VMware – Page 2 – ICT-Freak.nl

March 22, 2013June 6, 2013 afokkema VMware

PowerCLI: Automatic expand the available ports for a dvPortgroup

Last year William Lam wrote a blog post on the VMware vSphere Blog about automatic expand a dvPort group port. You can find his post here: http://blogs.vmware.com/vsphere/. There is also a KB article about this subject. You can find it here: KB1022312

Just a quote from the KB article KB1022312 to explain the auto expand feature and how you can enable it without using Perl of PowerCLI scripting:

Note: vSphere 5.0 has introduced a new advanced option for static port binding called Auto Expand. This port group property allows a port group to expand automatically by a small predefined margin whenever the port group is about to run out of ports. In vSphere 5.1, the Auto Expand feature is enabled by default.

In vSphere 5.0 Auto Expand is disabled by default. To enable it, use the vSphere 5.0 SDK via the managed object browser (MOB):

In a browser, enter the address http://vc-ip-address/mob/.

When prompted, enter your vCenter Server username and password.

Click the Content link.

In the left pane, search for the row with the word rootFolder.

Open the link in the right pane of the row. The link should be similar to group-d1 (Datacenters).

In the left pane, search for the row with the word childEntity. In the right pane, you see a list of datacenter links.

Click the datacenter link in which the vDS is defined.

In the left pane, search for the row with the word networkFolder and open the link in the right pane. The link should be similar to group-n123 (network).

In the left pane, search for the row with the word childEntity. You see a list of vDS and distributed port group links in the right pane.

Click the distributed port group for which you want to change this property.

In the left pane, search for the row with the word config and click the link in the right pane.

In the left pane, search for the row with the word autoExpand. It is usually the first row.

Note the corresponding value displayed in the right pane. The value should be false by default.

In the left pane, search for the row with the word configVersion. The value should be 1 if it has not been modified.

Note the corresponding value displayed in the right pane as it is needed later.

Go back to the distributed port group page.

Click the link that reads ReconfigureDvs_Task. A new window appears.

In the Spec text field, enter this text:
<spec> <configVersion>1</configVersion> <autoExpand>true</autoExpand> </spec>
where configVersion is what you recorded in step 15.

Click the Invoke Method link.

Close the window.

Repeat Steps 10 through 14 to verify the new value for autoExpand.

If you need to change this setting for hundreds of dvPortgroups this will not be one of your favorite changes in your VMware environment. Well you know me. Let’s see if we can PowerCLI this job.

$dvPG = Get-VirtualPortGroup -Name "VM Network"
$dvPGview = get-view $dvPG
$spec = New-Object VMware.Vim.DVPortgroupConfigSpec
$spec.AutoExpand = "True"
$spec.ConfigVersion = $dvPGview.Config.ConfigVersion
$dvPGview.ReconfigureDVPortgroup_Task($spec)
$dvPGview.UpdateViewData()

if you want to change all the dvPortgroups at one. You can use the following script:

Update: Thanks to Rafael Schitz from http://www.hypervisor.fr/ for the tip to filter out the dvUplink Portgroups. I have also added a check to find out if the dvSwitch is running the correct version to enable the autoExpand feature. Copy the script below and change de $dvSwitchName variable to the name of your dvSwitch.

$dvSwitchName = "dvSwitchName"
$dvSwitch = Get-VirtualSwitch -Distributed -Name $dvSwitchName
if($dvSwitch.ExtensionData.Config.ProductInfo.Version –notmatch "4.*"){
    foreach($dvPG in (Get-View -ViewType DistributedVirtualPortgroup|?{!($_.Tag|?{$_.Key -eq "SYSTEM/DVS.UPLINKPG"}) -and !$_.Config.autoExpand})){
        $spec = New-Object VMware.Vim.DVPortgroupConfigSpec
        $spec.AutoExpand = "True"
        $spec.ConfigVersion = $dvPG.Config.ConfigVersion
        $dvPG.ReconfigureDVPortgroup_Task($spec)
        Write-Host "Enable auotExpand for dvPortgroup: $($dvPG.Name)" -ForegroundColor Yellow
        $dvPG.UpdateViewData()
    }
}
else{
    Write-Host "dvSwitch: $($dvSwitch.Name) is not configured with version 5 or higher. Please upgrade.." -ForegroundColor Red
}

If the dvPortgroup has 0 available ports and a VM wants to connect a network adapter to the dvPortgroup, The total ports variable will be automatically expand with 10 ports. After a couple of tests I can confirm that it works.

