Vcap5-Dca Cli Studynotes
Vcap5-Dca Cli Studynotes
Vcap5-Dca Cli Studynotes
Resources:
The notes herein are compiled from my own testing as well as below references:
- VMware Documentation CLI Getting Started & CLI Concepts & Examples
- http://www.valcolabs.com/vcap5-dca/
- http://www.virtuallanger.com/vcap-dca-5/
- Other References used are noted in the Section/Objective its used in
SECTION 1
1.1 Implement & Manage Complex Storage
Understand & Apply VMFS Re-Signaturing (pg. 120-121 Storage Guide)
Resignature ESXi assigns a new UUID & label to the copied datastore & mounts it distinctly from the orig
1. Find the snapshotted LUN: esxcli storage vmfs snapshot list
2. Mount w/o resignature: esxcli storage vmfs snapshot mount l LUN_Name (use either
volume label or UUID of Datastore/LUN)
3. Mount with resignature: esxcli storage vmfs snapshot resignature l LUN_Name
4. Straightline Example
esxcli storage vmfs snapshot list
esxcli storage vmfs snapshot mount l LUN_Name OR
esxcli storage vmfs snapshot resignature l LUN_Name
Understand & Apply LUN Masking Using PSA-Related Commands (pg. 162-168 Storage Guide &
http://kb.vmware.com/kb/1009449)
Masking prevents Hosts from accessing certain LUNs or paths to LUNs; this is done by creating a Claim
Rule that assigns the MASK_PATH plug-in to a specified path
Procedure
1. Find device name of the Datastore wanting to hide:
esxcfg-mpath L OR esxcfg-scsidevs -m
2. Check available Claim Rules:
esxcli storage core claimrule list
3. Create a new Claim Rule for each path used by the HBA (4 total) since its probably redundant &
associate the path to the MASK_PATH Plug-in, for example on vmhba33 and vmhba34 ; but this ex
only shows 1 path for 1 HBA:
esxcli storage core claimrule add r 500 t location A vmhba33 C 0 T 1 L
1 P MASK_PATH
4. Load Claim Rule:
esxcli storage core claimrule load
5. Verify Claim Rule was added:
esxcli storage core claimrule list
6. Unclaim Plug-in the device is currently using & associate with newly created Claim Rules:
esxcli storage core claiming reclaim d naa.UUID
7. Run the path Claim Rules:
esxcli storage core claimrule run
8. Verify Mask applied: Host > Configuration tab > Storage > Refresh the view, then Rescan
a. Verify via Shell: esxcfg-scsidevs -m ; to see all Masked LUNs: esxcfg-scsidevs -c
b. Also can check if its active: esxcfg-mpath -L | grep naa.UUID
9. To delete a Claim Rule:
esxcli storage core claimrule remove r 500
10. Straightline Example given on pg. 168 (& below)
esxcfg-scsidevs -m
esxcli storage core claimrule list
esxcli storage core claimrule add r 500 t location A vmhba33 C 0 T 1 L
1 P MASK_PATH (run for each path, e.g. the 2
nd
rule (-r 501) would have -C1 -T 1 -L 1)
esxcli storage core claimrule load
esxcli storage core claimrule list
esxcli storage core claiming reclaim d naa.UUID
esxcli storage core claimrule run
esxcli storage core adatper rescan A vmhba33
11. To fully unclaim
esxcli storage core claimrule remove 500
esxcli storage core claimrule remove 501
esxcli storage core claimrule load
esxcli storage core claiming unclaim t location A vmhba33 C 0 T1 L 1
esxcli storage core claiming unclaim t location A vmhba33 C 1 T1 L 1
esxcli storage core adatper rescan A vmhba33
Analyze I/O Workloads to Determine Storage Performance Requirements
vscsiStats via Shell access
1. Start a capture by gathering VM world ID: vscsiStats -l
2. Run against the VM using the WID captured above: vscsiStats w ID
3. Print the output to screen & specify output type: vscsiStats p all (or latency, seekDistance,
outstandingIOs, etc.)
4. Redirect output to a file: vscsiStats p latency > c:\vm01.txt
5. Stop the capture: vscsiStats x
6. Reset vscsiStats: vscsiStats r
7. Straightline Example
vscsiStats l
vscsiStats w ID
vscsiStats p all OR vscsiStats p latency > c:\vm01.txt
vscsiStats x
vscsiStats r
Identify & Tag SSD Devices (pg. 142-146 Storage Guide)
Identify device to be tagged: esxcli storage nmp device list (note the SATP of the device)
Add a PSA claim rule to mark device as SSD (specifying device [i.e. the naa.### name], vendor/model,
protocol, driver)
1. esxcli storage nmp satp rule add s SATP d naa.UUID o enable_SSD
2. -V vendor_name -M model_name ; --transport transport_protocol; --driver
driver_name
3. Unclaim the device (by device, vendor, driver, etc.): esxcli storage core claiming unclaim
-t device d naa.UUID
4. Load then Run ClaimRule: esxcli storage core claimrule load then esxcli storage
core claimrule run
5. Verify tag took: esxcli storage core device list d naa.UUID and verify if Is SSD is
shown as true
esxcli storage core device list
esxcli storage nmp device list
esxcli storage nmp satp rule add s VMW_SATP_DEFAULT_AA -d naa.UUID o
enable_SSD
esxcli storage core claiming unclaim t device d naa.UUID
esxcli storage core claimrule load
esxcli storage core claimrule run
Administer Hardware Acceleration for VAAI (pg. 174- Storage Guide)
Display VAAI plugin: esxcli storage core plugin list c VAAI
Display VAAI filters: esxcli storage core plugin list -c Filter
If VAAI is listed, can display its status: esxcli storage core plugin list N Filter
Display whether a device supports VAAI: esxcli storage core device list d naa.UUID
1. VAAI details: esxcli storage core device vaai status get d naa.UUID
Create Claim Rule for VAAI Filter: esxcli storage core claimrule add c Filter P
VAAI_FILTER t Vendor V vLabs u
Create Claim Rule for VAAI Plugin: esxcli storage core claimrule add c VAAI P
VMW_VAAI_VLABS t vendor V vlabs u f
Load Filter: esxcli storage core claimrule load c Filter
Load Plug-in: esxcli storage core claimrule load c VAAI
Run Filter Claim Rules: esxcli storage core claimrule run c Filter
Run Plug-in Rules: esxcli storage core claimrule run c VAAI
Perpare Storage for Maintenance
To perform VMFS maintenance
1. Unmount if VMs are pwrd off: esxcli storage filesystem unmount l datastore_name
Upgrade VMware Storage
esxcli storage vmfs upgrade -l datastore_name
1.2 Manage Storage Capacity in vSphere
Identify Storage Provisioning Methods
Create a VMFS: vmkfstools -C vmfs5 -S datastore_name /vmfs/volumes/naa.UUID
Create a NFS:
1. esxcli storage nfs list
2. escxli storage nfs add H 10.100.1.5 s /nfs/volume_name v
datastore_name
Inflate VMDK from Thin to Thick: vmkfstools j path_to_vmdk_to_inflate
Create a virtual disk: vmkfstools c 10G d thin a lsilogic_sas
/vmfs/volumes/datastore_name/vm_name/vmdk.name
1. Great vmkfstools examples on pg. 202-210 of the Storage Guide
Apply Space Utilization Data to Manage Storage Resources
Cmd Line displays: df -h OR df -h | awk /VMFS*/ || /NFS/
1.3 Configure & Manage Complex Multipathing & PSAs
Install & Configure PSA Plug-Ins
Shell (Putty, vMA, vCLI):
1. Download 3
rd
Party Bundle (zip file), extract the contents, then copy to Host (i.e. in the /tmp
directory) using tool like WinSCP
2. Migrate VMs off Host & place Host in Maintenance Mode
3. Install the Bundle: esxcli software vib install d /tmp/file.xml
4. Reboot the Host
Set new default PSA
1. List current PSAs: esxcli storage nmp satp list
2. Change default PSP for a given SATP: esxcli storage nmp satp set s VMW_SATP_CX
P VMW_PSP_RR
3. Reboot Host
Change SATP for a device
4. Create Claim Rule: esxcli storage nmp satp rule add s VMW_SATP_CX d naa.ID
5. List Claim Rules to be sure it was added: esxcli storage nmp satp rule list s
VMW_SATP_CX
Straightline Example
cd to directory where Bundle is downloaded onto Host
esxcli software vib install d /tmp/file.xml
Reboot Host
esxcli storage nmp satp list
esxcli storage nmp satp set s VMW_SATP_CX P VMW_PSP_RR
Reboot Host
esxcli storage nmp satp rule add s VMW_SATP_CX d naa.UUID
