PowerCLI – Page 50

How to run a Docker Container on the vCenter Server Appliance (VCSA) 6.5?

10.24.2016 by William Lam // 8 Comments

One of the most notable changes in the vCenter Server Appliance (VCSA) in vSphere 6.5 is a switch of the underlying OS from SLES to VMware's very own Photon OS. With this change, VMware will now own the entire software stack within the VCSA (OS + Application). This will allow VMware to quickly respond and deliver OS and security updates to customers at a much quicker rate than it was possible before.

During my testing of the VCSA, I had a need to spin up a Docker Container. Given that the VCSA is now Photon OS based, this should be a pretty trivial thing to enable as it is with a standalone installation of Photon OS. After a bit of trial/error, I found what was needed to get this working on the VCSA. Before jumping into the solution, I should say that this is really for lab and educational purposes. In general, I would NOT recommend installing additional software on the VCSA, not only is this NOT supported by VMware but you may also potentially be impacting your vCenter Server by taking resources away from the main application. It is possible to constrain the amount of resources (CPU/Memory) allocated to the Docker Container, please refer to this resource for more information.

For smaller customers, the argument is that I can just run everything on a single system but in reality there are many benefits to having a separate management VM which can be Photon OS or any other OS that your organization supports. You can install additional management tools/scripts and you would not be artificially limited by the VCSA's environment which is really locked down to what is absolutely needed to run the vCenter Server application and its services.

Disclaimer: This is not officially supported by VMware, please use at your own risk.

Given that PowerCLI Core (Linux and Mac OS X) was just recently released, which also includes a Docker Container, I figure this would be a nice example to start with as I know a few of you have asked about this possibility 🙂

Step 1 - Install Docker by running the following command (you will need access to the internet either direct or proxy access from the VCSA)

tdnf -y install docker

Step 2 - Load the following kernel module which will allow us to start the Docker client by running the following command:

insmod /usr/lib/modules/$(uname -r)/kernel/net/bridge/bridge.ko

Note: The above command does not persist across reboots. If you would like to persist this configuration, please refer to the instructions at the very bottom.

Step 3 - Enable and start the Docker Client by running the following command:

systemctl enable docker
systemctl start docker

Step 4 - Pull down the PowerCLI Core Docker Image from Docker Hub by running the following command:

docker pull vmware/powerclicore

Step 5 - Start the PowerCLI Core Docker Container by running the following command:

docker run --rm -it --entrypoint='/usr/bin/powershell' vmware/powerclicore

As you can see from the screenshot above, you now have PowerShell and the PowerCLI module loaded running as a Docker Container on the VCSA 🙂 You can apply this to any Docker Container that you have created or pulling it directly from Docker Hub. If you prefer to build the PowerCLI Core Docker Container from the Dockerfile, you simply just need to download and extract the PowerCLI Core zip file onto the VCSA and then run the following command:

docker build -t vmware/powercli .

How to persist bridge module load across reboots:

Step 1 - Edit /etc/modprobe.d/modprobe.conf and remove the "install bridge /bin/false" entry.

Step 2 - Create a new file called /etc/modules-load.d/bridge.conf which contains the word "bridge" (no quotes). When the system boots up, it will iterate through all the module configuration file and load the respective modules. The bridge module is what is needed to start the Docker Daemon.

PowerCLI Core is now available on Docker Hub!

10.19.2016 by William Lam // 8 Comments

The much anticipated PowerCLI Core was just released this week as a VMware Fling which allows you to run PowerCLI on Linux, Mac OS X or even as a Docker Container. This is HUGE if you ask me, especially for customers who would like the benefits of PowerCLI and not be forced to use a Windows system which it traditionally had required.

I personally have been using PowerCLI Core for quite some time now on my Mac OS X and the experience is exactly the same as you would find it on its Windows counterpart. The Docker Container is also a another great way to consume PowerCLI Core and I also use that quite frequently as well. One thing I felt that would make the Docker Container even easier to consume for those looking to do something really quick in PowerCLI or what I call "Just In time PowerCLI access" is to be able to quickly pull it down from Docker Hub rather than having to download bunch some files and then manually build it yourself (not that it is complicated) but sometimes speed is the game.

