VCSA – Page 36

Easily manage ESXi & VCSA SSH login banner & MOTD in vSphere 6.0

02.27.2015 by William Lam // 3 Comments

For customers who have a requirement to configure an SSH login banner and/or message of the day (MOTD) for ESXi or vCenter Server, this usually meant manually editing the /etc/issues (login banner) and /etc/motd (MOTD) configuration files. In vSphere 6.0, this has now been simplified by providing vSphere APIs to allow administrators to easily view and configure SSH login banner and MOTD for both ESXi and VCSA (this does not apply to vCenter Server for Windows).

For ESXi, there are two new ESXi Advanced properties called Config.Etc.issue and Config.Etc.motd and this can also be viewed and edited using the vSphere Web/C# Client as seen in the screenshot below:

For vCenter Server, there are also two new Advanced Options called etc.issue and etc.motd which can also be viewed and edited using the vSphere Web/C# Client as seen in the screenshot below:

What's Displayed

The /etc/issues displays a banner during an SSH login session, this means that you will see the message during the login as highlighted in the screenshot below:

The /etc/motd displays a banner after a successful SSH login as highlighted in the screenshot below:

How to Automate

You can use both the vSphere API/CLI to modify the issues and motd configurations. In the examples below, I will be using PowerCLI to demonstrate retrieving and setting the two properties.

Retrieve /etc/issues for VCSA

Get-AdvancedSetting -Entity $vc -Name "etc.issue" | Format-List

Set /etc/issues for VCSA

$msg = "
beware
you
are
entering
the
house
of
Cormac
the
grey
"
Get-AdvancedSetting -Entity $vc -Name "etc.issue" | Set-AdvancedSetting -Value $msg

Retrieve /etc/motd for VCSA

Get-AdvancedSetting -Entity $vc -Name "etc.motd" | Format-List

Set /etc/motd for VCSA

Get-AdvancedSetting -Entity $vc -Name "etc.motd" | Set-AdvancedSetting -Value $msg

Retrieve /etc/issues for ESXi

Get-VmHostAdvancedConfiguration -Name "Config.Etc.issue"

Set /etc/issues for ESXi

$msg = "
beware
you
are
entering
the
house
of
Cormac
the
grey
"
Set-VMHostAdvancedConfiguration -Name "Config.Etc.issue" -Value $msg

Retrieve /etc/motd for ESXi

Get-VmHostAdvancedConfiguration -Name "Config.Etc.issue"

Set /etc/motd for ESXi

Set-VMHostAdvancedConfiguration -Name "Config.Etc.motd" -Value $msg

Ultimate automation guide to deploying VCSA 6.0 Part 2: Platform Services Controller Node

02.26.2015 by William Lam // 14 Comments

In this article, I will share alternative methods of deploying the first Platform Services Controller Node (PSCs) using the VCSA 6.0 appliance. If you are interested in deploying additional PSC instances joined to an existing SSO Domain, stay tune for Part 3 where this will be covered. Take a look at the various deployment methods below and their respective instructions for more details. If you are deploying using one of the scripts below, you will need to extract the contents of the VCSA ISO. If you are deploying to Workstation/Fusion, you will need to extract the VCSA ISO and add the .ova extension to the following file VMware-VCSA-all-6.0.0-2562643->vcsa->vmware-vcsa before deploying.

Disclaimer: Though these alternative deployment options work, they are however not officially supported by VMware. Please use at your own risk.

Deploying to an existing vCenter Server using ovftool (shell script)

I have created a shell script called deploy_vcsa6_first_psc_to_vc.sh which requires using ovftool 4.1 (included in the VCSA ISO) to specify the appropriate OVF "guestinfo" properties for a PSC deployment. You will need to edit the script and modify several variables based on your environment.

Here is an example of executing the script:

Deploying to an ESXi host using ovftool (shell script)

I have created a shell script called deploy_vcsa6_first_psc_to_esxi.sh which requires using ovftool 4.0 or greater to specify the appropriate OVF "guestinfo" properties for a PSC deployment. You will need to edit the script and modify several variables based on your environment. The behavior of this script is similar to the one above, except you are deploying directly to an ESXi host.

Deploying to an existing vCenter Server using ovftool (PowerCLI)

I have created a PowerCLI script called Deployment-PSC.ps1 which uses ovftool and specifies the appropriate OVF "guestinfo" properties for a PSC deployment. You will need to edit the script and modify several variables based on your environment.

Deploying to VMware Fusion & Workstation

To properly deploy the new VCSA 6.0, the proper OVF properties MUST be set prior to the booting of the VM. Since VMware Fusion and Workstation do not support OVF properties, you will need to manually deploy the VCSA, but not power it on. Once the deployment has finished, you will need to add the following entries to the VCSA's VMX file and replace it with your environment settings. Once you have saved your changes, you can then power on the VM and the configurations will then be read into the VM for initial setup.

guestinfo.cis.deployment.node.type = "infrastructure"
guestinfo.cis.vmdir.domain-name = "vghetto.local"
guestinfo.cis.vmdir.site-name = "vghetto"
guestinfo.cis.vmdir.password = "VMware1!"
guestinfo.cis.appliance.net.addr.family = "ipv4"
guestinfo.cis.appliance.net.addr = "192.168.1.60"
guestinfo.cis.appliance.net.pnid = "192.168.1.60"
guestinfo.cis.appliance.net.prefix = "24"
guestinfo.cis.appliance.net.mode = "static"
guestinfo.cis.appliance.net.dns.servers = "192.168.1.1"
guestinfo.cis.appliance.net.gateway = "192.168.1.1"
guestinfo.cis.appliance.root.passwd = "VMware1!"
guestinfo.cis.appliance.ssh.enabled = "true"

For more information, you can take a look at this article here.