esxcli storage nmp satp rule list s VMW_SATP_CX
Perform Command Line Configuration of Multipathing Options
List device details: esxcli storage nmp device list d naa.UUID
Change a device PSP: esxcli storage nmp device set d naa.UUID P VMW_PSP_FIXED
List Claim Rules: esxcli storage core claimrule list
Display PSA Plugins: esxcli storage core plugin list
Display PSPs: esxcli storage nmp psp rule list
Display SATPs: esxcli storage nmp satp list
Set a preferred path on a device: esxcli storage nmp psp fixed deviceconfig set d
naa.UUID p vmhba32:C:0T:1:L1
1. Verify the change took: esxcli storage nmp psp fixed deviceconfig get d
naa.UUID
Customize RR plugin: esxcli storage nmp psp roundrobin deviceconfig set d
naa.UUID I 2500 t iops
1. Change back to default: esxcli storage nmp psp roundrobin deviceconfig set d
naa.UUID t default
2. NOTE: items that can be changed are -B for bytes, -I for IOPS, -U to allow RR to use an active
non-optimal path
@joshcoen has a nice video at valcolabs.com/vcap5-dca on Obj 1.3 going over cmd line MPP options
Configure Software iSCSI Port Binding (pg. 78 Storage Guide)
Port Bind: esxcli iscsi networkportal add -A vmhba33 -n vmk4
SECTION 2
2.1 Implement & Maintain Complex Virtual Networks
Configure SMNP
Host can only be configured via cmd-line (pg. 135 of CLI Concepts & Examples Guide)
1. Straightline Example:
vicfg-snmp show
vicfg-snmp c public
vicfg-snmp p 162
vicfg-snmp t 192.168.199.5@162/public
vicfg-snmp E
vicfg-snmp show
vicfg-snmp test
*NOTE there is a .pl extension part of the vicfg command that must be used when vCLI is run directly on
Windows. Also, to prevent the use of clear text username/pwd, a session file can be used in place of the --
username --password parameters. See the CLI Getting Started Guide for procedures to create a session
file. The .pl is not needed if using vMAjust cd to /sbin
Determine Use Case For & Apply VMDirectPath I/O
Check if IOMMU is enabled by running the following cmd in vCLI: vicfg-module l
Configure vSS & vDS via Command-Line (pg. 112-123 CLI Concepts & Examples)
Use esxcli network and vicfg-<vswitch, snmp, ntp, dns, vmknic>.pl tools
Examples:
1. NOTE: Commands using esxcli assume Putty directly to a Host; if using vMA <conn options>
may need to be used to target a Host
2. List interfaces (i.e. vmks), MAC, & MTU size: esxcli network ip interface list
3. List individual interface chars (IP): esxcli network ip interface ipv4 get i vmk0
4. Add VMkernel interface: esxcli network ip interface add I vmk5 p VMotion
5. List vSS(s) & their properties: esxcli network vswitch standard list
6. List vDS: esxcli network dvs vmware list
7. Add/Delete a vSS (substitute add with remove): esxcli network vswitch standard add v
vSwitch2 -ports 128
8. Set MTU for vSS: esxcli network vswitch standard set -mtu=9000 v vSwitch2
9. Set CDP: esxcli network vswitch standard set -cdp-status=both v vSwitch2
10. List PortGroups: esxcli network vswitch standard portgroup list
a. Add PG: esxcli network vswitch standard portgroup add p VMotion v
vSwitch2
11. Set a PG VLAN: esxcli network vswitch standard portgroup set p VM01 v 101
12. List pNIC info: esxcli network nic list
a. Get individual vmnic info: esxcli network nic get n vmnic#
b. Bring down an adapter (or up): esxcli network nic down n vmnic#
c. Change adapter settings: esxcli network nic set -<option> n vmnic#
13. Add uplink to a PG (use del-pg for removing PG): vicfg-vswitch <conn options> --add-pg-
uplink vmnic3 -pg NFS vSwitch2
14. vDS CLI commands are limited; most configurations need to be done using the GUI
a. Add/remove uplink port: vicfg-vswitch -add-dvp-uplink vmnic5 -dvp
FT_dvPortGroup Lab_dvSwitch
Analyze Command-Line Output to Identify vSS & vDS Details
Two commands that list vSS & vDS info:
1. esxcli network vswitch standard list
2. esxcli network dvs vmware list
Determine Appropriate Discovery Protocol
CDP is the only protocol available for vSS and is in listen mode by default
View current CDP configuration: vicfg-vswitch b vSwitch0
Change CDP config (options = both, advertise, listen): vicfg-vswitch B both vSwitch0S
View current CDP using esxcli : esxcli network vswitch standard list
Change CDP using esxcli : esxcli network vswitch standard set c both v vSwitch2
2.2 Configure & Maintain VLANs & PVLANs & Settings
Use Command-Line Tools to Troubleshoot & Identify VLAN Configurations
Use esxcli network and vicfg-vswitch.pl tools
Examples (from previous section):
1. Enable: esxcli network vswitch standard portgroup set p IPStorage1 v 101
2. Disable: esxcli network vswitch standard portgroup set p IPStorage1 v 0
2.3 Deploy & Maintain Scalable Virtual Network
Identify Network Protocols (see: http://kb.vmware.com/kb/1012382)
Most common:
1. 21 FTP
2. 22 SSH
3. 23 Telnet
4. 53 DNS
5. 80 HTTP
6. 88 Kerberos
7. 123 NTP
8. 161 SNMP (UDP)
9. 389 LDAP
10. 443 HTTPS; vSphere Client to vCenter & Host; vCenter to Host
11. 902 Host to Host; Client to VM Console
12. 903 Client to VM Console
13. 1234 vSphere Replication
14. 2049 NFS
15. 3260 iSCSI
16. 5989 CIM
17. 8000 vMotion
18. 8100 FT
19. 8182 HA
20. 9000 Update Manager
2.4 Administer vDS Settings
Understand the Use of Command-Line Tools to Configure Appropriate vDS Settings on a Host
The use esxcli network and vicfg-<vswitch, snmp, ntp, dns, vmknic>.pl tools were
discussed in previous sectionsreview them
SECTION 3
3.1 Tune/Optimize vSphere Performance
3.2 Optimize Virtual Machines
Calculate Available Resources
Cluster Resources: Summary tab > vSphere DRS box > Resource Distribution link to view CPU & RAM in %
or MHz/MB
Host > Summary tab > Resources box to view CPU & RAM Host utilization
1. Can also use ESXTOP
2. CPU Metrics:
a. %PCPU USED % of each physical core utilized by the logical core multiplied by turbo mode
b. %PCPU UTIL % utilization of logical cores
c. %USED % of pCPU core cycles used by a group of worlds (processes)
d. %SYS % of time spent in the VMkernel processing requests
e. %RDY % of time the group was ready to run but CPU resources not available to handle requests
f. %WAIT % of time the group was in a clocked or wait state
3. RAM Metrics:
a. PMEM/MB amount of pMEM installed; PMEM represents amt of RAM actively used by the
Host; vmk represents amt of RAM used by the VMkernel; Free = how much Host RAM free to
service requests
b. VMKMEM/MB rsvd & ursvd (reserved/unreserved)
c. NOTE: PMEM free should be higher than VMKMEM ursvd
4. VM Resources: VM > Resource Allocation tab; Allocated, Consumed, Ballooned, & Active utilization
3.3 Implement & Maintain Complex DRS
3.4 Utilize Advanced vSphere Performance Monitoring Tools
Identify Hot Keys & Fields Used With resxtop/esxtop
C = CPU, D = Disk Adapter, M = Memory, N = Network, P = Pwr Mgmt, U = Disk Device, V = Disk VM
1. NOTE: F = modify columns used; O = modify column order; S = modify refresh time in secs
2. When in a mode (CPU, Adapter, etc.), you can sort by certain headings (READ, WRITE, etc.) by using
a capital or small R/r (read) or T/w (write); default sort can be returned by capital N
3. s for refresh interval in seconds & q to quit
Identify Fields Used With vscsiStats
See below (Using vscsiStats item)
Configure resxtop/esxtop Custom Profiles (pg. 60 Monitor & Perf Guide)
SSH to Host, go through each display (c, d, m, etc.) and modify the view as desired; when done type W,
then type the path & name of the modified config/views (i.e. /tmp/.vcap5conf)
To run the custom profile, type: esxtop -c /path/to/filename.conf
Determine Use Cases For & Apply resxtop/esxtop Interactive, Batch, & Replay Modes
Interactive Mode (default Mode) Real-time Host monitoring; typing esxtop is all thats required (pg.
