Getting started with vCheck

If you use vSphere and particularly vCenter, you’re probably at least familiar in passing with PowerCLI, a package of snap-ins and modules for PowerShell. This is my preferred language for interacting with the vSphere/vCenter APIs, since it has (IMO) the best documentation of the available languages and API SDKs. If not, I recommend downloading it and playing with it, it can really help you automate many of your repetitive tasks with less Flash and less right clicking.

One of the most popular tools built with PowerCLI is vCheck. It’s a framework for running a number of checks against your vSphere infrastructure and determining what operational issues are present – something every Ops team needs. It won’t replace a monitoring system such as vROps or even Nagios, but it augments such systems very well. For example, it can report on VMs that have ISOs attached, or where snapshots have been present for more than 7 days – issues that probably aren’t worth paging anyone out for, but need to be dealt with eventually. Many of us have built some homegrown solutions for this, maybe even with PowerCLI, but it is difficult to beat a tool designed to meet the needs of a large percentage of vSphere users, is actively developed by VMware employees, and is a framework that you can extend with instance-specific needs. You can always run your tools and vCheck together, too.

Let’s take a look at vCheck and how to get started with it today. We’ll download it, configure it, schedule it as a daily task, review how to enable and disable checks, and store your configuration in version control. This provides a solid base that you can tweak until it fits your specific needs just right.

Continue reading

Tag-based Veeam Backups

As I teased in Using vCenter tags with PowerCLI, I want to explore how to use tags  in a practical application. To refresh our memory, we looked at creating an Ownership category with individual tags in it, and limited VMs to having just one of the tags. We created a little script that defines our schema, in case we need to re-create it. We are going to work on a new category today for our backups. Specifically, Veeam backups, based on SDDC6282-SPO, Using vSphere tags for advanced policy-driven data protection as presented at VMworld 2015.

Defining Policy and Tags

To create our backup jobs, we need to know a few things that will translate into our tag schema. Our backup policies are defined by a combination of ownership, recovery point objective (RPO), and the retention period. For example, our Development group is okay with a 24 hour RPO and backups that are retained for a week. Operations may require a 4 or 8 hour RPO and require 30 days of backups. Each of those combinations will require a separate backup job. We can combine these tuples of information into individual tags so that Veeam can make use of them. We also need one more tag for VMs that do not need any backup at all. We can put all of this in a tag category called VeeamPolicy. Here’s what that might look like, again in PowerShell:

New-TagCategory -Name VeeamPolicy -Description "Veeam Backup Policy" -Cardinality Single -EntityType VirtualMachine
New-Tag -Name "NoRPO" -Category VeeamPolicy -Description "This VM has no backups"
New-Tag -Name "Development24h7d" -Category VeeamPolicy -Description "Development VMs with 24 hour RPO, 7 days retention"
New-Tag -Name "Operations8h30d" -Category VeeamPolicy -Description "Operations VM with 8 hour RPO, 30 day retention"
New-Tag -Name "Sales48h30d" -Category VeeamPolicy -Description "Sales VM with 48 hour RPO, 30 day retention"

Continue reading

Using vCenter tags with PowerCLI

I was recently introduced to some practical usage of vCenter tags. I used tags to build a fairly easy and dynamic set of sources for Veeam backup jobs, but before I get into that, I want to explain tags a little bit for those who are not familiar with them.

Tags are something that are pretty easy to understand conceptually. You create a category which contains a few tags. An object can receive one or multiple tags from a given category. Tags are managed by vCenter, not by vSphere, so require a license that provides vCenter for management. That’s a pretty simple explanation and list of requirements.

A Tag Category has a collection of Tags available within it. If the Category is “single cardinality”, it means that an object can only be assigned one tag in the category. This might be good for a category associated with ownership or recovery point objective (RPO). A Category can also be “multiple cardinality”, where a single object can be assigned multiple tags in a category. This would be helpful to associate applications with a VM, or a list of support teams that need notified if there is a planned impact or outage.

I’m going to show you how to manage Tags and Tag Categories with PowerCLI (Specifically with the PowerShell ISE and a profile to load PowerCLI), but you can manually create and manage them through the vSphere Web Client, under the Tags item on the left hand menu. You can create and delete and rename tags and categories there all day long, and you can right click on an object almost anywhere else and select Edit Tags to edit the assigned tags on it. When you view most objects, you’ll see an area in the Summary tab labeled Tags that will display and let you manage assignments.

