virtual grind thoughts from the virtual world

8Oct/110

Using vim-cmd to Power On and Power Off Virtual Machines

To get a list of all virtual machines on a host:

vim-cmd vmsvc/getallvms

To power on a specific virtual machine (from above):

vim-cmd vmsvc/power.on vmnumber

To power off a specific virtual machine (from above):

vim-cmd vmsvc/power.off vmnumber

3Oct/110

Unable to Create or Restart Networks After vCloud Director Upgrade to 1.5

I recently ran in to an issue with a vCloud Director upgrade. After the vCD cells and database were upgraded, I had to upgrade the existing vShield Manager to version 5. The update is simple, you basically provide an upgrade package (in .tgz format) via the VShield Manager UI. From here, the software uploads, installs, reboots, etc. Please note that this process takes a few minutes, the UI is not the best at letting you know exactly what is going on. I simply opened the console to the vShield Manager to watch the progress.

After rebooting, everything seemed okay, but I noticed that when I tried to create new networks or reset existing networks, the process failed. I kept getting the following message in vCD:

Cannot create vShield Edge Device for network: [Unique ID Number].
- edge error: Creating/configuring the VR failed: vShield Edge Device on network: [Unique ID Number] is not ready for initialization after 180 seconds.

After digging around a bit, it seems that even though the vSM upgrade went well, the version change was not recorded in the vCD database. This was confirmed as a bug with VMware Engineering and the workaround is very simple. Simply log in to vCD as an administrator, go to the Manage & Monitor tab, highlight the vCenter server in question, right click, and choose Properties. From there, choose the vShield Manager tab and re-enter only the username that is specified. Once you clear out and re-enter only the username, click OK.

You can see my response on this issue here:

Unable to create or reset networks in vCD 1.5 after upgrade from 1.0

8Sep/110

Restarting vShield Manager Web Interface

Sometimes vCD cells lose connectivity to vShield Manager. Instead of rebooting the vShield Manager virtual machine, the web service of vShield Manager can simply be restarted.

To accomplish this, you can open the console of your vShield Manager virtual machine, log in, and enter enable mode. From there, enter configure mode and issue the command "no web-manager" and then "web-manager".

manager# configure terminal
manager(config)# no web-manager
manager(config)# web-manager

This will restart the web and hopefully clear any web service connectivity issues.

8Jul/111

Enabling VAAI Block Zeroing For Compellent Arrays

Recently, Compellent released VAAI (Block Zeroing) support for their arrays. Although we are still waiting on full VAAI support, block zeroing support is a great addition.

To enable this feature, you must install the .vib file from Compellent and the following changes need to be made on your hosts:

esxcli corestorage claimrule add --claimrule-class=Filter --plugin=VAAI_FILTER --type=vendor --vendor=COMPELNT --autoassign

esxcli corestorage claimrule add --claimrule-class=VAAI --plugin=VMW_VAAIP_T10 --type=vendor --vendor=COMPELNT --autoassign

esxcli corestorage claimrule load --claimrule-class=Filter

esxcli corestorage claimrule load --claimrule-class=VAAI

esxcli corestorage claimrule run --claimrule-class=Filter

22Jun/112

vCloud Director Cell Firewall Settings – Cisco ASA

In a vCloud Director environment, vCD cells are usually placed in a DMZ network. Based on best practices, a load balancer is also used in multi-cell environments, which is placed in front of the vCD cells.

Access to/from the vCD cells should be restricted not only from the public side, but also internally. For instance, vCD cells do need to communicate with a database vlan where a database server lies and a management vlan where services such as vCenter live.

When configuring multiple vlans, certain access lists are placed between the vlans for communication. An example of this would be an access list that allows your vCD cells to communicate with the database vlan. For example, you may have an access list that allows tcp port 1521 (Oracle) from your vCD cells to your database server.

Another issue that may come up are keepalives for tcp streams between your vCD cells on one vlan and your esxi hosts on another vlan. vCloud Director will also email messages such as:

"The Cloud Director Server cannot communicate with the Cloud Director agent on host "hostname". When the agent starts responding to the Cloud Director Server, Cloud Director Server will send an email alert.

