Automation – Page 159

How to run a Docker Container on the vCenter Server Appliance (VCSA) 6.5?

10.24.2016 by William Lam // 8 Comments

One of the most notable changes in the vCenter Server Appliance (VCSA) in vSphere 6.5 is a switch of the underlying OS from SLES to VMware's very own Photon OS. With this change, VMware will now own the entire software stack within the VCSA (OS + Application). This will allow VMware to quickly respond and deliver OS and security updates to customers at a much quicker rate than it was possible before.

During my testing of the VCSA, I had a need to spin up a Docker Container. Given that the VCSA is now Photon OS based, this should be a pretty trivial thing to enable as it is with a standalone installation of Photon OS. After a bit of trial/error, I found what was needed to get this working on the VCSA. Before jumping into the solution, I should say that this is really for lab and educational purposes. In general, I would NOT recommend installing additional software on the VCSA, not only is this NOT supported by VMware but you may also potentially be impacting your vCenter Server by taking resources away from the main application. It is possible to constrain the amount of resources (CPU/Memory) allocated to the Docker Container, please refer to this resource for more information.

For smaller customers, the argument is that I can just run everything on a single system but in reality there are many benefits to having a separate management VM which can be Photon OS or any other OS that your organization supports. You can install additional management tools/scripts and you would not be artificially limited by the VCSA's environment which is really locked down to what is absolutely needed to run the vCenter Server application and its services.

Disclaimer: This is not officially supported by VMware, please use at your own risk.

Given that PowerCLI Core (Linux and Mac OS X) was just recently released, which also includes a Docker Container, I figure this would be a nice example to start with as I know a few of you have asked about this possibility 🙂

Step 1 - Install Docker by running the following command (you will need access to the internet either direct or proxy access from the VCSA)

tdnf -y install docker

Step 2 - Load the following kernel module which will allow us to start the Docker client by running the following command:

insmod /usr/lib/modules/$(uname -r)/kernel/net/bridge/bridge.ko

Note: The above command does not persist across reboots. If you would like to persist this configuration, please refer to the instructions at the very bottom.

Step 3 - Enable and start the Docker Client by running the following command:

systemctl enable docker
systemctl start docker

Step 4 - Pull down the PowerCLI Core Docker Image from Docker Hub by running the following command:

docker pull vmware/powerclicore

Step 5 - Start the PowerCLI Core Docker Container by running the following command:

docker run --rm -it --entrypoint='/usr/bin/powershell' vmware/powerclicore

As you can see from the screenshot above, you now have PowerShell and the PowerCLI module loaded running as a Docker Container on the VCSA 🙂 You can apply this to any Docker Container that you have created or pulling it directly from Docker Hub. If you prefer to build the PowerCLI Core Docker Container from the Dockerfile, you simply just need to download and extract the PowerCLI Core zip file onto the VCSA and then run the following command:

docker build -t vmware/powercli .

How to persist bridge module load across reboots:

Step 1 - Edit /etc/modprobe.d/modprobe.conf and remove the "install bridge /bin/false" entry.

Step 2 - Create a new file called /etc/modules-load.d/bridge.conf which contains the word "bridge" (no quotes). When the system boots up, it will iterate through all the module configuration file and load the respective modules. The bridge module is what is needed to start the Docker Daemon.

How to check the size of your Config & SEAT data in the VCDB in vPostgres?

10.20.2016 by William Lam // 2 Comments

After publishing my article on how to check the size of your vCenter Server's Configuration and Stats, Events, Alarm & Tasks (SEAT) data for both a Microsoft SQL Server and Oracle based database, I had received a few requests for doing the same for the vPostgres database which the vCenter Server Appliance (VCSA) uses exclusively. Thanks to one of our Engineers who works on the VCDB, I was able to quickly get the relevant SQL query to perform the exact same lookup as the other two databases.

Since the VCSA is harden and locked down by default, being able to remotely retrieve this information will actually require some additional configuration changes to your VCSA which may or may not be acceptable. Because of this constraint, I will provide two options in how you can perform this SQL query.

The first option (easy) will be running the SQL query directly from within the VCSA. You just need SSH access and no other information or credentials will be required. The second option (complex) will be to remotely connect to the vPostgres database (generally not recommend) which will require the VCDB's credentials which I will show you how to retrieve. Lastly, I want to quickly mention that in the upcoming vSphere 6.5 release, this information will be super easy to view not only from a UI but also API as shown in tweet below.

Want to see breakdown of your vCenter Server Database in the VCSA? You can now using either UI or API within VAMI interface!#vSphere65 pic.twitter.com/htOzb93aei

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) October 18, 2016

Option 1:

Step 1 - Download the following shell script called queryVCDBvPostgres.sh which contains the respective VCDB SQL query.

Step 2 - SCP the shell script to your VCSA and then login via SSH.

Step 3 - Run the following command to make the script executable:

chmod +x queryVCDBvPostgres.sh

Step 4 - Run the script by issuing the following command:

./queryVCDBvPostgres.sh

Here is a screenshot of what you should see which is a break down of your Config + SEAT data:

Option 2:

Step 1 - Login to the VCSA using SSH.

