WilliamLam.com

Automating VCSA 5.1 (vCenter Server Appliance) Configurations

by // 15 Comments

If you have seen my previous article on Automating VCSA (vCenter Server Appliance) 5.0, you will notice the existing script will not work on latest VCSA 5.1, without a minor tweak. The reason for this is due to the new vCenter SSO (Single Sign-On) configuration that is now part of the initial setup.

Note: If you would like to learn more about the new vCenter SSO, I would recommend you take a look at the What's New vCenter Server 5.1 whitepaper.

Luckily, the change is quite simple and in the example below, you will be configuring vCenter Server SSO to run in the embedded mode on the VCSA. I have also enhanced the script to include the joining of an Active Directory domain if you wish to have the VCSA backed by AD.

Disclaimer: This is for educational purposes only, this is not officially supported by VMware. Please test this in a development environment before using it on actual systems.

Here is a script with the minimal commands needed for running an embedded configuration:

#!/bin/bash

# User Configurations
JOIN_AD=0
AD_DOMAIN=primp-industries.com
AD_USER=administrator
AD_PASS=mysupersecurepassword
VCENTER_HOSTNAME=vcenter51-1.primp-industries.com

## DO NOT EDIT BEYOND HERE ##

echo "Accepting EULA ..."
/usr/sbin/vpxd_servicecfg eula accept

if [ ${JOIN_AD} -eq 1 ]; then
        echo "Configuring vCenter hostname ..."
        SHORTHOSTNAME=$(echo ${VCENTER_HOSTNAME} |  cut -d. -f1)
        /bin/hostname ${VCENTER_HOSTNAME}
        echo ${VCENTER_HOSTNAME} > /etc/HOSTNAME
        sed -i "s/localhost.localdom/${VCENTER_HOSTNAME}/g" /etc/hosts
        sed -i "s/localhost/${SHORTHOSTNAME}/g" /etc/hosts

        echo "Configuring Active Directory ..."
        /usr/sbin/vpxd_servicecfg ad write "${AD_USER}" "${AD_PASS}" ${AD_DOMAIN}
fi

echo "Configuring Embedded DB ..."
/usr/sbin/vpxd_servicecfg db write embedded

echo "Configuring SSO..."
/usr/sbin/vpxd_servicecfg sso write embedded

echo "Starting VCSA ..."
/usr/sbin/vpxd_servicecfg service start

Note: By default the script will not join an AD domain, you will need to change the JOIN_AD variable to 1 and ensure you specify all the Active Directory configurations including the FQDN of your vCenter Server as this is required for properly join your VCSA to your AD domain. If you choose to join an AD domain, make sure you have proper forward/reverse DNS configured on the VCSA and you will also need to reboot the VCSA for the changes to take effect.

To run the script remotely (you do not need to copy it to VCSA), use the following command:

# ssh root@[vcsa-ip] < configureVCSA.sh

You can now quickly deploy and configure your VCSA in just minutes versus spending 5-10 minutes clicking around and waiting for the web interface. Once you have tried this script, you will never go back to manually configuring the VCSA using the web interface!

Project Nanosphere

by // 5 Comments

The #NotSupported event at the VMworld Community Lounge ended with a very special presentation by our very own Randy Keener about a project that a few VMware engineers have been working on called Nanosphere. For those of you who could not make the session or attend VMworld this year, here is some additional information about what Project Nanosphere is all about.

What is Nanosphere?

First off, Nanosphere is not a product, it is a proof-of-concept. The idea is to make ESXi easier to deploy and manage for non-technical users in small environments (SOHO, remote/branch office, family) to get the same benefits of virtualization that enterprises have. Nanosphere provides an ultra-lightweight management layer on top of an ESXi host that will offer a basic set of features including self-configuration, VM provisioning, VM lifecycle management, and console access.Today, connecting to a VM console typically requires both server-side dependencies (a VDI broker, a Windows stack, or specialized guest customization) and client side dependencies (installing a special ActiveX browser plugin that works only on Windows, and only in IE or Firefox browsers). By deploying WSX on ESXi, it makes it possible to connect to any VM (any guest OS) with any modern browser (e.g. including iPad) without any special software.

What can Nanosphere do?