46 Monitor & Perf Guide)
Batch Mode Used to track metrics over time (history) down to 2second intervals (vCenter = 20secs);
(pg. 60 Monitor & Perf Guide)
1. -b = batch mode, -d = delay in seconds, -n = number of iterations (x delay = total), > = export
filename
2. Sample command: esxtop -b -d 2 n 400 > vcap5dcabatch.csv.gz
Replay Mode Capability to use a vm-support generated bundle to run esxtop against (pg. 61
Monitor & Perf Guide)
1. -p = collect performance snaps, -i = collection interval in secs, -d = duration
2. Generate a Support Bundle: vm-support -p -i 10 -d 60 (see: http://kb.vmware.com/kb/1967)
3. The path of the bundle will be displayed when the task is completed (i.e. /var/tmp/.)
4. cd to path displayed & unpack the newly created file: tar -xzf /var/tmp/NameOfFile.tgz
5. Reconstruct files if needed:
a. cd /var/temp/<path of bundle>
b. ./reconstruct.sh
6. Enter Replay Mode: esxtop R /var/tmp/<path of bundle>
Use vscsiStats to Gather Storage Performance Data (see: http://communities.vmware.com/docs/DOC-10095)
Get worldGroupID of the VM wanting to collect data against: vscsiStats -l
Start the collection: vscsiStats -w 811625 s (runs on ALL VMDKs of the VM with ID 811625)
1. vscsiStats -w 811625 -i 8422 s (runs on specific VMDK of the VM; can get ID in 1
st
step)
2. To view onscreen: vscsiStats -w 811625 -i 8422 p all (or ioLength, seekDistance, latency,
instead of all)
3. To export to a file: vscsiStats -w 811625 -i 8422 p all -c >
/tmp/vcap5vscsiStats.csv
4. To stop vscsiStats collection on ALL VM disks: vscsiStats -w 811625 -x
5. See here: http://www.vmdamentals.com/?p=722, for a tool to import the stats in a 3D chart
6. Straightline Example
vscsiStats -l
vscsiStats -w 811625 s
vscsiStats -w 811625 -i 8422 s
vscsiStats -w 811625 -i 8422 p all
vscsiStats -w 811625 -i 8422 p all -c > /tmp/vcap5vscsiStats.csv
vscsiStats -w 811625 -x
vscsiStats -w 811625 -r
Use resxtop/esxtop to Collect Performance Data
Using Batch Mode, run a 5-second interval collection for 10mins determine the iteration (i.e. -n) by
using this formula: ([minutes x 60] / delay) ([10 x 60] / 5) = 120, so:
esxtop b d 5 n 120 > /tmp/vcap5dcabatch.csv
Given resxtop/esxtop Output, Identify Relative Performance Data for Capacity Planning Purposes
Interpreting CPU metrics see: http://kb.vmware.com/kb/1017926
1. PCPU UTIL% - Avg below 60%
Memory
1. State High (> 6% Memory Free), Soft (4-6% Free), Hard (2-4% Free), Low (< 2% Free)
a. High = goodsufficient free memory to where Host not under contention
b. Low = badminimal amt of free memory left; Host is in contention
2. MEMCTL/MB if above 0, ballooning is going on; some ballooning is normalconsistent is not
3. SWAP/MB if above 0, swapping is going on (State is typically at Hard or Low)
a. r/s and w/s should be close to 0
Disk
1. Determine IOPS per VM by looking at READS/s & WRITES/s
2. DAVG (latency ouside the guest/hypervisor) typically > 15ms
3. KAVG (VMkernel) typically > 1ms
4. GAVG (guest; DAVG + KAVG)
SECTION 4
4.1 Implement & Maintain Complex HA Solutions
Configure Customized Isolation Response Settings
Typically for each VM
Cluster > Edit Settings > vSphere HA > Virtual Machine Options, select Host Isolation Response from the
drop-down (Use Cluster, Leave Powered On, Power Off, Shut Down)
Advanced Settings: Cluster > Edit Settings > vSphere HA > Advanced Options button
1. das.isolationaddress(#) can add up to 10 (i.e. #) gateway addresses
2. das.usedefaultisolationaddress true (1) or false (0)
3. das.isolationshutdowntimeout specifies amount of time (in secs) to wait for a guest shutdown
process before HA forceably powers off a VM
4.2 Deploy/Test FT
SECTION 5
5.1 Implement & Maintain Host Profiles
5.2 Deploy/Manage Complex VUM Environments
Identify Firewall Access Rules for Update Manager
Ports (see: http://kb.vmware.com/kb/1004543):
1. 80 VUM connects to vCenter
2. 443 Outbound from VUM Server to obtain metadata
3. 902 Push patches from VUM to ESXi Hosts
4. 1433 - VUM SQL DB
5. 1521 VUM Oracle DB
6. 8084 VUM Client Plug-In to VUM SOAP
7. 9084 ESXi Host to VUM Web Server
8. 9087 VUM Client Plug-In to VUM Web Server (uploading host upgrade files)
9. 9000-9100 alternative to 80/443 for outbound connection
Install & Configure Update Manager Download Service (pg. 56 Install/Administer Update Mgr Guide)
After the GUI install, open a CMD prompt and cd to the UMDS directory
1. C:\Program Files (x86)\VMware\Infrastructure\Update Manager
2. Specify Host & Virt Appliance Updates: vmware-umds -S --enable-host --enable-va
3. Specify Host & no Virt Appliance Updates: vmware-umds -S --enable-host --disable-va
4. Specify Virt Appliance & no Host Updates: vmware-umds -S --disable-host --enable-va
5. Specify Only ESXi5.x Updates:
vmware-umds -S --disable-host vmware-umds -S -e embeddedESX-5.0.0
6. Change the download path folder location: vmware-umds -S --patch-store
C:\new\Download\Path
7. Download updates/patches: vmware-umds -D
Utilize Update Manager PowerCLI to Export Baselines for Testing (pg. 155-158 Install/Administer VUM Guide; it is 1
long script!)
