Category Archives: VMware

Installing Starwind VSAN on VMware

Starwind have a vSAN product which allows you to get some of the benefits of a SAN (such as HA, DRS, etc) without the expense. There is no free lunch, it does this using sync’ed local disk, but it well worth a look. It also free for small installations (two server, up to 130GB).

To test this, I have a physical host with two networks configured, “InternalNetwork”, a VMPG with no NICs assigned, and “ExternalNetwork” which does have a NIC assigned to allow outbound communication where required. On this are nested two ESX hosts, with 32GB RAM, 2 vCPU’s, and four NICs each.

You also need to download a licence for Starwind (a licensekey.swk files) and the Starwind software. Upon registered, you will be sent an email containing the details.

You will also need a couple of ESXi hosts obviously and a vCenter and Domain Controller.

Boot from the ESXi image, VMware-VIMSetup-all-5.5.0-1750795-20140201-update01.iso and perform an install, configure a partition, select password, etc. Reboot when finished.

When the hosts come up, configure an IP address for each one. I am going to use 10.10.10.10/24 and 10.10.10.11/24.

Connect them to a Virtual Center instance (installation not covered here, but it could be a virtual appliance, or installation on a Windows physical server or VM). I use a VM on the “internalNetwork” (10.10.10/24) that the hosts are on.

Add a datacenter and create a cluster, and put the two hosts in the cluster.

Once the hosts have been added, you need to create a couple of VM’s, one on each host, and each one with a couple of NICs assigned, which will host the virtual SAN. These should be Windows Server 2012. Each VM should have a second disk configured which will be used to provide the VSAN services (which will then be re-shared to ESXi). So my first SAN VM is on VMFS-1 which has ~400GB free, so I will add a disk to the VM to use that.

Really, you might get better performance also adding this to a second virtual SCSI adapter, but we can do that later.

Then install the OS on each VM, and then Vmtools.

On each of your virtual SAN’s, by running diskmgmt.msc, you should then have an unknown disk of 400GB, which is the one we created on the VMFS volume earlier.

Bring the disk online, initialise it with a GPT table, and create a partition.

Each of your virtual SANs will then need to be configured with a computer name and IP address (.15 and .16 in my case for the first adapter in each VM, and 192.168.0.15 and 192.168.0.16) for the second, although the second could be on a completely different network depending on your topology).

This is probably a good time to join each server to your domain.

On each run the Starwind-v8.exe file to do the install accepting the default (unless you don’t want the management console for instance), until you get prompted for the key. At that point choose the key and follow the rest of the install (choosing not to configure the SMI-S agent).

When finished, launch the admin console, and choose “yes” to set the default location to your newly created empty drive (e:) in my case.

From there, you need to select “Add Device” (probably best not to use the “advanced” version at this point, and give it a size. I am going to make mine 128GB, and call it SAN1-1. If you go to E:, you will also see the disk image files that you just created.

At that point, you can then configure replication between the two. This is replicating SAN1-1 to SAN2.

Drill down to the imagefile, and choose “replication manager”. Choose synchronous replication and enter the address of the other vSAN. Note that if you made your SAN diskimages much bigger than 128GB, you migt hit a licence limit… When you get the “Network Options for Replication” option, you need to select “Change Network Settings” and choose your adapters for heatbeat and sync.

When the wizard has finished, you will get confirmation:

At that point, the initial synchronization will take place, and you can connect the newly replicated volume to your ESXi hosts.

To connect to the hosts, go back to your vSphere client, and for each host, add the software iSCSI adapter (from Configuraton>Storage Adapters).

Edit the properties of your iSCSI adapter and point it to the SAN VM on that host (as each host has vSAN VM installed locally).

We haven’t actually configured any security here, but StarWind supports CHAP, as does ESXi.

Once both hosts are seeing the vSAN with a STARWIND iSCSI Disk visible, you can go to configuration>Storage, click “add storage” and create a new volume.

You should see any local unused device (perhaps the boot device) and your new STARWIND iSCSI disk. Select that partition, format it, and give it a datastore name.

You now have a VMFS volume were you can place a VM, and take advantage of HA, DRS, etc!

Advertisements

Leave a comment

Filed under Microsoft, VMware

Creating a clone from a snapshot on Vmware vSphere

There are times when you need something from a snapshot of a VM, but might not want to rollback to the snapshot to get it. This could be because the VM is in production and you cannot interrupt it, or you are extremely risk averse, or various other reasons.

The work around, is to create a clone of the snapshot. This will allow the existing VM to run uninterrupted, while a new clone is created.

I use the following Powershell/PowerCLI code to do that, and then disable the virtual NIC. After all, you don’t want the clone VM coming up with the same name and IP as your production VM, that would defeat the purpose of doing the clone in the first place. Just note that it doesn’t really have any troubleshooting or error catching.

