Monthly Archives: December 2013

Winners of the Troubleshooting vSphere Storage eBook

2062EN_mockupcover_normal_thumb.pngWell the dust has settled and three winners have been randomly picked to receive an eBook copy of Troubleshooting vSphere Storage.  For the rest of you don't be saddened – Packt is running a $5.00 eBook sale from now through Jan 3rd so you can go on over to the books landing page and pick yourself up a copy for only 5 bucks πŸ™‚

Thanks so much to everyone who entered.  This was certainly the most participated contest that I have had on this blog thus far.  Thank you all for your support and kind words.  Now I've heard back from 2 of the 3 winners, so if I fail to hear back from the third I'll most certainly pick another winner!

And the winners are….

Eric Beach

Bonnie Bauder

Sean Thulin

Also, starting December 30th I will be opening up my annual #HappyNewSphere contest so be sure to check back.  I've got some great sponsors this year including VMware Press and Pluralsight – so you can imagine what the prizes might be πŸ™‚

8 weeks of #VCAP – The rest of Section 2 – Port Binding, CLI, and DPIO

Section 2 of the blueprint is a pretty big one, and some of the pieces warranted their own post – however there are a lot of small little skills that don’t really require a complete tutorial so I thought I would just slam them all in here!

Determine use cases for and apply Port Binding settings

vSphere offers three types of port binding in their vSwitch settings (Distributed Virtual Switch only)– all of which are explained below

  • Static – the port will be assigned immediately on connection to the vSwitch.  The VM will stay connected to this port even when it’s powered off.  The only way to free up the port is to explicitly remove the NIC from the VM.  Static Ports are managed through vCenter Server
  • Dynamic – Port is connected when the VM is powered on and then disconnected when the VM is powered off.  Dynamic ports are managed through vCenter Server.  This method has been depreciated in vSphere 5.x
  • Ephemeral – Both static and dynamic port binding has a set number of ports, in ephemeral, the ports are actually created and destroyed on the VM power on/power off event therefore requiring a bit more overhead.  That said, these are managed by the host, therefore, networking can still be connected/disconnected in the event that vCenter Server is unavailable.

Choosing a port binding method is pretty easy – Right click on your port group, chose edit settings and it should be front and centre in the General section.

Image 1

As far as use-cases go, really ephemeral only needs to be used in recovery purposes since they are a bit more demanding in terms of overhead.  Also, ephemeral does not maintain port-level permissions and controls when a VM is rebooted, since the port will be destroyed and recreated.  For the most part it’s best to use Static port binding – and since 5.0 offers an auto expand feature to dynamically grow the number of ports by a specified interval, you shouldn’t have to worry about running out of ports.

Command Line goodness

The networking section references the ability to use command line tools to manage both standard and distributed virtual switches.  Obviously I can’t go over every command and every switch.  Just be sure to know how to use esxcfg-vswitch, esxcfg-vmknic, esxcfg-route, the networking namespaces in esxcli, as well as some of the PowerCLI cmdlets around networking (Get-VirtualSwitch, Get-NetworkAdapter, Get-VMHostNetwork, etc).

Hint – for the PowerShell command line stuff you can quickly find the PowerCLI commands associated with networking (or anything for the matter) by utilizing the Get-VICommand cmdlet and passing a search string.  IE, to return all cmdlets containing ‘net’ you can use the following

Get-VICommand –Name *Net*

Determine use cases for and applying VMware DirectPath I/O

I’ve never used DPIO – that said, there it is on the blueprint so I’d better figure it out.  As for use cases, honestly I haven’t seen many.  For the most part utilizing the virtualized hardware seems to perform well enough, but if you need the tiny bit performance improvement it claims to provide there are a couple of steps to get it running.

First up we need to configure pass-through on the host itself.  This is done on the Configuration tab under ‘Advanced Settings’.  Simply select ‘Configure Pass-through’ and select the device you want to present to a VM.

dpio1

Once you are done this you will need to restart the host in order to complete the next step, so go ahead and do that.

As for presenting the pass-through device to the VM this is done just as you would do any other piece of hardware (In ‘Edit Settings’ of a VM).  Simply select PCI Device as your hardware and follow the wizard.  You should see your device that you had setup for pass-through earlier in the dropdown box as shown below.

dpio2

From here you will need to ensure that your guest OS has the correct drivers in order to install this hardware as it is presented directly to the VM.  Aside from creating a memory reservation on your VM there are also a ton of features that are unavailable when you utilize DPIO.  Things such as vMotion, HA, DRS, Snapshots, Hot add, Fault tolerance are all not supported – probably why there is such low adoption.