Basically, create a Fixed patch Baseline then scan/remediate Hosts
Use the CLI script on pg. 156 to export the patch Baseline from VUM to another VUM (i.e. a test
environment VUM server)
SECTION 6
6.1 Configure, Manage, Analyze vSphere Logs
Indentify vCenter Server Log File Names & Locations (see: http://kb.vmware.com/kb/1021804)
Location: C:\ProgramData\VMware\VMware VirtualCenter\Logs
Names:
1. vpxd-##.log main vCenter log (highest # = most current)
2. vpxd-profiler-##.log vCenter operations profiled metrics; can be viewed in VOD dashboard
site (https://vctr/vod/index.html)
3. cim-diag.log & vws.log Common Interface Model info
4. drmdump in its own folder; DRS info
Indentify ESXi Log File Names & Locations (see: http://kb.vmware.com/kb/2004201)
/var/log/auth.log ESXi Shell authentication success & failure
/var/log/dhclient.log DHCP client service
/var/log/esxupdate.log ESXi patch & update installation logs
/var/log/hostd.log Host Mgmt service logs including VM & Host Tasks/Events, communication
with vSphere Client & vCenter vpxa agent
/var/log/shell.log ESXi Shelll usage logs, including every command entered & enable/disable
/var/log/sysboot.log VMkernel startup & module loading
/var/log/boot.gz Compressed file containing boot log info
/var/log/syslog.log Mgmt service initialization, watchdogs, sched tasks, & DCUI use
/var/log/usb.log USB device arbitration events (discovery & pass-through)
/var/log/vob.log VMkernel Observation events
/var/log/vmkernel.log Core VMkernel logs including device discovery, storage, networking,
driver events, & VM startup
/var/log/vmkwarning Summary of Warning & Alert msgs (excerpted from vmkernel log)
/var/log/vmksummary Summary of ESXi Host startup & shutdown, hourly heartbeating, # of VMs
running, & service resource consumption
/var/log/vpxa.log vCenter Server agent logs
/var/log/fdm.log vSphere HA logs produced by fdm service
Identify Tools Used to View vSphere Logs
vCenter Home > Administration > System Logs , or a txt editor (Notepad/Wordpad)
Putty
vMA
Generate vCenter Server & ESXi Log Bundles
Simply open Putty & type vm-support to generate a report in the current working directory; to change
the working directory where bundle is saved: vm-support w /tmp
Use esxcli system syslog to Configure Centralized Logging on ESXi Hosts (see:
http://kb.vmware.com/kb/2003322)
Also, see last item below
Test Centralized Logging Configuration
SSH to a Host and run: esxcli system syslog mark --message=vcap5-test-configuration
Open syslog.log on vCenter & check to see if msg is entered (Syslog Collector path =
C:\ProgramData\VMware\VMware Syslog Collector\Data\192.168.199.11\syslog.log (IP is
of originating ESXi Host)
Analyze Log Entries to Obtain Configuration Information
SSH to Host, cd to /var/log and then either more or vi name.log to view information
1. NOTE if vi into log, type :q or :q! to exit the editor without saving; use Page Up or Down to scroll
Analyze Log Entries to Identify & Resolve Issues
Enter log as described above, then search for items in vi by typing /<KeyWordForSearch>
1. The forward slash is needed but dont use a space after it nor the brackets
Install & Configure VMware Syslog Collector & ESXi Dump Collector (pg. 214-215 & pg. 86-88 vSphere Install &
Setup Guide)
ESXi Dump Collector (2 parts) See: http://youtu.be/GtCxmZi_xas & http://youtu.be/AvN7DcD2_ps , as
well as VMware blog: http://blogs.vmware.com/vsphere/2011/07/setting-up-the-esxi-50-dump-
collector.html
1. Install ESXi Dump Collector from vCenter Server Install
2. After the install, SSH (Putty) to each Host
3. esxcli system coredump network get
4. esxcli system coredump network set -i 192.168.199.5 v vmk0 o 6500
5. esxcli system coredump network set -e true
6. esxcli system coredump network get to verify settings
Syslog Collector See: http://www.boche.net/blog/index.php/2011/07/23/configure-a-vcenter-5-0-
integrated-syslog-server/ as well as VMware blog: http://blogs.vmware.com/vsphere/2011/07/setting-
up-the-esxi-syslog-collector.html
1. Install VMware Syslog Collector from vCenter Server Install
2. After the install, SSH (Putty) to each Host
3. esxcli system syslog config get
4. esxcli system syslog config set --loghost=192.168.199.5
5. esxcli system syslog config reload
6. esxcli system syslog config get to verify settings
Other syslog settings can be configured (rotation size, # of rotations) as well; see pg. 134 CLI Examples
In vCenter, select Host > Configuration tab > Software box > Security Profile link, Firewall then Properties
hyperlink and enable (check) outgoing syslog traffic
1. Or, using esxcli type: esxcli network firewall ruleset set --ruleset-id=syslog -
-enabled=true then esxcli network firewall refresh
6.2 Troubleshoot CPU & Memory Performance
Identify resxtop/esxtop Metrics Related to Memory & CPU
CPU
1. %RDY (> 5-10) amt of time a VM vCPU was ready to perform an operation but couldnt get
scheduled by the Host pCPU
2. %USED percentage of the Hosts pCPU cycles being used by a VM. If high along with queueing,
then probably an issue (not a high value itself). %RDY & %USED high indicative Host is overcommitted
3. %WAIT amt of time VM spent in a blocked or busy wait state, likely waiting for a VMkernel
operation; this amt also includes idle time
4. %MLMTD (> 0) idle time due to a configured vCPU limit; usually suggests to disable the limit if able
5. %CTSP (> 3) amt of time a SMP VM was ready to run but experienced delay due to vCPU contention
6. PCPU UTIL% (> 90-95%)
7. %SWPWT (> 3) amt of time a world spends waiting on vmkernel memory swapping
Memory
1. PMEM/MB total amt of phys memory installed in the Host
2. VMKMEM/MB amt of phys memory actively being used by the VMkernel
3. PSHARE/MB amt of memory being saved utilizing TPS
4. SWAP/MB amt of aggregate memory being swapped by all VMs
5. MEMCTL/MB memory ballooning stats for the Host; cure = current amt being reclaimed, target =
how much Host would like to reclaim, max = max amt of aggregate memory the Host can reclaim
a. MCTLSZ (> 0) amt of VM phys memory actually reclaimed by balloon driver
b. MCTLTGT amt of VM phys memory that can be reclaimed
1) NOTE: If MCTLTGT > MCTLSZ then balloon inflates; if MCTLTGT < MCTLSZ then balloon
deflates
c. MCTL Y or N (is balloon driver active)
6. CACHEUSD amt > 0 means Host has compressed memory
7. ZIP (> 0) Host is actively compressing
8. STATES = High, Soft, Hard, Low (i.e. Best, Ok, Not Good, Severely low free RAM)
9. NOTE: Superb discussion on memory mgmt here: http://www.van-lieshout.com/2009/04/esx-
memory-management-part-1/ (also has parts 2 and 3, which is the real meat of the discussion IMO)
6.3 Troubleshoot Network Performance/Connectivity
Identify vCLI Commands & Tools Used to Troubleshoot vSphere Networking Configurations
3 Types can be used with vCLI:
1. esxcfg- : See all vicfg commands listed below
2. esxcli network command
3. vicfg- :
a. vswitch
