Perl Toolkit: NFS snapshot fix via rCLI

I dislike having to SSH into each host I am responsible for, and I detest having to enable SSH on ESXi (there should be NO reason for me to have to enable it). Because it’s difficult to script applying the NFS snapshot fix to a lot of hosts using the SSH method (and impossible if you don’t enable it on ESXi), I fooled around with the command that is provided with the rCLI.

I discovered that I can pull certain configuration files for the host using the command, modify them, then replace the configuration file…all without having to SSH to the host! has an excellent list of files available using this method.

All of the commands I use in the below script are available when the rCLI is installed (the rCLI also installs the perl toolkit, so all those “sample” scripts are available to us).

My windows scripting skills are non-existent, so I don’t know how to write a wrapper around the rCLI commands like I can with bash, but these same commands will work if you are using rCLI installed on Windows.

Read more

Change COS memory from command line

A while back I posted about how to change the amount of RAM assigned to the COS using the SDK, however, at that time I didn’t know of a good way to do so from the command line on the box. After some digging around, testing (and consequentially breaking), I’ve discovered how to change the setting.

Turns out, someone else already knew about this (including Dominic, a.k.a vmprofessional…I swear I’ve read that kickstart file a thousand times before and never noticed the code for this)…apparently my google-fu wasn’t working for me when I was trying this before.

Remember, valid values are from 272 to 800 MB.

Perl Toolkit: Adjust Active/Standby NICs for Virtual Switches and Port Groups

I had the need to change the configuration of my ESX hosts so that the virtual switches had a single active and single standby adapter assigned to them. The reason for the need is rather irritating (the IBM I/O modules that we have in these particular blade centers are not really designed to handle a high amount of traffic), and it was causing some issues during vMotions.

This script allows me set the vmnics assigned to a vswitch to the desired active/standby configuration, and additionally allows me to set the port group’s vmnic active/standby policy. In my setup, I use two vSwitches, one for primary COS, vMotion and IP storage, and a second vSwitch for the virtual machines and secondary COS, each vSwitch has two NICs assigned (remember, they’re blade centers…limited network connectivity). In order to avoid vMotion taking all the bandwidth for storage I wanted to separate their traffic onto different NICs, but still provide redundancy.

The way that I accomplish this is by making the default for the vSwitch have, for example, vmnic0 active and vmnic2 standby. I then adjust the vMotion port group so that it has the opposite (vmnic2 active and vmnic0 standby). Redundancy is still present in the event of a NIC failure, but under normal circumstances, the traffic is separate.

Read more

Find VMware snapshots via SDK

Edit 2009-02-09: I’ve updated the script slightly to reflect some errors that were occurring because I suck at regex.

I wanted a quick way of showing all snapshots for the VMs in vCenter using perl, so I spent a few minutes on this script. There are a lot of scripts for creating and deleting snapshots (and a couple to show them) using powershell, but not many using perl. I’m a *nix guy, so I wasn’t really interested in including the ability to send a mail to yourself or others in the script (just create a bash wrapper and use mail/mailx with a cron job) which saved me some time.

Well, after writing this script, I discovered that VMware included this functionality in their sample script, which is included with the Perl Toolkit.

Without further rambling by me, some perl….

Read more

xVM, LDOMs, Zones: Sun’s slightly confusing SPARC virtualization offerings

One of my long term tasks has been to figure out how to effectively virtualize our SPARC infrastructure. Turns out it isn’t as easy as I originally thought it would be, mostly because of Solaris 8 and the fact that I can’t get rid of it :). Don’t ask me why (cause it irritates me to no end…) but I can not convince the stodgy Solaris 8 admins that their binaries will run in Solaris 10 without modification.

Read more

VMDK Partition Alignment when using NFS…is it necessary?

As the Magic 8 Ball sometimes says “Concentrate and ask again”.

I was re-reading the “Recommendations for Aligning VMFS Partitions“, published by VMware, and noticed this paragraph (on page one no less…how did I miss it before?!):

Note: These recommendations are for block-based storage solutions, not those that are IP-based. I/O characteristics on NFS are different from those of Fibre Channel and iSCSI storage systems. Though partition alignment eliminates track crossings and benefits performance on all storage platforms, the throughput improvements in specific types of I/O between SAN, NFS, and iSCSI are different.

(Emphasis added by me.)

This is fairly significant, as many administrators have devoted a large amount of time (especially during template creation) to ensure that their VMs are aligned in order to gain the benefits highlighted in the publication.

Read more

Why you should review VMware KB articles…

I have made a bit of a weekly ritual of spending some time reviewing the knowledge base articles that are updated or created by the VMware documentation team. I usually don’t have time to do it every day, so I am relegated to once a week (although, I just discovered that I can create an rss feed of them here).

Since I was off yesterday, I didn’t get to look at the articles for the last week until this morning. If you don’t care to review the full list, Dave Lawrence does an excellent job of highlighting the best of them each week.

When I did start my review, I came across this article, which has limited applicability, but is extremely important to those of us that it affects. The article is about how the BIOS apparently affects NFS performance for Dell 1950 servers…very important to those it affects, otherwise not important at all.

It’s a good idea to periodically review the knowledge base articles for those that pertain to a small crowd and don’t get wider dissemination like some others, because you never know if one might affect you in a major way.

VIMA and ESX Password Complexity

A few days ago I posted about setting the password complexity and other items for ESX hosts. I generally don’t use VIMA for much, as I don’t have any scripts that require periodic execution without authentication, and the logging aspect of it holds no value for me (I have a syslog server for that…). For some reason (I don’t remember why now) I was fiddling with a script on my VIMA test VM and discovered a strange error…

One thing I’ve discovered about VIMA is that when a command fails (especially the vifp commands) they give entirely useless errors back. I checked the syslog server for entries regarding the ESX host I was trying to add and discovered the following:

Read more

Authentication weirdness…

For some reason, some of my servers have been having trouble with AD authentication. The symptoms were: when logging into the console using an AD enabled account (i.e. an account that should be authenticated by AD), despite providing the correct password the system will return password incorrect. Upon providing the username again, the user is immediately granted access without having to provide a password.

I’m not sure about the provide-once-denied-provide-name-authorized behavior, but after some testing I discovered that the reason that it’s not letting the user in the first time is because the lines for pam_unix and pam_kerberos (pam_krb5 to be exact) in /etc/pam.d/system-auth are reversed. It should have pam_unix before pam_kerberos. I have no clue what is causing these lines to be reversed in the configuration file. I’m configuring all of the authentication and security measures using the esxcfg-... commands so it seems weird that starting with the blade servers this behavior has been exhibited.

Anyway, the fix files: one bash, one awk…

Read more