VMware vSphere Central

This has been cross posted from my own blog vGemba.net. Go check it out.

Introduction

VMware have a website resource available called vSphere Central that collates some excellent documentation and resources on various aspects of vSphere. In this post I will run through what is available.

Overview of vSphere Central

vSphere Central is a collection of documentation, walkthroughs, mind maps, ebooks, videos, etc. which cover various aspects of vSphere. At a high level the following main categories are covered:

  • vSphere 7
  • vSphere Upgrade
  • vCenter Server
  • ESXi Host and Virtual Machine
  • Security & Compliance
  • Resource Management and Availability
  • Developer and Automation Interface
  • Hardware Acceleration

Under each of these main categories are further sub topics. I have created a mind map of these:

vSphere Central Mind Map

Click image to view larger size.

Continue reading

VMware Fling – Virtual Machine Compute Optimizer

This has been cross posted from my own blog vGemba.net. Go check it out.

Introduction

I recently found a VMware Fling that helped me find some VMs that were incorrectly configured VMs in regards to vCPU and vNUMA rightsizing. I feel Flings are not that well known so want to highlight this one and show the value in checking them out.

What are VMware Flings?

According to the Flings website they are:

Flings are apps and tools built by our engineers and community that are intended to be explored

Think of them as tools/utilities/scripts/apps that are built by VMware Engineers and the Community for the benefit of us the users. They can target a niche problem or something wider.

Continue reading

The Importance of VCSA Services

Introduction

This has been cross posted from my own blog vGemba.net. Go check it out.

This week I was trying to deploy an OVA on a vCenter and it was throwing strange error messages. I chalked it down to the Flash client being dumb, but then I could not add a new Role for some permissions.

Once I started I discovered the issue it reminded me the importance of checking the basics.

This was on a VCSA 6.5 Update 1 with an external PSC.

Symptoms

As I said above the first sign of an issue was on the deployment of an OVA. In the Flash client I kept getting this error when selecting Deploy OVF Template:

This version of vCenter Server does not support Deploy OVF Template using this version of the vSphere Web Client. To Deploy OVF Template, login with version 6.5.0.0 of vSphere Web Client.

OVA Deployment Error

I tried then using the HTML5 client and it would just sit at Validating at step three in the wizard:

OVA Deployment Error

I had a look at the VMware Knowledgebase and found KB2151085 but this was originally a new VCSA and had not been upgraded. I ran out of time to investigate further so ended up using PowerCLI to deploy the OVA I needed.

The next day I needed to create a new Role in vCenter and encountered further issues. The first was when I went to the Roles screen in the Flash client. It said I did not have permissions. I then tried using the SSO admin and had the same:

Roles Error

Again I checked the HTML5 client and found an empty screen:

Roles Error

As a final check I went to an existing folder and tried to add an existing permission to the folder. Going to the Add Permission wizard in the Flash client I got the error:

An internal error has occurred – Error #1034

Roles Error

and the error stack showed:

Roles Error

Googling Error #1034 showed a couple of entries and they fixed it by rebooting the appliance.

The Fix

At this point I knew I had a serious problem. My first thought would be to reboot the appliance but this would have involved a Change ticket with approvals and an out of hours reboot which I wanted to avoid.

I spent time wondering if there was a permissions error but I was trying the SSO local administrator account which has access to everything. I spent some time looking at the SSO configuration and the Groups but could not find the issue. I could rule out permissions as the cause.

Next I spent time looking at KB2151085 from above. I performed the steps listed even though I knew is was a bigger issue but wanted to rule it out. Of course that didn’t help.

At this point it was lunch time. As many of you know there is nothing better to help you figure out a problem than walking away from it for a while. So I went for a walk! When I got back I decided to get back to basics and check on the health of the appliance.

I checked the following in the VAMI:

  1. Health Status (all green)
  2. NTP status
  3. DNS setup
  4. Database utilization (had issues when VCSA disk partitions fill up)

That all looked good.

Then I moved to the vCenter UI. I had a look at the System Configuration under Administration and noticed in the Services Health a Warning:

Roles Error

Clicking on the Objects tab I could see the VMware vCenter Serverservice was in Warning. Looking further down the list I noticed something. The service vAPI Endpoint was stopped:

Roles Error

I knew the vAPI Endpoint is a critical vCenter service. Checking the properties of the the service showed it should have been running as the Startup Type was Automatic:

Roles Error

I started up the service and went back to the Roles screen using my domain account and could see Roles now:

Roles Error

I then check a simple OVA deployment and it worked.

