WilliamLam.com

How to Automate the Deployment & Configuration of vShield Manager 5

by // 8 Comments

If you have ever worked with VMware vShield Manager, you know that deployment and configuration of the virtual appliance is pretty much a manual process. You can automate the deployment of the vShield Manager OVA using the various vSphere SDK's or the ovftool, but the initial IP address configuration for vSM still needs to be configured manually using the remote console for the very first time.

An easy solution to this problem would be for VMware to create the vSM OVA to support IP address configuration out of the box as part of the deployment options (but why make things easy). In any case, I will demonstrate how you can easily automate both the deployment and the initial configuration of vShield Manager to your vSphere environment.

Before I begin, I can not take credit for coming up with the idea of automating vShield Manager deployment, the credit goes to Alan Renouf. Alan recently contacted me and ask if it was possible to automate the IP configuration. The answer is yes and here is a solution.

One of the main challenges in figuring out how to automate the IP address configuration of vShield Manager was due to the vtysh integrated shell daemon for Zebra that launches by default as part of the "admin" user account. This interface is used to manage the kernel routing and management table and made it very difficult to interface with for any type of automation. I decided manually go through a vSM configuration and then using Knoppix LIVE-CD, I was able to mount up the vSM filesystem and look around to get a better understanding of what was going on. After some investigating, it looks like IP address configuration is stored in /common/configs/cli/zebra.conf, here is an example of what the configuration looks like:

Armed with this knowledge, it was pretty straight forward in developing an automated way of deploying and configuring vShield Manager. I created a script called deployvShieldManager.sh which utilizes guestOpsManagement.pl, vCLI and ovftool. It's recommended that you use vMA and install ovftool to quickly get started. At a high level, the script is doing the following:

  1. Deploy vShield Manager OVA using ovftool
  2. PowerOn vSM and wait 2 minutes for VMware Tools to be ready on the system
  3. Create new zebra.conf, backup the old zebra.conf and upload new zebra.conf using the new vSphere 5 VIX integration
  4. PowerOff vSM to force the configurations to be read in upon next bootup
  5. PowerOn vSM and it is now ready for use

At the top of the script, there are several configuration variables that need to be edited by the user to specify the vSM configuration, including vCenter and ESX(i) host to deploy vSM.

Here is a list of variables that need to be configured at the top of the deployvShieldManager.sh script:

Once you are done updating the variables, you are now ready to execute the script. Before the script performs any changes, it will first prompt the summary of configurations you have specified in the script. Once you are satisfiy, you may than proceed by typing "y" or "yes" to start, or if you would like to cancel, type "n" or "no".

Note: The script will perform some basic validation such as existence of the vShield Manager OVA, ovftool, etc. else you will get an error message and the script will exit.

Next, the script will perform the deployment of vSM using ovftool and proceed with the configuration of vSM once it has been deployed.

Note: If it takes longer to poweron vSM in your environment to get it into a ready state, you may want to tweak the sleep period from 120 seconds (2minutes) to something longer.

At this point, you now should see a new vShield Manager VM deployed and if you take a look at the summary page, you should see the new IP address and hostname configurations.

Now all that is left is to point your browser to the vSM address and you should be prompted to login to vShield Manager management interface.

Instead of manually deploying vShield Manager in your environment, you can now automate the initial deployment and configuration for general use or with VMware vCloud Director. For further automation and configuration of vShield manager, once vSM is online and accessible, you can leverage the vShield REST API.

Cool Undocumented Features in vCloud Director 1.5

by // 6 Comments

While working on the updated script in Automating vCloud Director 1.5 & Oracle DB Installation, I did some digging in my lab deployment and noticed a few interesting things about the new vCloud Director 1.5 installation.

The first thing I noticed after configuring a new Provider vDC and the vCloud Agent (stored in /opt/vmware/vcloud-director/agent) is pushed out to the ESXi 5 hosts, a new esxcli module is added for vCloud Director under /usr/lib/vmware/esxcli-vcloud

There are 6 namespaces that ranges from simple configuration query, network fence management, account manage and also something called "esxvm" which I'll go into a little bit later. I am not sure why this is not in the vCloud Director documentation, I was not able to find any reference to the new esxcli operations. You may also notice the use of legacy "vslauser" (Virtual Software Lifecycle Automation) throughout vCloud Director, even though it was re-written from the ground up, it looks like VMware decided to either keep the name or some of the code related to the service account.

Here is an example of running "esxcli vcloud about get" command:

Here is an example of running "esxcli vcloud fence getfenceinfo" command:

Lastly, here is an example of what "esxvm" namespace provides:

As you can see above, there are two operations: disable/enable support for 64-bit nested virtual machines. This is exactly the same configuration as I blogged about in How to Enable Support for Nested 64bit & Hyper-V VMs in vSphere 5 but using esxcli interface with vCloud Director 1.5. Let's take a look at what happens when we run the "enable64bitnested" operation.

No surprise, we see that it automatically appends the required vhv.allow = "TRUE" flag which enables the support of running nested 64-bit virtual machines within a physical ESXi 5 host.

You might be asking, why is this in vCloud Director? Well if you attended VMworld 2011 or previous VMworlds and took part in the hands on labs, you will know that VMware utilizes vPods or nested ESXi to deploy their labs. I suspect, this functionality was added into vCloud Director so that VMware can easily leverage nested ESXi for hands on labs or vSel deployments just like they did with Lab Manager previously.

While look into this, I recall a very interesting article by Jason Boche - Deploy ESX & ESXi With Hidden Lab Manager 4 Switch in which Jason identifies a hidden flag in the Lab Manager database that enables a special feature in deploying nested ESX(i) VMs including customization through the use of a special version of VMware Tools for ESX(i). I was curious to see if something similar existed in the new vCloud Director that provided similar functionality.