Deploying using new scripted install (bonus)

As mentioned earlier, there is also a new scripted installer included inside of the VMware-VCSA ISO under /vcsa-cli-installer which supports Windows, Mac OS X and Linux, but must be connected directly to an ESXi host. There are several templates that are also included within the /vcsa-cli-installer/templates. I thought as a bonus I would also share the template I have been using to deploy the first PSC using a static IP Address which some of you may find useful.

{
    "__comments":
    [
        "William Lam - www.virtuallyghetto.com",
        "Example VCSA 6.0 1st Platform Service Controller Node Deployment w/Static IP Address"
    ],

    "deployment":
    {
        "esx.hostname":"192.168.1.200",
        "esx.datastore":"mini-local-datastore-1",
        "esx.username":"root",
        "esx.password":"vmware123",
        "deployment.network":"VM Network",
        "deployment.option":"infrastructure",
        "appliance.name":"psc-01",
        "appliance.thin.disk.mode":true
    },

    "vcsa":
    {
        "system":
        {
            "root.password":"VMware1!",
            "ssh.enable":true,
            "ntp.servers":"0.pool.ntp.org"
        },

        "sso":
        {
            "password":"VMware1!",
            "domain-name":"vghetto.local",
            "site-name":"virtuallyGhetto",
            "first-instance":true
        },

        "networking":
        {
            "ip.family":"ipv4",
            "mode":"static",
            "ip":"192.168.1.50",
            "prefix":"24",
            "gateway":"192.168.1.1",
            "dns.servers":"192.168.1.1",
            "system.name":"192.168.1.50"
        }
    }
}

The use the scripted installer, you just need to change into the appropriate OS platform directory (win32,mac or lin64) and there should be a binary called vcsa-deploy. To use this template, you just need to save the JSON to a file and then specify that as the first argument to vcsa-deploy utility.

Here is an example of deploying a PSC using the vcsa-deploy scripted installer.

Dynamic memory resizing for vCenter Server 6.0

02.23.2015 by William Lam // 32 Comments

In previous releases of vSphere, scaling up resources such as storage or memory for vCenter Server was a huge pain-point for our customers. Before the various vCenter Server services can consume the new resources, some additional manual steps were required. Though this type of an operation is usually infrequent, there is still an operational overhead which can potentially lead to increased downtime of your vCenter Server.

For example, increasing storage capacity for the VCSA was an offline operation that required adding an additional disk and then copying the existing content to the new disk which can be quite error prone and lead to a significant amount of downtime. In vSphere 6.0, the VCSA now uses LVM which provides the ability for online storage capacity increase without any downtime to vCenter Server. Increasing memory was also challenging because you had to manually adjust several configuration files that manages the JVM heap settings for various vCenter Server services as described in this VMware KB. Having complex workflows to perform basic resource expansion can increase risk of errors, especially when the process is foreign to those performing it for the very first time.

To help solve this problem, in vSphere 6.0 vCenter Server (Windows & VCSA) now includes a built-in dynamic memory reconfiguration process that automatically runs at boot up. This process includes a dynamic algorithm that inspects the current amount of CPU, Memory and Storage that is available to determine the appropriate size to configure the vCenter Server. This means that if you no longer have to tweak individual JVM settings for the various services within vCenter Server, this will happen automatically by analyzing the resources that are available and then calculating the configuration based on the supported maximums for vCenter Server.

Note: In vSphere 6.0, there are additional services going beyond just the core vCenter Server, vSphere Web Client, vCenter SSO and Inventory Services.

The dynamic memory algorithm is configured to understand the minimal amount of resources for running a vCenter Server and is bounded between a "Tiny" configuration which is 2vCPU and 8GB memory and a "Large" configuration which is 16vCPU and 32GB memory. This is important to note because if you try to configure the vCenter Server with less memory than the minimal supported, though the algorithim will dynamically distribute the available memory to the various resources, it could lead to performance degradation as the different services may not be receiving the amount of memory they require to run. YMMV if you decide to reduce the supported amount of memory but the algorithm will distribute what's available.

The process which does all the magic is a utility called cloudvm-ram-size and there are several useful options to be aware of. To view the current memory assignment for the various vCenter Server services including the OS, you can run the following command on the VCSA as an example:

cloudvm-ram-size -l

From the screenshot above, we can see a very simple break down of the current memory assignment for a "Tiny" deployment which has 8GB of memory.

To show that the dynamic memory algorithm is in fact running when more memory is added, the example below is of a VCSA that was initially configured with 8GB of memory. I then capture the running configuration and then shut down the vCenter Server and increased its memory to 10GB. I then power on the VCSA and capture the running state and you can see differences in the screenshot below.

Another useful command to be aware is being able to see the current memory usage for all services. You can do this by running the following command:

cloudvm-ram-size -S

As you can see the dynamic memory algorithm is a very much welcome feature for vCenter Server and will greatly simplify the operational tasks when needing to scale up or down resources such as CPU and Memory. I know this is definitely one of the enhancements I have been waiting for and I am glad to see it here in the new vSphere 6.0 release! As of right now, a system reboot is required but who knows maybe in the future we can increase memory while the VCSA is still running and simply reloading the services ...