Wrap Up

This taught me a lesson. I spent too long on Google and searching for a complex error and fix. I need to start with the basics first.

I also took note in our wiki of the services that should be running on the vCenter and PSC so that others not as familiar will know what should and should not be running.

I also wanted to blog this as the specific error codes matched other issues and KB articles that were not relevant. If anyone else hits similar problems I hope they land on this post and it helps them.

VCP 6.5 Study Material

This has been cross posted from my own blog vGemba.net. Go check it out.

Introduction

At the recent Scottish VMUG vBeers event certification seemed to be a common topic of conversation. I recommended some study material to people so thought it would be useful to list them out here plus some others I have used.

VCP 6.5 DCV Overview

The full title for the exam is VMware Certified Professional 6.5 – Data Center Virtualization Exam. To gain the certification two exams are required.

The first is the vSphere 6.5 Foundations Exam. This exam needs to be completed before you can proceed to any of the actual certification exams such – Data Center Virtualization, Network Virtualization, Cloud Management and Automation or the Desktop and Mobility track. Passing the Foundations exam does not mean you have a certification, it means you are on the right path to you first VMware certification. This exam is available online through Pearson Vue.

Once you have completed this exam you can move onto the VCP DCV exam. The bible for you study should be the Exam Guide. This will spell out exactly all the things you may be questioned on in the exam. Make sure you know each topic inside and out! The exam has to be completed at a Pearson Vue testing center.

Continue reading

Free and Paid Learning Resources

This has been cross posted from my own blog vGemba.net. Go check it out.

Introduction

As IT professionals we are always learning. I thought I would highlight some free and paid for learning resources that I use to improve my skills.

vBrownbag – Free

vBrownbag is a community driven website and YouTube Channelthat provides weekly webcasts that teach new skills in under an hour. Topics have included certification tracks, automation, Cloud, careers, VMware technologies, Docker, networking, etc.

They also do Community sessions & recordings at VMworld which are excellent. They provide a great opportunity for community members who did not get to speak at the full conference a way to present a topic. For instance at VMworld US 2018 we had recordings such as the vExpert Daily, Powershell, Blogging, and many others.

I have presented on Terraform and it was a great experience. If you have an idea for a talk reach out to the vBrownbag Team.

Skylines Academy – Paid

A recent newcomer to the on demand video training model is Skylines Academy. This has been started by Nick Colyer and focuses on Azure training. The courses are low cost and once you purchase them you receive lifetime updates. Continue reading

VMware Workstation Tech Preview 2018 REST API

This has been cross posted from my own blog vGemba.net. Go check it out.

Introduction

VMware recently announced the release of VMware Workstation Tech Preview 2018. This has a number of new features:

  • DirectX 10.1 support
  • REST API
  • Support for Windows 10 High DPI
  • Host level high DPI
  • The ESXi Host / cluster view when connecting to vCenter
  • USB Auto Connect functions for a virtual machine
  • Support for Wayland architecture for Linux hosts

The feature I am most interested in is the REST API. After listening to Craig Dalrymplepresent a session at the last Scottish VMUG called Making Your 1st Restful API call to VMware I wanted to try using an API. I had not tried it in my home lab or production at work as I didn’t want to screw anything up, so using Workstation is ideal.

Starting the REST API

The REST API needs to be started from the command line. The file you need to run is located in C:\Program Files (x86)\VMware\VMware Workstation. You can then vmrest.exe --help to see some basic help:

C:\Program Files (x86)\VMware\VMware Workstation>vmrest.exe --helpVMware Workstation REST APICopyright (C) 2018 VMware Inc.All Rights Reservedvmrest 1.1.0 build-8888902Usage of vmrest.exe:  -c, --cert-path <cert-path>        REST API Server certificate path  -C, --config        Configure credential  -d, --debug        Enable debug logging  -h, --help        Print usage  -i, --ip <ip>        REST API Server IP binding (default 127.0.0.1)  -k, --key-path <key-path>        REST API Server private key path  -p, --port <port>        REST API Server port (default 8697)  -v, --version        Print version information

To start the REST API you simply type:

C:\Program Files (x86)\VMware\VMware Workstation>vmrest.exeVMware Workstation REST APICopyright (C) 2018 VMware Inc.All Rights Reservedvmrest 1.1.0 build-8888902-Using the VMware Workstation UI while API calls are in progress is not recommended and may yield unexpected or unintended results.-Serving HTTP on 127.0.0.1:8697-Press Ctrl+C to stop.

