Tip:
Highlight text to annotate it
X
PLVMUG Meeting, 21 March 2013, Warsaw,PL
My name is Grzegorz Kulikowski
and i work as senior infrastrucutre specialist for a company in telco sector
Today's topic will be PowerCLI and it's real life usage
In order to show my examples i will need a vsphere laboratory
Right now i do not have this labolatory.
But i hope that within next 8-10 minutes i will have one.
Without this lab it will be impossible to show my examples.
I will be talking about importing and exporting roles within virtual center server
About snapshots, get-view from templates
We will be also breaking our lab once it's built
So that at the end i could show what was broken in my labolatory
PowerCLI is set of snappins that extends powershell functionality
It includes over 200 cmdlets that help manage your infrastructure.
Each new PowerCLI version introduces new cmdlets.
If today there is no cmdlet for some specific action there is a change that it will be added in next release.
In my opinion PowerCLI is irreplaceable tool vsphere automation.
The only limitation of PowerCLI i would say is our imagination.
It is up to us how we will user PowerCLI to help us with vsphere administration.
I will start now building our labolatory.
Like you can see i have only virtual center server which is empty. There are no custom attributes.
I wrote a simple application in powershell, and it will help me building my lab.
Under each button there is some part of script that will help us in building the lab.
I will now ask my script to start building laboratory and i will switch now to my presentation.
More about laboratory that is about to be built.
It will consist of virtual center server 5.0 . VC.Lab.Local It was built using AutoLab project.
At the end of the presentation i will provide links from where you can get AutoLab.
2 clusters will be built with HA/DRS. Drs rules will be implemented as well. Admission control will be turned off.
DRS will be fully automated, cluster CLPolska will have isolation response 'PowerOff', for CL_Holandia 'DoNothing'.
Each cluster consists of 2 hosts(host1/2 and host3/4). They will have access to NFS datastores NFS1/NFS2.
Their network is configured using standard vSwitches where on vSwitch0 there will be portgroups for vmks(nfs,sc,vmotion).
All virtual machines portgroups will be attached to vSwitch1.
Entire labolatory is built regarding csv files.
I am using here 4 csv files. First file describes network settings for vmhosts, second has vmhosts annotations.
Third is the configuration for vm portgroups.
Forth which is the biggest csv file describes virtual machines that will be created along with their annotations.
More about annotations in later slide.
DRS Rules that will be created during the build, are created dynamically based on virtual machine name.
Cluster CL_Polska should have rules to keep www,db server should be kept on separate hosts and test vms together.
In cluster CL_Hollandia very similar approach, db/mail server should be kept on separate hosts and test vm together.
In my opinion it is good idea to keep drs rules for your vms/cluster in file.
If you have a cluster that contains 200 vms, and let's say 100 drs rules
then how much time would it take for your
entering those rules into cluster.
And what if you make a mistake, or forget to include a rule...that would be disaster.
If you have written in script, then you would just need to change cluster name in which those rules have to applied
and job done.
Something more about virtual center roles.
Let's say you have more than one virtual center server
from which some of them are not accessible for you.
Because your branch is in other country, to which you do not have access.
But you have contact with other administrators from that branch.
You want to be sure that the role which is used for some solution is exactly the same as the one you are using.
There is no place for mistakes here.
I wrote a function to import and export those roles from virtual center server
Let me show you on an example how it works.
What are the current roles within my virtual center server?
Have in mind that this laboratory works from this one laptop so might take some take to get results.
Those are standards roles. Before i have exported some roles to files.
Now i will be importing roles to virtual center server.
Those are files with the roles.
Here i have give parameters for role name and file name from which it should be loaded.
Let's check.
We can see now imported role.
Operator role has access to interact with virtual machine.
Role gives access to power on/off VM interact with console.
If i would like to export that role to file we do it in exactly the same way using export-virole.
I am exporting existing role VIOperator that i have just imported to file 'mojanowarola.virole' Let's see what is inside.
