Month: July 2008

Where in !@#%* does the text on tty11 come from?

You know the text I’m talking about…when you walk up to an ESX host and it has the hostname and IP address along with instructions to “press ALT-F1 to open the ESX Server Console, press ALT-F11 to return to this screen”.

Yeah, that text. Where does it come from? It’s not a typical tty…it has a screen saver (if you let it be for a while it’ll go blank). I can’t figure out for the life of me where it’s started, or where it get’s it’s data from…well I found some things…but not where the obviously non-dynamic (text other than ip address, hostname) data comes from.

The point of my looking for how it get’s that data is because we recently changed the IP addresses of all our ESX hosts. The console (and consequentially webAccess) were on a public LAN. For security reasons, we didn’t want this, so we put them on a private LAN. Nothing difficult…took care of the entire process from VI Client (add new console interface, set as primary, remove old console interface). I even went to the trouble (ok, I might have OCD) of physically standing in front of the box and moving the new vswif1 so that it’s named vswif0, just because it was irritating me.

Read more

Where-object vs WQL

No matter what you’re doing in PowerShell there are guaranteed to be at least 5 different ways to accomplish your goal.  Early on I would suggest focusing on the functionality, but after your script is working as intended.  A little time spent tuning and optimizing your various functions and loops will go a long way.   Sometimes an IF statement is faster than a switch. Likewise while vs. until vs. foreach… Take the time and try the various options.  Performance varies greatly depending on what type of object you’re working with, and what you’re doing with that object.   So far in my quest for posh speed I have found two things to be globally true:

  1. The less data you pass down the pipe line the faster your script will run.
  2. 99% of the time filtering at the source is 25%-50% faster then using select-object/where-object.

Along those lines I FINALY figured out how to do a “where not” WQL query!  Low and behold Glenn’s global laws of performance held true again…

If execution times are keeping you in the dark ages of automation.  Look no further than your own code.  I am yet to find a task where PowerShell doesn’t crush VBscript/WSH/BAT.

~Glenn

Managing required Snapins

I’m often hesitant to rely on snap-ins in my production scripts.  My fear is that a Jr Sysad will grab the script and attempt to run it.   Without the required Snap-ins the script will fail, and that failure will be “my fault”.  I solved this little problem by adding the following to any scripts that requires snap-ins.

write-Host “Loading required PSSnapins…”
# Load the PSCX if they are not already loaded…
if (!(Get-PSSnapin | ?{$_.name -eq “pscx”})){Add-PSSnapin pscx -ErrorAction Stop}

Now when the script fails I can at least point at the error, and say “what do you mean you don’t know why it’s not working, it’s right there!”

Thank you aleksandar !
Talk about doing it the hard way, all I had to do was add the “#requires” header to the first line of my scripts.

#requires -pssnapin pscx

Gotta love PowerShell every time you think you solved a problem, someone points out a feature of the parser that handles it natively!

~Glenn

Simplify Get-VIServer

BSonPOSH took almost all the pain out of logging into Virtual Infrastructure with his get-credentials script.  That was still too much typing for me.  Every time I turned around I had timeout of my VC session.  My solution a small function added to my profile.

################### Start VMWARE ##################################

# Load Admin credentials
# Modified from http://bsonposh.com/archives/338

$creds = New-Object System.Management.Automation.PsCredential(“DomainUser-adm”, `
(Get-Content “$env:homesharescriptsmycreds.txt” | ConvertTo-SecureString)

# Load Vmware

IF (!(Get-PSSnapin | ?{$_.name -eq “VMware.VimAutomation.Core”}
{
Add-PSSnapin VMware.VimAutomation.Core
}

# Add VMware Community Extentions
# Requires Powershell V2
Add-Module “$env:homesharescriptsVMWareExtenstions.psm1”

Function Get-VC([string]$VCServer = “DefaultVCServer”)
{
Get-VIServer -Server $VCServer -Credentials $creds | Out-Null
}

Set-Alias GVC Get-VC

################### End VMWARE ####################################

Now when I want to connect to my primary VC Server I type.

PS > . GVC
that’s dot space GCV…

NOTE:  As far as how secure is this solution?  Well, my password is stored in a file.  That file cannot be interpreted by anyone other then me (similar to EFS).  Additionally I know some would mock globally loading $creds. However, I work on an isolated network, and my execution policy is set to ALLSigned.  I acknowledge that there is still a risk, but it’s one I can live with.

