Monthly Archives: June 2013

Why Orchestrate?

Orchestrate-FacilitateAs you all can probably tell by reading my blog lately I have went head first down a path that lead me directly to vCenter Orchestrator.  Honestly, since doing that I haven't looked back.  I've known about the application for quite some time but never could find a use case for it in my environment.  Sure, getting the same results every time is great, that's the most obvious reason to script anything, but I had already been achieving this with Perl, PowerCLI and PowerShell, so why orchestrate?

This is an attitude I had for quite some time.  I'll just keep plugging away at all of the tasks I need to do throughout my day, finding efficiencies here and there for things, scripting some, manually pounding away on the keyboard for others; no biggie!  Then something happened – and by something I mean our environment grew…substantially.  We for the most part doubled in size over the course of a few months and things started getting really crazy really fast.  Those daily tasks, or one-off things that I had been doing started to become a hold up to the rest of the team and the business.  Let's take a simple example of deploying a new application or VM into your environment…

Wait, I thought VMware was supposed to improve provisioning time?

Well it certainly has, I can deploy servers in a matter of minutes now, have them on the right network, with our base load of software – and even with some of the Software Defined Datacenter pieces implemented I can have security and compliance built right into this deployment process as well.  But, the fact of the matter is I still have a lot of other things I need to do in order to call my server or VM completely deployed.  That's where vCenter Orchestrator comes in.

So I'm secure, provisioned and have a base software load installed and configured, what else is there?

Backup/Replication/DR – Some products will point to a datastore and/or cluster as their target which means this may be already setup for you when a new VM is deployed.  However I don't have my backup solutions configured that way.  I like to add my VMs to jobs which are based on RPO, therefore this is something I need to do manually after it has been provisioned

Monitoring/Reporting – Again, some products will automatically pick up new VMs and begin monitoring them.  I do have vCOPs setup, however there are many other tools I use to monitor specific application level statistics and performance, in which I need to go and setup manually after I deploy the VM.

Active Directory placement and group policy – For the Windows VMs I like these to be sitting in the proper OU after I deploy them, without this they will never receive the proper group policy – again, needs to be setup after the fact.

So how does vCO help with this?

vCenter Orchestrator by itself doesn't – but coupled with all the plug-ins available it becomes a pretty powerful tool.  If any of the services that provide you with those additional tasks have some sort of way to programmatically perform tasks such as an API, PowerShell cmdlets, SQL backends, etc – you should be able to find a vCO plug-in or simply use straight up JavaScript to interact with these programs and automate all that needs to be done.  In fact you could use the vCenter plug-in and design out the whole deployment process from start to finish using nothing but vCenter Orchestrator.  And for some icing on the cake, you can still initiate these workflows from directly inside the vSphere Web Client.

So this is just one small example of how I've been using vCenter Orchestrator.  Honestly, I'm finding more and more use cases for vCO everyday and reaping the benefits of orchestration and automation – which usually involve myself and a coffee watching scripts run πŸ™‚  So, my question to you is…

Do you orchestrate?

Move your templates to a new cluster – The PowerCLI Way

powerclilogoAlright, here's a script I quickly pieced together to accomplish the task of moving some of our templates over to a new cluster.  At the time I was currently in the process of deploying a new cluster on a new distributed virtual switch, thus this script only tackles your templates on a single host basis.  Meaning I was walking each host over to the new switch one by one and then migrating virtual machine networking and all vmkernel interfaces on the host, then performing a vmotion on the VMs and templates and finally destroying the original host…

Oh well, enough history (blabbing).  The script is very simple as you can see below.  Aside from your vCenter information it takes a couple of variables; source and destination host (Lines 7/8).  The only quirkiness I found was with the Set-Template cmdlet – I could not find a way to specify the location of the VM when converting it, thus you can see on line 18 I have to move it back to my source host after the conversion to ensure i will have the connectivity on my migrated vMotion network.