If you are using a Cisco ASA environment, this issue can be fixed easily with a feature called Dead Connection Detection.

The following config will allow you to do this:

1. Create an access-list that allows the ip addresses or subnet of your vCD cells:

access-list vcd_dcd extended permit ip host 10.10.10.10 any
access-list vcd_dcd extended permit ip host 10.10.10.11 any

or

access-list vcd_dcd extended permit ip 10.10.10.0 255.255.255.0 any

These access lists would allow your vCD cells on 10.10.10.10 and .11 or 10.10.10.0/24. Note that you can also make this access-list more specific by defining the destination, which would be your esxi hosts or subnet. An example of this would be:

access-list vcd_dcd extended permit ip host 10.10.10.10 host 10.11.11.10
access-list vcd_dcd extended permit ip host 10.10.10.10 host 10.11.11.11

or

access-list vcd_dcd extended permit ip 10.10.10.0 255.255.255.0 10.11.11.0 255.255.255.0

2. Next, you need to make a class-map:

class-map vcd_keepalive_class
match access-list vcd_dcd

3. Create a policy-map that defines your timeout and dcd settings:

policy-map vcd_keepalive_policy
class vcd_keepalive_class
set connection timeout idle 2:00:00 dcd 0:10:00 3

4. Finally, create a service policy for the interface where your vCD cells reside:

service-policy vcd_keepalive_policy interface INTNAME

* Note that you will change "INTNAME" with the ASA interface (nameif) name.

For reference, this Cisco article covers DCD in detail:

Configuring Connection Limits and Timeouts

12Jun/110

Setting Default Path Selection Policy (PSP) – Round Robin

When using a storage technology such as Compellent, the ability to take advantage of multipathing is highly desirable. To utilize multipathing you must select the correct Path Selection Policy (PSP) on each ESX/ESXi host.

By default, the "Fixed (VMware)" path selection policy is selected on a new ESX/ESXi install. As you add volumes across multiple hosts in a cluster, this become a pain to change the path selection to "Round Robin (VMware)" on each volume on each host.

Fortunately, changing the default PSP is very easy with the following esxcli command:

esxcli nmp satp setdefaultpsp --satp="VMW_SATP_DEFAULT_AA" --psp="VMW_PSP_RR"

Please note that you want to first verify your "Storage Array Type" before setting the above policy. For Compellent, as of this post, the storage array type is "VMW_SATP_DEFAULT_AA". Other vendors may require a different type, such as "VMW_SATP_EVA" or "VMW_SATP_EQL".

18May/110

Veeam Community Podcast – Episode 19

I recently chatted with Rick Vanover regarding some unique cloud designs. We also discussed some topics around the current status of cloud based deployments, as we see as a cloud computing service provider.

Link:
Episode 19 – Cloud computing with iland

14May/110

Packet Pushers Podcast

Just thought I would take a second to share a great podcast I listen to on a regular basis. This usually happens when I am on my treadmill, I need something to my focus on that dreadful task.

Packet Pushers is run by a few Cisco engineers that have a lot of real world experience. Over the years, they have touched on numerous topics including IPv6, BGP, virtualization, and many more. Personally, I like the tone of the podcast since they bring in experts in different technologies and have a fun time discussing the details of the show at hand.

I suggest anyone interested in networking in general check them out.

Link:
Packet Pushers
Packet Pushers iTunes Feed

14May/110

Video – Using VMware vCloud Connector

A coworker, Jack Bailey, recently made a great video demonstrating VMware's vCloud Connector with iland vCloud Services. The video covers connecting to a vCloud Service Provider from a local (private) vSphere environment and shows the functionality of the product.

Link:
vCloud Connector Video

31Mar/110

VMware vCloud Partners

VMware has recently posted a new site for vCloud Partners. This site contains a lot of information on vCloud Certified partners that provide services around vCD, as well as other features.

Check it out here.

Tagged as: , , No Comments