I have been working with VMware for a long, long time now on behalf of my customers. I spend hours with them in their datacenters helping them to understand virtualization and the benefits that it can bring to their enterprise architecture.
The key piece that is often left underutilized in the virtualization stack is automation. I believe that it is because many administrators and virtualization professionals have never been asked to seriously consider what automation is (and is not), and the value that it can provide to the pursuit of daily IT activities if done correctly.
Most of us that have made a career in IT started out learning by observing and doing (often times incorrectly, but perseverance is a very important personality trait !!). I think that the thing that a lot of us suffer from is poor timing. What I mean is that until very recently, it was not hip and cool to admit in public that you knew how to script, what a script was, or that scripting was important to your ability to do your job efficiently and effectively if you spent most of your time in a Windows based environment. Those of us that cut our teeth in a Linux/Unix world have always understood the value of scripting and automation, as the environments that we were asked to manage and maintain were built around the use of the command line and scripting was the accepted way to accomplish anything that had to be done more than once.
To that end, I am here to offer you an opportunity, a choice …. But be warned, once you choose, there may be no going back !!!
What I am offering you is a choice to start a journey, one that if pursued incrementally can lead you to a better place (one where purple unicorns dance randomly and rainbows fall from the sky). The journey is hard, fraught with peril and angst. You will have to stay focused and continue to push the limits of the knowledge you acquire through application to real world problems in order to succeed. However, if you are up to the task, you will gain something valuable, an insight into the way in which those of us that know better figured it out.
Choose now, before going any further, BUT, choose wisely ……
To automate the management of daily operations across VMware vSphere hosts, VMware provides handy scripting tools:
VMware vSphere PowerCLI helps automate-vSphere related tasks for managing hosts, storage, VMs, guest OS, and more. It is distributed as an add-on snap-in for Windows PowerShell and offers 150+ PowerShell cmdlets. This tool can be used by itself or within many different third-party tools.
VMware vSphere Command Line Interface (vCLI) is a set of command-line utilities that help users administer and manage virtual environments, including provisioning, configuration, and maintenance of vSphere hosts. vCLI can be used to access and operate vSphere hosts from any remote machine. It also integrates with the vCenter platform, allowing users to target and operate the vSphere hosts managed by the VMware vCenter Server system. vCLI commands can be used to automate the configuration, troubleshooting, and diagnostics of a vSphere host.
PowerCLI and vCLI were both developed using the same interface as the vSphere client and can be pointed to any vSphere host, either directly or through vCenter. When targeted directly towards a vSphere host, they use a local authentication mechanism and work in a manner similar to commands running from a traditional console operating system. When targeted though vCenter, the vCLI and PowerCLI commands follow the same authentication (e.g., Active Directory), roles, and privileges, and even log in as vSphere client interactions, which offers a much more secure and auditable management framework.
Below are a sampling of common commands by category that are used to accomplish simple administrative tasks.
In a virtual environment, most objects, like virtual disks and relevant configurations, are stored and represented as files. In a VMware virtual environment, files can be either in Virtual Machine File System (VMFS) format, or in Network File System (NFS) format. The vSphere CLI includes two commands for performing file manipulation for these two formats: “vmkfstools” allows you to manipulate the VMFS and virtual disks, while “vifs” supports remote interaction with the NFS files.
This command helps in creating and manipulating virtual disks, file systems, logical volumes, and physical storage devices on an ESXi host. It also allows administrators to create and manage a VMFS on a physical partition of a disk and to manipulate files, such as virtual disks, stored on VMFS and NFS. Here are some examples:
Creating a virtual disk
vmkfstools -c 4096m adamvirtualdisk.vmdk
Creating a VMFS
vmkfstools -C vmfs5 -b 1m -S adam_test_vmfs /vmfs/devices/disks/adam.ID:1
This command helps in performing file system operations like copying, removing, getting, and placing files and directories on remote hosts. Here are some examples:
Copying a file to another location
vifs <connection_options> -c “[StorageName] VM/ADAM.vmx” “[StorageName] VM_backup/ADAM.vmx”
Listing all the directories
vifs –server <connection_options> -D “[StorageName] vm”
Commands related to host management can be used to stop and reboot ESXi hosts, take backups of configuration information, and manage host updates.
