virtuallyGhetto

Script – Automate VAAI Configurations in vSphere 4.1 (vaaiHWAccelerationMgmt.pl)

by Leave a Comment

With the release of vSphere 4.1, we finally get to see the first revision of the vStorage API for Array Integration (VAAI) features. This initial release provides the following SCSI driver primitives with VAAI supported storage arrays:

  • Write Same/Zero - Eliminating redundant and repetitive write commands, tells array to repeat via SCSI commands.
  • Full Fast/Copy - Leverage array to mass copy, snapshot and move blocks via SCSI commands.
  • Atomic Set and Test - Stop locking LUNs and start locking blocks.
  • Thin Provisioning Stun - Reporting array TP state to ESX.

The above definitions were taken off of an EMC presentation found here. VMware has also published a new VMware KB article regarding VAAI FAQ, take a look here at KB1021976.

Though these features are not specific to any one storage array vendor, the vendors themselves are required to implement these primitives within their array OS software for them to be available. If all prerequisites are met, and you have an ESX or ESXi host running on vSphere 4.1 and VAAI supported storage array, these new storage operations will now offload to the array versus running within the VMkernel.

However, if you do not have an array that supports VAAI, the new version of ESX and ESXi will still try to use these features. As I understand from an earlier discussion of VAAI, there is one additional operation that is performed and it's impact is supposed to be insignificant (please correct me if I'm wrong). Though if you would like to disable these VAAI features or would like to see the difference between a non-VAAI and VAAI operation, it is controlled with the following three advanced host configurations.

VMFS3.HardwareAcceleratedLocking - Atomic Test and Set
DataMover.HardwareAcceleratedMove - Full/Fast Copy
DataMover.HardwareAcceleratedInit - Write Same

By default, all three of these configurations are enabled with a default installation of vSphere 4.1. The following vSphere SDK for Perl script allows a user to enable or disable VAAI configuration on a set of hosts defined in an input file. The script allows you to connect to vCenter if your hosts are being managed by vCenter or directly to a specific ESX or ESXi host and provide the following parameters:

--hostlist = Lists of ESX(i) hosts to perform operation _IF_ they're being managed by vCenter (default is ALL hosts in vCenter)

--operation = Operation to perform (query|enable|disable)

Download: vaaiHWAccelerationMgmt.pl

Here is an example of the host input file:

[[email protected] scripts]$ cat hosts
esxi4-2.primp-industries.com
esxi4-3.primp-industries.com
Here is an example of querying for VAAI configurations:

Here is an example of disabling VAAI configurations:

Here is an example of disabling VAAI configurations:

For more information about vStorage APIs, take a look here.

How to unregister vCenter plugin/extension using the MOB

by 20 Comments

I saw a post on the VMTN forums the other day about unregistering a vCenter plugin. The user had a bad installation of an early preview of NetApp's VSC utility. After uninstalling the plugin, the user was still unable to unlink the plugin from vCenter. There is actually a pretty simple solution to this problem which can be accomplished by using the vSphere MOB.

Here are the instructions to remove a specific plugin/extension from your vCenter server:

1. Point your web browser to your vCenter server: https://your_vc_server/mob and login.

2. Click on content:

3. Locate and click on ExtensionManager:

4. Click on the plugin you are interested in removing:

5. Record the plugin key id which will be used to remove the plugin:

6. Now, go back to previous page and at the bottom click on the function "UnregisterExtension". A new window will open and ask for the plugin key id which was recorded from above. Enter the key and click on the "Invoke Method" to remove the plugin

You can now refresh the page and you will see that the plugin is no longer available. You can restart your vSphere Client to see that the plugin has now been removed.

The following operation can also be performed using a script, here is a vSphere SDK for Perl script that does just that: pluginExtensionManager.pl

Script – Configure VM Disk Shares (vmDiskSharesMgmt.pl)

by 3 Comments

I recently received an email about automating the configuration of VM disk shares. I thought it was an interesting request since I do not know how many people actually make use of this feature. By default, the shares on a virtual disk is set to "normal" or 1000 shares. You can change the value between low (500), normal (1000), high (2000) or a custom value. The following script helps a user to perform a bulk update across multiple VMs and supports multiple virtual disks.

