Tag Archives: scripted

Automating vSphere with Cody Bunch – book review

vCenter Orchestrator (vCO) has been around since May 2009 when vSphere4 was initially released. Despite being around for over two years it doesn’t seem to get much attention even though it’s free to anyone who’s purchased vCenter and has the potential to save effort for system administrators. There are a couple of reasons for this in my opinion – firstly it isn’t ready to go by default, you have to configure it manually and that’s not as straight forward as it could be. Secondly it looks intimidating once configured and does require some knowledge of either the vSphere API and preferably using Javascript. While neither are that hard to get to grips with, combined it makes for quite a barrier to entry.

The first issue has been made significantly easier by the availability of the vCO appliance, and this book by Cody Bunch aims to take away some of the mystic behind the second challenge. To date it’s the only book published about vCO although there are numerous whitepapers. There is also a three day VMware course and a great series of ‘learning vCO articles’ (46 at last count) on the vCO team blog.

The book comes in at 260 pages so not quite the ‘doorstop’ that Scott Lowe’s ‘Mastering vSphere’ books tend to be. As with many technical books however the key is in understanding the content rather than having lots of it – you could easily spend a week learning a specific part of the API while you perfect a real world workflow. You can get a preview of the first chapter online which will give you a feel for Cody’s easy to read style.

The book is split into three sections plus appendices;

  1. Introduction, installation and configuration (50 pages)
  2. Working with Orchestrator (50 pages)
  3. Real world use cases (100 pages)
  4. Appendices – Onyx, VIX, troubleshooting, the vCO vApp (50 pages)

If you’re familiar with vCO (if you’ve done the VCAP4-DCA exam for example you probably installed and configured Orchestrator as it was on the blueprint) you won’t dwell too long on the first section as there’s not much you won’t already know. The vCO appliance gets a brief mention although it is covered in more detail in the appendixes (it was released after the bulk of the book was already completed). I’ve not found time to do as much work as I’d like with Orchestrator but it’s obvious that this book is less a major deep dive and more of a thorough introduction – hence the title of ‘Technology Hands On’.

You can buy the book from Amazon.com or Amazon.co.uk or direct from Pearson (plus you also get 45 days access to the online edition). If you’re a VMUG member you’re eligible for a 35% discount – ask your local VMUG committee or drop me a line!

Further Reading

The official VMware vCO page

The vCO resources page (including forums, videos, FAQ etc)

The unofficial vCO blog

Cody Bunch’s section on vCO at Professional VMware.com

Joerg Lew’s website vCOPortal.de (VCI and all round vCO guru)

Tom Holingsworth’s review of the book

Twitter people to follow;

Easing the pain of a VMware audit

I recently had to complete an external audit of our VMware estate and thought it might be useful to others to know what the process entails, what you’ll need to provide to the auditors, and a few issues that I wasn’t aware of beforehand around licencing compliance. The initial approach by the auditor will describe the overall process and expected timelines (which will vary based on the size of your company).

There are two main steps in the process – self disclosure and discovery;

  1. Self disclosure is where you detail your use of VMware software including vCenters, ESX/ESXi hosts, VMs, and licences. In our case this was collated into an Excel spreadsheet provided by the auditor (the deployment detail workbook). You’ll also have to answer some high level questions about your company (such as how many locations you have), how you audit internally (how you track licences – third party tools, vCenter etc), when you initially deployed VMware in your company, and some info about your contacts for the audit. How you collect this information is up to you but there are a couple of good choices;
    • Export data from vCenter using the GUI
    • Export date from vCenter using PowerCLI scripts
    • Use third party tools.

    I used a mixture of RVTools (which is a handy and free download) and PowerCLI scripts. The native ‘Export’ feature in vCenter isn’t very flexible (there’s no way to export all the MAC addresses of VMs for example) but while RVTools came close it didn’t provide everything I needed either. I needed host uptime and while RVTools does show the last reboot time I still needed to translate that into days plus it didn’t cover licencing for each host (which I could have got from vCenter). I’ve included the script I ran at the end of this post in case it’s of use to someone else.

  2. Validation. Once the disclose is completed the auditor will want to ‘validate’ the information – auditor talk for “are you telling the truth, the whole truth, and nothing but the truth?”! This can be done in a variety of ways depending on the size of your estate, location, the auditor etc. It could include using your inhouse auditing tools (Centennial for example), data from directories like Active Directory or a scan of your network switches for a list of VMware MAC addresses (prefixes 00.05.69, 00.0C.29, 00.1C.14, as well as the more commonly known 00.50.56) . The latter was the approach we took due to a mixed Linux/Windows estate and the auditors preference. NOTE: you’ll do the actuall collection of all data not the auditors, even if they’re onsite.
    In an ideal world the information collected in this step matches up nicely with the information you’ve disclosed – any discrepancies will need investigating and explaining. A few things that caught me out here;

    • Ensure you keep track of any changes to the VMware environment after the audit process kicks off (this is an audit requirement). Some of my discrepancies were because another admin had decommissioned some VMs after my initial disclosure so they flagged up as ‘missing’. Simple to explain, but time consuming to track down! This could be a real challenge in a larger environment.
    • Remember that VMkernel ports also have VMware MAC addresses, not just the VMs. I spent a while trying to find ‘phantom’ VMs before tracking down the issue. RVTools shows these in a seperate tab so you’ll need to export both.
    • Even if you’re over entitled (you have more licences than you’re using) you’ll probably have to justify it, just to be sure you’re not hiding some part of your installation.