$vmname = "myserver"
$VMCluster = "Production Cluster"
$VMResourcePool = "Pre-Production"
$VMdatastore = "VMFS-DATA-1"
$SnapshotNum = 0

$vm = get-vm -name $vmname | get-view
$clonename = "Clone_" + $vm.name
$clonefolder = $vm.parent

$cloneSpec = new-object Vmware.Vim.VirtualMachineCloneSpec

$cloneSpec.Location = new-object Vmware.Vim.VirtualmachinerelocateSpec
$CloneSpec.Location.Pool = (get-cluster $VMCluster | get-resourcepool $VMResourcePool | get-view).MoRef
$CloneSpec.Location.Host = (get-vm -name $vmname | get-vmhost | get-view).MoRef
$CloneSpec.Location.Datastore = (get-datastore -name $VMdatastore | get-view).MoRef
$cloneSpec.Snapshot = $vm.Snapshot.RootSnapshotList[$SnapshotNum].snapshot

$cloneSpec.Location.DiskMoveType = [Vmware.Vim.VirtualMachineRelocateDiskMoveOptions]::moveAllDiskBackingsAndDisallowSharing

write-host ("Creating clone - " + $clonename)
$vm.CloneVM_Task($cloneFolder, $cloneName, $cloneSpec)
Do {
$task = (get-task | where {$_.Name -eq "CloneVM_Task" -and $_.State -eq "Running"})
If ($task -ne $null) {Write-host ("Waiting for clone to complete - " + $task.percentcomplete[0] +"%")}
Start-sleep -s 5
}
While ($task -ne $null)
$VMadapter = get-vm -name $Clonename | get-networkadapter | set-networkadapter -startconnected:$false -confirm:$false
Write-host $VMadapter + "disabled."

Most of the information for putting this together was taken from here:
http://www.vmdev.info/?p=202

Leave a comment

Filed under Microsoft, Powershell, VMware

Vmware 5.1 and SSO errors

There are a lot of problems on mentioned on the VMware groups, and on the internet about the farce that is VMware’s java based SSO.

After battling with it for hours, we could login to the Virtual Center server as domain\ssoadmin, and then start the VMware Client and if the checkbox to use “windows credentials” was checked, we could login. If the checkbox not checked, and we tried to specify the username/password. It would fail with the helpful

Cannot complete login due to an incorrect user name or password.

Even logging on with another account and specifying domain\ssoadmin was no help either, we got the same message every time.

The viclient log was full of errors like:

[viclient:SoapTran:P: 3] 2013-07-04 09:28:33.153  Invoke 4 Finish Login on SessionManager:SessionManager [server.domain.int] - Serial:0.011, Server:010.665 [ERROR]
Vmomi.Fault.InvalidLogin: Cannot complete login due to an incorrect user name or password.
at VirtualInfrastructure.ManagedObject.InvokeMethod(MethodName, Object[])
at Vmomi.SessionManager.Login(String, String, String)
at VmomiSupport.VcServiceImpl.LoginNormally(LoginSpec)
at VmomiSupport.VcServiceImpl.Login(LoginSpec)
at VirtualInfrastructure.LoginMain.Process(BackgroundWorker, DoWorkEventArgs)
at VirtualInfrastructure.LoginWorkerImpl.Worker_DoWork(Object, DoWorkEventArgs)
...
at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback(Object)
[viclient:SoapMsg :P: 3] 2013-07-04 09:28:33.162  RMI Request Vmomi.SessionManager.Login - 4

I then looked in the imstrace.log file, and found errors like this:

com.rsa.common.ConnectionException: Error connecting to the identity source
Caused by: javax.naming.NamingException: getInitialContext failed. javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldap://server.domain.INT:3268' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection GSSAPI [Root exception is javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldap://server.domain.INT:3268' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection GSSAPI]
Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create a managed connection 'ldap://server.domain.INT:3268' with 'GSSAPI' Reason: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection GSSAPI
Caused by: javax.resource.spi.ResourceAdapterInternalException: Unable to create managed connection GSSAPI
Caused by: javax.naming.AuthenticationException: GSSAPI [Root exception is javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]]
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)]
Caused by: GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)

As that domain was one that I wasn’t going to use for verification, I logged on to the VMware Web Client using the admin@System-Domain account, went to Administration>Sign-On and Discovery>Configuration, and just removed the domain. Alternatively, I could have manually corrected the connection string.

Still a lot of security errors to work though with this abortion of a product that is SSO, but at least login works better. Now to try and get SRM working again..

Leave a comment

Filed under SRM, VMware

Rescan VMware cluster HBA’s via Powershell

Ever wanted to trigger a recsan of storage for all hosts in a given cluster? There may be a reason why you would want to do this via a script rather than a gui and if so, this is it.

I have written it as a function.

The code will connect to a VC, identify the cluster (you give it the cluster name as a parameter), get a list of hosts, and then for each host, trigger a rescan.

Unfortunately, it runs serially, rather than triggering a parallel run. At this stage it doesn’t really matter to me, but at some point, I will write a version that does the rescan’s in parallel.