Download: vmDiskSharesMgmt.pl

The script requires that you connect to your vCenter server and provide the following input parameters:

--diskshares_file = Is the name of the diskshares input file that contains the names of the VMs, the hard disks and their corresponding shares value which can be (low, normal, high or custom)

Here is an example of the diskshares input file:

[[email protected] ~]$ cat diskshares.txt
# [VMNAME];[HDX,SHARES_VALUE]=[HDY,SHARES_VALUE]=[HDZ,SHARES_VALUES]
#
# SHARES_VALUE = low, normal, high, XXXX (custom)
#
# e.g.
# myvm;hd1,low=hd2,high=hd3=2001
#
Synapse;hd1,high
Imager;hd1,low=hd2,1500=hd3,2500=hd4,high
William-XP;hd1,3000

In the above example, we have the following VMs and configurations to be set:

Synapse
Hard Disk1 = high (2000)

Imager
Hard Disk1 = low (500)
Hard Disk2 = 1500
Hard Disk3 = 2500
Hard Disk4 = high (2000)

William-XP
Hard Disk1 = 3000

Here is an example execution:

Here we verify one of the VMs "Imager" and it's configured disk shares:

Hopefully you will find this script to be useful

How to configure Likewise "Open" AD intergration on vMA

by 10 Comments

I recently received a question about whether it was possible to configure Active Directory integration with vMA. Out of the box, this is not a feature that is available by default but can be set up. There are many articles online that provide instructions on configuring AD integration on UNIX/Linux host but they may not always be as straight forward to implement. 


While pondering about this question, I remember reading an article about the OEM partnership between Likewise and VMware, in which Likewise's authentication software will be integrated into future releases of the vSphere platform. There has also been rumors that the Likewise software will be appearing in the next release of vSphere which may provide AD integration out of the box. 

Likewise has an open source product called "Open" which integrates with UNIX, Linux and Mac systems to Microsoft Active Directory, allowing users to authenticate with their Windows domain credentials. I thought it would be interesting to see if I could get "Open" running on VMware vMA and surely it was pretty straight forward. 

1. You will need to register to download the latest version of the Likewise software which can be found here:
Note: Make sure you select the 64bit version and the non-GUI version of "Open".

2. You will now upload the installer LikewiseIdentityServiceOpen-5.3.0.7798-linux-x86_64-rpm-installer to your vMA host using either UNIX/Linux scp or WinSCP if you are on a Windows systems.

3. Set the installer to be an executable by running the following command:


[[email protected] ~]$ chmod +x LikewiseIdentityServiceOpen-5.3.0.7798-linux-x86_64-rpm-installer
4. Now we will begin the installation, you will need to use sudo (accept all defaults):

[[email protected] ~]$ sudo ./LikewiseIdentityServiceOpen-5.3.0.7798-linux-x86_64-rpm-installer

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

Password:
----------------------------------------------------------------------------
Welcome to the Likewise Identity Service [Open] Setup Wizard.

----------------------------------------------------------------------------
Please read the following License Agreement. You must accept the terms of this
agreement before continuing with the installation.

Press [Enter] to continue :
Likewise Open is provided under the terms of the GNU General
Public License (GPL version 2) and the GNU Library General
Public License (LGPL version 2.1). The additional components
listed below are covered under separate license agreements:

Samba 3.0 Client libraries and tools - GPLv2
MIT Kerberos - MIT Kerberos 5 and other licenses
OpenLDAP - OpenLDAP Public License
Novell DCE-RPC - BSD
LibXML2 - BSD
libuuid from e2fsprogs - BSD
libiconv - LGPLv2
OpenSSL - BSD

For more details and for the full text for each of these
licenses, read the LICENSES and COPYING files included with
this software.

Press [Enter] to continue :

Do you accept this license? [y/n]: y

----------------------------------------------------------------------------
32-bit Compatbility Libraries

Should the 32-bit compatibility libraries be installed? These are only needed if 32-bit programs will be accessing the Likewise authentication code. If you do not know the answer, just leave it as "Auto".

[1] Auto
[2] Yes
[3] No
Please choose an option [1] :

----------------------------------------------------------------------------
Setup is now ready to begin installing Likewise Identity Service [Open] on your computer.

Do you want to continue? [Y/n]: y

----------------------------------------------------------------------------
Please wait while Setup installs Likewise Identity Service [Open] on your computer.

Installing
0% ______________ 50% ______________ 100%
######################################Info: Likewise
--------

To join an Active Directory domain using a command-line interface, run:

/opt/likewise/bin/domainjoin-cli

Press [Enter] to continue :
###
5. Once the setup has finished, you will want to edit the lsassd.conf configuration file. The two changes that you will be making are:

  • Allow a user to login to vMA without having to specify the username and the full domain (e.g. [email protected]@vmahost)
  • Changing the default login shell from /bin/sh to /bin/bash

Start by editing /etc/likewise/lsassd.conf

  • uncomment "assume-default-domain = yes"
  • change "login-shell-template = /bin/sh" to "login-shell-template = /bin/bash"

[[email protected] ~]$ sudo vi /etc/likewise/lsassd.conf
Note: If you are using a newer version of "Open" where lsassd.conf no longer exists, please take a look at the "Open" documentation on updating the configurations listed above - http://www.likewise.com/resources/documentation_library/manuals/open/likewise-open-guide.html

6. Before we join the vMA host to the Active Directory server, ensure that DNS is properly configured and that both forward and reserve lookups are correct on the vMA host.

