William Lam

Guest Customization support for Instant Clone in vSphere 7

05.14.2020 by William Lam // 2 Comments

vSphere Instant Clone was re-architected back in vSphere 6.7 and has been enhanced to be made more powerful and flexible. These enhancements not only power solutions like VMware Horizon but it also unlocks new customer use cases including things like Instant Cloning of Nested ESXi and Apple MacOS Guests.

Although the possibilities are truly endless with Instant Clone, this also means that any customization including basic guest identity such as hostname and networking must now use an alternative workflow. For application-level customization, it is expected that customers will create and manage these custom scripts but for basic networking configuration, it would be ideal to leverage the existing and well known vSphere Guest Customization Engine.

While downloading a file from MyVmware the other day, I came across an interesting set of packages called Guest Customization Engine for Instant Clone. Upon further investigation, I came to learn that these guest packages actually enable support for native vSphere Guest Customization for Instant Clone in vSphere 7 for the following Linux guest OSes:

CentOS 7.4 or higher
RHEL 6.8 or higher
RHEL 7.4 or higher
Ubuntu 16.04
SUSE 11SP4
SUSE 12SP3 or higher

In addition, there is also new set of vSphere (SOAP) APIs that you will need to interact with to use the new Instant Clone Guest Customization feature. The GuestCustomizationManager is a new vSphere 7.0 API which includes the following three API methods:

AbortCustomization_Task
CustomizeGuest_Task
StartGuestNetwork_Task

If you are interested in taking advantage of the new Instant Clone Guest Customization in vSphere 7, you can refer to the official VMware documentation which has step by step instructions.

How to passthrough USB Keyboard/Mouse HID and CCID devices to VM in ESXi?

05.13.2020 by William Lam // 66 Comments

About a month back I had received an interesting tidbit from Darius Davis (VMware Engineer) after helping a customer solve an interesting problem and Darius thought this could be a useful blog post to share. Funny enough, a couple of weeks after that conversation, a simliar issue was being faced by another customer and luckily I was able to share with them the solution and also validate the specific configuration that was needed.

The customer that Darius was helping out had two VMs running on ESXi which they wanted to configure several passthrough devices. In addition to a PCI passthrough of a GPU, they also wanted to passthrough independent USB keyboard and mouse to each individual VM. PCI passthrough to a VM is nothing new but passing through a USB keyboard/mouse also known as Human Interface Devices (HID) to a VM is generally not expected. The physical ESXi host just assumes these type of USB devices are meant for it to consume.

In addition to HID USB devices, there are also Chip Card Interface Devices (CCID) USB devices like a smart card reader which customers may also want to passthrough to a VM. The latter use case was what I ended up helping the customer out with. To passthrough HID/CCID USB devices, the following steps are required which will include changes to the ESXi host.

Step 1 - Add the following two VM Advanced Settings for all USB CCID/HID devices that you wish to enable passthrough:

HID USB Devices:

usb.generic.allowHID = "TRUE"
usb.quirks.device0 = "0xXXXX:0xYYYY allow"

CCID USB Devices:

usb.generic.allowCCID = "TRUE"
usb.quirks.device0 = "0xXXXX:0xYYYY allow"

where 0xXXXX = vendorId and 0xYYYY = deviceId (e.g 0x03f0:0x0024) which was retrieved from the previous step

To list all USB devices and get their vendor and device ID, you can use the lsusb command found within the ESXi Shell and below is an example listing out both my USB Mouse and Keyboard.

lsusb -v | grep -E '(^Bus|HID)'
Bus 001 Device 001: ID 0e0f:8003 VMware, Inc. Root Hub
Bus 002 Device 001: ID 0e0f:8003 VMware, Inc. Root Hub
Bus 001 Device 003: ID 8087:0026 Intel Corp.
Bus 001 Device 004: ID 0781:5591 SanDisk Corp. Ultra Flair
Bus 001 Device 002: ID 05fe:0011 Chic Technology Corp. Browser Mouse
    iConfiguration          4 HID Mouse
        HID Device Descriptor:
          bcdHID               1.00
Bus 001 Device 005: ID 046d:c31d Logitech, Inc. Media Keyboard K200
        HID Device Descriptor:
          bcdHID               1.10
        HID Device Descriptor:
          bcdHID               1.10

Step 2 - We need to make the USB arbitrator service aware of these USB device quirks by adding the usb.quirks.deviceN string to /etc/vmware/config file. In my example above, I want to enable passthrough for both my Mouse and Keyboard device, so the following entries would be appended:

usb.quirks.device0 = "0x05fe:0x0011 allow"
usb.quirks.device1 = "0x046d:0xc31d allow"

Step 3 - Lastly, we need to append the following string to the ESXi boot option to disable the VMkernel from claiming HID USB devices.