You can see that there is a web based Swagger interface for browsing the API on http:\\127.0.0.1:8697:

Swagger Interface

Authentication

If you now try to do anything through the API it will not work as we are not authenticated. We need to configure some credentials. This is done using vmrest --config but remember if the API is running you will need to stop it by pressing CTRL+C:

C:\Program Files (x86)\VMware\VMware Workstation>vmrest --configVMware Workstation REST APICopyright (C) 2018 VMware Inc.All Rights Reservedvmrest 1.1.0 build-8888902Username:cwestwaterNew password:Retype new password:Processing...Credential updated successfullyC:\Program Files (x86)\VMware\VMware Workstation>

You simply enter a username and password for authentication to the API. Start the REST API again using vmrest.exe. Now in the web interface click the Authorize link in the top right, enter the username and password and then click the Authorize button:

Authorization

There does not seem to be any visual indication that you are logged in, the only way to check is to do something.

Swagger Interface

The Swagger interface is a great way to try the API. You don’t need to use things like Curl, PowerShell, Postman, etc. you can simply use the web interface to perform API operations. You can see that there are four main sections available with various operations available under them:

GET VMs

There are quite a few operations available in the API. Lets try out a few.

Simple GET Operation

A quick check to see if things are working right is to use the Swagger interface and try a GET operation. GET means reading something, no changes are made – safe!

Browse to VM Management...Show/Hide..GET /vms then click TRY IT OUT! The Response Body shows the two VM’s I have in Workstation:

GET VMs

So in the above screenshot you can see from the interface some useful information. We can see what the response should look like, the HTTP response codes (200 means we were successful), the Curl command, and what we actually want to see, the Response body:

[  {    "id": "3SFU5DH6CKR349853CVSG5T1E9TJCMEB",    "path": "C:\\Users\\a-cwestwater\\Documents\\Virtual Machines\\Linux-01\\Linux-01.vmx"  },  {    "id": "RG98SS5QSA90GAP42Q7M4IVAT1VOH2EV",    "path": "C:\\Users\\a-cwestwater\\Documents\\Virtual Machines\\Linux-02\\Linux-02.vmx"  }]

Now we have a list of the VM’s and their IDs we can try something else. Let’s get some VM setting information for a particular VM. To do this use GET /vms/{id}. In the web interface expand VM Management...Show/Hide..GET /vms/{id}. Under the parameter section we need to use one of the ids from above, in this case I will use "id": "RG98SS5QSA90GAP42Q7M4IVAT1VOH2EV".

In the parameters section it is looking for parameter of id. Copy and paste the id of the VM into the field:

GET VM settings

One this id is entered click TRY IT OUT!. The Response Body section gives us the details of the VM:

Get VM settings

The VM has a single CPU with 64MB of RAM.

Simple PUT Operation

A PUT operation updates something. In this case we want to add a CPU and some memory to a VM. This is under VM Management...Show/Hide..PUT /vms/{id}. We again need to define some details in the Parameters section. The first is the id of the VM like we did above.

Next we need to add some definition of what the VM needs to be changed too. This is in the parameters text box. There is an example shown just to the right:

PUT VM settings

Again click the TRY IT NOW! button and we get the response:

PUT VM settings

The VM now has 2 CPUs and double the amount of RAM. We can check using the API again:

PUT VM settings

DELETE Operation

Finally I want to delete the VM as I am done with it. This is found under VM Management...Show/Hide..DELETE /vms/{id}. There is a warning with DELETE operations. Unlike the GUI there is no confirmation or check you actually want to delete, it just does it. So be aware!