b. vmknic
c. switch
d. snmp
e. route
f. ntp
g. nics
Identify Logs Used to Troubleshoot Network Issues
DHCP issues: /var/log/dhclient.log
Network driver/device issues: /var/log/hostd.log , & vmkernel.log
vCenter issues: /var/log/vpxa.log
Utilize vCLI Commands to Troubleshoot ESXi Network Configurations
Using esxcli network & the vicfg- & esxcfg- commands you can list & view & set networking
items
Utilize DCUI & ESXi Shell to Troubleshoot, Configure, & Monitor ESXi Networking
The DCUI can only be accessed directly at the host, or via iLO, IPMI, or via IP KVM to be able to do the
following:
Shell type busybox to see some high-level commands that can be used in /sbin ; esxcfg &
esxcli commands can be used
1. For direct Shell (DCUI) access, press ALT+F1 then enter root credentials. Type exit when done, then
ALT+F2
6.4 Troubleshoot Storage Performance/Connectivity
Identify Logs Used to Troubleshoot Storage Issues
/var/log/vkernel.log directory
Use esxcli to Troubleshoot Multipathing & PSA-Related Issues (pg. 45-46 vCLI Concepts & Examples, pg. 160-
170 Storage Guide)
Dont know exactly what this could be, but you can use esxcli to list many storage & PSA items, some
of which I have done so below; then, you can make changes to a device, add claimrules, or change the
default PSP for a SATP (a lot of storage-related cmds were discussed in 1.1)
esxcli storage fileystem list
esxcli storage core device list
esxcli storage core adapter list
esxcli storage core path list (about the same as 2
nd
item above)
esxcli storage core path set option path vmhba#:C#:T#:L#
Get list of PSPs for the Host: esxcli storage core plugin registration list --plugin-
class="PSP"
Get list of SATPs for the Host: esxcli storage nmp satp list
Get list of storage device characteristics for the Host: esxcli storage nmp device list
Add a claimriule: esxcli storage core claimrule add r 500 t vendor V NewVend M
NewMod P NMP , then load it: esxcli storage core claimrule load
1. To remove a claimrule: esxcli storage core claimrule r 500 then load it: esxcli
storage core claimrule load
Set a new default PSP for a SATP
1. List SATPs & the corresponding PSPs: esxcli storage nmp satp list
2. Change the default PSP: esxcli storage nmp satp set s VMW_SATP_CX p VMW_PSP_RR
3. Reboot the Host
Assign a new SATP (usually 3
rd
Party) to a device/LUN: esxcli storage nmp satp rule add s
VMW_SATP_CX d naa.UUID
Change PSP for a device
1. List device details: esxcli storage nmp device list d naa.UUID
2. Change PSP for the device: esxcli storage nmp device set d naa.UUID -P VMW_PSP_RR
View configurations for a device based on its PSP: esxcli storage nmp psp roundrobin
deviceconfig get d naa.UUID
1. Cmd above I used roundrobin but can substitute generic or fixed depending on PSP used for
the device
Set a preferred path for a device
1. Change to different channel or target or LUN: esxcli storage nmp psp fixed
deviceconfig set d naa.UUID -p vmhba32:C0:T1:L0
2. Verify change: esxcli storage nmp psp fixed deviceconfig get d naa.UUID
3. Reset the device configured preferred path back to default: esxcli storage nmp psp fixed
deviceconfig set d naa.UUID -E
4. Verify change: esxcli storage nmp psp fixed deviceconfig get d naa.UUID
Use esxcli to Troubleshoot VMkernel Storage Module Configurations
I think this goes back to the management of MPPs, etc. (not much in Storage Guide pg. 147-149)
Possibly use: esxcli system module list to list modules & see if loaded & enabled
Use esxcli to Troubleshoot iSCSI-Related Issues (pg. 57-58 & 62-80 CLI Concepts & Examples)
Use esxcli iscsi namespace
1. See if Software iSCSI is enabled: esxcli iscsi software get
2. Enable Software iSCSI: esxcli iscsi software set -e
3. List adapter associated with iSCSI: esxcli iscsi adapter list
Use esxcli network namespace
Troubleshoot NFS Mounting & Permission Issues (pg. 49 CLI Concepts & Examples has a few general cmds)
Use esxcli storage nfs command/namespace (list, add, remove)
Also, see KB: http://kb.vmware.com/kb/1003967
Use esxtop/resxtop & vscsiStats to Identify Storage Performance Issues
Reminder of metrics & values to look out for:
1. DAVG device latency (at the array); > 25
2. KAVG VMkernel latency; > 2
3. GAVG Guest latency, which is sum of DAVG & KAVG (i.e. DAVG + KAVG); > 25-30
4. CONS/s iSCSI Reservation Conflicts per second; > 20
Refer back to 3.4 for procedure to run/gather data with vscsiStats
Also, see again: http://thefoglite.com/2012/08/07/vscsistats/
Configure & Troubleshoot VMFS Datastores Using vmkfstools (pg. 201 Storage Guide)
There are options for File Systems, Virtual Disks, & Devices
Create a new VMFS: vmkfstools -C vmfs5 -b 1m -S my_vmfs
/vmfs/devices/disks/naa.UUID:1
Upgrade an existing VMFS from v3 to v5: vmkfstools -T /vmfs/volumes/UUID
Create a Virtual Disk: vmkfstools -c 2048m /vmfs/volumes/myVMFS/win2k3-01_2.vmdk (or, just
browse to the full VM VMFS path [i.e. /vmfs/volumes/iSCSI1/win2k3-01/ ] then run: vmkfstools -c
2048m win2k3-01_2.vmdk , which creates a 2
nd
hard disk named win2k3-01_2.vmdk for the VM)
Rename Virtual Disk: vmkfstools -E --renamevirtualdisk OldName NewName
Delete a Virtual Disk: vmkfstools -U win2k3-01_02.vmdk
List a VMFS datastore attributes: vmkfstools -P /vmfs/volumes/iSCSI1 -h
Troubleshoot Snapshot & Re-Signaturing Issues
Refer back to 1.1
Use: esxcli storage vmfs snapshot namespace ( list , mount , resignature )
Analyze Log Files to Identify Storage & Multipathing Problems
Probably find info in /var/log/vmkernel.log
6.5 Troubleshoot vCenter & Host Mgmt
Identify CLI Commands & Tools Used to Troubleshoot Mgmt Issues
Troubleshoot vCenter Server Service & DB Connection Issues (For this, I used: http://kb.vmware.com/kb/1003926)
Modify ODBC Connection DB Server Username/Pwd; verify correct DB is connected
1. Cmd prompt to: C:\Progam Files\VMware\Infrastructure\VirtualCenter Server & run
vpxd.exe p
Critical folders may be missing (i.e. /sysprep or /diagnostics); reinstall VC or recreate folders
Look in vCenter Logs here: C:\Programdata\VMware\VMware VirtualCenter\Logs\
Troubleshoot the ESXi Firewall
Use esxcli network firewall command/namespace to view & set rules, etc. (see KB:
http://kb.vmware.com/kb/2005284)
1. esxcli network firewall ruleset list to list all firewall rulesets
Enable the firewall: esxcli network firewall set enabled true
Troubleshoot ESXi Host Mgmt & Connectivity Issues
Restart Host & vCenter services: service mgmt-vmware restart (hostd) and service vmware-
vpxa restart
Check the /var/log/hostd.log
Run /etc/init.d/hostd status to check the hostd status
Check the /var/log/vmware/vpxa.log
Utilize the DCUI & ESXi Shell to Troubleshoot, Configure, & Monitor an Environment
This has already been covered in previous sections
SECTION 7
7.1 Secure Hosts
Identify Configuration Files Related to Network Security
/etc/vmware/esx.conf file has firewall services
/etc has dhclient-#.conf , host.conf, nsswitch.conf, etc.
