Advanced Configuration Tools
In my last section on the VMware series I am going to cover advanced configuration tools, I will be covering host profiles, vCLI, , PowerCLI. I am from a Unix background and if I can I try to script everything this eliminates the human error factor, once you know a script works then you can run hundreds of times knowing that the same outcome will occur, you can script many common tasks in VMware.
Below is a list of the current tools that are available for with VMware
| Local CLI at the ESXi host | You require root level access and a SSH connection (PuTTy), this is idea for those who like the command-line and using switches, a bit like the Unix world. |
| vSphere ESXCLI | ESXCLI has replaced VCLI it allows you to run commands from your Window/Linux server remotely without an SSH session, not all commands available at the local CLI are available in the vCLI |
| vSphere PowerCLI (toolkit for windows/Powershell toolkit) |
PowerCLI plugs directly into vCenter remotely and carries out many functions that aren't even exposed in the GUI. You should have a good knowledge of object-oriented programming (objects, properties, attributes, etc). |
| Host Profiles | are not a scripting engine or CLI tool but carry out many of the post configuration tasks of an ESXi server normally undertaken with scripting, you can achieve the same results with host profiles as with scripting, so if you don't like script this is the way to go. |
Host profiles allow you to capture the configuration of a ESXi server and apply it another ESXi server, essentially it acts like a policy object that can be applied to either an ESXi server or cluster in the vCenter inventory, thus you can cut down on the scripting element. If you want maximum control over any settings that make up your ESX server than scripted installation is the way to go, but if you are using ESXi host profiles may be a better route because they are relatively easy to use and require no scripting knowledge whatsoever.
Host profiles have five main functions
- Capture the configuration profile of an existing host
- Apply the configuration profile to a new ESXi server
- Confirm that an ESXi server is correctly configured
- Prompt the administrator for per ESXi server settings such as VMKernel network configuration
- Apply the profile as an ESXi host is added into vCenter cluster - a mere drag and drop event configures the ESXi server
You cannot install additional software into the ESXi server and there are some issues with the HA agent starting, but they are ideal for masse rollouts of ESXi servers. Host profiles are associated with the vCenter you logged in to when you create them, they are not available across multiple vCenters even in linked mode, also the vCenter must manage the ESXi server.
| create and edit a host profile | Firstly may want to prebuild a clean ESXi server and apply a modest vSwitch, NTP and firewall configuration. try to build as much as you can so that you don't have to tweak to much after applying to a new ESXi server. Host profiles have many number of settings, I am not going to show you all of them but do have a look and play around. First right-click the source ESXi server and choose host profile, then select "Create Profile from Host"
Type in a friendly name and a description
Now go to the home page and select "Host Profiles"
This is the main host profiles screen, we will discuss some of this later, you can edit the production_cluster profile we created by selecting the "edit profile" link
|
Once you have created and configured your host profile you might want to test it against some existing ESXi servers to see if they are compliant with your build, next we attach a a ESXi server to the host profile and apply it
| Attaching and applying host profiles | To attach ESXi servers to you host profile, right-click the host profile and select "Attach Host Profile", Select the cluster or the ESXi server/s you want to attach
In the "Menu -> Hosts and Clusters" tab you can now see two ESXi servers host profile, you can apply this profile to a host or check its compliance, which is what we are going to do now, select each ESXi server in turn and click the "Check Host Profile Compliance" from the Actions drop down
You can also detach or change existing host profile, even export it.
|
vCLI has now been replaced by esxcli from vSphere 7 onwards, you need to download the binary of your choice
- Windows installer
- Linux installer
Below is the Windows executable
Just install in the normal way
ESXCLI was installed in C:\Program Files (x86)\VMware\esxcli so you may need to add it to the PATH system variable
esxcli can configure common tasks such as the following, I am not going to cover every single command so I will point you to the VMware vCLI documentation
- Create vSwitches
- setup DNS
- configure NTP
- Enable the iSCSI initiator
- configure NAS
ESXCLI can be frustrating sometimes due to the authentication process (getting the certifcate working), it may take some time for the prompt to come back, all ESXCLI commands require a host (ESXi server or vCenter)
There are many commands which I will come back to this section and add
Lastly we come to PowerCLI which is now heavily used by many cloud and applications
To install VMWare power CLI you simply install the module using the below
Once connected you can then run the PowerCLI commands, first I ignore any cert errors, then connect to my ESXi server and then I get a list of the current ESXi servers and VM's
Now I am not going to explain all the commands, so again go to the VMware documentation for a complete list, there are seven categories which you can carry out tasks
- Add - adding objects such as ESXI servers, vSwitches
- Get - listing objects
- Move - moving objects such as moving a VM from one ESXi server to another
- New - create new objects such as port groups, vSwitches
- Remove - remove objects
- Set - set a VM resource allocation
- Stop/Start - stop a vm or start an ESXi server service
Below are two examples of getting information from the ESXi server
You can also feed one command into another with the use of Pipes (|), if you know the Unix world then this will be familiar, I have listed some common commands below to get you started and to see what tasks you can perform using PowerCLI.
| List all the get commands | get-command | where object { $_.name-like "get*" } |
| List ESXi servers and VM | get-vmhost get-vm |
| Disconnecting CD/Floppies | get-vm | get-floppydrive | set-floppydrive -connected:$false get-vm | get-cddrive | setcddrive -connected:$false |
| Port groups | ## List network adapters and sort them get-vm | get-networkadapter | sort-object -property "NetworkName" get-vm | get-networkadapter | sort-object -property "NetworkName" | where {'Production' -contains $_.NetworkName} ## rename a port group get-vm | get-networkadapter | sort-object -property "NetworkName" | where {'Production' -contains $_.NetworkName} | set-networkadapter -Networkname 'production' |
| Maintenace Mode | get-vmhost -name vmware1 | set-vmhost -state maintenace |
| List datastores | get-datastore |
| Create a datacenter with folders | ## Create the DataCenter first new-datacenter -location (get-folder -Name 'UK DataCenters') -name 'Milton Keynes DataCenter' ## Now create the folder inside the DataCenter new-folder -location (get-datacenter -Name 'Milton Keynes DataCenter') -name 'AMD Hosts' new-folder -location (get-datacenter -Name 'Milton Keynes DataCenter') -name 'Intel Hosts' |
| Create a cluster | new-cluster -location (get-datacenter -name 'Milton Keynes DataCenter' | get-folder -name 'AMD Hosts') -name 'AMD Cluster' -HAEnabled -HHAdmissionControlEnabled -HAFailoverLevel 2 -DRSEnabled -DRSMode PartiallyAutomated |
| Adding hosts to a datacenter or cluster | add-vmhost vmware1 -location (get-datacenter 'Milton Keynes Datacenter') -user root -password password |
| Triggering vMotion | move-vm (get-vm -name 'linux01') -destination (get-vmhost vmware1) |
Now that you have a feel for the commands, you can create scripts to run multiple commands, save the script with the extension of .ps1 then just run it, if it complains that you are not authorized then run the command "set-executionpolicy unrestricted", remember this is dangerous as you can run any command but it will at least get your going on you test setup.