This command can be used to shut down or reboot an ESXi host. It can be used to shut down either a single host at a time or all the hosts in the data center or cluster, which disconnects the hosts from the vCenter Server System but does not remove them from the inventory. Here are some examples:
Shutting down a single host
vicfg-hostops <conn_options> –operation shutdown –force
Rebooting entire cluster
vicfg-hostops <conn_options> –operation reboot –cluster <my_cluster>
This command can be used to take a backup of host configuration data. This command is available only for ESXi hosts and not available on the vCenter Server system connections. Here are some examples:
Backing up configuration data
~ # vicfg-cfgbackup <conn_options> -s /tmp/ESXi_290733_backup.txt
Restoring configuration data
~ # vicfg-cfgbackup <conn_options> -l /tmp/ESXi_290733_backup.tgz
This command helps in remote configuration of Active Directory settings on ESXi hosts. It also allows administrators to obtain lists of supported and active authentication mechanisms, as well as lists of the current domain and join or part from an Active Directory domain. Here is an example:
To set up Active Directory, after synchronizing the ESXi host and Active Directory, the following command must be run:
vicfg-authconfig –server=<ESXi Server IP Address> –username=<ESXi Server Admin Username> –password=<ESXi Server Admin User’s Password> –authscheme AD –joindomain <AD Domain Name> –adusername=<Active Directory Administrator User Name> –adpassword=<Active Directory Administrator User’s Password>
Virtual Machine Management
Managing virtual machines involves tasks like registering and unregistering virtual machines, retrieving virtual machine information, managing snapshots, turning virtual machines on and off, adding and removing virtual devices, and prompting for user input.
Storage vMotion (or svmotion) helps in moving a virtual machine’s configuration file, and, optionally, its disks, to a different location while the virtual machine is running. This can help in moving all virtual machines and disks to a single target location, or choosing different locations for configuration files and virtual disks. Here are some examples:
Relocating a virtual machine’s storage (including the disks)
svmotion – -url=https://adamvc.adamcorp.com/sdk – -datacenter=Training – -vm=”[storage1] adamvm/adamvm.vmx:new_datastore”
Relocating a virtual machine’s configuration file, but leaving the virtual disks
svmotion <conn_options> – -datacenter=’Training’ – -vm='[old_datastore] adamvm/adamvm.vmx:new_datastore’ – -disks='[old_datastore] adamvm/adamvm_1.vmdk:old_datastore, [old_datastore] adamvm/adamvm_2.vmdk: old_datastore’
This command helps in performing virtual machine operations including creating a snapshot, powering a virtual machine on or off, and getting information about a virtual machine. It also helps administrators register and unregister virtual machines, retrieve virtual machine information, manage snapshots, turn virtual machines on and off, add and remove virtual devices, and prompt for user input. Here are some examples:
Listing all registered virtual machines
vmware-cmd <connection_options> -l
Registering a virtual machine
vmware-cmd <connection_options> -s register /vmfs/volumes/storage/VM/AdamVM.vmx
Creating a snapshot
vmware-cmd -U <myuser> -P <mypassword> -H VCServerABC -h ESXHost /vmfs/volumes/storage1/AdamVM/AdamVM.vmx createsnapshot <name> <description> <quiesce> <memory>
In a VMware virtual environment only authorized users with appropriate access permissions are allowed to access any information or resources. Administrators are provided with several ways to manage these users and their associated tasks and permissions.
This command helps create, modify, delete, and list local direct access users and groups of users on an ESXi host. This command cannot be targeted to a vCenter Server system. Here are some examples:
Listing the existing users
vicfg-user <conn_options> -e user -o list
Adding a new user with specified login ID and password
vicfg-user <conn_options> -e user -o add -l useradam -p adam_password
Creating a group
vicfg-user <conn_options> -e group -o add -d test
Virtual Network Management
Virtual network management includes activities like setting up a vSphere virtual switch, setting the DNS configuration, adding and starting an NTP Server, managing the IP gateway and more.