My VM Network dvPortgroup had 70 ports. When al these ports where claimed by VM’s and a new VM was deployed or an existing VM was configured with a new network adapter, the Available ports variable was expanded with 10 ports without any impact for the running VM’s.

Sources: KB1022312, http://blogs.vmware.com/vsphere/, http://www.hypervisor.fr/?p=4633

February 11, 2013February 12, 2013 afokkema Automation

PowerCLI: Easy NFS datastore setup vSphere 5.x

For vSphere 4.1 I wrote a PowerCLI script to attach NFS shares. You can find the script here.

In vSphere 5 the properties has changed so I had to change the script. In fact the script is much simpler because all the properties can be found in $nfs.info.nas:

The RemoteHost presents the IP address, The RemotePath presents the Share and the Name property presents the name of the share. Now we have the correct variables so it’s time to fix the old script. You can find the result below:

$REFHOST = Get-VMHost "<esxi hostname>"
foreach($NEWHOST in (Get-Cluster <cluster> | Get-VMhost | Where {$_.Name -ne $REFHOST.Name}) | Sort Name){
    foreach($nfs in (Get-VMhost $REFHOST | Get-Datastore | Where {$_.type -eq "NFS"} | Get-View)){
        $share = $nfs.info.Nas
        if($share.Remotehost -match "\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b"){
            $remotePath = $share.RemotePath
            $remoteHost = $share.Remotehost
            $shareName = $nfs.Name            

            if ((Get-VMHost $NEWHOST | Get-Datastore | Where {$_.Name -eq $shareName -and $_.type -eq "NFS"} -ErrorAction SilentlyContinue )-eq $null){
                Write-Host "NFS mount $shareName doesn't exist on $($NEWHOST)" -fore Red
                New-Datastore -Nfs -VMHost $NEWHost -Name $Sharename -Path $remotePath -NfsHost $remoteHost    | Out-Null
            }
        }
    }
}

December 28, 2012December 28, 2012 afokkema VMware

vCOPS: Empty Dashboard after the upgrade to version 5.6

After the upgrade of vCenter Operations 5.0.3 (vAPP) to vCenter Operations 5.6 I got an empty screen when I started the vCenter Operations Manager website and the Dashboard view:

So I started to troubleshoot and a Goolge search. When I found the following thread on the VMware communities: http://communities.vmware.com/message/2158059. The fix is really easy. Just clear your browser cache and after that, the Dashboard view will work again.

October 16, 2012October 16, 2012 afokkema VMware

vCenter Operations: Disable the default web timeout

Just a quick note to remember how to disable the default web timeout of 30 minutes in vCenter Operations.

Login as root on the UI VM.
Open the the web.xml file with VI: vi/usr/lib/vmware-vcops/tomcat/webapps/vcops-vsphere/WEB-INF/web.xml
Change the default value 30 to –1 to disable the timeout completely.

Save the changes via ESC, :wq
restart the vcopsweb service via: service vcopsweb restart
Wait until the service is ready again.

October 3, 2012October 3, 2012 afokkema Automation

PowerCLI: Get-VirtualPortgroup -Distributed VlandId value is empty

Today I was busy with PowerCLI and dvPort groups. I started to use the Get-VirtualPortgroup –Distributed cmdlet and parameter to retrieve some information about the dvPort group. But the default output doesn’t show the VlanId. See the screen shot below for the default output.