And I think that should just about wrap up networking.  There is some teaming information mentioned, but honestly I find this to be VCP level knowledge and I’m just going to assume you already know it πŸ™‚  Good Luck!

Kerberos authentication for the PowerShell plugin in vCO 5.5

1 The ability to have vCO kick off PowerShell scripts is pretty awesome!  And the fact that you can kick these off contextually inside of the vSphere Web Client is even more awesome!  Even more awesome than that, yes, that’s a lot of awesome is the new features offered with vCenter Orchestrator 5.5 – So, I’ve taken the plunge on one of my environments and upgraded.  Since then I’ve been slowly migrating workflows over – one of which utilized the PowerShell plug-in.  Now, since the appliance mode of vCO requires you to do a rip and replace rather than an upgrade (because I’m using the embedded database) I had to reinstall the PS plugin, therefore forcing me to reconfigure the Kerberos settings on vCO.   During this I realized that things are a little bit different than when I first blogged about vCO and PowerShell here.  Below is how I got it to work…

First up is the WinRM setup on your PowerShell host.  This process  hasn’t changed from 5.1, however I’ll still include the steps and commands that need to be run below.  Remember these are to be executed on the Windows box that you wish to run the PowerShell script from.

  • To create a winrm listener and open any required firewall ports
  • winrm quickconfig
  • To enable kerberos authentication
  • winrm set winrm/config/service/auth @{Kerberos=”true”}
  • Allow transfer of unencrypted data
  • winrm set winrm/config/service @{AllowUnencrypted=”true”}
  • Up the max memory per shell – I needed to do this to get things working
  • winrm set winrm/config/winrs @{MaxMemoryPerShellMB=”2048″}

No on to the krb5.conf file – this is where things get a bit different.  In vCO 5.1 we were required to edit the krb5.conf file located in /opt/vmo/jre/lib/security/ – well, if you go looking for that directory on 5.5 you won’t find it.  Instead, we need to create our krb5.conf file in /usr/java/jre-vmware/lib/security/  As far as what goes in the file it is the same and is listed below…(obviosoly substituting your own domain for lab.local and your own dc for the kdc definition).

[libdefaults]
default_realm = LAB.LOCAL
udp_preferences_limit = 1   [realms]
LAB.LOCAL = {
kdc = dc.LAB.LOCAL
default_domain = LAB.LOCAL
}   [domain_realms]
.lab.local=LAB.LOCAL
lab.local=LAB.LOCAL

After you have saved the file in the proper directory we need to modify the permissions.  The following line should get you the proper permissions to get everything working.

chmod 644 /usr/java/jre-vmware/lib/security/krb5.conf

Just a few other notes!  You might want to modify your /etc/hosts file and be sure that you are able to resolve the fqdn’s of both your dc and the PowerShell host you plan to use.  Also, when adding the PowerShell host be sure to select Kerberos as your authentication type and enter in your credentials using the ‘[email protected]’ format.

For now, that should get you automating like a champ!

8 weeks of #VCAP – CDP and LLDP

Well, 8 weeks of VCAP has dwindled down into a serious 8 days of VCAP – and for now, how about a little bit of random information from the Networking section of the blueprint.

First up, CDP and LLDP

These are relatively easy to configure, however there are a few different modes that they can be run in, therefore I thought it would be best if I write them down in hopes that maybe I’ll remember them if any scenarios require me to configure them.

Basically the functionality of the two protocols is identical – they both provide discovery of ports connected to a virtual switch.  CDP however supports just Cisco physical switches whereas LLDP supports any switch supporting LLDP.  Another note, CDP can be enabled on both vSphere Standard Switches and vSphere Distributed Switches – LLDP – dvSwitch only!

So let’s have a look at the dvSwitch config first.  Like I mentioned earlier it’s pretty simple. From the properties tab of a vSphere Distributed Switch select ‘Advanced’.  From here its as simple as setting the status to Enabled, the type to either CDP or LLDP, and the Operation mode (explained below).

