Friday, 16 March 2012

Force Bios Setup from PowerCLI

I was trying to troubleshoot a Linux VM yesterday and the VM Console from vCenter would be too slow after a reset, so that I could not modify the kernel boot parameters, because by the time it displayed anything, there was already a kernel panic message and I had an unresponsive VM.

So I ticked the Force BIOS Setup option, to force the VM to go on to the BIOS screen on booting up. I removed quiet from the kernel entry in GRUB but all I got was a message saying that I should disable SElinux and after I went through the whole thing again and managed to boot up again without making any changes to the kernel entry, I thought I had better look for a PowerCLI solution, so here it is:
  1. Fire up VMware vSphere PowerCLi.
  2. Connect to vCenter (Connect-VIServer vcenterserver)
  3. Import-Module -Name .\VMware.Vim.dll
  4. $ida = get-vm -name ida
  5. $idaVMBO = New-Object VMware.Vim.VirtualMachineBootOptions
  6. $idaVMBO.EnterBIOSSetup=$true
  7. $idaVMCS = New-Object VMware.Vim.VirtualMachineConfigSpec
  8. $idaVMCS.BootOptions = $idaVMBO
  9. $idaView = Get-View -VIObject $ida
  10. $idaView.ReconfigVM($idaVMCS)
  11. restart-vm $ida
To repeat the process after step 11, just do:
  1. $idaView.ReconfigVM($idaVMCS)
  2. restart-vm $ida -confirm:$false
I think this is a good candidate for a script.

Wednesday, 14 March 2012

An experiment

I thought I would try a little experiment today. How easy is it to manipulate Google search results?

Google algorithm(s) is not public, but one of the well known criteria that it uses, or at least used to use, was the number of links to a page, so with that in mind, I have created a few blogs in tumblr, wordpress and posterous and simply provided a link to my post on how to set up the virtual center server appliance to use multiple VLANs.

For the record, all the blogs are called dumbrepeater.<platform> (e.g. http://dumbrepeater.posterous.com/) and the posts have been tagged with vCenter and vCSA.

A search on Google for VCSA VLAN already returns my post first, but I want to see whether I can get my post showing up as the first result when searching for VCSA with this simple trick.

I might add a few more blogs on other platforms to see if I can fool Google.

Tuesday, 13 March 2012

Setting up vCenter Server Appliance (vCSA) - Using multiple VLANs

A few weeks ago I attended a VMware training course, VMware vSphere: Install, Configure, Manage [V5.0], and one of the things we learned about was, the vCenter Server Appliance, which is a virtual machine that runs vCenter. The main advantage of this pre-configured virtual machine is that it runs Suse Enterprise Linux and thus it does not require you to give your hard earned cash to Microsoft, just VMware.

At any rate, the appliance, which can be download here, can be configured through a web interface, however the web interface is very limiting, almost useless for production use of the vCSA. You can only configure a single IPv4 address, you don't believe me:
There is nothing preventing you from adding an extra IPv4 address to the single NIC the appliance comes with or from adding a second NIC to the appliance and giving it a new IP address, but you will not be able to configure it from the web interface, which is a bit daft.

Our environment networks are segmented into various VLANs, so that all the VMware hosts are on the same VLAN, which is separate from the VM Network, I guess this could be called the production network, which is where all the guests are. This is also where the active directory domain controllers are, as they are virtualized, which presents a little bit of a problem when trying to set up the vCSA to authenticate with AD.

In our setup, we run vMotion traffic on VLAN 12, Management Network on VLAN 11 and VM Network or production on VLAN 10. The thing is you cannot run any virtual machine on the Management Network, because it is of VMKernel type, which means that we have to create a new connection type for the vCSA on VLAN 11.

This is what you need to do to add a new connection type:
  1. Select your host
  2. Select Configuration tab
  3. Select Networking
  4. Click Add Networking
  5. Accept the default of Virtual Machine and Click Next
  6. Choose whether you want to use a new vswitch or not and click next.
  7. Give the network a meaning label and select the VLAN tag and click next.
  8. Click Finish
In my case, I created a connection type called Virtual Appliance with VLAN 11 so that the vCSA could communicate with the ESXi hosts and modified VM Network (PROD) so that it had a VLAN ID of 10 so that it can communicate with the rest of the guests.