Continue reading Easing the pain of a VMware audit

Adding a custom PowerCLI brush for syntax highlighting on WordPress

After moving my blog to a new hosting provider last month I was reviewing the WordPress plugins I use and I found myself wondering if Alex Gorbatchev’s SyntaxHighlighter supported PowerCLI. The WordPress plugin I use (courtesy of Alex Bond) had a Powershell plugin but no PowerCLI. Time to create! I’m by no means the first person to extend this plugin and I quickly realised there were two options;

  • upload a new ‘brush’ file to overwrite the existing Powershell brush. That change would be lost however if you upgraded the WordPress plugin and with the imminent release of Powershell v3 it could also be lost if the original Powershell brush was updated.
  • write an extra plugin which includes the new language. I felt this was a bit more work, but generally the better solution (plus I was half doing this to learn more about WordPress and the plugin structure). With clear guidance on how to create new languages the hard work was already done.

The result is my WordPress plugin for PowerCLI syntax highlighting which includes;

Continue reading Adding a custom PowerCLI brush for syntax highlighting on WordPress

PowerCLI v5 – gotcha if you use guest OS cmdlets

UPDATE FEB 2012 – After some further testing I’ve concluded that this is a bigger pain than I previously thought. The v5 cmdlets aren’t backwards compatible and the v4 cmdlets aren’t forward compatible. This means that while you’re running a mixed environment with VMs on v4/v5 VMtools a single script can’t run against them all. Think audit scripts, AV update scripts etc. You’ll have to run the script twice, from two different workstations, one running PowerCLI v4 (against the v4 VMs) and one running PowerCLI v5 (against the v5 VMs). And I thought this was meant to be an improvement??

———- original article ————–

There are quite a few enhancements in PowerCLI v5 (there’s a good summary at Julian Wood’s site) but if you make use of the guest OS cmdlets proceed with caution!

We have an automated provisioning script which we use to build new virtual servers. This does everything from provisioning storage on our backend Netapps to creating the VM and customising configuration inside the guest OS. The guest OS configuration makes use of the ‘VMGuest’ family  of cmdlets;

  • Invoke-VMScript
  • Copy-VMGuestFile
  • Get-VMGuest, Restart-VMGuest etc

Unfortunately since upgrading to vSphere5 and PowerCLI v5 we’ve discovered that the guest OS cmdlets are NOT backwards compatible! This means if you upgrade to PowerCLI v5 but your hosts aren’t running ESXiv5 and more importantly the VMTools aren’t the most up to date version any calls using the v5 cmdlets (such as Invoke-VMGuest) will no longer work. Presumably this is due to the integration of the VIX API into the base vSphere API – I’m guessing the new cmdlets (via the VMTools interface) now require the built-in API as a prerequisite.

As PowerCLI is a client side install the workaround is to have a separate install (on another PC for example) which still runs PowerCLI v4, but we have our vCenter server setup as a central scripting station (it’s simpler than every member of the team keeping up with releases, plugins etc) so this is definitely not ideal.

This is covered in VMware KB2010065.The PowerCLI v5 release notes are also worth a read.

Further Reading

Will Invoke-VMGuest work? (LucD)

VCAP-DCA Study notes–9.2 Plan and execute scripted ESX builds

The blueprint for this section seems to refer mainly to ESX but I’ve described both ESX and ESXi on the assumption the lab environment used for the exams will move to v4.1 sooner rather than later.

NOTE: Weasel is VMware’s scripted installer. It’s similar to Kickstart as used with Linux, but not identical.

A summary for a scripted install;

  • Decide on the bootloader source
  • Configure a media repository to hold your source files and scripts
  • Create an install script (either from scratch or from a previously built host)
  • Perform the scripted install

Use cases for scripted installations

Reasons to use a scripted install;

  • Reduce deployment time
  • Ensure consistency, reduce human error
  • Remove need for local media (when using PXE boot. Very useful for blade and remote environments)
  • Delegate installations to junior staff who don’t know how to configure ESX

Along with knowing why you might use a scripted install in the first place you should consider the various types of scripted install and when to use each one. Factors to consider;

  • Maintainability. Over time you’ll want to update your install for new releases of ESX, patches, post install steps etc. While a custom CD has the least dependencies it’s harder to maintain compared to a network media repository.
  • Dependencies. I created an NFS based install only to find that most of the time the host’s physical networking hasn’t been completed when we want to build the OS, rendering this method useless. I had to convert it to a custom CD instead which was mounted via ILO (it was a blade environment). Another example is USB flash – it’s easier than CD to amend/update but may not be as useful for remote installs.
  • Continue reading VCAP-DCA Study notes–9.2 Plan and execute scripted ESX builds