I don’t know if this is a known issue between PowerCLI 5.1 release 1 and vSphere 4.1 update 2. So I have to test it in a vSphere 5 environment.

But how can you find the vlanid of a distributed portgroup? You can use a PowerCLI script which I created to fix this little “bug” and I have also added the PortsFree column to the output of the script.

$dvPortgroup = get-virtualportgroup -Distributed -Name "vlan1"
$dvPortgroupInfo = New-Object PSObject -Property @{            
    Name = $dvPortgroup.Name
    Key = $dvPortgroup.Key
    VlanId = $dvPortgroup.ExtensionData.Config.DefaultPortConfig.Vlan.VlanId
    Portbinding = $dvPortgroup.Portbinding
    NumPorts = $dvPortgroup.NumPorts
    PortsFree = ($dvPortgroup.ExtensionData.PortKeys.count - $dvPortgroup.ExtensionData.vm.count)
}  
$dvPortgroupInfo | ft -AutoSize

The output of the script:

If you want to create a report of all the dvPort groups. You can use the following script to achieve that goal:

$info = @()
foreach($dvPortgroup in (Get-VirtualPortgroup -Distributed | Sort Name)){
    $dvPortgroupInfo = New-Object PSObject -Property @{            
        Name = $dvPortgroup.Name
        Key = $dvPortgroup.Key
        VlanId = $dvPortgroup.ExtensionData.Config.DefaultPortConfig.Vlan.VlanId
        Portbinding = $dvPortgroup.Portbinding
        NumPorts = $dvPortgroup.NumPorts
        PortsFree = ($dvPortgroup.ExtensionData.PortKeys.count - $dvPortgroup.ExtensionData.vm.count)
    }  
    $info += $dvPortgroupInfo
}
$info | Export-Csv -UseCulture -NoTypeInformation C:\tmp\dvportgroup_info.csv

September 14, 2012September 14, 2012 afokkema VMware

ESXi: Leave Windows Domain: The operation is not allow in the current state

Today I was struggling with an ESX host. The ESX host was unable to leave the Windows domain. I got the following error:

From the vSphere client I was unable to fix this issue. Apply Host profile failed also with the same error. So I started a search in the VMware KB and found an article about problems while attempting to join a Windows domain. In this article you’ll find a way to clean up the AD configuration from the CLI.

The solution for me was to stop the lsassd service:

/etc/init.d/lsassd stop

Remove the db directory:

/etc/likewise/db directory

and start the lasassd service again:

/etc/init.d/lsassd start

Now I was able to leave the Windows domain.

August 27, 2012August 27, 2012 afokkema vCenter

vCenter Operations Manager 5.x vApp Admin account tips

I just want to share two KB articles about the Admin account used in vCenter Operations Manager 5.x vApp. I had some trouble logging in as admin and these articles helped me solve the issue.

Automated lockout of the admin account in the vCenter Operations Manager 5.x vApp

Details

vCenter Operations Manager 5.x locks out the admin account on the vApp if you try to log in with incorrect credentials three times in a row.

Solution

Determine whether the admin account is locked out

Log in to the console of the UI VM as root user.

Run the following command twice: su admin.
The admin account is locked if the console displays a message that reads Account locked due to XX failed login, where XX stands for the number of failed login attempts.

Repeat the above steps on the Analytics VM to check if the admin account there is locked out.

Unlock the admin account

Log in to the console of the UI VM as root user.

Run the following command: pam_tally --user admin --reset.

Repeat the above steps on the Analytics VM if the admin account there is locked out.

Disable the automated lockout for the admin account (optional)

Log in to the console of the UI VM as root user.

Remove or comment out the following line from file /etc/pam.d/common-auth:
auth requisite pam_tally.so deny=3

Repeat the above steps on the Analytics VM to disable the lockout functionality there.
Note: The admin account is unlocked automatically when you disable this functionality.