COMMAND: esxcli network vswitch
This command can be used to create or manipulate virtual switches. It also helps in obtaining detailed information about the virtual switches. Here are some examples:
Listing all virtual switches and associated port groups
esxcli <conn_options> network vswitch standard list
This command works pretty much the same as the “esxcli network vswitch” command above, helping administrators create, manage, and manipulate virtual switches. Here is an example:
Listing all virtual switches and associated port groups
vicfg-vswitch <conn_options> -l
This command helps in viewing and configuring virtual switches. It helps configure the port groups and link physical network interface cards (NICs) to them. It also helps in configuring virtual LAN IDs, Cisco Discovery Protocol (CDP), and the maximum transmission unit (MTU) of vswitches. Here are some examples:
Creating a new virtual switch
esxcfg-vswitch –a AdamvSwitch
Adding or removing network cards (known as vmnics) to or from a vNetwork Distributed Switch (vDS)
esxcfg-vswitch -P vmnic -V unused_dvPort_ID dvSwitch
This command helps in viewing and configuring physical NICs. It provides information about NIC status and also allows administrators to configure the speed of the NICs. Here is an example:
Viewing the list of physical adapters and their link status
A virtual disk is basically a file that stores the operating system, program files, and other data related to a virtual machine. It is generally a single file or a set of files that can be copied, moved, archived, and backed up just like any ordinary content file.
COMMAND: vicfg-scsidevs or esxcli storage core device list
This command helps in displaying the available logical unit numbers (LUNs) and mappings for each VMFS volume to its corresponding partition. Here is an example:
Listing all logical devices known on the system
esxcli <conn_options> storage core device list OR ~ # vicfg-scsidevs <conn_options> –list
COMMAND: vicfg-mpath or esxcli storage core path
This command helps in obtaining information about Fibre Channel or iSCSI LUNs and to change a path’s state. Here are some examples:
Listing all devices, along with corresponding paths, state of the path, adapter type, and other information
esxcli <conn_options> storage core path list OR ~ # vicfg-mpath <conn_options> –list-paths
Setting the state of a LUN path to “off”
esxcli <conn_options> storage core path set –state off –path vmhba34:C0:T2:L1 OR ~ # vicfg-mpath <conn_options> –state off –path vmhba34:C0:T2:L1
COMMAND: vicfg-rescan adapter rescan or esxcli storage core adapter rescan
This command helps perform a rescan operation each time the storage setup is reconfigured. Here is an example:
Rescanning a storage adapter
esxcli storage core adapter rescan –adapter=AdamAdapter OR ~ # vicfg-rescan <conn_options> AdamAdapter
This command helps in displaying and setting (enabling and disabling) all paths from a host to its storage devices. Here is an example:
Enabling or disabling a path
esxcfg-mpath -P path -s state
This command helps in obtaining detailed information about the host from which the command is fired. Its output can be stored directly into a text file, allowing direct documentation of the host configuration. Here are some examples:
Checking the ESX/ESXi host for host hardware info
esxcfg-info | less –i
Filtering out information about a specific system
esxcfg-info | grep ‘system uuid’
Timely monitoring and tracking of the performance statistics and logs of virtual environment resources can be very useful for administrators when diagnosing a problem in a virtual environment.
This interactive utility can be used to provide I/O metrics like CPU, memory, disk, and network usage over various devices attached to a VMware ESX host. This is primarily used for troubleshooting performance problems. Here are some examples:
Interactive mode: The esxtop tool includes several interactive commands. A list of the interactive commands can be viewed by entering ‘h’.
Batch mode: esxtop can also be used in batch mode
esxtop -b -n iterations > logfile.
This command helps in gathering useful information about performance snapshots and product-specific logs and configuration files, which are useful for administrators for diagnostic purposes. It can also be used to gather information about a VM and kill VMs if they are not responding. Here are some examples:
Collecting performance snapshots
Exporting a log bundle to a shared vmfs datastore
vm-support -f -w /vmfs/volumes/DATASTORE_NAME
- Rockin’ the CASB – What you need to know about Cloud Access Security Brokers …
- Cloud Tweaks Blog … What Do You Know About Cloud Security?
- Security Awareness @ ISC2 Security Congress 2015
- Secure the Power of the Cloud … (and get certified while doing it)
- Announcing Exchange Server 2016 Preview!
- VMware Scripting Overview – A quick look under the hood
- Checklist: Use AD FS to implement and manage single sign-on with Server 2012/R2
- Checklist: Setting up a Federation Server (ADFS) for use with Office 365 on Windows Server 2008/R2
- The (ISC)² CISSP Domain Refresh … Are you prepared?
- vSphere 6.0 is on the way !!! …. Are you ready???