Function Rescan-ClusterHBA
{
param ([string]$vmClustername, $viserver)
Connect-VIServer $viserver

$vmClusterPointer = get-cluster $vmClusterName
$vmcluster = $vmClusterPointer | Get-View

$vmhosts = $vmcluster | select -Expand host


foreach ($vmhost in $vmhosts)
	{
	Get-VMHost -Id $vmhost
	Get-VMHostStorage -vmhost (Get-VMHost -Id $vmhost) -RescanAllHba
	}
}

Leave a comment

Filed under Equallogic, Powershell, VMware

Adding and removing Equallogic ACL’s

Sometimes you may want to add or remove ESX/ESXi hosts (or HyperV of anything really) where you need to add or remove entries from the Equallogic SAN ACL.

For examples, we have about 25 volumes connected to our ESX cluster and when we replace a new host, we need to add a new entry, on all 25, and remove an entry on all 25.

So I wrote a powershell script to do the hard work. THe following code can be saved as set-eqlinitiator.ps1.

To use it, you would execute it like this:

Set-eqlInitator.ps1 "iqn.1998-01.com.vmware:myserver-2cfdfaef" remove

That would remove the supplied initiator from all the the volumes that meet the criteria. What criteria? This one:
{$_.VolumeName -like "VMFS*"}

If you want to add (rather than remove) run the same command without specifying “remove”.

All of our ESX volume start with VMFS which makes it fairly easy. You may need to change the filter depending on how you name them in your environment.

So here is the code:


param ([string]$initiator,[string]$remove)

#Check if the EQL add-in's are loaded
if (-not(get-module -name "EqlPSTools"))
	{
	Write-Host "EqlPSTools not loaded, attempting to load."
	import-module -name "C:\Program Files\EqualLogic\bin\EqlPSTools.dll"
	if (-not(get-module -name "EqlPSTools"))
		{
		Write-Host "Loading of EqlPSTools failed, script ending."
		exit
		}
	}



If ($initiator -eq "")
	{
	$initiator = Read-Host "Please enter the iSCSI initiator name:"
	}

Connect-EqlGroup 	-GroupAddress 172.16.250.20 `
					-UserName grpadmin `
					-Password PASSWORD


If ($initiator -ne "")
	{
	If ($remove -ne "remove")
		{
		get-eqlvolume | `
		where {$_.VolumeName -like "VMFS*"} | `
		New-EqlVolumeACL -UseIndex -InitiatorName $initiator -AclTargetType volume_and_snapshot
		Write-Host "added initiator $initiator"
		}
	Else
		{
		get-eqlvolume | `
		where {$_.VolumeName -like "VMFS*"} | `
		Get-EqlVolumeACL | Where {$_.InitiatorName -match $initiator} | `
		Remove-EqlVolumeACL -AclIndex {$_.index}
		Write-Host "removed initiator $initiator"
		}
	}	

Or you can grab a copy from here:
http://tinyurl.com/7t5t6ca

Leave a comment

Filed under Equallogic, Microsoft, Powershell, VMware

Invalid configuration for device ‘0’ error

We are using VMware vSphere 4. Moving a VM from one location to another (putting it on portable storage, copying it up to the new datastore, and adding to inventory), and trying to edit the properties of the VM, I got the following error:

The problem is that it couldn’t find the 2nd drive. The solution was to:

1) Remove the VM inventory.

2) Manually edit the VMX file (I did it via Putty, but you could edit it on the desktop and upload a new copy) to remove the offending drive.

So where it said:

scsi0:1.present = “TRUE”
scsi0:1.fileName = “myvm.vmdk”
scsi0:1.deviceType = “scsi-hardDisk”
scsi0:1.redo = “”

It needed to be changed to:

scsi0:1.present = “FALSE”
scsi0:1.fileName = “myvm.vmdk”
scsi0:1.deviceType = “scsi-hardDisk”
scsi0:1.redo = “”

By the way, “vmware-cmd -l” will give you the correct path for each VM on that host.

3) Add to inventory again (either via the GUI or “vmware-cmd -s register \path\vmname.vmx”, and hey presto, everything works. I can then re-add the drive and select the correct location for it.

Leave a comment

Filed under VMware

Adding a new volume to an ESX host using Powershell

As I have a script already to create a new volume via Powershell, I wanted to extend it to add a new volume (datastore). The following function will do that:

Function vmAddStorage
{
    param ([string]$server, [string]$volname)
    #Example usage - vmAddStorage esxhost myNewVolume
    $myhost = get-vmhost $server
    $myhost | get-vmhoststorage -RescanAllHba
	
	$lunpath = Get-VMHost | Get-ScsiLun | Where { $_.Vendor -match "EQLOGIC"}
	new-datastore -vmfs -vmhost $myhost -path $lunpath.CanonicalName -Name $volname
	
    $myhost | get-vmhoststorage -RescanAllHba
}

This is for Equallogic storage, but you could adapt it for use with other storage vendors. to know what to use in the $lunpath line, you could run

Get-VMHost | Get-ScsiLun | format-list

Then look for the Vendor property. I ran this against ESXi 4.1 so far using version 1.0 of the pssnapin (vmware.viautomation.core).

Leave a comment

Filed under Equallogic, Powershell, VMware