[[email protected] ~]$ host kate
kate.primp-industries.com has address 172.30.0.189

[[email protected] ~]$ host 172.30.0.189
189.0.30.172.in-addr.arpa domain name pointer kate.primp-industries.com.
7. We will now join the vMA host to an AD server. The syntax will be "domainjoin-cli join [domain] [username]"

[[email protected] ~]$ sudo domainjoin-cli join primp-industries.com Administrator

Joining to AD Domain: primp-industries.com
With Computer DNS Name: kate.primp-industries.com

*protected email*'s password:
Warning: System restart required
Your system has been configured to authenticate to Active Directory for the first time. It is recommended that you restart your system to ensure that all
applications recognize the new settings.

Warning: Unknown pam module
The likewise PAM module cannot be configured for the wbem service. This services uses the '$ISA/pam_unix.so' module, which is not in this program's list of
known modules. Please email Likewise technical support and include a copy of /etc/pam.conf or /etc/pam.d.

Warning: A resumable error occurred while processing a module
Even though the configuration of 'pam' was executed, the configuration did not fully complete. Please contact Likewise support.

SUCCESS
Note: Do not worry about the warning message, it is normal and you do not need to restart the system for the changes to take effect.

If you have any issues trying to join a domain, you can enable logging which can be helpful for troubleshooting. To do so, you will specify two additional parameters which will denote the log level and where to output the log, whether that is to the console or to a file

[[email protected] ~]$ sudo domainjoin-cli --loglevel verbose --logfile joindomain.log join primp-industries.com administrator
Joining to AD Domain: primp-industries.com
With Computer DNS Name: kate.primp-industries.com

*protected email*'s password:
Warning: Unknown pam module
The likewise PAM module cannot be configured for the wbem service. This services uses the '$ISA/pam_unix.so' module, which is not in this program's list of
known modules. Please email Likewise technical support and include a copy of /etc/pam.conf or /etc/pam.d.

Warning: A resumable error occurred while processing a module
Even though the configuration of 'pam' was executed, the configuration did not fully complete. Please contact Likewise support.

SUCCESS
From the above example, you should have a new log file created called joindomain.log

8. To verify that you have successfully joined the domain, you can run the following command to query:

[[email protected] ~]$ sudo domainjoin-cli query

Name = kate
Domain = PRIMP-INDUSTRIES.COM
Distinguished Name = CN=KATE,CN=Computers,DC=primp-industries,DC=com
9. Before you try to login with a user in the domain, you need to reload the configuration changes that were made earlier. To do so, you will execute the following:

[[email protected] ~]$ sudo /opt/likewise/bin/lw-refresh-configuration

Configuration successfully loaded from disk.
10. Now, we will test a login using an account on the AD server:

[[email protected] ~]$ ssh [email protected]
Password:
Your password will expire today

Welcome to vMA
run 'vma-help' or see http://www.vmware.com/go/vma4 for more details.

[[email protected] ~]$ pwd
/home/local/PRIMP-IND/primp
We can also verify this user on the AD Server by running the following query:

Default level 0 info

[[email protected] ~]$ /opt/likewise/bin/lw-find-user-by-name primp

User info (Level-0):
====================
Name: primp
SID: S-1-5-21-503341760-968948550-2164105906-1105
Uid: 1058014289
Gid: 1058013696
Gecos: primp primp
Shell: /bin/bash
Home dir: /home/local/PRIMP-IND/primp
Logon restriction: NO
level 2 info

[[email protected] ~]$ /opt/likewise/bin/lw-find-user-by-name primp --level 2

User info (Level-2):
====================
Name: primp
SID: S-1-5-21-503341760-968948550-2164105906-1105
UPN: *protected email*
Generated UPN: NO
DN: CN=primp primp,CN=Users,DC=primp-industries,DC=com
Uid: 1058014289
Gid: 1058013696
Gecos: primp primp
Shell: /bin/bash
Home dir: /home/local/PRIMP-IND/primp
LMHash length: 0
NTHash length: 0
Local User: NO
Account disabled (or locked): FALSE
Account expired: FALSE
Password never expires: TRUE
Password expired: FALSE
Prompt for password change: YES
User can change password: YES
Days till password expires: 0
Logon restriction: NO
To unjoin and leave the domain, you will use the following:

To preview the files that will require changes for leaving a domain use

[[email protected] ~]$ sudo domainjoin-cli leave --advanced --preview

Leaving AD Domain: PRIMP-INDUSTRIES.COM
[F] DDNS - Configure Dynamic DNS Entry for this host
[X] [S] ssh - configure ssh and sshd
[X] [N] pam - configure pam.d/pam.conf
[F] nsswitch - enable/disable Likewise nsswitch module
[X] [N] krb5 - configure krb5.conf
[X] [N] stop - stop daemons
[X] [N] leave - disable machine account
[F] keytab - initialize kerberos keytab

Key to flags
[F]ully configured - the system is already configured for this step
[S]ufficiently configured - the system meets the minimum configuration
requirements for this step
[N]ecessary - this step must be run or manually performed.