$vcenter ='IP of vCenter'
$vcuser = 'vCenter User'
$vcpass = 'vCenter Pass'
Connect-VIServer $vcenter -user $vcuser -pass $vcpass
$sourcehost = get-vmhost 'Source Hostname/IP'
$destinationhost = get-vmhost 'Target Hostname/IP'
#get all templates on source host
$templates = get-template -Location $sourcehost
foreach ($template in $templates)
    # convert template to VM
    Set-Template $template -ToVM -confirm:$False
    # ensure it is running on my source host
    Get-VM -Name $template | Move-VM -Destination $sourcehost
    # migrate vm to new cluster
    Get-VM -Name $template | Move-VM -Destination $destinationhost
    # convert back to a template
    Get-VM -Name $template | Set-VM -ToTemplate -Confirm:$false

So that's it!  I told you it was a quickie!  Again, I don't have a secret alias of PowerCLI Man so if you have any suggestions on how to improve up on any of this let me know…

Friday Shorts – VMworld content, #vBrownBag TechTalks and of course Sh!t I Starred!

I'm a mog – half man, half dog – I'm my own best friend. – Barf (John Candy) from Spaceballs

VMworld content catalog is live

vmw-web-vmworld13-KB-banner-160x160The votes have been tallied and the results are in!  VMworld has officially released the 2013 Content Catalog for both the US and  Europe conferences.  This is always a trying task to pick out which sessions you want to attend so be sure to get over there and get started early!  One thing though!  Don't stress too much – all sessions are recorded and made available after the conference so don't miss out on the 'hallway' track by clogging yourself up with too many sessions!

No accepted session – vBrownBag it!

vbrownbagOnce again the ever so devoted vBrownBag team will be orgainizing TechTalks at VMworld for those that didn't get their sessions accepted or those that simply just love to talk πŸ™‚  You can read all about TechTalks here – I was able to catch many of these last year and let me tell you they are awesome.  Every year there are a whack of great sessions that don't get accepted and the vBrownBag guys make it possible for those people to get their information out.  If you interested in signing up for the US show you can do so here.

Sh!t I Starred

  • Eric Sloof has a great write-up about the new features and how to upgrade to vCenter Operations 5.7.1.  vCOPs releases always get me excited πŸ™‚
  • Over on the vSphere blog Justin King has an excellent post on the pros and cons of multiple vCenter servers sharing a single instance of the SSO server.  Something that has crossed my mind more than twice!
  • A great part 1 to a series of posts over on TrainSignals blog written by someone 'in the trenches' comparing Hyper-V and vSphere.
  • Speaking of TrainSignal, how's about a whitepaper by David Davis all about VMwares recently announced vCenter Log Insight product.
  • Frederick Martin has a way to increase efficiencies in your PowerCLI scripts when using Get-View.  Essentially he recommends loading the results of Get-View into hashtables to provide you with a faster lookup when filtering and searching through them!  Super Awesome stuff Frederick.

VMware vCenter Log Insight – Make your logs make sense!

VMware LogoToday VMware has introduced the world to VMware vCenter Log Insight, labeling it as a "new automated log management and analytics product for the cloud era".  In my opinion this is a great next step for VMware's management portfolio and if integrated correctly, could really compliment the analytics and performance data crunched by VMware vCenter Operations.  

More than just syslog?

From what I have seen, YES!  Although the underlying technology utilizes syslog collectors/receivers to receive the data, the visualizations and dashboards by which that data is presented to the end user is really where the value resides.  On average an ESXi host will dump roughly 250MB of data per day.  That's 250MB of data, that you, the end-user will need to parse and correlate line by line to try and make some sense out it.  I know I only understand about 25% (if that) of what is spit out in some of those logs.  vCenter Log Insight takes this data and with what they call 'content packs', presents the user with a bunch of predefined dashboards of some of the most relevant data that you may be looking for, along with common links to KB articles if any.


Easy transition from monitoring to troubleshooting

Hopefully we have all seen the power of vCenter Operations; How it correlates and analyzes all that data to really help us drill down and find out where any current (or future) problems exist.  If the issues are not evident, or if we are still unure of what the problem still is, the next viable step would be to jump into our logs to see what information we can find there.  With integration between vCOPs and vCenter Log Insight hopefully this will make that transition from our monitoring solutions into our log analyzing solutions a whole lot easier.  Again, saving us time and helping us discover root causes that much quicker.