Source: KB2030185

Resetting user passwords in vCenter Operations Manager vApp

Details

This article describes how to reset passwords in vCenter Operations Manager 5.x. The procedure for the root user is different from the admin user. Both procedures are documented here.

Solution

Resetting the root user password

If you forget the root user password, you can reset this password by booting into single user mode.

To reset the root user password:

In the vSphere Client, power off both the UI and Analytics virtual machines.

Select the powered-off UI virtual machine, right-click it, and choose Open Console in the pop-up menu.

From the virtual machine console window, hit the green |> button to power on the UI virtual machine .

When the boot screen appears, quickly click inside the window and enter a space.
The boot process halts and the countdown from 7 to 0 at the bottom of the screen clears.
Note: You have only a few seconds to accomplish this step. If you do not halt the boot countdown, you have to start over.

Make sure the first line is selected (SUSE Linux Enterprise …), and press e.
A boot parameters menu appears.

Go to the second line (beginning with “kernel /vmlinuz-….”), and press e again.
You are dropped into a grub prompt, and the cursor is positioned at the end of the line.

Enter a space, followed by the parameter init=/bin/sh, and press Enter.
The space and the parameter are appended to the line onscreen. Once you press Enter, you are returned to the previous boot parameters screen, with the kernel line highlighted.

Press b to boot.
You see a short boot sequence, followed by a shell prompt.
Note: This step overwrites the temporary changes made in Step 7, and all boot parameters revert to their previous values.

Run this command to reset the root user password:
passwd

Repeat Steps 1-9 for the Analytics virtual machine.
Note: Make sure that you enter the same new password for both the UI and the Analytics virtual machines.

Resetting the admin user password

If you forget the admin user password for vCenter Operations Manager, a script is available for you to re-set that password.

For the 5.0 version only, you must download and use the script attached to this document.

For vCenter Operations 5.0.1 and subsequent versions, the script will be available in the vApp.

To reset the admin password, follow these steps. If you are on a version later than 5.0, go to Step 3.

If you are on the 5.0 version, download and unzip the file resetadminpwd.zip to obtain the script fileresetadminpwd.sh.

Save resetadminpwd.sh on the UI virtual machine in the /usr/lib/vmware-vcops/user/conf/install folder.

Make the script executable.
chmod 755 resetadminpwd.sh

As root, run the script resetadminpwd.sh on the UI virtual machine:
./resetadminpwd.sh new-password

Source: KB2013358

July 20, 2012July 20, 2012 afokkema VMware

PowerCLI: dvSwitch info

In one of my previous posts you can find a PowerCLI script to report the dvPortgroup ports usage. In this post you’ll find a PowerCLI script to report the overall status of the dvSwitches in your environment. The script will report the dvSwitch Name, Version, Total ports maximum, Total ports in use and the total ports left on the dvSwitch.

Just copy the script below:

$dvSwitchInfo = @()
foreach($dvSwitch in (get-virtualSwitch -distributed |Sort Name)){
    $details = "" | Select Name, Version, Totalports, Portsinuse, Portsleft
    
    $totalPorts = $dvSwitch.ExtensionData.Config.MaxPorts
    $Portsinuse = $dvSwitch.ExtensionData.Config.NumPorts
    $portsleft = ($totalPorts - $Portsinuse)
        
    $details.Name = $dvSwitch.name
    $details.Version = $dvSwitch.ExtensionData.Summary.ProductInfo.Version
    $details.Totalports = $totalPorts
    $details.Portsinuse = $Portsinuse
    $details.Portsleft = $portsleft   
    
    $dvSwitchInfo += $details
}    
$dvSwitchInfo

The output will look like this:

I will create another script to combine the information of the dvSwitch and the dvPortgroups available on the dvSwitch to a complete html report like the vCheck.

July 6, 2012July 6, 2012 afokkema Automation, VMware

PowerCLI: dvPortgroup ports report

In this post I will show you how you can generate a simple report of your dvPortgroups. The report shows the Name of the dvPortgroup, The portbinding configuration, The total ports configured, The total ports in use and last but not least the total ports left on the dvPortgroup.