~Glenn

UPDATE:  VMware has changed the get-viserver cmdlet to connect-viserver more to come…

Command Line Licensing

I discovered that if you set the license server incorrectly, or if it can’t contact the license server, then ESX/VirtualCenter won’t let you change it. ESX seems to want to contact the old server before it will let you change to a new one.

Anyway, by modifying the /etc/vmware/license.cfg file, you can change the license server to what it should be (or just set it to an empty string and use VI Client). After modification, restart the management service:

Podcast Junky

Hi, my name is Glenn and I am a Podcast junky.  My addiction reached the point that my wife gave me an IPOD Shuffle specifically for my podcast’s.  I consume between 15 – 20 hours of content a week!  Sounds like a lot I know, but here’s my secret…

I have kids whom I love dearly, but the little buggers took all my study time.  About a year ago I found a couple of techcast and started subscribing… I listen to them whenever I’m in my car, or doing chores around the house.  That my friend is how I stay up to date.  Today I got the latest scoop on ThinApp while I did the dishes.  If you haven’t discovered these little gems check them out who knows you might learn something.

Some of my current subscriptions: 
http://www.cstechcast.com/
http://www.mindofroot.com/
http://powerscripting.net
http://www.runasradio.com/
http://www.grc.com/securitynow.htm

And this little gem I just found TODAY!
http://blogs.vmware.com/vmtn/podcasts/index.html

~Glenn

Remediate this host…

You’re going to update my what?

With the release of ESX 3.5 and VirtualCenter Server 2.5, VMware also released Update Manager. Update Manager is a neat concept…download Windows, windows programs (e.g. firefox, adobe reader, etc), RHEL, and ESX (3.5 only) updates to the update host, then let VirtualCenter Server apply the updates. I can see where the ESX updates would be valuable, however I think any IT department big enough to support a large number of Windows VMs is already going to have a method of deploying updates (i.e., SMS, or whatever you windows admins use). Same for linux shops. So those updates, in my opinion, aren’t as valuable to the enterprise. I do see where small-to-medium businesses, especially those with a very small IT department, would want the advantage of having updates deployed to all VMs via a product they’ve already purchased (ESX) rather than having to buy another MS product (SMS, etc).

ESX is different however. Previously, there was no VMware product (to my knowledge) that allowed for automated update of the ESX hosts. There were some fantastic utilities that were published by the community, but there was no VMware product.

Well, that has changed. Once the Update Manager is installed, you simply tell it to update it’s database and download the updates.

Or is it so simple… What if you are not connected to the internet? What if you are on an isolated network? Well, VMware has what’s called the Update Manager Download Service.

Read more

No wireless networks detected…

I use VMware server on my computers at home. Both of my current systems run Fedora 8, kernel 2.6.25.6-27. I say this because on my laptop I couldn’t configure a VM to use bridged network mode when wlan0 was the only active interface.

After a lot of googling, I came across this post. The post is almost entirely in german, however there is an abbreviated version somewhere in the middle in english.

Normally, I wouldn’t go any further than posting a link, however while I was reviewing some links on my del.icio.us account, I clicked the above, and discovered that the site has a tremendous number of errors. This is bad. It usually means that the site is not well maintained and not long for the internet.

Additionally, the patch that’s posted is slightly out of date. So, I’ve created an updated patch, and I’m going to post some instructions in english here.

Read more

sudo, let me log you doing something stupid

Allow me to step on my security soap box for a moment. I’ve seen in many places around the internet where bloggers will recommend, and explain how, to enable root to login to the console via ssh. I can not tell you enough how bad this is. An attacker no longer needs to guess two passwords to gain root access to the system, but, rather, only one. It is much, much more secure to disallow root access.

Access to the console operating system of ESX should be limited to the absolute minimum. Only users who absolutely need it, and know what they’re doing, should be able to login. From the console, the user has access to all of the configuration and datafiles for virtual machines. With the built-in tools provided by VMware, administrators can mount vmdk files and gain read/write access to a virtual machine’s hard drive. Additionally, because nearly all aspects of the virtual networking configuration can be changed from the console operating system, anyone with access can gain the ability to see all network traffic traveling to and from virtual machines.

Ok, less words, more action…

Read more

276b3df5a92b539b1ea0d9caefc100aaJJJJJJJJJJJJJJJJJJJJJJJJJJ