DELETE VM settings

Again we need to define the id of the VM we want to delete then click TRY IT OUT!. This time we get a Response Body and Response Code of:

DELETE VM settings

Not the usual response we have seen above. Usually we get a Response Code of 200, but this time it’s 204. That is 204? Scroll up in the web interface and you see:

DELETE VM settings

So 204 is the VM was deleted. We can confirm using GET /vms:

DELETE VM settings

The VM with the id of RG98SS5QSA90GAP42Q7M4IVAT1VOH2EV is gone.

Wrap Up

When I started with this blog post I had never used an API before, but within an hour I was using the Swagger interface to interface with VMware Workstation. 30 minutes later I was using Postman to do the same. I think using the ‘safety’ of Workstation to get used to the VMware API is a great way of learning how to using the API.

I plan to investigate further as I use Workstation as my lab, so being able to automate operations using the API could help me a great deal. I expect further development of the API as the Tech Preview progresses.

GitHub Learning Lab

This has been cross posted from my own blog vGemba.net. Go check it out.

Introduction

At a VMUG last year during a presentation by Chris Wahl he recommended that all ops people like me learn a Distributed Version Control System such as GitHub. I use GitHub for my blog and storing some files, and still had not really scratched the surface of it.

Last month GitHub released a tool called GitHub Learning Labthat is basically an app that starts a bot that leads you through some training on the use of GitHub.

Lessons

So far there are five lessons available:

  • Introduction to GitHub
  • Communicating using Markdown
  • GitHub Pages
  • Moving your project to GitHub
  • Managing merge conflicts

In the Introduction to GitHub lesson you learn about:

Introduction to GitHub

Continue reading

vSphere 6.5 Update 1 Security Configuration Guide Released

This has been cross posted from my own blog vGemba.net. Go check it out.

Introduction

On the 12th March 2018 VMware released the latest version of the vSphere Security Configuration Guide. This is an indispensable guide for securing your vSphere infrastructure which I highly recommend all VMware admins read.

Purpose

I have been following the guide for a few iterations now. Back in the early versions there were a lot of settings that could mean the over zealous administrator could have gone in and potentially caused problems. For example in the v5.1 version of the guide there were 172 settings listed over multiple sheets. In the latest version there are 68. A couple of reason for this are the mitigation change has been eradicated due to code changes or the guidance is no longer required because the software is secure by default.

Also included are some common sense ‘best practices’. This goal of secure by default can be seen in the graphs in the blog post from VMware. In vSphere 6.5 there were 24 settings available to harden the deployment. In 6.5 Update 1 there are now 10 due to VMware coding the guidelines into the code. So for that 68 Guidelines 10 are Hardening settings with 58 Non-Hardening (Audit only + Site Specific). Great job VMware! Continue reading

RVTools 3.10 Released

This has been cross posted from my own blog vGemba.net. Go check it out.

Introduction

A utility that I find very useful for checking my vSphere environment is the amazing tool RVTools developed by Rob de Veij. The utility is a comprehensive tool that shows a lot of information from either a vCenter or ESXi host. Some examples of items it can report on are VMs, Partitions, Resource Pools, Licenses, Datastores, Health, etc. Version 3.10 was recently released so in this post I will run through the installation and usage of RVTools.

Installation

The installer is a simple 6.35MB msi file that can be grabbed from the website. You have to submit your details to get access and you will receive emails from Veeam.

The msi is a Next…Next…Next…Finish install:

RVTools Install RVTools Install RVTools Install RVTools Install

Continue reading

Using Terraform with vSphere vBrownBag

This has been cross posted from my own blog vGemba.net. Go check it out.

On the 19th December 2017 I presented a session on vBrownbag titled Using Terraform with vSphere. It’s now available on the vBrownBag YouTube channel.

Rebbeca Fitzhugh reached out to me and asked if I would do a session after she read my Terraform Series. Of course I jumped at the chance.

In the session I cover:

  • Terraform Terminology
  • Installation
  • Initialisation
  • Creating a new VM
  • Cloning a VM
  • Variables and the associated files
  • Documentation

It’s pretty much all live demo and I show how easy it is to get started with Terrform to spin up or clone VM’s. I have posted the code I used on my GitHub. This should be the first of a series on Terraform so watch out for more.

I want thank the vBrownBag team for the opportunity to present. I love the content they produce and to be asked to participate was an amazing opportunity.