I had posted a tweet earlier this morning and literally a few hours later, my good friend Alan Renouf delivered the goods! In addition, you will also find that the new version of PowerCLI Core Docker Container is now using Photon OS image rather than Ubuntu as it previously did.

Asked for @PowerCLI Core to be hosted on @Docker Hub & the MAN (@alanrenouf)) delivers!

docker pull vmware/powerclicore pic.twitter.com/4VpoDZJNc9

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) October 19, 2016

In addition to the three methods of consuming PowerCLI Core, you also now find it hosted on Docker Hub: https://hub.docker.com/r/vmware/powerclicore/

UPDATE (01/03/17) - It looks like PowerNSX is now also included with PowerCLI Core. To use PowerNSX, simply import it by running the following command: Import-Module PowerNSX and you will now have access to the PowerNSX cmdlets! Nice job to the PowerNSX guys for making this possible for our customers!

To access PowerCLI Core from Docker Hub, you simply just need a system installed with the Docker Client (Windows, Linux or Mac OS X) running or you can even use VMware's Photon OS which comes with Docker by default and following the instructions below:

Step 1 - Pull the PowerCLI Core image from Docker Hub by running the following command:

docker pull vmware/powerclicore

Step 2 - Run the PowerCLI Core Docker Container by running the following command:

docker run --rm -it --entrypoint='/usr/bin/powershell' vmware/powerclicore

It is literally that easy to access PowerCLI from ANY platform at ANY time! 😀

Step 3 - If you are using a self-signed certificate, you will need to run the following command below before you can call the Connect-VIServer cmdlet:

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

How to tell if an ESXi host is a VSAN Witness Virtual Appliance programmatically?

09.26.2016 by William Lam // Leave a Comment

I had received this question awhile back but I was only able to get to it recently. If you are not familiar with the VSAN Witness Virtual Appliance and its purpose, Cormac Hogan did an excellent write-up on the topic which you can find it here.

The reason this question came up was that if you were to simply iterate over all ESXi hosts within your vSphere Inventory from an Automation standpoint, you might find a mix of regular ESXi hosts and potentially this new VSAN Witness Virtual Appliance which is basically an ESXi host that runs in a VM (e.g. Nested ESXi). Although, it may look and feel like a regular ESXi host, it is not and the question was how might you go about distinguishing between the two? You can of course setup specific naming standards, folder structure or separate datacenter objects, but you still may accidentally retrieve a VSAN Witness host without even realizing it.

One quick solution is to check for a specific ESXi Advanced Setting called Misc.vsanWitnessVirtualAppliance which will return a value of 1 if it is the VSAN Witness Appliance. Here is a quick PowerCLI snippet which demonstrates how you can access this property:

$vmhost = Get-VMHost -Name 192.168.1.115
Get-AdvancedSetting -Entity $vmhost -Name Misc.vsanWitnessVirtualAppliance

Although the method described above is one quick way to easily identify whether an ESXi host is a VSAN Witness Appliance, it is also limited in the information that it provides you. Another approach is to actually use the new VSAN 6.2 Management API and specifically the Stretched Clustering System APIs to retrieve the associated VSAN Witness host for a given VSAN Cluster. Not only will you get more information about the specific ESXi host providing the VSAN Witness functionality which will allow you to correlate back to your vSphere Inventory, but you will also get additional VSAN Witness configuration such as the preferred Fault Domain, Node UUID and the VSAN Cluster that it is associated with for example.

Here is a quick VSAN Management SDK for Python sample script that I had created called vsan-stretched-cluster-system-sample.py which implements the VSANVcGetWitnessHosts() API method. The script prints out a few of the WitnessHostInfo properties as shown in the screenshot below.

One other option is if you simply just want to know if a given ESXI host is a VSAN Witness host or not, there is also the VSANVcIsWitnessHost() API that simply returns a boolean value. This might useful if you just have a list of ESXi hosts retrieved through the vSphere API and no knowledge of the underlying VSAN Clusters.