  • Listen – ESXi detects and displays information from the associated physical switch port, but all information in regards to the virtual switch is not available to the physical switch.
  • Advertise – ESXi presents information in regards to the virtual switch available to the physical switch, but doesn’t detect any information in regards to the physical switch port
  • Both – Does both advertise and listen.

dvswitch

Now that we are enabled we can view what information we receive inside of the Networking section of a hosts configuration tab.  To do so, simply expand out your physical uplinks and click the information icon (shown below).

lldp 

And that’s all there is for that – with the distributed switch anyways.  To get CDP working on a standard switch we are once again back into the command line interface.  Probably good to brush up on these commands anyways since its also mentioned in the blueprint.  So, Let’s say we wanted to configure CDP on a vSphere Standard Switch called vSwitch0 to a value of Both.  We could use the following command

esxcli network vswitch standard set –v vSwitch0 –c both

And that’s all there is to that – valid options for –c would be both, listen, advertise or down.  To view we could use the same process as above.

8 weeks of #VCAP – Syslog scenario by @tomverhaeg

Company policies state that every syslog capable device or server should send these logs to an appropriate syslog collector. Your colleague has already set up the VMware syslog collector on a separate machine, located at 10.10.20.45. You have been tasked with setting up the syslog clients on the ESXi hosts, and ensuring that syslogs arrive on the syslog server.

To configure the syslog collector on the ESXi hosts, we will be using the esxcli system syslog namespace. This allows us to set different options regarding the local and remote (which is what we want) syslog.

Let’s review the default config first by using the following command:

~ # esxcli system syslog config get

Default Rotation Size: 1024

Default Rotations: 8

Log Output: /scratch/log

Log To Unique Subdirectory: false

Remote Host: <none>

We see that no remote syslog is being used. Let’s configure one, using this command:

~ # esxcli system syslog config set –loghost=10.10.20.45

Now that we have configure a remote loghost, we need to reload the syslog daemon to apply the configuration changes. Esxcli can help us once again:

~ # esxcli system syslog reload

You might think that we’re ready now, but when we check our syslog, we don’t see syslog yet. Bummer! For this problem, I’ll reference to the ESXi firewall post (http://blog.mwpreston.net/2013/11/19/8-weeks-of-vcap-the-esxi-firewall/) as with the default security level, this outgoing traffic will be dropped. We need to enable the firewall rule for syslog (udp/514, tcp/1514).

~ # esxcli network firewall ruleset set -r syslog -e true

And reload our changes:

~ # esxcli network firewall refresh

And now, we see our host logs coming in. The VMware syslog collector stores it logs by default in C:\ProgramData\VMware\VMware Syslog Collector\Data

clip_image002

Troubleshooting vSphere Storage eBook giveaway!

2062EN_mockupcover_normalA few weeks ago I released a post in regards to my finishing of the Troubleshooting vSphere Storage book.  This has been a lot of work and I’ve had a lot of help from the community in getting this book completed.

Writing a book is not a simple task.  It involves research, lab time, and focus.  And then there is the editing, both grammatically and technically – which can be even more work than the writing itself! 

I tried to gear this book towards the vSphere Admin.  The “jack of all trades” system administrator.  Hopefully readers will find the knowledge and how to within the book to solve common storage issues that tend to spring up within a vSphere environment.  The book is broken into three main subjects of focus; troubleshooting connectivity, troubleshooting contention and troubleshooting capacity.  If you’d like to purchase the book you can do so by visiting the landing page on Packt’s website and following the various channels.

Tis the season for winning

That said – Tis the season right?  The season for giving!  That’s why I’m happy to announce that I have three eBook versions of Troubleshooting vSphere Storage to giveaway over the next week or so.  A little light reading to enjoy over the xmas holidays!

As you can see by the little widget below, I’ve opted to use PunchTab to gather the entries for this contest.  It’s hectic trying to follow Twitter hashtags and what not so I thought “Hey, why not use a CaaS (contest as a service) solution.  Sorry for all the PunchTab branding but this is what you get when you use a free service πŸ™‚

So how do you enter?  It’s easy, leave a comment, send a tweet and follow me!  That will get you three entries!  Just make sure you do it through the widget below.  I’ll have PunchTab pick three random winners at the end of the contest (end of Sunday, December 15th) and announce the winners shortly thereafter.  Good luck and let me know what you think of the book!