WilliamLam.com

Easily automate ESXi 6.0 Active Directory join using domainjoin-cli

by // 9 Comments

A nice little enhancement that I recently came across in ESXi 6.0 is the inclusion of the Likewise utility called domainjoin-cli which allows you to join a system to an Active Directory Domain. Previously, if you wanted to automate the process of joining an ESXi host to an Active Directory Domain, you had to either manually configure it using the vSphere Web/Client, using Host Profiles or creating an external script using the vSphere APIs.

All of these options were mostly executed during the post-provisioning process and if you wanted to include Active Directory configuration as part of the provisioning process, you may have had to resort to something like calling into the vSphere MOB within a Kickstart script as I had shown back in 2011 in this article here. The solution I came up with was not ideal but it worked for those that did not want to have additional steps after initial provisioning.

With the domainjoin-cli utility now included in the ESXi Shell of ESXi 6.0, you easily automate the joining an Active Directory Domain with just a couple of lines added to your Kickstart or provisioning scripts. Before you can use the command-line utility, you will need to ensure the Likewise Service Manager Daemon is running by running the following two commands which will start the service and also ensure the service automatically starts up:

/etc/init.d/lwsmd start
chkconfig lwsmd on

esxi6_active_domain_join_1
Next, to join to your Active Directory Domain, you will need to specify the following 3 parameters:

  1. join - Specifying the operation is a join versus a leave
  2. AD Domain Name - Active Directory Domain to join
  3. AD Username - Active Directory username to join to the domain
  4. AD Password - Active Directory password to join to the domain (optional as you will be prompted if it is not specified)

Here is an example of what the command looks like joining my Active Directory Domain in my lab:

/usr/lib/vmware/likewise/bin/domainjoin-cli join primp-industries.com administrator [PASSWORD]

esxi6_active_domain_join_2
You should see a success message if the ESXi host was successfully joined to the Active Directory Domain and you will want to reboot your ESXi host for the changes to take full effect. This is definitely a simpler method to include into an ESXi Kickstart script to automate the joining of an Active Directory Domain and hopefully you will find this handy when using ESXi 6.0.

Quick Tip - Upgrading VMware Tools for Nested ESXi 6.0

by // 2 Comments

I have received several questions about this in the last couple of weeks regarding the process of upgrading VMware Tools for running Nested ESXi 5.x and 6.0 when the physical ESXi host has been upgraded to ESXi 6.0. Instead of individual replies, I thought I would share this quick tip. First off, VMware Tools for Nested ESXi provides a very specific set of capabilities for Nested ESXi guests as shown below:

  • Provides guest OS information of the nested ESXi Hypervisor (eg. IP address, configured hostname, etc.).
  • Allows the nested ESXi VM to be cleanly shut down or restarted when performing power operations with the vSphere Web/C# Client or vSphere APIs.
  • Executes scripts that help automate ESXi guest OS operations when the guest’s power state changes.
  • Supports the Guest Operations API (formally known as the VIX API).

Unlike traditional VMware Tools which may provide updated capabilities with each new release, VMware Tools for Nested ESXi exposes only a subset of those capabilities which has not changed between ESXi 5.x and 6.0. This is an important fact to be aware of because you may see "Unsupported older version" for the VMware Tools status in the vSphere Web/C# Client and this is perfectly fine and expected.

Here is a screenshot of a Nested ESXi 5.5 VM with VMware Tools installed running on top of an upgraded physical ESXi 6.0 host:

upgrading_nested_esxi_vmware_tools_vsphere_6_1
In this scenario, the VMware Tools status will be reported as "Unsupported older version" because the version of VMware Tools does not match the latest version of VMware Tools included with ESXi 6.0. However, you should not be alarm as the expected functionality listed above will continue to work without any problems and you can just ignore the UI warning. The only way to get rid of this warning is to upgrade the Nested ESXi VM to ESXi 6.0 which I go over in more details below. I know upgrading may not be an option if you still wish to run ESXi 5.x, but as far as I know, there will not be an update to VMware Tools VIB for ESXi 6.0 as it is now pre-installed with ESXi 6.0.

Here is a screenshot of the same VM which has now been upgraded to ESXi 6.0 running on top of an upgraded physical ESXi 6.0 host:

upgrading_nested_esxi_vmware_tools_vsphere_6_2
In this case, the VMware Tools status will be reported as "Unsupported older version" because the version of VMware Tools does not match the latest version of VMware Tools included with ESXi 6.0. However, because VMware Tools now comes pre-installed with ESXi 6.0. We can easily remedy this by removing the VMware Tools VIB we installed for ESXi 5.x by running the following ESXCLI command and then rebooting:

esxcli software vib remove -n esx-tools-for-esxi

Once the ESXi host has rebooted, the VMware Tools that is pre-installed with ESXi 6.0 will automatically start up if it detects it is running as a VM. If you now look at your vSphere Web/C# Client, you will see that VMware Tools status shows current and is also the default behavior if you are running Nested ESXi 6.0 VM on top of physical ESXi 6.0 host.

upgrading_nested_esxi_vmware_tools_vsphere_6_3
With VMware Tools being pre-installed with ESXi 6.0 and only loaded when it detects it is being run as a VM, you no longer need to worry about manually installing additional VIBs get the benefits of having VMware Tools installed for your Nested ESXi VMs.

Are Affinity/Anti-Affinity rules preserved during Cross vCenter vMotion (xVC-vMotion)?

by // Leave a Comment

Among other things, vSphere Affinity/Anti-Affinity rules are indeed preserved with a Virtual Machine during a Cross vCenter vMotion (xVC-vMotion) which is a new vMotion capability in vSphere 6.0. If you wish to learn more about this awesome new feature be sure to read about it here and here.

There were a couple of people asking about the details on how this actually worked so I figured I would set this up in my lab and provide some additional information. In my environment I have two vCenter Server 6.0 joined to a single Platform Services Controller (same SSO Domain) which provides me with the Enhanced Linked Mode capability which is one of the requirements for a regular xVC-vMotion as it needs to be visible in the vSphere Web Client. You can also do an ExVC-vMotion, which does not require the vCenter Servers to be part of the same SSO Domain, you can find more details in this blog post here.

I initially had 3 Virtual Machines called: Web1, Web2 and Web3 which ran in my "PA-VSAN-Cluster" which is located in my first vCenter Server. I then create an Anti-Affinity rule called "Web-Rule" that ensures all three VMs are running on separate ESXi hosts. I then manually perform xVC-vMotion (remember automated DRS migration is on a vSphere Cluster boundry and will not vMotion outside of a vSphere Cluster or vCenter Server) each VM to my secondary vCenter Server to my "SB-VSAN-Cluster"

Once the VM has successfully relocated to the destination site, the Affinity/Anti-Affinity rules are then migrated over. You might be wondering why the Affinity/Anti-Affinity rule could not be created in advance and the reason is because it needs the actual VM object to be available to associate the the rules to. Once all three VMs have been migrated over, you will see that the old Affinity/Anti-Affinity rule no longer exists in the source vCenter Server and now lives in destination vCenter Server as seen in the screenshot below. Simple and elegant!

affinity-anti-affinity-rules-cross-vcenter-vmotion