0

Documenting vCenter Privileges with PowerCLI

A customer that I’m working with at present asked this week if the minimum privileges required for vRA to access a vSphere Endpoint could be documented. As someone who isn’t a fan of unnecessary wheel re-invention, my initial response was to direct them to the relevant VMware documentation (vRA 7.3 vSphere Agent Requirements).

Then they explained why that wouldn’t quite cover their requirement. I won’t explain exactly why, but they wanted a matrix that showed exactly what privileges each of the vRealize products (and associated management packs) needed in vCenter to provide to their security team. Somewhere in the dark and dusty reaches of my mind, a lightbulb flicked on…

lightbulb

Wait, I’ve done this before!

Like a number of other bloggers in my industry, I started this as a place to record some of things that I was doing in the hope that they might be useful to someone else, or even useful for myself in the future. Continue Reading

0

Automating vSphere VM disk zeroing with vRA7 and vRO

A long time ago, on a project far back in time, the team that I was part of was given a requirement to zero the disks of VMs before they were deleted by vRA / vRO (or vCAC and vCO as they were called back then). One of my colleagues on the project, Jonathan Medd, devised an approach for doing this using an “experimental” PowerCLI feature and wrote it up on his blog.

Fast forward nearly two and a half years and I’m looking at an upgrade for this platform and wondering if there’s a way to accomplish the same task in vRO rather than by breaking out to PowerCLI. Don’t get me wrong, I love PowerCLI. But fewer parts would mean that there’s less to go wrong. How to do it then…

Disk zeroing in PowerCLI

This is still listed as an experimental feature in the PowerCLI documentation for vSphere 6.5. The Set-HardDisk cmdlet has the -ZeroOut option and it would still be used exactly as Jonathan describes it in his article.

PowerCLI documentation for Set-HardDisk

PowerCLI documentation for Set-HardDisk

Disk zeroing in vRO

I’m not sure when it was added (i.e. which version), but back in 2014 we couldn’t find equivalent functionality in vRO. I did a quick search of the vCenter plugin methods in my v7.2 appliance and couldn’t see it there either. It turns out though that I was having a bad typing day. Burke Azbill pointed me to the right place (thank you):

vRO API help for zeroFillVirtualDisk_Task

vRO API help for zeroFillVirtualDisk_Task

So, “zeroFillVirtualDisk_Task” is a method called from VcVirtualDiskManager. All we need to give it is a datastore path and a VcDataCenter object and it’ll do the rest.

Getting a datastore path is relatively straight forward. Using vSphere’s Managed Object Browser (MOB), I can pick a VM object and navigate down to the config (1) and the hardware (2), get the disk devices (3) and look at their backing (4). The fileName attribute gives me the datastore path that I need.

Example VM configuration information in the vSphere MOB

Example VM configuration information in the vSphere MOB

Obtaining a VcDataCenter object, if I have the VM object already is a doddle too. There’s a vCenter plugin action that will do it for me based on the information that I have available to me in the MOB above. Taking the datastore attribute, which is a reference to a datastore object, I can pass it to the action below and get the VcDataCenter back.

Library vRO action getDatacenterForDatastore

Library vRO action getDatacenterForDatastore

Putting it together

Starting with a vCenter VM (vm in the script below) object in vRO then, zeroing all of the VM’s disks can be achieved as follows:

Deconstructing the code:

Line 1 – Gets the vCenter plugin connection for the vCenter that owns the VM called vm.
Line 2 – Gets the VCVirtualDiskManager object that the zeroFillVirtualDisk_Task method is a member of.
Lines 3 to 5 – Getting the config, hardware and devices for the VM. This could be done as one line.
Line 9 – Starts a loop to run the following code for each device.
Line 10 – Checks to see if the current device is a Virtual Disk.
Line 11 – Gets the Virtual Disk filename.
Line 12 – Gets the VcDataCenter object using the Virtual Disk datastore as an input.
Line 14 – Instructs vCenter to zero the Virtual Disk.