I finally created a VMKernel connection on VLAN 12 to enable vMotion traffic. In order to do this, you can use the above instructions but on step 5, change the connection type to VMKernel.

This is the result:


The vCSA can now be imported from the template downloaded from the VMware site. Please make sure that you also download the disks and place them in the same directory as the template file. In order to import the template, simply click File | Deploy OVF Template and follow the wizard.

When the vCSA finished importing, I made a few changes to it:
  1. Reduced RAM to 4 GB. This instance is only managing 2 hosts.
  2. Set the network connection for NIC 1 to Virtual Appliance, i.e. VLAN 11.
  3. Add a second NIC and set its network connection to VM Network (PROD), i.e. VLAN 10.

The Virtual Appliance NIC can now be configured from the console interface but the VM Network (PROD) will need to be configured directly in Suse. Remember that the password for the root account is vmware.

To configure the Virtual Appliance, from the guest console, simply select Configure Network and follow the wizard. (Note that I took the screenshot after I configured the first NIC). I think you get https://0.0.0.0:5480 before you configure it.


In our case we have a DHCP server on the VM Network (PROD), so configuration for the VM Network (PROD) is simple. Create this file /etc/sysconfig/networking/devices/ifcfg-eth1 and add this:
DEVICE=eth1
BOOTPROTO='dhcp'
STARTMODE='auto'
TYPE=Ethernet
USERCONTROL='no'
However, in order for this to work a symbolic link needs to be created in /etc/sysconfig/network/ and  network service should be restarted (only eth1 needs to be brought up but since the box is idle) You could simply create the config file in /etc/sysconfig/network, but I thought I'd keep it consistent:
ln -s /etc/sysconfig/networking/devices/ifcfg-eth1 /etc/sysconfig/network/ifcfg-eth1; service network restart
You should now have a vCSA with two NICs with different VLANs, which means that you can configure AD authentication (In essence, change hostname, join domain, restart.):
  1. hostname -v vCSA
  2. domainjoin-cli join dev.org domainadmin 
  3. init 6
Note that before you can login to vcenter using AD credentials you need to add permissions to AD users in vcenter by logging in with the root account first.

Tuesday, 6 March 2012

Using NFS for ESX/ESXi

Last week I attended a VMware training course and this week I was trying to set up a nfs datastore but I was making no headway, it always failed to mount from vSphere:
Create NFSTest datastore 172.10.121.213
Error during the configuration of the host : NFS Error: Unable to Mount filesystem: Unable to connect to
NFS server
I then remembered the training course. ESX only supports NFS 3, so I mounted the NFS share from a linux box using nfs 3:
mount <host>:/shareddir /localdir -o nfsvers=3
This worked fine from linux but not from ESX.

Network connectivity existed, i.e. I could ping and telnet on port 2049 to the NFS server, yet ESX stubbornly refused to mount the NFS share.

After doing a little bit of reading, I learnt that I was using the wrong ping command, I should have used vmkping instead, which dutifully failed to reach the NFS server.

It turns out that VMKernel needs to be able to connect to the NFS server and due to network segmentation (VLANs) the ESX hosts could not reach the NFS server from the existing VMKernel connections. So I added another VMKernel connection and I was able to mount the share with this following command:
esxcfg-nas -a nfstest -o nfsserver -s /shareddir
Although this was on a ESX 4 host, this command exists on ESXi 5.0 too.

Sunday, 4 March 2012

Rescan NICs in CentOS 6.2

Our virtualization environment runs on ESX 4 and Vcenter 4, which means that it is not possible to customize 64bit Linux distros or at least Red Hat distros, following cloning. This is annoying as CentOS does not seem to be able to pick up the new NICs in a clone, even after the ifcfg files have been edited to amend the new MAC addresses.

It turns out there is a very easy solution to this problem:

rm -f /etc/udev/rules.d/70-persistent-net.rules; init 6

This will delete the file containing NIC information and rescan after a reboot.

Do note that the second time I tried this, it created new NIC names, i.e. eth4,eth5 and eth6 for my multiple nic clone.

If you encounter this issue, you could edit the file /etc/udev/rules.d/70-persistent-net.rules or rename the ifcfg files, either should work.

Hopefully, we will move to ESXi 5 soon.