Customize SSH Settings for Increased Security
See KB: http://kb.vmware.com/kb/1017910 , to enable TSM Local and Remote SSH via DCUI
Or, via vSphere Client > Configuration tab > Software box, Security Profile link, Properties hyperlink by
Services section, click SSH and ESXi Shell Options button to Start the service(s)
Cmd line: vim-cmd hostsvc/start_esx_shell and vim-cmd hostsvc/enable_ssh then vim-
cmd hostsvc/start_ssh
Generate ESXi Host Certificates (pg. 72 Security Guide)
Put Host in Maintenance Mode
Log into ESXi Shell (DCUI or Putty, not vMA..gave me access denied errors upon chging files)
Rename & backup existing certs:
1. cd /etc/vmware/ssl
2. mv rui.crt orig.rui.crt
3. mv rui.key orig.rui.key
Generate Certificate: /sbin/generate-certificates
Restart the Host
1. Or place Host in Maintenance Mode, generate new Cert, then run: /etc/init.d/hostd restart
2. vCenter will probably not recognize the Hosts new cert and will disconnect the Host; rt-click the
Host > Connect, then re-enter credentials to re-add the Host back to vCenter
3. Compare timestamps of new certs with the backed up ones to confirm new certs: cd
/etc/vmware/ssl then ls la
Once Host is re-added, then Exit Maintenance Mode
Replace Default Certificate with CA-Signed Certificate (pg. 32-39 vSphere Examples & Scenarios Guide)
Rename the original rui.cert & rui.key files as noted in the Generate New Certs section above
CMD Prompt & cd to the openssl directory (i.e. cd c:\openssl-win32\bin)
Edit the openssl.cfg file in C:\openssl\bin
1. Modify [ CA_Default ]: dir = .
2. Modify [ req ] change: default_bits = 1024 (or 2048 if CA server requires it)
3. Modify [ req ] change: default_keyfile = rui.key
Generate Custom Cert
1. Open OpenSSL via cmd prompt & cd c:\openssl\bin (NOTE: if not logged on as an admin, run
cmd prompt as admin)
2. Generate key: openssl genrsa 1024 > rui.key
3. Generate Cert: openssl req new nodes out rui.csr config openssl.cfg
4. Enter appropriate information as its required
5. Open the .csr with a text editor, copy it & submit to a CA
6. Once received back, rename the file as rui.crt file & generate the .pfx file: openssl.exe
pkcs12 export in rui.crt inkey rui.key name rui passout
pass:testpassword out rui.pfx
Copy the new certs to the /etc/vmware/ssl directory and rename them rui.crt & rui.key
See: http://kb.vmware.com/kb/1029944 , http://kb.vmware.com/kb/2015499 , &
http://kb.vmware.com/kb/2015421
Configure SSL Timeouts (pg. 76-77 Security Guide)
Via Shell (DCUI or Putty)
cd /etc/vmware/hostd
Edit the config.xml file: vi config.xml
1. Enter the <readTimeoutsMs> in milliseconds
2. Enter the <handshakeTimeoutMs> in milliseconds
3. At the <vmacore> section, scroll to the headings (http & ssl) & press I to insert the below lines
<http>
<readTimeoutMs>20000</readTimeoutMs>
<http>
<ssl>
<handshakeTimeoutMs>20000</handshakeTimeoutMs>
</ssl>
.
<vmacore>
4. Save changes: wq!
Restart hostd /etc/init.d/hostd restart
Enable Strong Passwords & Configure Password Policies (pg. 93 vSphere Security Guide)
DCUI or Shell to a Host
Edit password file: vi /etc/pam.d/passwd
1. Edit: password requisite line: retry=# min=#,#,#,#,# (min=N0,N1,N2,N3,N4)
2. N0 = chars reqd for pwd using chars from 1 class
3. N1 = chars reqd for pwd using chars from 2 classes
4. N2 = words used for a passphrase, 8-40 chars long (ea word)
5. N3 = chars reqd for pwd using chars from 3 classes
6. N4 = chars reqd for pwd using chars from 4 classes
Identify Methods for Hardening VMs (pg. 87-91 Security Guide)
Review Host logs the VM is on: hostd, vmkernel, vmksummary, vmkwarning
Analyze Logs for Security-Related Msgs
See item just above, last bullet
7.2 Configure & Maintain ESXi Firewall
Identify esxcli Firewall Configuration Commands
This has been discussed elsewhere, but esxcli network firewall is the namespace to use
1. Can use: ruleset, get, load, refresh, set, or unload namespaces
Create a Custom Service (pg. 36-37, Security Guide)
See KB: http://kb.vmware.com/kb/2008226
Set Firewall Security Level
Retrieve settings: esxcli network firewall get
Enable: esxcli network firewall set -enable true
Turn off: esxcli network firewall unload
SECTION 8
8.1 Execute Cmdlets & Customize Scripts Using PowerCLI
Identify Cmdlet Concepts
No real references; suggest viewing #vBrownBag session with @Josh_Atwell
Identify Environment Variables Usage
No real references; I guess defining a variable is done using $, for example: $host = Cmdlets
Install & Configure PowerCLI (pg. 13-14 PowerCLI Guide)
Download & install on a supported system (pretty basicdouble-click the .exe, Next, Next.Install)
Open and initially run: Set-ExecutionPolicy RemoteSigned
Install & Configure VUM Powerhell Library
Download & Install (pretty basicdouble-click the .exe, Next, Next, Install)
List VUM Cmdlets to verify install: open PowerCLI & Run: Get-Command PSSnapin
VMware.VumAutomation
Use Basic & Advanced Cmdlets to Manage VMs & ESXi Hosts
Online reference: http://www.vmware.com/support/developer/PowerCLI/PowerCLI501/html/index.html
Basic Cmdlets review pg. 17-18, User Guide
1. VMs
a. List all VMs in vCenter: Get-VM
b. Start a VM: Get-VM vmName | Start-VM (or Stop-VM, Suspend-VM, Restart-VM)
1) Or simply: Start-VM vmName
c. Shutdown Guest OS gracefully: Shutdown-VMGuest vmName
d. Migrate a VM from Host1 to Host2: Get-VM -Name vmName Location Host1 | Move-
VM Destination Host2
2. Hosts
a. List all Hosts in vCenter: Get-VMHost
b. Add a standalone Host to Datacenter object: Add-VMHost -Name hostName -Location
(Get-Datacenter Lab) -User root -Password VMware1!