Considerations for vRA

There are a few considerations aside from some minor tweaks to make the code more efficient or robust before we look at adding this as a workflow subscription in vRA.

  • Firstly, on some storage devices (my home lab included), zeroing the disks causes a thin provisioned disk to expand to its full size. If the disks are large, you can expect the task to take some time and / or consume a lot of storage space.
  • Secondly, if there are snapshots running on the VM, they must be removed first.
  • Thirdly, the VM must be powered off before this will run. If the workflow subscription takes place at the right time, this shouldn’t be a problem however.
  • Finally, as I’ve already mentioned, this process could take some time to complete. The zeroFillVirtualDisk_Task method returns a vCenter task reference. Ideally that should be monitored for completion rather than just firing and forgetting. If the VM has multiple disks, that’s multiple tasks.

Adding it to the vRA Event Broker

Taking the original script above and factoring in the considerations too, it’s possible to create a fairly simple workflow that can be added as an Event Broker subscription in vRA. I’ll post it up here soon.

0

New vRO and PowerCLI Automation Training

A lot of the projects that I work on have an element of automation to them and I’ve been asked a few times by customers if there is a training course available that will help them get started in understanding vRO and VMware’s PowerCLI cmdlets and how they can be used. Whilst there have been courses available in the past, there is a new one that reads a bit like “Doing my job 101”. It goes by the catchy title of “Data Center Automation with vRealize Orchestrator and vSphere PowerCLI“.

Looking at the outline, the important stuff is there.

  • Understanding, using and navigating the vSphere API (useful for both PowerCLI and vRO).
  • PowerCLI basics and more advanced uses.
  • vRO Basics and workflow creation / design.

So, if you’re looking to get started with vRO or PowerCLI and use one or both of them to add some automation to your datacenter, it might be worth trying this course out.

201607196_100738-CapturFiles

0

Review: Learning PowerCLI

0167EN_Learning PowerCLI_CoverUnless you’re new to vSphere, you’ll probably have heard about PowerCLI. You may already be using it regularly or perhaps you’ve found the occasional use for it and used one or more of the many excellent scripts that can be found on the internet. Either way, unless you’re an advanced user (or even a guru) of PowerCLI, there’s a book that’s been released recently that could be worth a look.

Learning PowerCLI”, by Robert van den Nieuwendijk, was released just a few weeks ago from publishers Packt Publishing. The author has posted many times on his blog with useful scripts, one-liners and tips for using PowerCLI in the past. Several times an issue that I’ve had has lead me to his blog so I was very interested to see if his knowledge and experience had translated well into book form.

Although I did read through the book from cover to cover, it’s not really that sort of book. PowerCLI and Powershell are technologies that you can easily dip into when a specific need arises and I found that trying to absorb the entire contents of the book was hard-going. That shouldn’t be taken as any sort of slight against the author’s writing style, it’s just the subject matter doesn’t lend itself to being the kind of book that you can’t put down. It is, though, the kind of book that you want to pick up and learn from. I’ve been using Powershell and PowerCLI for many years and I was surprised at the number of things that I learned!

The book starts simply enough by covering the installation and instantiation of PowerCLI as well as proving a few common examples of PowerCLI’s most commonly used cmdlets so that a reader new to the technology can see some immediate benefit. Before things get too heavy, Robert covers some of the most useful Powershell commands available: Get-Help, Get-Command and Get-Member. He also covers a number of useful Powershell tips and best practices whilst simultaneously keeping the reader’s mind on PowerCLI before delving into some more focussed topics, such as:

  • Working with vSphere hosts
  • Working with Virtual Machines
  • Working with Virtual Networks and Storage
  • Managing core vSphere / vCenter functionality

As I’ve already stated, I found the book very useful as it taught me a number of things I didn’t already know, allowing me to correct some bad scripting habits and improve a number of areas of scripts that I’m producing for a current project. People with a very strong grasp of Powershell and PowerCLI already might find that there’s a limit to what they gain from the book but beginners and intermediates alike should find that there’s plenty to take away and use.