[X] - this step is enabled and will make changes
[ ] - this step is disabled and will not make changes
To confirm and leave the domain, use

[[email protected] ~]$ sudo domainjoin-cli leave

Leaving AD Domain: PRIMP-INDUSTRIES.COM
SUCCESS

All Likewise utilities are installed under /opt/likewise/bin and for more information on these utilities and how to use them, check out the Likewise documentation here.

UPDATE:
The instructions above can also be used to setup "open" on classic ESX w/Service Console, ESXi will not work however.

Is vSphere 4.1 release really imminent?

by 5 Comments

There have been a few articles floating around web regarding the potential features and speculations on when the next version of vSphere will be released. While doing some research on a new article that I am working on, I stumbled onto an interesting VMware website, called VMLiveVMLive is VMware's interactive webinar series designed specifically for their partner community. 

It seems that Australia-New Zealand VMLive channel is getting a head start on next release, which looks to be vSphere 4.1! I'm curious if other regions are getting similar offerings?
Here is a screenshot of the 4 upcoming webinars:

Here is the link, assuming it does not get pulled.

How to install vCLI 4.0 Update 2 on vMA

by Leave a Comment

There was a question today on the VMTN forums about obtaining the latest version of resxtop for vMA to utilize the new NFS datastore counters. Unfortunately, there is no automatic method of updating vMA to get the new version of resxtop, which is part of the vCLI 4.0 Update 2 package. The current release of vMA 4.0 contains the GA release of vCLI 4.0 (May 2009). VMware has since released both and Update 1 and Update 2 of vCLI.

Even though there is no automatic way of upgrading the vCLI on vMA, it is actually pretty easy to download the latest version and upgrade it yourself. Before starting, you will want to download vCLI 4.0 Update 2 and ensure that it is the 64bit version.

Download: vCLI 4.0 Update 2

You will need to copy the tarball to your vMA host using either UNIX/Linux scp command or WinSCP if you're on a Windows system. Once the package has been uploaded, you will login to your vMA host and you should see the package in the current working directory:
[[email protected] ~]$ ls
VMware-vSphere-CLI-4.0.0-253290.x86_64.tar.gz
Now you will extract the contents of the tarball using the following command:

[[email protected] ~]$ tar -zxvf VMware-vSphere-CLI-4.0.0-253290.x86_64.tar.gz
After extracting the contents, you should now have a new folder called vmware-vsphere-cli-distrib:

[[email protected] ~]$ ls -l
total 18304
-rw-r--r-- 1 vi-admin root 18714362 Jun 28 10:35 VMware-vSphere-CLI-4.0.0-253290.x86_64.tar.gz
drwxr-xr-x 10 vi-admin root 4096 Apr 23 01:01 vmware-vsphere-cli-distrib
You will now cd into the vmware-vsphere-cli-distrib directory and run the installer. The first time you run this, you will get an error and you need to remove the installer db at this time to proceed with the installation:

[[email protected] vmware-vsphere-cli-distrib]$ sudo ./vmware-install.pl
A previous installation of vSphere CLI has been detected.

Uninstallation of previous install failed. Would you like to remove the install
DB? [no] yes

Removing installer DB, please re-run the installer.
Note: (This is necessary since the installer script does not support a clean upgrade from what I can tell)

Once you have successfully removed the installer db, you will need re-run the previous command which will start the installation (accept all the defaults and ensure you do overwrite the utilities):

[[email protected] vmware-vsphere-cli-distrib]$ sudo ./vmware-install.pl

......

The installation of vSphere CLI 4.0.0 build-253290 for Linux completed
successfully. You can decide to remove this software from your system at any
time by invoking the following command:
"/usr/bin/vmware-uninstall-vSphere-CLI.pl".

This installer has successfully installed both vSphere CLI and the vSphere SDK
for Perl.

Enjoy,

--the VMware team
After this, you now have the latest version of vCLI 4.0 Update 2 installed on your vMA host.

The biggest feature with this new release of the vCLI is the NFS datastore metrics which has been a sought after for awhile. One other feature that has not gotten too much attention in the new version of esxtop/resxtop is the power management metrics, denoted by the new "y" option.

Filed Under: Uncategorized Tagged With: ,