CONFIG./USB/quirks=0xXXXX:0xYYYY::0xffff:UQ_KBD_IGNORE

where 0xXXXX = vendorId and 0xYYYY = deviceId (e.g 0x03f0:0x0024)

The easiest way to append this to the boot option is by editing /bootbank/boot.cfg rather than manually typing this during the initial boot up (SHIFT+O)

Note1: This is not required for CCID devices or mouse devices as they are not claimed by ESXi

Note2: The USB quirks are given in sets of five parameters - vendorID:deviceID:minRevision:maxRevision:quirkName If you wish to specify multiple devices, you will need to ensure all five parameters are included. Here's an example for specifying two USB devices: CONFIG./USB/quirks=0x05fe:0x0011::0xffff:UQ_KBD_IGNORE:0x046d:0xc31d::0xffff:UQ_KBD_IGNORE

Step 4 - A system reboot of your ESXi host will be required for the changes to go into effect. Once your ESXi host is available, you can use the vSphere H5 Client or Embedded ESXi Host Client to attach the USB devices. For vCenter Server, click on "Add New Device" and select "Host USB Device" and for ESXi, click on "Add other device" and select "USB Device".

New VEBA release, new website and new mascot!

05.12.2020 by William Lam // Leave a Comment

Today I am very happy to share a number of updates with the community regarding the popular VMware Event Broker Appliance (VEBA) Fling. Each release has always been a team effort, but but I am especially proud of this release as it demonstrates how large the team has grown in the past 6 months and their impactful contributions to this solution to help our VMware customers and partners. Michael and I could not be more prouder and the feedback both internally and externally has been nothing but amazing and we are just getting started when it comes to event-driven automation for the SDDC!

New VEBA Release

Here are some of the key features in our latest v0.4 release. If you wish to see a detailed change log, please refer to the VEBA github releases page.

New VEBA Direct Console UI (DCUI)
New Incident Management example functions
New Golang example function
Deploy VEBA to a existing Kubernetes Cluster (documentation)
Updated VEBA base OS to latest Photon OS 3.0 Rev2
Replace Weave with Antrea CNI
Support customization of Docker bridge network (default: 172.17.0.1/16) via OVF property
Monitor VEBA Appliance using vRealize Operations (documentation)

Below are two features that I think is worth highlighting:

Thanks to Frankie Gold, we now have a slick new VEBA DCUI which replaces the old static /etc/issue entry which was only updated once after a successful deployment. If you decided to change the hostname, these changes would not be reflected. The new VEBA DCUI is dynamic and will display the latest configuration from the system including the configured system resources. In addition, it also uses the new /etc/veba-release file found within VEBA appliance which provides information about the version of VEBA, commit ID along with the event processor that was configured.

As part of the DCUI development planning, I was reminded of this fun little VMware Easter Egg. I thought it would be fun to include a few of our own and also give a nod back to this old school easter egg which sadly is no longer in the product. The default color scheme is green (cyan) and if you go into the VM Console and type "veba", you will activate an alternate color scheme as shown in the screenshot below. To return to the original color scheme, just type "veba" again to deactivate.

There is actually a couple more interesting ?easter eggs which I had asked Frankie to include ... I wonder who will be the first to find and share them? Maybe the first few folks who share details about the easter egg on it Twitter will get one of the new VEBA sticker!

UPDATE (05/13/20) - Congrats to Allan Kjaer on finding the first VEBA DCUI Easter Egg #1 which is typing the word "pride" (this is a nod back to the original easter egg found in Fusion, see reference above)

Congrats to @Allan_Kjaer on finding the first hidden ?#EasterEgg in latest #VEBA release. Type “pride” to activate/deactivate new color scheme

Very impressive Allan, as I thought this would have taken longer & was a nice nod to original @VMwareFusion Easter Egg ? pic.twitter.com/d06skOglj5

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) May 13, 2020

Congrats David Bibby on finding the second and final VEBA DCUI Easter Egg #2 which is typing the word "otto" (name of VEBA's mascot) which will activate VEBA DCUI console with rendering of Otto 🙂 To deactivate and return to the default screen, simply type "otto" again.

Congrats @bib_ds on finding the last and final #VEBA #EasterEgg which is dedicated to our new mascot #OttoTheOrca

I’m sure colleagues will take a second look when they see ? in the VM Summary page ? https://t.co/JaDUFkQ7fi

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) May 13, 2020

[Read more...]