Even more for advanced users

For those that love to look at the raw log data (huh?!?!?!) you can do that as well.  A search type functionality, similar to that of Splunk is available as well.  Use this to parse and filter through all of your logs that vCenter Log Insight collects.  The main difference here is there is no need to learn any new "languages" to drill around in and query your data.  VMware seems to have really made a big effort to keep this product simple and easy to use, but powerful and extendable at the same time.  Also, the ability to generate alerts and send email notifications on a custom query is a very nice functionality to have.


More than just ESXi and vCenter

As mentioned above visualizations and presentations are provided by content packs.  These are easily exported and imported to and from vCenter Log Insight, in turn allowing third parties (including YOU) to easily develop, distribute and share.  So, hopefully, within time, we will see more than just ESXi and vCenter logs getting pumped into this.  On that note, we will probably see more than just VMware products being analyzed.  In my opinion the community will really need to take the lead on this one, and looking at past performance that the VMware community has, I'm sure they will!

So VMware says to expect to see some sort of GA in Q3 of this year, I'll let you guess the timeframe!  I hope to get a few more posts out about vCenter Log Insight as I delve more into the product but for now you can find some here, here and here.  Have a look for yourself and let me know if you think!

vSphere USB Passthru and Autoconnect Devices and PowerCLI

usbWait!  I thought I had UPS plugged into my host and setup as passthru to my VM already!  Why can't I see it now?  What happened?  Who moved that external drive I had connected to my Veeam console to seed an offsite backup?  Ever find yourself asking yourself any of these questions…I certainly have!  Due to circumstances out of my control I have a few hosts that tend to be "out in the wild".  Available and insecure, readily accessible to the hundreds of people walking by it each day.  At time to time either someone trips over a cord, some deliberately unplugs something, or equipment needs to be moved and gets plugged in to different ports upon reconnection.

Not as many options in the GUI

As is with most other products, using the GUI to configure something sometimes doesn't give you all the options that you need.  Essentially when configuring USB Passthru to a VM from within either the vSphere Client or the vSphere Web Client you the device needs to be plugged in and it gets assigned to the VM based on the host USB port that it is connected to.  Again in most cases this is fine but in my situation I needed to be able to have this device connected to the VM no matter what port it was connected to.  Turned out after reading some documentation around the vSphere API as well as having a great discussion with Luc Dekens on the VMTN forums there is indeed a way to do exactly what I needed to do.

Community to the rescue!

So, in the API reference for the VirtualUSBUSBBackingInfo object it states the following

To identify the USB device, you specify an autoconnect pattern for the deviceName. The virtual machine can connect to the USB device if the ESX server can find a USB device described by the autoconnect pattern. The autoconnect pattern consists of name:value pairs. You can use any combination of the following fields.

  • path – USB connection path on the host
  • pid – idProduct field in the USB device descriptor
  • vid – idVendor field in the USB device descriptor
  • hostId – unique ID for the host
  • speed – device speed (low, full, or high)

Perfect, this is exactly what I was looking for.  Basically I can have the USB device autoconnect to the VM by initially connecting by using ANY combination of the above parameters as the deviceName.  First off, path is out of the question, it's what is going to changed when the device is plugged into a different port.  So I decided to use pid, vid, and hostId.  Therefore, if a device with the specified product id and vendor id is plugged into a host with the specified hostId it will automatically pass this through to the VM in which I assign it to!   Awesome!  One problem, I still don't have a clue what the pid, vid, and hostId are, nor do I know the PowerCLI syntax to add the device.

PIDS and VIDS and More…

So how do you find out the pid and vid of the device you want to add?  Well, there's a KB for that…kinda, KB1648 mentions how to do it.  Basically go to in the Windows registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\USB\ and search around and you'll find it πŸ™‚  In my case i was using an APC SmartUPS 1500 which had a pid and vid of 0003 and 051D respectively.