0

vOpenData – Shared Virtual Infrastructure Statistics

Whether you love or loathe VMware and their products, one area that you can’t fault is the community that’s built up around them. In that community blood, sweat, tears and a dash of brilliance have produced many amazing things. vOpenData looks like it could be one of them.

vOpenData is the brainchild of Ben Thomas and was built with William Lam and assistance from several other VMware community members. Essentially it is a public database of VMware Virtual Infrastructure statistics / configurations. Users download a script that collects some anonymous data about their infrastructure. Once uploaded and added to the database, the data contributes to a plethora of publicly available statistics.

At the time of writing there are over 50,000 VMs in the database. The average VMDK size is just over 70Gb. For me, as a techie / evangelist / consultant, this is useful information and there’s so much more there besides. Here’s a quick grab from the public dashboard:

screenshot341

As a community project, its value is huge and will get even better the more people contribute data to it. Head over to the vOpenData website and find out more.

0

Do my ESXi hosts have the same VLANs?

PowerCLIIn a small vSphere environment that I’ve recently been working on, I started to notice that some of my VMs were disappearing off the network from time to time. Reboots of the VM didn’t seem to fix the issue but a quick vMotion of the VM to another host did.

If you haven’t figured it out yet, one of my hosts was missing a VLAN and VMs connected to a certain portgroup were affected whenever they ran on the host.

vSphere will warn you if a host that you’re trying to migrate a VM to doesn’t have the right portgroup and host profiles (if you’re using Enterprise Plus licensing) will alert you to the fact that a portgroup isn’t configured with the right VLAN ID but nowhere in vSphere will you get an alert if a required VLAN is not being presented to a host. So you have to use other means to check this information.

You could manually examine the properties of each physical NIC in turn but that could take some time. The method that I used on this occasion was a PowerCLI script. I could have written one myself but a quick google lead me to a script written by Luc Dekens that did what I wanted already (and a little more besides). I modified it to suit my needs (demonstrating to the person in the remote datacenter that there was a network misconfiguration) and ran it. The output is below:

[ps]Host:  esx1.mydomain.com

vmnic0  VLAN224 VLAN227

vmnic1  VLAN224 VLAN227

vmnic2  VLAN250 VLAN252 VLAN251

vmnic3  VLAN250 VLAN252 VLAN251

Host:  esx2.mydomain.com

vmnic0  VLAN227 VLAN226 VLAN224

vmnic1  VLAN227 VLAN226 VLAN224

vmnic2  VLAN251 VLAN252 VLAN250

vmnic3  VLAN251 VLAN252 VLAN250

Host:  esx3.mydomain.com

vmnic0  VLAN224 VLAN227 VLAN226

vmnic1  VLAN224 VLAN227 VLAN226

vmnic2  VLAN250 VLAN252 VLAN251

vmnic3  VLAN250 VLAN252 VLAN251

Host:  esx4.mydomain.com

vmnic0  VLAN224 VLAN226

vmnic1  VLAN224 VLAN226

vmnic2  VLAN250 VLAN251

vmnic3  VLAN250 VLAN251 VLAN252[/ps]

As you can see, there are some discrepancies in which VLANs are presented to the four hosts that I ran it against and vmnic2 on Host4 was the one causing my problems. The hosts are supposed to have the vmnics paired (vmnic0/vmnic1 in one pair and vmnic2/vmnic3 in another) with identical configuration between the hosts.

The modified script that I used is attached below. Many thanks, as always, LucD.

Show-PNICVLANs.ps1

0

PowerShell Primer

A few times in the last few weeks I’ve been asked if it’s worth learning PowerShell. My answer is always “yes”. Rather than repeat myself too often I thought I’d make a post out of it.

But first, an apology. I met a chap at vBeers in London about 6 weeks ago. His background was more UNIX than Windows but he recognised that PowerShell was something that he’d have to learn a bit about. At the time I did promise to send him a few useful links to get started. As you might have guessed, I didn’t do it.

So… Jeff, I’m sorry.