Does anyone know what is this ?
Those are exactly the ids of privileges. That's how privileges looks like. They are now in form of text strings.
If i want to get those privileges i would need to get privilege object using those ids.
Having this object i can import it into vsphere role.
Something more about annotations.
Do you use annotation for your virtual machines/hosts ?
As you know they are very handy.
In this laboratory, host will receive annotations like , the floor on which they are located, rack, contact to person who is taking care about this unit,
when is the warranty period going to end.
Virtual machine will receive annotations : when it was created, who has created it, its deathdate.
I am sure that you had situations where someone approached you and asked for a virtual machine.
'Listen i need a vm for 2 weeks'.
'When i will not need it anymore i will let you know. For sure.'
And how many times that person came back to you and told you that you can delete it ?
Almost never ;)
And you end up with bunch of vms that uses resources, and nobody uses them.
But when it comes to turning those vms off, then nobody knows if its needed or not.
That's why it's good practice to have those annotations.
[Lady from the back]: Just turn it off , and wait for the call ;)
CRQ - you definitely have some ticketing systems.
Who has created this virtual machine, and how.
I sometimes need that kind of information. If you work within a team of engineers, then you will know who has created this vm, and why in this specific way.
In case of issue with host/vm we can quickly find person who is supporting that particular entity and must be informed about outage.
It's also good to have this CRQ number, in case of questions if vm was deployed according to the specifications.
When we will be making some specific operations on vm, it's good to ask yourself if it is wise to it now or maybe later when vm is out of business hours.
And by having function of vm within annotation we would quickly get information how important this vm is.
If you have a large number of virtual machines you don't probably know which vm does what exactly.
When the vm was created, it's needed in less expected moments ;)
Simple example : some day might find two vms with the same name
then which one is which ?
I would recognize it be the date when it was deployed.
Host annotation: warranty date. If our host looses some memory module/psu, it is better to know before the warranty ends than after.
Something more about annotations. How do i get those values.
Who has created vm/how/when/etc...
I wrote a function get-vmcreationdate.
And using set-annotation cmdlet i can use output from my function.
It's that simple. Get-vm 'somevm'|get-vmcreation date, and you receive object with information.
You will receive information about who/how/when vm was created.
This information is being gathered from vm events, there might be a situation when you will not receive answer from this function.
If the vm is very old, your retention on database will not allow to keep this information anymore.
This function can recognize if vm was created as : registered from vmx, cloned, from template or if it was created as a new vm.
If everything went fine, by this moment my laboratory should be up now.
I can guarantee you that after reading for a week some manuals about powershell / powercli , you will be able to use those cmdlets
This is really not that hard.
And with those 23 cmdlets if i have counted them well, you will be able to build this laboratory which i will show now.
Laboratory is now built.
Annotation attributes are created, for vms / host, global.
Datacenter DC_LAB was built.
Clusters CL_Holandia CL_Polska, let's see if everything is ok.
HA..DRS..AC off, isolation response, advanced parameters, drs rules.
It looks like everything is there ;)
Let's switch to vm view.
All folders were moved to proper folders, dev/ from D letter of 3rd position, Prod, Templates and test machines.
Let's see virtual machines, all annotations are filled out. Well almost all of them ;)
Let's not get into why all of the them are not filled out.
Script did annotations was doing annotations only for vms that were described in csv file.
Vms which were created in addition to csv file do not have those annotations.
Most of vms were created from csv file, so method is 'new-vm'.
There are vms there were created from template, vm names suggests that.
RegisteredFromVMX, so vm was already residing on the datastore i have just registered from existing location
All annotations match, and because of the script that was building laboratory was using my credentials, creator is lab\vi-admin.
Let me show now some examples. Since i have now my laboratory...
Let's try to make limitations on virtual machine so it can have only 1 snapshot at a time.
vSphere client will not let us to do this limitation if this vm is powered on.