The script below will search for all distributed portgroups in your vCenter where you’re connected to with PowerCLI.

$pgInfo = @()
foreach($pg in (get-virtualportgroup -distributed | Sort Name)){
    $details = "" | Select Name, PortBinding, Totalports, Portsinuse, Portsleft
    
    $totalPorts = $pg.ExtensionData.PortKeys.count    
    $Portsinuse = $pg.ExtensionData.vm.count
    $portsleft = ($totalPorts - $Portsinuse)
        
    $details.Name = $pg.name
    $details.PortBinding = $pg.PortBinding
    $details.Totalports = $totalPorts
    $details.Portsinuse = $Portsinuse
    $details.Portsleft = $portsleft   
    
    $pgInfo += $details
}    
$pgInfo | Export-Csv -UseCulture -NoTypeInformation C:\Scripts\dvPortgroupInfo.csv

The CSV output will look like this:

Name	PortBinding	Totalports	Portsinuse	Portsleft
vlan1	Static	32	4	28
vlan2	Static	32	0	32
vlan3	Static	32	7	25
vlan4	Static	32	1	31
vlan5	Static	32	12	20
vlan6	Static	32	0	32

With a simple PowerCLI script you can create a report of all your dvPortgroups. I am going to create another PowerCLI script to use as a Nagios plugin to see witch of the dvPortgroups have less than <X> ports left. So to be continued.

July 5, 2012July 5, 2012 afokkema VMware

The numPorts value: <####> in spec exceeded maxPorts 8192

Today I was playing around with the vSphere Distributed Switch and trying to reach the configuration maximums of it by creating lots of dvPortgroups. But when I reached the port numbers above 8192, the dvPortgroup wasn’t created and I got the following error:

From KB1038193 I used the resolution to change the default max numPorts from 8192 to 20000. The 20000 value is also the one mentioned in the Configuration Maxium document: vsp_41_config_max.pdf so I don’t know why VMware used the 8192 max value. If anyone can explain why this extra limit if effective, please let me know.

The solution from KB1038193:

Symptoms

You cannot configure more than 8192 virtual ports in vCenter Server vNetwork Distributed Switch (vDS).

You see the error:
The numPorts value : 8256 in spec exceeded maxPorts 8192.

Purpose

This article provides steps to increase the maximum number of vDS ports.

Resolution

Changing the maximum number of vDS ports by using vSphere PowerCLI

vSphere PowerCLI can be used to automate the different virtual machine tasks. It provides an easy-to-use C# and PowerShell interface to VMware vSphere APIs. For more information, see the VMware vSphere PowerCLI Documentation.

To change the maximum number of vDS ports, you can use this PowerCLI snippet:

$dvs = Get-VirtualSwitch -Distributed -Name DVSName | Get-View
$cfg = New-Object -TypeName VMware.Vim.DVSConfigSpec
$cfg.MaxPorts = 20000
$cfg.configVersion = $dvs.config.configVersion
$dvs.ReconfigureDvs_Task( $cfg )

I have changed the code slightly to report the current configuration. you can use this script or the one from the KB article:

# dvSwitchName
$dvSwitchName = "dvSwitch01"

$dvs = Get-VirtualSwitch -Distributed -Name $dvSwitchName | Get-View
Write-Host "The current configuration of MaxPorts = $($dvs.Config.MaxPorts)" -for Yellow
$cfg = New-Object -TypeName VMware.Vim.DVSConfigSpec

# Org
#$cfg.MaxPorts = 8192

# New
$cfg.MaxPorts = 20000

$cfg.configVersion = $dvs.config.configVersion
$dvs.ReconfigureDvs_Task( $cfg ) | Out-Null

# Report new configuration
$dvs = Get-VirtualSwitch -Distributed -Name $dvSwitchName | Get-View
Write-Host "The new configuration of MaxPorts = $($dvs.Config.MaxPorts)" -for Green