WilliamLam.com

Quick Tip - Requirements for using Guest Operation APIs (Invoke-VMScript & Copy-VMGuestFile) in VMC

by // 1 Comment

Since this question came up again today, I figure it was worth sharing in case others also had trouble using the vSphere Guest Operations API in VMware Cloud on AWS (VMC), which includes PowerCLI's Invoke-VMScript and Copy-VMGuestFile cmdlet. There are a couple of requirements that you must satisfy both in the GuestOS as well as between your on-prem vSphere environment and VMC.

  1. VMware Tools installed and running, it may seem obvious, but I have had customers trying to use various scripts without realizing this was a requirement. You should also ensure that you are running the latest version of VMware Tools, especially as there bugfixes that may impact Guest Operations APIs.
  2. VPN or Direct Connect (DX) configured between your on-prem vSphere environment and VMC, this is required as you will need access to ESXi hosts which is only available through a VPN or DX
  3. Create a VMC firewall rule to allow access from your on-prem network to VMC's ESXi hosts on port 443 which is used for Guest Operations access including transferring files to and from the GuestOS


The VMC firewall rule is usually the thing that most folks forget about and this simply because for most on-prem environment, access to ESXi over 443 is just sort of a default.

Once you have configured the VMC firewall to allow 443 to ESXi hosts, you will be able to use the Guest Operations API including Invoke-VMScript and Copy-VMGuestFile to a VM running in VMC

Using vSphere Guest Operations API on macOS Guests? 

by // 2 Comments

I have written a number of articles exploring the usage and some of the cool tricks that the vSphere Guest Operations (GuestOps) feature provides which you can be found here, here, here and here. I have been a huge fan and supporter of GuestOps since the early days where it was formally known as the VIX API. Having used GuestOps across many different GuestOS types including Nested ESXi, I have to admit, I had never tried it against an Apple macOS guests. I recently had a customer reach out who was looking to use the GuestOps API via PowerCLI (Invoke-VMScript) to automate updates against his guestOS templates that span across Windows, Linux and macOS (from 10.7 to latest). The customer was able to get all guestOSes working except for macOS.

Since I had never tried this before, I spun up my Apple Mac Mini which happen to have a macOS 10.11 (El Capitan) guests running. I tried using the vSphere API GuestOps directly to see if this was a PowerCLI and/or API issue. I too ran into issues and after enabling VMware Tools debugging on the guests (which you can find more details below), I found that it hit the following error:

[Jun 28 06:35:42.805] [   debug] [vix] >VixToolsImpersonateUser
[Jun 28 06:35:42.925] [ warning] [vmsvc] Failed to set gid for user root

Reaching out to Engineering regarding the problem, I came to learn that this particular issue was due to a syscall change made by Apple starting with macOS 10.10.3 and newer. Although the change was a positive thing from a security standpoint, it did break the GuestOps functionality. The good news was that this was already resolved with VMware Tools 10.1 or later. When I had initially provisioned the macOS guests, the latest VMware Tools at the time was 9.10.5. After I applied the latest version which is currently 10.1.7, the issue went away and I was able to successfully use the GuestOps API on my macOS guests.

Below are examples of running the system_profiler SPSoftwareDataType command using both the Invoke-VMScript cmdlet as well as the vSphere API and PowerCLI to consume the GuestOps APIs. Both approaches delivers the exact same outcome, the one benefit of using Invoke-VMScript is that if you want to easily return output from a given command, the cmdlet already does the heavy lifting. If you notice in the native vSphere API case, you do not get output but rather just the PID ID. If you want to return the output, you need to first save it into a file and then download the file to your client system, which may not be ideal for interactive usage but it all depends on your use case.

[Read more...]

How to determine when a Virtual Machine is ready for additional operations?

by // 3 Comments

This might sound like a pretty simple and basic question, right? However, the answer will actually depend on what you are trying to do. The motivation for this blog post actually stemmed from a conversation I had with one of our Engineers who works over in our core Platform Management Infrastructure which includes VMware Tools, Guest OS Customization, Guest Operations, etc. Although I was aware of some of these methods in determining when a VM was ready, I came to learn about a few new other methods that I was not aware of before. This is really one of the things I love about my job, constantly learning new things and diving deeper into our technologies and sharing that back with our customers to help enable them and their business.

So, what does it even mean for a Virtual Machine to be "ready"? Is it when the VM is powered on? Is it when the VM obtains an IP Address? Is it when the GuestOS is fully customized or is it when I can SSH or RDP to the system? Depending on what you are trying to accomplish, the answer will vary. In addition to that, there are two distinct VM states to consider. The first being the actual Virtual Machine state and the second being the GuestOS state.

Virtual Machine State

The VM state is pretty straight forward, it describes the "Hard" power state of the VM which can either be powered on, powered off or suspended. As you can probably guess, you will need to make sure the VM is powered on before you attempt to check whether the GuestOS is ready 🙂

Using the vSphere API, you can find the VM powerState under:

VirtualMachine->Runtime->powerState

Here is a PowerCLI snippet using the out of box cmdlet to get the power state for a VM named "air":

Get-VM -Name air | Select PowerState

Here is a PowerCLI snippet that uses the vSphere API via Get-View to retrieve the exact same information:

$vm = Get-View -ViewType Virtualmachine -Property Name,Runtime -Filter @{"name"="air"}
$vm.Runtime.PowerState

[Read more...]