If i wanted to do this limitation i would need to add a parameter to it's configuration.
But as this screen shows, i am unable to do so, as the vm is powered on.
If i will take a vm that is powered off, as you can see i can add this parameter.
But with PowerCLI i am able to do it even if VM is powered on.
I am not putting limits on snapshots.
As you can see some tasks are popping out ;)
VM reconfiguration happens now.
Now let me try to create some snapshots.
Beneath this button this is an action that snapshot should be taken twice.
first snapshot is done, and when the 2nd snapshots wants to kick in, we receive an error.
So it means, it wokred ;)
If i wanted to do that snapshot manually in case you do not believe me ;)
It will not success ;)
But now, think if you have to make this change on 100/200/1000 vms, when you would have to organize downtime for those vms...
good luck
Almost impossible to achieve this task.
But with PowerCLI you can do it within next few minutes.
Next example, something more about templates.
With templates you do not have edit settings button.
There is a button to convert it to virtual machine though.
After template is converted only then you can use edit settings.
I would like to see if my template from which everybody creates vms, if all of them will gain network adapter vmxnet3.
What if you have 50 templates in your environments? Will this mean that you need to go to each template, convert it to vm, and check if network adapter is vmxnet3?
I don't have time for this, i'm too busy at work...
I can still use powercli and get-view.
Let's take our template. Does my template have limit on cpu resource ?
No -1, means cpu is unlimited.
what kind of network cards does my template contain ?
My template has flexible network adapters.
How many hard disks my template have ?
One.
Without converting template to vm, i am able to gather that kind of information.
Those were just example of information which you can get from template.
Alright, take a look at datastores view.
I would all my local datastores to be moved into special folder. I don't want to see local datastores in my view.
2 commands.Done.
If you would have large environment, you would see large amount of local datastores, and now everything is clear. Local DS are kept within special folder
I might forget something at the end, so that's why i will present now ;)
Let's say it's a small break ;)
It demonstrates that it's only up to you how you can use PowerCLI. 'Sky is the limit'
Before i do this, i will delete some of my snapshots. I will delete some of them in a specific way. I will show later what happened after i have removed them.
Let me just break my enivironment.
[breaking stuff: bla bla bla ;) ]
I have a folder on my laptop.
[Greg is wondering if something went wrong ;) ]
Let's do the Bonus plan.
[milky milky way - czary z mleka] - really hard to translate this one ;)[watch the magic?]
Let me cover the task panel, so you can't see what's going on ;)
I do not really know if you would ever need to use this. But maybe some of you might use this ;)
I did it only just to show that it is possible. 'For the cause'
As you can see my PowerCLI script is now answering questions regarding virtual machine poweron action.
After registering virtual machine it will ask you if you have copied it or moved it.
It will not boot unless you will answer this questions.
My script detects it now , and it will answer this question. It was taught what he should answer ;)
By this time you might know what is happening. In my directory screenshots from virtual machines start to appear.
All vms that are powered on have their screenshot created and copied to my laptop.
While doing this, screenshots are created on datastore. My script is also cleaning that datastore after his action, so he deletes png screenshot files after it was copied to my laptop.
Let's see what my vms are doing now.
This one apparently has some problem with booting up.
This one as well.
Here we have some 'picasso wannabe'.
And a smiley ;) [my fav ;)]
Is it really what is on the vm screen ? Let's check.
Let's discuss some examples.
I don't know about you but, sometimes i ask myself a lot of question in regards of my vsphere infrastructure status.
And sometimes somebody else is approaching me and asks me those questions.
If it is my boss, manager, director...
I am supposed to do my work , provision new vms, create projects, organize work. And the least needed this is somebody asking me tons of questions regarding my infra at this moment.
What's the status of my clusters, datastores, snapshots, backup proxies, vm duplicate names, cpu /mem limits, name order, warranty deadlines.
There are more of those questions ;)
What if you have more than one virtual center server ?
And you need to check those things on each of them ?