Looking at the SQL install scripts located in /opt/vmware/vcloud-director/db/{oracle/mssql}, I noticed an interesting config called "extension.esxvm.enabled" in NewInstall_Data.sql file

As you can see from the insert statement, by default this value is set to "false" and we can also confirm this after vCloud Director has been installed and configured by querying the database. Let's go ahead and update this value to "true" and let's see what happens. 

Once you have verified the value has been successfully updated, I decide to use the same trick that Jason had identified with the special "Uber Admin Screen" to load the changes. To my surprise, the trick still worked but the page was not super Uber .... To enable the screen, you will need to click on the "About" page and then click CTRL+U (ctr + shift + u), which will toggle the "Uber Admin Screen".

The available options are quite limited as you can see but there are some new hidden options such as a new debug and console toggle. When you enable these options, you will see them at the bottom right of your screen including a counter of the amount of memory being used for your vCloud Director deployment.

After toggling the hidden database feature, I was not able to see any additional pages relating to nested ESXi hosts, even after restarting vCloud Director. Through some testing, I found that the "extension.esxvm.enabled" actually controlled whether or not nested 64bit VM was enabled when the vCloud Agent was pushed out to ESXi 5 hosts. Instead of manually adding vhv.allow = "TRUE" or using esxcli vcloud esxvm enable64bitnested, vCloud Director will automatically configure the ESXi hosts for you. I still suspect there is probably a hidden interface in managing vESXi hosts and leveraging a specialized version of VMware Tools to automate the deployment of nested ESXi, but I have not found out yet.

UPDATE: Take a look at this blog post for the full details on building your own vSEL - The Missing Piece In Creating Your Own Ghetto vSEL Cloud

Automating vCloud Director 1.5 & Oracle DB Installation

by // 6 Comments

Here is an update to my vCloud Director 1.0 & Oracle Express Database installation script to include support for the new vCloud Director 1.5. There were a few slight modification I had to make as the new installer had an additional question around the type of database to use and there were also some path changes that had to be handled for the new version of vCloud Director. I also added support for vCloud Director 1.0.1 and have functionally tested all three version of vCloud Director with the use of a local Oracle Express Database.

It is important to note, the script is merely to help users quickly get vCloud Director setup for testing and evaluational purposes. For actual production/development deployment, I would recommend you go through the actual installer and using a remote database versus a local embedded. This script only deals with vCloud Director, you will still need to manually setup things like vShield or other products that you wish to use with vCloud Director.

One question I have gotten quite a bit is about setting up the initial vCloud Director Linux virtual machine prior to running the vCloud Director application installation script. The following outlines the steps in building out a CentOS virtual machine using network based installation.

You will need to download the following:

Step 1 - Create a new 64bit virtual machine

  • Select "Custom" Configuration
  • Name your vCD Virtual Machine
  • Select Datastore
  • Select Virtual Machine Version 7 or 8 depending on version of vSphere
  • Select "Linux" and "Red hat Enterprise Linux 5 (64-bit)" as Guest Operating System type
  • Select the number of vCPU to be configured
  • Select the amount of vMem to be configured
  • Select 2 vNICs for the Virtual Machine and configure both on the same network
  • Select the SCSI Controller (used defaults)
  • Create a new Virtual Disk and configure the size

Step 2 - Power On the blank virtual machine

Step 3 - Attach the CentOS-5.5-x86_64-netinstall.iso to the vCD virtual machine and press CTRL+ALT+INSERT to reboot the system

Step 4 - When you see the "boot" prompt, just hit enter or wait for it load

Step 5 - Select language of choice

Step 6 - Select keyboard type:

Step 7 - Select installation type "FTP"

Step 8 - Select "eth0" which will be used for the initial connection to go out to the internet to pull in the CentOS image

Step 9 - Select "Manual Configuration" for eth0

Step 10 - Assign the appropriate IP Address for eth0

Step 11 - Select an FTP mirror from here to perform network based installation, in this example, I'm using one from UCSB where FTP Site name is "ftp.cs.ucsb.edu" and the CentOS Directory is "mirrors/centos/5.5/os/x86_64"

Step 12 - If successful, it should start retrieving the image

Step 13 - Click "Next" to start the installation

Step 14 - Select "Yes" to create new partition

Step 14 - Click "Next" to continue

Step 15 - Click "Yes" to clear all partitions

Step 16 - Verify network configuration for eth0, leave eth1 as uncheck, this will be configured per the vCloud Director Installation Script

Step 17 - Configure your timezone

Step 18 - Configure your root password

Step 19 - Select "Server" installation type and click "Next"

Step 20 - Click "Next" to start the installation and you can now sit back and relax

Step 21 - Once the system has completed, you will need to click on "Reboot"

Step 22 - SSH to the system and run "ifconfig eth0" and "ifconfig eth1" and eth0 should be configured since you are able to login into it and eth1 should not be configured with anything

Step 23 - You need to upload the vCloud Directory binary, Oracle Express RPM and the vCD setup script and response file

Step 24 - You will need to edit the vcd.rsp to setup you wish to deploy, here is an example of deploying vCloud Director 1.5 using Oracle 11g database

Step 25 - Start installation of vCloud Director + Oracle Express database using vcd_setup.sh script

Note: For more details on what is going on during the installation, please take a look here

Step 26 - Assuming you followed the directions, in about 10-15minutes you should get a successful message on the installation of vCloud Director and now be able to point your browser to your vCD system