  • Network auto-configuration
    • Automatic network configuration without ever typing an IP address
  • Web Management Interface
    • Provision, Delete, Power On/Off Virtual Machines with pure HTML5 interface
  • Console access without special apps or plugins
  • Dead-simple installation
    • Just install a tiny VIB onto any ESXi host and you’re good to go. The VIB can also be integrated into a vanilla ESXi ISO image
During Randy’s session, a demo of the network autoconfiguration of Nanosphere and its web interface was given and here is how it works.Assuming you have a simple cable-model-like setup:

  1. The physical host has ESXi and Nanosphere installed.
  2. You "unbox" it (take it home from Staples) and plug it in on your home LAN, headless.
  3. It gets DHCP but you have no idea what the address is because it's headless.
  4. Nanosphere "phones home" to a broker running at nanosphere.cloudfoundry.com (custom application written on Cloudfoundry) to report its local LAN address (e.g. '192.168.0.4') and its UUID. The broker also records the WAN address.
  5. You use a plain browser on any device on the same LAN - we used an iPad - to connect to the same broker. It matches the WAN addresses and redirects the browser to the Nanosphere’s LAN address.
Here are a few screenshots of the Nanosphere web interface:

What's next for Nanosphere?

As mentioned earlier, nanosphere is still a proof-of-concept but the VMware engineers have some interesting ideas on where it could go and would love to get your feedback if the following use cases interests you.

  • Early adopters and hobbyists playing with ESXi for fun
  • VARs delivering Nanosphere-based servers in selected vertical markets
  • Nanosphere-based appliances delivering NAS and media streaming
  • Nanosphere-based servers for developing markets and nonprofit organizations
  • Hybrid public/Nanosphere clouds with bidirectional app portability
  • OEMs delivering Nanosphere-based servers through a retail channel
  • Value-added services like cloud backup and remote admin (including VMware GO)
Other work includes tracking ongoing WSX improvements. If any of these use cases interests you, please leave a comment below or if you have other ideas/feedback for Nanosphere, feel free to leave a comment as well.I think the Nanosphere project is a really cool initiative and hopefully we will get to see more in the future. I wanted to also give a big thanks to folks who worked on the Nanosphere project and made it possible to show off at the #NotSupported event: Steve Strassmann (VMware Staff Engineer), Shivam Tiwari (VMware Intern) and of course Randy Keener (VMware TechOps) for presenting on Project Nanosphere!

How to Enable Nested ESXi & Other Hypervisors in vCloud Director 5.1

by // 5 Comments

The process to enable  "Nested Virtualization" in the latest release of vCloud Director 5.1 and create your own virtual lab similar to VMware's vSEL (Virtual Sales Enablement Cloud) is very similar to the previous steps outlined for vCloud Director 1.5 release. The only change is how VHV (Virtual Hardware-Assisted Virtualization) aka "Nested Virtualization" is enabled in vCloud Director 5.1 and ESXi 5.1.

In the vCloud Director 1.5, to enable VHV, you needed to add a special SQL statement that would enable VHV for the underlying ESXi 5.0 hosts. With the latest release of vCloud Director 5.1, that is no longer necessary and you now enable it on a Per VM basis within the vCloud Director 5.1 UI.

Here are the steps for enabling VHV for vCloud Director 5.1

  • Insert SQL statements into VCD Database that perform the following:
    • Enable new "VMware" guestOS Family
    • Enable new guestOS Type ESXi 4.x and 5.x
    • Enable host preparation to enable VHV (vSphere 5.0 & vCloud 1.5 only)
  • Enable promiscuous mode
    • Insert SQL statement into VCD Database for Network Pool that is being used for your ESXi VMs
    • Enable both Promiscuous Mode and Forged Transmit for vSphere Backed Portgroup within vCenter Server or ESXi host

The SQL statements can be found in this article and have not changed for vCloud Director 5.1

Here is a screenshot of what you should see in the vCloud Director 5.1 UI for creating a new VM and you should now have the ability to select a new guestOS Type called "VMware" and select either an ESXi 4.x or ESXi 5.x guestOS Version.

To enable VHV for the VM, you will need to also check the box "Exposed hardware-assisted CPU virtualization to guestOS" and this will allow you to run a nested ESXi VM as well as 64-bit nested VMs, assuming your physical CPUs support it. To learn more about running VHV on ESXi 5.1, take a look at this article here for more details.