Step 2 - Edit /storage/db/vpostgres/postgresql.conf and add the following entry:

listen_addresses = '*'

This will allow vPostgres to be connected to from any address or if you want to restrict it to a specific IP, you can also just specify that.

Step 3 - Edit /storage/db/vpostgres/pg_hba.conf and add the following entry:

host all all 172.30.0.0/24 md5

Similiar to the previous configuration, you can either specify a network range using CIDR notation or a specific IP Address.

Step 4 - Edit /etc/vmware/appliance/firewall/vmware-vpostgres and replace it with the following entry:

{
  "firewall": {
     "enable": true,
        "rules": [
        {
          "direction": "inbound",
          "name": "vpostgres_external",
          "port": "5432",
          "portoffset": 0,
          "porttype": "dst",
          "protocol": "tcp"
        }
     ]
  },
  "internal-ports": {
    "rules": [
      {
        "name": "server_port",
        "port": 5432
      }
    ]
  }
}

This will open up the VCSA's firewall to allow remote connections to the vPostgres port which the default is 5432.

Step 5 - Next, we need to reload the firewall configuration by running the following command:

/usr/lib/applmgmt/networking/bin/firewall-reload

Step 6 - We can verify by running the following command:

iptables -L | grep postgres

Here is a screenshot of what you should see as the output:

Step 7 - Lastly, we need to restart the vPostgres service by running the following command:

service vmware-vpostgres restart

Step 8 - To verify that you can now remotely connect to the vPostgres DB, run the following command:

netstat -anp | grep LISTEN | grep tcp | grep 5432

Here is a screenshot of what you should see as the output:

At this point, you have now enabled remote connections to the VCSA's vPostgres DB. The next step is to retrieve the VCDB credentials which you will do so using a PowerShell script that I have written to perform the remote SQL query. This will also require that you setup an ODBC connection on your client system to communicate with the vPostgres DB. Please have a look here for more information on how to setup the ODBC connection.

Step 9 - Login to VCSA via SSH and then look at the /etc/vmware-vpx/vcdb.properties and you should see the password to your VCDB. Go ahead and record this some where as you will need it in the next step. The username for the DB will be vc which you can also make a note of.

Step 10 - Download the following PowerShell script called Get-VCDBUsagevPostgres.ps1 and provide the connection details that you retrieved in Step 9. If everything was properly configured, you can run the PowerShell script and it should produce a similiar output as shown in the screenshot below.

PowerCLI Core is now available on Docker Hub!

10.19.2016 by William Lam // 8 Comments

The much anticipated PowerCLI Core was just released this week as a VMware Fling which allows you to run PowerCLI on Linux, Mac OS X or even as a Docker Container. This is HUGE if you ask me, especially for customers who would like the benefits of PowerCLI and not be forced to use a Windows system which it traditionally had required.

I personally have been using PowerCLI Core for quite some time now on my Mac OS X and the experience is exactly the same as you would find it on its Windows counterpart. The Docker Container is also a another great way to consume PowerCLI Core and I also use that quite frequently as well. One thing I felt that would make the Docker Container even easier to consume for those looking to do something really quick in PowerCLI or what I call "Just In time PowerCLI access" is to be able to quickly pull it down from Docker Hub rather than having to download bunch some files and then manually build it yourself (not that it is complicated) but sometimes speed is the game.

I had posted a tweet earlier this morning and literally a few hours later, my good friend Alan Renouf delivered the goods! In addition, you will also find that the new version of PowerCLI Core Docker Container is now using Photon OS image rather than Ubuntu as it previously did.

Asked for @PowerCLI Core to be hosted on @Docker Hub & the MAN (@alanrenouf)) delivers!

docker pull vmware/powerclicore pic.twitter.com/4VpoDZJNc9

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) October 19, 2016

In addition to the three methods of consuming PowerCLI Core, you also now find it hosted on Docker Hub: https://hub.docker.com/r/vmware/powerclicore/

UPDATE (01/03/17) - It looks like PowerNSX is now also included with PowerCLI Core. To use PowerNSX, simply import it by running the following command: Import-Module PowerNSX and you will now have access to the PowerNSX cmdlets! Nice job to the PowerNSX guys for making this possible for our customers!

To access PowerCLI Core from Docker Hub, you simply just need a system installed with the Docker Client (Windows, Linux or Mac OS X) running or you can even use VMware's Photon OS which comes with Docker by default and following the instructions below:

Step 1 - Pull the PowerCLI Core image from Docker Hub by running the following command:

docker pull vmware/powerclicore

Step 2 - Run the PowerCLI Core Docker Container by running the following command:

docker run --rm -it --entrypoint='/usr/bin/powershell' vmware/powerclicore

It is literally that easy to access PowerCLI from ANY platform at ANY time! 😀

Step 3 - If you are using a self-signed certificate, you will need to run the following command below before you can call the Connect-VIServer cmdlet:

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false