgroup_set –nicteaming-policy=loadbalance_srcid vSwitch0 VMkernel
Let’s not forget to refresh our network settings
/usr/bin/vmware-vim-cmd hostsvc/net/refresh
/usr/bin/vmware-vim-cmd internalsvc/refresh_network
You can download the zip file from here.
The article can be read at source here
Following on from optimising the storage for a customer, I decided to change the queue depths for the Emulex HBAs. The ESX hosts, each have two dual-port Emulex HBAs, the diagram below shows the setup..
Only two ports are in use at the moment, vmhba2 and vmhba5. To determine the instance numbers that are in use by the Emulex ESX driver – lpfc (use qla2300 or similar for QLogic), the output of the ls command includes a number for each active HBA in the system. We can then use the instance numbers to find the active adapters.
Emulex example
# ls /proc/scsi/lpfc
You should get an output similar to
Because of the way that the host is connected and from the picture above, I already know that 2 and 5 are the active adapters. Running the following command will confirm
# cat /proc/scsi/lpfc/2
this shows that vmhba2 is currently active and has 4-paths to the SAN
Running the same command on vmhba3 gives the following as expected
Running the command on vmhba5 is also as expected.
Now that we’ve found out which vmhbas are active, we can use the output to find out which lpfc# options we should add to the lpfc_740.o module to configure the queue length.
The outputs of # cat /proc/scsi/lpfc/2 and # cat /proc/scsi/lpfc/5, give us lpfc numbers of 0 and 3 respectively. So to configure a queue depth of 64 for lpfc2 and lpfc5 we run the following command
# esxcfg-module -s “lpfc0_lun_queue_depth=64 lpfc3_lun_queue_depth=64” lpfc_740
and
# esxcfg-boot -b
The -q option shows configured options for a module.
Now we reboot for the changes to take effect.
In this case, both HBAs lpfc0 (vmhba2) and lpfc3 (vmhba5) will have their queue depths set to 64.
With this post and the previous one, we have set manual load balancing for the LUNs over eight different paths and also changed the queue depth to 64, this should keep the ESX optimised for now, maybe I’ll change the VMFS3.MaxHeapSizeMB to 64 for good measure!
So I deal with a lot of customers on my travels, and most have multiple ESX servers and occasionally I receive the odd request for a change here and there. As you all know, with VI3 and the latest releases of ESX3.5/VC2.5, almost all configuration and most advanced configuration can be achieved by using the VI Client connected to VirtualCenter.
But how long would it take to add another portgroup to a vSwitch with a VLAN ID for 20 ESX servers? Quite long, if you have the time or the patience then thats fine, but I’d rather script something like that.
By using the VMware RCLI (Remote Client) you can send vicfg- (esxcfg) commands to both ESX 3.5 and ESXi hosts. Originally it was intended for use with ESXi due to it having limited service console but the functionality is also provided for ESX 3.5 hosts.
The VMware Infrastructure Remote CLI provides a command-line interface for datacenter management from a remote server. This interface is fully supported on VMware ESXi 3.5 and experimental for VMware ESX 3.5. Storage VMotion is a feature that lets you migrate a virtual machine from one datastore to another. It is used by executing the svmotion command from the Remote CLI. The svmotion command, unlike other RCLI commands, is fully supported for VMware ESX 3.5.
I use the RCLI with SSH access enabled, so now my RCLI acts as a service console proxy server. To send an esxcfg- command to an ESX 3.5 host, I would now log into the RCLI using SSH and then send the commands from the RCLI’s command line, or execute a .sh script on the RCLI.
So let’s use our example above…. to add another portgroup to vSwitch1, with a VLAN ID of 123 onto 20 ESX 3.5 hosts.
#!/bin/sh
#Script to add portgroup with vlad id of 123 to vSwitch1 onto all ESX 3.5 hosts
# Assign port groups to vSwitch1
vicfg-vswitch –add-pg=VLAN123 vSwitch1 –server= –username=root –password=
vicfg-vswitch –add-pg=VLAN123 vSwitch1 –server= –username=root –password=
vicfg-vswitch –add-pg=VLAN123 vSwitch1 –server= –username=root –password=
#Assign vlan ids to port groups
vicfg-vswitch -v 123 -p VLAN123 vSwitch1 –server= –username=root –password=
vicfg-vswitch -v 123 -p VLAN123 vSwitch1 –server= –username=root –password=
vicfg-vswitch -v 123 -p VLAN123 vSwitch1 –server= –username=root –password=
Now save, make the script executable and then launch it, and the script will create the new portgroups on all the servers in a couple of seconds.