c. Place a Host in Maintenance Mode
1) $host = Get-VMHost -Name hostName
2) $hostCluster = Get-Cluster -VMHost $host
3) $updateHostTask = Set-VMHost -VMHost $host -State Maintenance
RunAsync
NOTE: the -RunAsync parameter migrates or powers down currently running VMs on Host
4) Get-DRSRecommendation -Cluster $hostCluster | where {$.Reason -eq
Host is entering Maintenance Mode} | Apply-DRSRecommendation
5) $myUpdateHost = Wait-Task $updateHostTask
Advanced Cmdlets Pg. 19-27, User Guide
Get, Set, New, Remove Cmdlets
1. Can type Get-Help Get-<object> for more info on command & end with -Examples for usage
To export a file use: Export-CSV C:\Directory\filename.csv
1. Or, for HTML: | ConvertTo-HTML Fragment
2. Or: Generate-Report > $Folder\ReportName.html
Use Web Service Access Cmdlets (i.e. API Access Cmdlets; pg. 33 User Guide)
Cmdlets: Get-View & Get-VIObjectView
Use Datastore & Inventory Providers
Inventory Pg. 35, User Guide
Datastore Pg. 36, User Guide
Given a Sample Script, Modify the Script to Perform a Given Action
Really nothing to state hereit is what it is. Study the above items and be prepared to modify a script
8.2 Administer vSphere Using vMA
Identify vMA Specific Commands
Add target server: vifp addserver fqdn
Remove target server: vifp removeserver fqdn
List servers to verify add: vifp listservers
Set target as default for use with fastpass: vifptarget -s fqdn
Clear target server: vifptarget -c
Add/Remove Target Servers
See above
Use vmkfstools to Manage VMFS Datastores
Refer back to 6.4; some examples were presented there
Use vmware-cmd to Manage VMs (pg. 104-106 CLI Concepts & Examples)
Run vmware-cmd --help on use case for this command
1. List VM vmx files: vmware-cmd -l
2. Get a VM state: vmware-cmd /vmfs/volumes/UUIDofDatastore/vmFolder/vm.vmx
getstate
3. Start/Stop/Suspend VM: vmware-cmd /vmfs/../vm.vmx start
4. Get a VM uptime: vmware-cmd /vmfs/../vm.vmx getuptime
5. Register VM: vmware-cmd s register <config_file_path> <datacenter>
<resourc_pool>
Use esxcli to Manage ESXi Host Configurations
esxcli has been covered in previous sections; just set a target Host then run the appropriate commands
SECTION 9
9.1 Install ESXi With Custom Settings
Create/Edit Image Profiles (pg. 129 vSphere Install & Setup Guide)
Use PowerCLI
Run Get-Help Cmdlet for more info on a command
List Software Packages or Image Profiles: Get-EsxSoftwarePackage or Get-EsxImageProfile
Procedure
1. Add Software Depot: Add-EsxSoftwareDepot
C:\Support\Depot\ESXi51Install_BLD469512_Depot.zip
2. Verify the add: Get-EsxImageProfile
3. Create the Image Profile:
New-EsxImageProfile CloneProfile ESXi-5.1.0-469512-Standard Name
FirstBoot (quotes arent needed if there are no spaces in the names used)
a. NOTE: if wanting to create a brand new image without cloning:
New-EsxImageProfile NewProfile ProfileName New Profile Vendor MyOrg
Add more packages to current Image Profile as needed (pg. 131 vSphere Install & Setup Guide):
1. Add-EsxSoftwareDepot C:\Support\Depot\Name_bundle.zip
2. Verify the add & get pkg Name to add: Get-EsxImageProfile | sort Property Vendor
a. NOTE: the sort parameter isnt necessary but could be easier to find the pkg Name to add
3. Add 3
rd
Party pkg to current (i.e. VCAP5-DCA) image: Add-EsxSoftwarePackage ImageProfile
FirstBoot SoftwarePackage net-bna (or whatever the 3
rd
-party pkg Name was retrieved in
Step 2)
4. Verify add: Get-EsxImageProfile FirstBoot | Select-Object ExpandProperty
VibList, & find the 3
rd
-party pkg Name just added in Step 3
5. To remove VIB (3
rd
-party pkg) just added: Remove-EsxSoftwarePackage ImageProfile
FirstBoot SoftwarePackage net-bna (or again, whatever the 3
rd
-party pkg Name was
retrieved in Step 2)
6. Verify the removal (I added addtl cmds to sort the list by Vendor to see the Brocade pkg at the top, if
it were still installed; or, you can simply type: Get-EsxImageProfile FirstBoot): Get-
EsxImageProfile FirstBoot | Select-Object ExpandProperty VibList | Select
Name,Vendor | sort Property Vendor
7. After you have the Image with all VIBs you want, export to ISO to place on a CD for install, or export
as a zip bundle to use with VUM (pg. 132 vSphere Install & Setup Guide): Export-
EsxImageProfile ImageProfile FirstBoot ExportToISO FilePath
C:\Support\Depot\NewImage.iso (Note: to export to zip, use the -ExportToBundle property)
a. NOTE: Another good real-world sample of how to do this is shared by Duncan Epping in adding
the HA agent to your ESXi Image; I added his blog URL on this topic in 9.2 below
8. Straightline Example to create Custom Image
a. Add-EsxSoftwareDepot path
b. Get-EsxImageProfile
c. New-EsxImageProfile -CloneProfile ESXi-5.0.0-469512-standard -Name
NewProfile -Vendor VendorName -AcceptanceLevel PartnerAccepted
d. Get-EsxSoftwarePackage
e. Add-SoftwarePackage -ImageProfile NewProfile -SoftwarePackage pkgName
f. Get-EsxImageProfile NewProfile | Select-Object ExpandProperty VibList |
ft -AutoSize
g. Export-EsxImageProfile NewProfile -ExportToISO C:\Support\Name.ISO
Install/Uninstall Custom Drivers
Some custom drivers can be downloaded on VMwares download site in the Drivers & Tools tab, Driver
CDs section
See previous section as it goes through adding 3
rd
Party drivers (pkg) to a Image Profile as well as removal
1. Download the bundle zip
2. Add the bundle as a Depot
3. Get the bundle Name to add
4. Add the bundle Name to Image Profile
5. Verify bundle was added
Also, see KB: http://kb.vmware.com/kb/2005205
Configure Advanced Boot Loader Options (pg. 46-47 vSphere Install & Setup Guide)
The default kickstart file, ks.cfg , is located in the initial RAM Disk at /etc/vmware/weasel/ks.cfg
At ESXi install, press Shift+O at bootloader, then enter commands to load a ks.cfg file
1. Sample cmd: ks=<location of install script> <boot command line options>
2. Example actual cmd: ks=cdrom:/CustomKS.cfg nameserver=10.100.1.1 ip=10.100.2.21
netmask=255.255.255.0 gateway=10.100.2.252
When creating a ks file, rename it to customks.cfg can NOT use ks.cfg
Script options located on pg. 49-54, Install & Setup Guide and KB: http://kb.vmware.com/kb/2004582
Configure Kernel Options (pg. 56-57 vSphere Install & Setup Guide)
Not much really listed except that options are in the boot.cfg file & specifically the kernelopt= line
9.2 Install ESXi With Auto Deploy
Install Auto Deploy Server (Good blog by Duncan Epping: http://www.yellow-bricks.com/2011/08/25/using-
vsphere-5-auto-deploy-in-your-home-lab/)
Install on vCenter (or other Host) using vCenter install media
1. NOTE: On Destination Folder screen, change the repository location and max size
2. Also, Auto Deploy is part of the vCenter Server Appliance; to configure, Log on > Services tab > Auto
Deploy, Save settings
Install a TFTP Server: free tool = Solarwinds TFTP Server
1. In vCenter: Home > Administration > Auto Deploy, click Download TFTP Boot Zip to unzip the files,