The final piece of information we need is the hostId.  By hostId the documentation really means the actual hardware id that is stored within the BIOS of your host.  Accessing ExtensionData.Hardware.Systeminfo.Uuid will actually retrieve this for you.  As you will see in the script below there is certainty some formatting issues that need to be resolved with it, but it most certainly works πŸ™‚

Putting it all together

Now that we have all the information we need it's time to fire up PowerCLI to get this task scripted (I needed to do it 40 times πŸ™‚ ).  I'm not going to lie here, I had no idea how to do this with PowerCLI but by using Onyx I got a great start.

As you can see in the script below a few things happen.  First you need to specify some credentials to and your vCenter location as well as the pid, vid, hostname of the host that will be connected to the device as well as the VM name in which you want to pass the device through.  Lines 17 and 18 get some information in regards to the target VM and lines 21 and 22 get that hardware uuid from the host.  Lines 24 through 36 is the reformatting of the uuid that I described earlier.  You can see the format in the API reference.  The rest of the script does the actually setup of the USB device, this is the code, minus a few changes here and there, that Onyx spit out for me.

The Script

  1. Add-PSSnapin VMware.VIMAutomation.Core  
  3. $vcserver = "vcenterserver"  
  4. $vcusername = "username"  
  5. $vcpassword = "password"  
  7. $myhost = "Host that USB is attached to"  
  8. $myvm = "VM which to pass USB through to"  
  10. $ppid = "PID of USB Device"  
  11. $vvid = "VID of USB Device"  
  13. Connect-VIserver $vcserver -user $vcusername -pass $vcpassword  
  16. #get id of VM  
  17. $vm = get-vm $myvm  
  18. $vmid = $vm.ID  
  20. #get host uuid from BIOS  
  21. $vmhost = get-vmhost $myhost  
  22. $vmhostId =  $vmhost.ExtensionData.Hardware.SystemInfo.Uuid  
  24. #reformat vmhostID to the proper format for autoconnect string  
  25. $vmhostd = $vmhostid.Replace("-","")  
  26. $section1 = $vmhostid.substring(0,16)  
  27. $section2 = $vmhostid.substring(16)  
  28. $newsec1 = (&{for ($i = 0;$i -lt $section1.length;$i += 2)  
  29.    {  
  30.      $section1.substring($i,2)  
  31.    }}) -join '\ '  
  32. $newsec2 = (&{for ($i = 0;$i -lt $section2.length;$i += 2)  
  33.    {  
  34.      $section2.substring($i,2)  
  35.    }}) -join '\ '  
  36. $hostId = "$newsec1-$newsec2"  
  39. #create usb device and add it to the VM.  
  40. $spec = New-Object VMware.Vim.VirtualMachineConfigSpec  
  41. $spec.deviceChange = New-Object VMware.Vim.VirtualDeviceConfigSpec[] (1)  
  42. $spec.deviceChange[0] = New-Object VMware.Vim.VirtualDeviceConfigSpec  
  43. $spec.deviceChange[0].operation = "add"  
  44. $spec.deviceChange[0].device = New-Object VMware.Vim.VirtualUSB  
  45. $spec.deviceChange[0].device.key = -100  
  46. $spec.deviceChange[0].device.backing = New-Object VMware.Vim.VirtualUSBUSBBackingInfo  
  47. $spec.deviceChange[0].device.backing.deviceName = "pid:$ppid vid:$vvid hostId:$hostId"  
  48. $spec.deviceChange[0].device.connectable = New-Object VMware.Vim.VirtualDeviceConnectInfo  
  49. $spec.deviceChange[0].device.connectable.startConnected = $true  
  50. $spec.deviceChange[0].device.connectable.allowGuestControl = $false  
  51. $spec.deviceChange[0].device.connectable.connected = $true  
  52. $spec.deviceChange[0].device.connected = $false  
  54. $_this = Get-View -Id "$vmid"  
  55. $_this.ReconfigVM_Task($spec)  

So there you have it!  You can unplug and plug this USB device in to your hearts delight.  ESXi should pick up the device no matter what port it is plugged into and pass it on to your VM every time!  Certainly this isn't something that you will do everyday, but for those that have hosts sitting out in the open, may be a handy configuration to have set up in their environment.  As always, I'm not the greatest scripter in the world, so any comments, suggestions, improvements, concerns, thoughts are most definitely appreciated.