Detach old ESXi installation devices

When clearing up host storage, you might sometimes encounter an error when you come to detach a device. The cause of this can be an old ESXi installation and you’ll need to erase the ESXi partitions in order to detach old ESXi installation devices.

The typical use case for this is reclaiming SAN boot LUNs that are no longer required since we’ve moved to SD card / Local disk / AutoDeploy. Reclaiming unused storage is always a good idea 😉

The first step in the process is unmounting any datastores that exist on the device:

When Unmount is selected, we’ll need to confirm the hosts to unmount from:

vRealize Orchestrator: Finding a REST Host from a vCenter SDK connection

vRealize Orchestrator can communicate directly with the vCenter Server(s) that it is connected to, but uses the old SOAP API. However, with the advent of the REST API for vSphere, some things are easier (for example, tagging) and only possible to handle outside of the builtin abilities. In this post I will look at how to find a REST Host from a vCenter SDK connection in vRealize Orchestrator – this can be used to reduce the number of inputs on a workflow or make it easier to create multiple-vCenter workflows.

Each vSphere object has an “sdkConnection” property that refers to the vCenter Server. This is useful, but if you wish to use the REST API, we’ll need to provide a RestHost object type. We could provide that as an input to the workflow, but this is not dynamic and we shouldn’t force unnecessary parameters on users.

There must be an easier way, right ?

Multiple service vROPs dashboard

aving worked with vRealize Operations Manager (vROPS) for a little while now, one of my aims was to enable end-users, i.e. application support teams and VM owners, the ability to log in and see a dashboard of all the VMs that are related to their service. Setting up a dashboard for each service seemed relatively straight forward but I didn’t want to manage any more dashboards than necessary – if a change needed to be made then I only wanted to do it once. So, my quest became on how to get a multiple service vROPs dashboard, so that end-users would only be able to see the services that were appropriate to them.

As there is an article (and you’re reading it !) it is possible to do and combines permissions with a custom group type to deliver. When it is done, we’ll have a dashboard that will let us view the list of VMs in a service, and the infrastructure utilisation statistics for it.

vRealise Log Insight and Orchestrator

I’m a big fan of the vRealize suite as it really adds value to a vSphere deployment. In relation to this post, LogInsight is a great tool for providing log analysis and Orchestrator manages workflows to automate and orchestrate most/all of the infrastructure.

A series of posts  on vmware.com – “Self Healing Datacenter” – have examined how to connect Operations Manager to Orchestrator using a shim – the first part of the series is here. The shim is also capable of taking input from LogInsight, though this isn’t covered by the articles.

That webhooks are offered for LogInsight is great, but it is sad that there is no official tool to send events/data from one product in the vRealize suite to another. I’m interested in how and why things work (and also because it doesn’t appear to work quite right), so instead of using the shim presented in the series above I’m going to write my own in node.js so we can look at how this all works.

Detaching Devices from a Cluster

When working with block storage we occasionally need to remove a storage device from the hosts it is connected to. When using the Web Client we can detach devices on a per-host basis, but there is nothing to detach from all its attached hosts.

What we do have is a helpful KB article on how to remove/detach a datastore – https://kb.vmware.com/kb/2004605 and a PowerCLI file that contains some functions. However the functions revolve around managing actions on datastores as opposed to devices that are connected and could be used for RDMs.

Most LUNs are masked to all the hosts in a cluster so that, whether the device is an RDM or has a VMFS datastore on it, VMs can run on any host in the cluster. To deal with this use case, I use a script that will detach a device from every host in a cluster. If the device does not exist on  a host then an error is displayed and the script moves on to the next device/host.

Finding a UCS Service Profile from the MAC Address

Quick snippet on how to find the name of a service profile given the MAC address.

I found this useful as when troubleshooting ESXi locks, the MAC address of the locking host is shown and sadly not the name. Once I had the name I was able to continue debugging my problem 🙂

This will work with UCS domains not joined to Central (and having global service profiles) – change the code by removing the word “Central” from the cmdlets.

vSphere REST API and C++ (Part 2)

This is the second part in an ongoing series looking at using the vSphere REST API and C++ with the cpp rest sdk (formerly known as “Casablanca”). In the first part we authenticated against SSO and got some information from the vCenter.

In this part we are going to refine our methods so that we can reuse our code. We will introduce some structs and functions that allow us to work with results.

Using Orchestrator to automatically upgrade Tools

One of the main challenges in every (non-small) place I’ve worked is keeping VMware Tools updated, and with Change Management processes this becomes a little bit more complicated. There is a setting on each VM to upgrade Tools when the VM is booted and this is a good way to keep Tools updated on those VMs that aren’t mission critical and require manual intervention.

In this post we’ll look at creating an action and a workflow to configure this setting, and pushing it as a context setting in the Flex Web Client.

This leads to the issue of how this setting is enabled – firstly as part of the initial push (you don’t want to enable this manually for 100’s (or more) VMs) and with newly created VMs. Although this can be set on a VM template or “Gold Build” (or equivalent terminology), this can still lead to human error so we’ll also look creating a workflow to set this for a cluster and scheduling this using the Flex Web Client.

SCOM 2012 Hello World !

I’ve been investigating how to connect to SCOM 2012 through code in order to extract information, and I thought a good first task (therefore a SCOM 2012 Hello World if you will ;)) would be to retrieve the current alerts. I couldn’t find any examples on how to do this, so after some searching came up with the following.

I have used some sample code from Stackoverflow to read in the password for the user and have attributed the code with the source URL below.

The monitor_control.restrict_backdoor setting

The monitor_control.restrict_backdoor advanced setting is a strange one that I’ve encountered recently. It was set on a VM that had been (allegedly) security hardened, and researching this setting in a search engine indicated that this was to prevent the backdoor port from being accessed from anything other than ring 0 (source: https://communities.vmware.com/thread/464535). Most of the search results utilise this to hide a guest OS from knowing it is a VM – thus allowing a nested ESXi configuration.

According to the source above, VMware Tools runs on ring 3, so this has the side effect of preventing not only VMware Tools from being installed, but also from running. This is how I came to find out about this setting 😉