then place them in the Storage directory of the TFTP Server (open the TFTP server > General tab and
place these files in the directory listed)
Create DHCP Reservations for Hosts
1. Modify Items #66 & #67 under DHCP Scope Options for IP of TFTP server and name given in vCenter
AutoDeploy window (e.g. undionly.kpxe.vmw-hardwired)
2. Create a DHCP reservation & DNS Host/PTR Records for Hosts (Duncan doesnt mention in his post to
add a Reservation, but not doing so caused me issues in my VMware Workstation testing; I
recommend doing so)
At this point, you can probably boot the new Host & see it try to pick up an ESXi image but fail to do so
Utilize Auto Deploy Cmdlets to Deploy ESXi Hosts (Cmdlet reference is on pg. 70 vSphere Install & Setup Guide)
Now, after doing the above initial Auto Deploy steps, PowerCLI is needed to create a Deployment Rule for
the Hosts: New-DeployRule -Name InitialHostBoot -Item FirstBoot Pattern
model=VMware Virtual Platform
1. This Rule creates a new Rule named InitialhostBoot; the -Item parameter is used to retrieve an
Image Profile (custom/cloned) that I created earlier (see 9.1)
2. After the Pattern parameter above, IP Range, ipv4=192.168.199.11-192.168.199.21 ,
can be used or use Allhosts parameter and any Host will grab & use the Rule
3. If you want to fully remove/delete a Deploy Rule: Remove-DeployRule -DeployRule
DeployRuleName delete
a. NOTE: I had a hard time figuring out how to fully delete Deploy Rules; if you do not use the -
delete parameter, the Rules will not be fully removed & will continue to show if you type Get-
DeployRule
To verify the Rules were created: Get-DeployRule
Once a Rule is created, it then needs to be activated for use: Add-DeployRule InitialHostBoot
(do the same for any additional Rule created)
Verify activation: Get-DeployRuleSet
This post by Joe Keegan shows how to add Rules in a specific place set (order) as each rule is assigned a
number (starting at 0) upon its activiation; knowing how to do this is useful if you have a -Allhosts Rule
added already, but need to create a new Rule that needs to take place before this -Allhosts Rule:
http://infrastructureadventures.com/2012/03/19/vmware-auto-deploy-rules-rule-sets/
Boot up a Host and watch the magic!
1. Troubleshooting note if using a different ESXi version for the Image will cause a timeout wating
for vpxa to start error in vCenter & though the Host will get ESXi installed, it will fail to add to
vCenter
Straightline Example
1. Install Auto Deploy
2. Go into Auto Deploy with vSphere Client, copy the DHCP info, & download the TFTP files
3. Modify DHCP options 66 & 67
4. Add-EsxSoftwareDepot c:\path\zip
5. Add-EsxSoftwareDepot http://IPofVCenter/vSphere-HA-depot
6. Get-EsxImageProfile & Get-EsxSoftwarePackage
7. New-EsxImpageProfile -CloneProfile ESXi-5.0.0-469512-standard -Name
MyImageProfile
8. Get-EsxImageProfile
9. Add-EsxSoftwarePackage -ImageProfile MyImageProfile -SoftwarePackage pkgName
10. New-DeployRule -Name FirstBoot -Item MyImageProfile AllHosts
11. Add-DeployRule -DeployRule FirstBoot
12. Boot a Host
13. Configure Host
14. Create a Host Profile named ESXiHostProfile
15. New-DeployRule -Name ProductionBoot -Item MyImageProfile, ESXiHostProfile,
ClusterName -Pattern vendor=HWidentifier
16. Add-DeployRule -DeployRule ProductionBoot
17. Remove-DeployRule FirstBoot -delete
18. Boot Hosts
19. Assign Host Profile to Hosts
20. Create Answer File by providing input
21. Reboot Hosts
22. Export-EsxImageProfile ProductionBoot ExportToISO C:\Path\Name.ISO Or
Export-EsxImageProfile ProductionBoot ExportToBundle C:\Path\Name.zip
Configure Bulk Licensing (pg. 76 vSphere Install & Setup Guide)
Connect-VIServer vc.lab.local user vi-admin password VMware1!
$licenseDataManager = Get-LicenseDataManager
$hostContainer = Get-Datacenter Name Lab
$licenseData = New-Object VMware.Vim.Automation.License.Types.LicenseData
$licenseKeyEntry = New-Object
VMware.Vim.Automation.License.Types.LicenseKeyEntry
$licenseKeyEntery.TypeID = vmware-vsphere
$licenseKeyEntry.LicenseKey = xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
$licenseData.LicenseKeys += $licenseKeyEntry
$licenseDataManager.UpdateAssociatedLicenseData($hostContainer.Uid,
$licenseData)
$licenseDataManager.QueryAssociatedLicenseData($hostContainer.Uid)
Provision a Host with Auto Deploy & assign them to the Datacenter or Cluster the license was assigned to
Log into vCenter > Host > Configuration tab > License Features link and check for correct License
Provision/Re-Provision ESXi Hosts Using Auto Deploy
Provision
1. Configure Host Boot Order in BIOS to be Network for PXE Boot via TFTP
2. Boot Host and it should deploy with an Image, using procedures noted above
Re-Provision (pg. 82 vSphere Install & Setup Guide)
1. Simple reboot of Host after it already used Auto Deploy
a. Host uses initial Image as was created above
b. Place Host in Maintenance Mode then Reboot the Host
2. Reboot with answer file
3. Reprovision with different Image Profile
a. Create new Image with PowerCLI & Image Builder (see 9.1)
b. Add the bundle: Add-EsxSoftwareDepot C:\Directory\File.zip
c. Change the Rule assigned to Hosts: Copy-DeployRule NewRuleName ReplaceItem
NewImageProfile
d. Test the Rule for compliance:
1) Copy-DeployRule -DeployRule TestRule -ReplaceItem MyNewProfile
2) Get-VMHost -Name Host1 (Verify Host wanting to update is accessible)
3) $testRule = Test-DeployRuleSetCompliance Host1
4) $testRule.itemList (lists differences between new RuleSet and current/original RuleSet)
5) Repair-DeployRuleSetCompliance $testRule (assign new RuleSet to Host upon Host
reboot)
4. Reprovision with different Host Profile
a. If a Host required user input for attaining a Host Profile from a previous reboot, answers are
saved in vCenter in an answer file. If new answers are needed, with vSphere Client re-Apply the
Profile and input will again be asked for
Configure an Auto Deploy Reference Host (pg. 116-117 vSphere Install & Setup Guide)
Once the first Host is deployed, configure settings vSwitch(s), NTP, Syslogging, Dump Collection (not
supported in environments running vDS), Security, etc. then create a base (i.e. Reference) Host Profile to
use with Auto Deploy
1. Log into vCenter > Host Profiles and Export the Host Profile to be used
2. Get Host Profile Name: Get-VMhostProfile Host1 -user root -password VMware1!
3. Create a Rule with this Host Profile (Host_Profile) & assign to all or IP Range of Hosts: New-
DeployRule -Name First-Time-Boot-Test -Item Host_Profile Pattern
model=VMware Virtual Platform, ipv4=192.168.199.11-192.168.199.21
4. Add Rule to RuleSet (i.e. Activate it): Add-DeployRule First-Time-Boot-Test
5. Boot up unprovisioned Hosts to get this new Rule with Host Profile, or run the Test Compliance
procedures described above
Authored by: Shane Williford
For Public Use, but give credit to author & bloggers when various areas of this document are referred to