If you will get a task like this in the morning, you already know it will be a long day in work.
Being administrator vsphere environment, it's not only about provisioning vms, but it's also about keeping your infra in good condtion.
If am coming to work at 8AM, then at 8:05 AM i would need to know if will going to be deploying new vms, or fixing my environment.
I do not want to know that i am supposed to fix my env from end user with a P1 ticket in my queue.
In order to make those checks you would need some time.
With PowerCLI we can create tools that will do those checks for us. And so, me at 8:02 AM i usually drink my coffee and go though my infra reports.
Report, it would be best , if it would execute itself, scheduled task, let it send itself to us. Let it look very nice. My boss is also looking at this report.
Remember, more green color, then better ;)
If you have problems with your environment, make a jpeg from report, and send the jpeg ;) and in background fix the issue ;)
It works ;)
Let's do this report.
Ideally this report should look like this.
Green right ? Nice and fluffy ;)
But in our case, we already managed to break some stuff, so it will not be that good.
It took me 3 days to write this report script (3 days , 3-4 hours each day)
On VC with 2000 vms it will take you around 2 minutes to execute this report script.
You probably can do it faster, it's just up to you how much you will optimize the script.
Let's see our report.
It's not good at all :(
I already know that i will say to everybody 'no, can't do it, no time, i don't know it, who are you ;)'
cluster state, overall status would implicate if it's ok or not not in general.
Datestores status. I can configure all boundaries. Tell me, if i have allocated too much thin provisioned disk. Tell me if i have any alarms triggered on those datastores.
Snapshot status. 4 snapshots, right ?
As you can probably know, i am getting all vms and then from them their snapshots.
Why there are only two snapshots ?
If i have 4 vms, then why i do see 2 snapshots ?
They are there ;)
It's just that you can't see them.
You can't see them, but now i can see them.
Why does it look like this ? Because i have deleted on 2 vms snapshots in a specific way, without disk consolidation.
If you have VC 5.x you can see if consolidation is needed property is triggered on.
You can see a vm here that vm does not have snapshot in snapshot manager but it's disk name patter suggest it has.
In VC 5 there is a consolidate option.
In VC is not version 5, you can create a new snapshot and then delete all snapshots.
Virtual machines with the same names.
You know that you can create virtual machines with the same name ? You can't do it only if you will try to put them in the same folder.
In my opinion having vms with the same name, might be very dangerous. Sometimes it happens ;) Nobody knows how, but we all sometimes have duplicates ;).
What if somebody asks you do delete a vm that has duplicate name, if you will delete the right one, nothing will happen, but if you delete the wrong one...
Vms with cpu/mem limits.
My reports has description in each section. Different teams might receive this e-mail, some of them might take immediate action upon receiving this e-mail.
One thing that i always miss... If i see cpu limit slider to the left, i always think that there is no limit ;) But the check box is not selected .and value is the zero '0' , 0 is not unlimited but it has a cpu limit of 0 mhz.
So i now trust my report that tells me if something has limits or not.
Are the any vms that have different folder names, vmx names than their display name ?
VM 'takizarcik', is registerd with name of 'takizarcik' but it resides in different directory name, with different vmdk names.
If you would ever wrote a script that assumes a vm name after it's vmdk file name, it might go wrong, due to those name differences.
Virtual machine that name will be duplicated will appear in directory of VM_1,VM_2 instead of VM name.
VMs that should be removed, based on their death date, i look at vms that should be removed within next 30 days from today.
When does the warranty end for my vmhosts? If it will end within next 90 days from today, it will be included in the report.
I hope you liked it. It is the end of the presentation. I would like to mention again that AutoLab project was used in order to build this laboratory.
Presentation will be available to download from: powerclipopolsku.info.
I encourage you to join IRC channel #powerCLI, #vmwarepl if you would like to talk with out engineers abour vsphere, powercli , or if you just want to talk ;)
and now let's do get-lunch