For the benefit of Jeff and anyone else, here are some places to start when it comes to PowerShell and also PowerCLI (VMware’s extension cmdlets to PowerShell for managing their products). Continue Reading

0

Review: VMware vSphere PowerCLI Reference

It’s difficult to be objective when you know (and like) some of the authors. Fortunately it’s not a problem in this case since I don’t have anything bad to say about their work anyway so I don’t need to be diplomatic!

Of course it could be argued that anything I say here might not be totally impartial but I leave it to you, the reader, to make that decision – I just wanted to be open and clear from the start.

“Clear” is definitely a word I’d use when describing the book. With a subject like this, which isn’t exactly what you would call bedtime reading, any confusion would make the book unreadable. Maybe this is helped in my case by the fact that I’ve been using PowerCLI and PowerShell for quite a while now although I certainly wouldn’t put myself anywhere near being in the same league as the authors.

Having some exposure to PowerShell I think is probably a pre-requisite for this book. Or at least you should have a willingness to learn a bit about the language first as the book drops you into some fairly sizable scripts right from the start (assuming you go from cover to cover that is). Thank fully these scripts can be obtained from the publisher’s website – the days of typing in programs from a magazine are long gone!

One of the things that I like most about the book is that many of the day-to-day Virtual Infrastructure tasks that most people do repetitively through the GUI have been converted into PowerCLI scripts. Not all of them will be immediately useful to everyone but they give you the flexibility to change how you work whilst at the same time being fairly easy to follow. Having the way that PowerCLI works with the vCenter API explained (with examples) at various stages should give any reader the confidence to strike out on their own. Just remember to test any modifications on a non-production system!

My only criticism of the book is one that is general to books of this type. Inevitably, by the time that they are written, edited and published the technology is on the cusp of moving on and it is possible for such books to become outdated quite quickly. In my opinion, PowerCLI is here to stay. PowerShell is certainly gaining lots of traction in the IT industry and so as a foundation for scripting VMware vSphere this book should be a good read for some time to come, even if a little tweaking is necessary in the future to make the documented scripts work with the latest versions of PowerCLI.

The only other thing (and this is a note for the publishers / amazon and the reason that it only gets four stars) is that it would be great they offered a bundle of the print book and an electronic version (e.g. Kindle) for a reasonable price. I know a fair few people like me who would like that sort of combination. Actually, offering an electronic version at all would be good – I gather from Jonathan Medd’s interview on the #vsoup podcast that there were formatting issues with the script samples that the publisher is working on.

Otherwise an excellent book!

0

PowerCLI: Empty Resource Pool

Just a quick one today and I’m only putting it up here because it’s a one-liner and they always make me smile 🙂

Of the multiple clusters on one vCenter server that I’m working on, one of them has some resource pools that we don’t really need. Rather than dragging and dropping a few dozen VMs from one resource pool to the root resource pool of the cluster in the vSphere client I thought I’d use PowerCLI.

[ps]Get-ResourcePool -name "MyResourcePool" | Get-VM | Move-VM -Destination (Get-Cluster -name "MyCluster" | Get-ResourcePool -name "Resources")[/ps]

Job Done!

0

Finding HA Primary Nodes

A question came up in yesterday’s “Chad’s Choice” webcast about choosing which hosts in a cluster would be configured as HA primary nodes. I’m not going to go into any great detail here about what HA primary nodes are because there is a more comprehensive article on HA freely available over on the Yellow Bricks blog of Duncan Epping.

The short answer to whether or not you can choose HA primary nodes is a simple “no”. It’s not possible.

Things are rarely simple though. Technically it is possible (again see Duncan’s HA deepdive page for details) but, and this is important, manually choosing HA primaries is not supported – even experimentally.

The good news though for anyone who wants to know which hosts are their HA primaries is that there is now a dead simple way to find out. As of PowerCLI 4.1.1 there is a nice new cmdlet available. Getting a list of HA primaries is as simple as:

[ps]Get-HAPrimaryVMHost -Cluster <Cluster Name>[/ps]

It’s not the speediest of cmdlets but it does work. See below: