Uncategorized – Page 42

Detecting ESXi Remote Syslog Connection Error Using a vCenter Alarm

07.27.2012 by William Lam // 6 Comments

I was just cleaning up one of my development labs and found that one of my VCSA (vCenter Server Appliance) which I had configured with vSphere Syslog Collector was no longer capturing logs for several of my ESXi hosts. After looking at some of the ESXi logs, I realized that I had rebooted the VCSA at one point and that caused an interruption in syslog forwarding and then knew immediately that I just needed to reload the syslog configuration via ESXCLI as noted in this VMware KB to restore log forwarding.

After restoring my syslog configurations, I had remembered a neat little trick I learned from one of the VMware TAMs about creating a vCenter Alarm to alert you when an ESXi host is no longer able to reach a remote syslog server. I thought this might be very handy alarm to have in your vCenter Server in case you hit a similar issue or having some connectivity issues with your syslog servers. By default, there is not an event on syslog connectivity but you can create a vCenter Alarm based on an eventId which shows up as "esx.problem.vmsyslogd.remote.failure" in both /var/log/hostd.log as well as /var/log/vobd.log.

Now that we know the eventId, we just need to create a vCenter Alarm which will notify us when it has a connectivity issue with it's configured syslog server.

Step 1 - Create a new alarm, in this example I am calling it "Syslog Connection Error" and you will need to specify the Alarm Type as "Host" and monitor for a specific event.

Step 2 - Next, click on Triggers and we will go ahead and paste in our eventId which is "esx.problem.vmsyslogd.remote.failure"

Step 3 - Lastly, you can configure an Action, if you wish to send an SNMP trap, run a command or send an email notification. In this example, we are just going to generate a regular vCenter Alarm event, so go ahead and just click OK to save the alarm.

To test the alarm, I just disabled the syslog-collector on the VCSA using "service syslog-collector stop" and you should see an alarm generate for any ESXi hosts forwarding it's logs to that particular syslog server.

So now when your ESXi hosts can not reach it's syslog server, you will automatically be notified and can look into the problem immediately. Now having an alarm is great ... but you might be wondering what about the need to reload the syslog configuration on all your ESXi hosts to restore syslog forwarding? This can definitely be a challenge/annoying, especially if the syslog server's connectivity is returned after some amount of time and you have hundreds of hosts.

Well luckily, you no longer have to worry about this, with the latest ESXi 5.0 patch03 that was just released, this problem has been addressed and ESXi syslog daemon will automatically start forwarding logs once connectivity has been restored to the syslog server. It is still definitely recommended that you have more than one syslog server in your environment and that they are properly being monitored. Also, do not forget with ESXi 5.0 you can now configure more than one remote syslog server, for more details take a look at this article here.

Note: After applying the patch, you will no longer be able to generate an alarm based on the eventId for syslog when using UDP. You will see something like "Hostd [290D5B90 verbose 'SoapAdapter'] Responded to service state request" in the hostd.log. The alarm will only be valid if you're using TCP or SSL protocol for syslog which have not been patched with latest p03.

If you are looking for a quick way to reload your syslog configurations, you can easily write a simple for loop to reload your ESXi hosts using the remote ESXCLI:

Here is another example using PowerCLI in-conjunction with ESXCLI:

Inactivity Timeout for the vSphere C# Client

07.08.2012 by William Lam // 2 Comments

I recently came across an interesting VMTN thread in which I learned about a neat little feature that allows a user to configure an inactivity timeout for the vSphere C# Client. Once the timeout value has been reached, the vSphere Client will automatically disconnect from the server(vCenter 5.0 or ESXi 5.0 Server). This feature looks to have been introduced with the release of vSphere 5 and was noted in thick-client-timeout guideline in recent release of the vSphere 5 Security Hardening Guide to help reduce the risk of unauthorized access.

There are two methods you can configure the inactivity timeout value:

Command-line argument to vSphere Client executable
vSphere Client configuration file (VpxClient.exe.config)

To configure using the command-line argument, locate the vSphere Client executable on your desktop and right click and select properties. You will need to add -inactivityTimeout X, where X is the number of minutes before the vSphere Client will automatically disconnect from the server.

To configure using the vSphere Client configuration file, you will need to locate the VpxClient.exe.config (thanks to user regnak2012 for identifying the required XML entry).

Depending on whether you are running a 32bit or 64bit WindowsOS, they will be located in one of the two places:

32bit - %PROGRAMFILES%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher
64bit - %PROGRAMFILES(x86)%\VMware\Infrastructure\Virtual Infrastructure Client\Launcher

Next, you will need to right click on VpxClient.exe.config and edit the file using an editor such as notepad. Add the following entry right above the cmdlineFallback, where X is the number of minutes for the timeout value and save then save the file.

To validate that inactivity timeout value works, just connect to either a vCenter Server 5.0 or ESXi 5.0 Server and wait for it to disconnect after the timeout value has been violated. In this example, I configured it for 1 minute and you should see the following screen below once it has disconnected.

Since this feature is client side only, a user can easily change or update this timeout value. One option to guarantee this configuration is by ThinApp-ing your vSphere Client, this way you can control who has access and what the inactivity timeout should be. This can really help when it comes to auditing client side system.

While looking into the vSphere Client options, I also came across a few others that are not documented but might come in handy.

Disclaimer: These are not officially supported by VMware, please use at your own risk.

Ignore Certificate - If you have a self-signed SSL certificate when you first connect to an ESX(i) or vCenter Server, you probably have seen the following:

You can automatically ignore this message by specifying the -i command-line option OR add in the VpxClient.exe.config file.

Expand Inventory - If you want to have your entire vSphere inventory automatically expanded out for you each time you login (this may not be a good idea for very large environments) you can specify -expAll command-line option OR add in the VpxClient.exe.config file.

Disable All vSphere Plugins - If you want to prevent any vSphere Plugins from loading, you can specify -noPlugins command-line option OR add in the VpxClient.exe.config file.

How to Change the Splash Screen In vMA

06.29.2012 by William Lam // 1 Comment

To customize the default splash screen on vMA 5.x, you just need to edit /opt/vmware/etc/isv/welcometext which contains the version of vMA and the management URL as the default.

In addition to adding your own custom text, there are a few special variables that can use within the file and they should all be pretty self-explanatory:

${app.name}
${app.version}
${app.ip}
${app.url}
${vami.port}
${vami.url}

Here is an example of custom welcometext file:

This is a message on the vMA Splash Screen!
visit www.virtuallyghetto.com

Here are some default variables you can use:

app.name = ${app.name}
app.version = ${app.version}
app.ip = ${app.ip}
app.url = ${app.url}
vami.port = ${vami.port}
vami.url = ${vami.url}

The vami_login script is what controls the splash screen display and for the changes to take effect, you will need to restart the process. To do so, you just need to kill the current vami_login process and it will automatically respawn.

sudo kill $(ps -ef | grep vami_login | grep -v grep | awk '{print $2}')

Here is a screenshot of what the splash screen looks like after modifying the welcomtext file:

If you are interested in customizing other parts of vMA such as the MOTD (message of the day) which is the text that would be dispalyed upon a successful login, you can edit /etc/motd file. If you are interested in customizing the banner during an SSH connection, you can edit /etc/ssh/banner.