Continue reading

PowerShell Command Add-On

Many of us use PowerCLI, which relies on PowerShell. The default PowerCLI environment is pretty plain, but you can also use the PowerShell ISE  and load the PowerCLI snap-ins in your profile. The ISE, or Integrated Scripting Environment, offers a lot of advantages to the regular PowerCLI or PowerShell interfaces: Intellitype, lots of keyboard shorts, and something called the Command Add-On.

First, let’s look at how to turn it on. Fire up the ISE. If you have Powershell pinned on your taskbar, you can right click and choose the ISE, or just hit the windows key and type ‘ISE’. You want the regular version of PowerShell ISE, not the “(x86)” version. Now that it’s open, go to View -> Show Command Add-On and select it:

fig 1

Continue reading

Use existing definitions as a baseline

Sometimes we spend way too long trying to define things in our head when we can get existing configurations from the system. It’s vital to have a full service definition or any promotion of the service through environments will turn up missing components and make your life hell. If you’re building a new service that looks similar to an old one, or evolves the old service, steal the old service’s definition and then modify it.

vSphere

There are a number of ways to gather existing service definitions. If you’re building a new host and you have Enterprise Plus licenses, use Host Profiles. Export an existing host’s config to a host profile, uncheck the irrelevant portions, change what’s relevant but different, and apply to the new host. It might take a few tweaks, but you’ll get it right soon. Then export the new host’s config to a host profile and you’re good to go.

If you don’t have Enterprise Plus, take a look at PowerCLI. It will take more legwork, but there are a ton of cmdlets available to capture networking, storage, and other service definitions from existing hosts which you can then apply elsewhere.

Continue reading

Snapshots and Automated Emails

A common problem in virtualization is snapshots. The name “snapshot” makes us (novice or otherwise!) think of a picture in time, which sometimes leads to the belief that the snapshot is “taken” and then stored somewhere, though that’s not how snapshots really work.

In reality, snapshots create a psuedo-consistent state of the virtual disk at that point in time. Subsequent writes in a snapshotted state are redirected to delta files. If you are performing an upgrade, a snapshot is helpful, allowing you to restore the prior system state if there are problems. After a few days, the snapshot loses its value as a restore becomes increasingly unlikely because you would lose the application changes as well. Snapshots also play a role in backups, where they are used temporarily to provide the psuedo-consistent state for the backup utility before the snapshot is deleted.

When a snapshot is deleted, that delta is applied to the base virtual disk(s), playing back through the transactions. Large snapshots take a long time to delete and affect system performance until the consolidation is complete. They can also affect the VM during normal operation as the delta file size increases.
Continue reading

PowerShell Profile

In an earlier article, I described how to create a PowerShell Profile, specifically so that you could access PowerCLI snapins in the regular PowerShell or PowerShell ISE programs where you get tab completion and intellitype. However, it was buried in the midst of another article where it was hard to find.

The below PoSH will create a new profile if it doesn’t exist and add the VMware snapins, then it will open the profile file for editing. PowerShell and PowerShell ISE each have their own profile file, so run it in both if you need to.

Run the suggested commands below for the correct version of PowerCLI. If you have statements in your profile from a previous version of PowerCLI, clean them up by hand, or delete your profile and re-run the script to start with a blank profile. Note: This would wipe out any non-PowerCLI commands in your profile as well, such as those added by Chocolatey.

PowerCLI 6.5

Download. If you encounter errors after upgrading from a previous version, check the value of $env:PSModulePath. It should contain the path C:\Program Files (x86)\VMware\Infrastructure\PowerCLI\Modules rather than the older C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI\Modules. If it is incorrect, try a reboot, though the installer does not suggest one is required; that fixed the problem for me.

if (! (Test-Path $profile)) {
  New-Item -Path $profile -Type file -Force
}
''                                                        | Out-File -FilePath $profile -Append
'# Import PowerCLI modules'                               | Out-File -FilePath $profile -Append
'Get-Module -Name VMware* -ListAvailable | Import-Module' | Out-File -FilePath $profile -Append
notepad $profile

PowerCLI 6.0-6.3

if (! (Test-Path $profile)) {
    New-Item -Path $profile -Type file -Force
    'Add-PSSnapin VMware.VimAutomation.Core -ea "SilentlyContinue"' | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.DeployAutomation -ea "SilentlyContinue"'   | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.ImageBuilder -ea "SilentlyContinue"'       | Out-File -FilePath $profile -Append
    'Import-Module VMware.VimAutomation.Core'                       | Out-File -FilePath $profile -Append
    'Import-Module VMware.VimAutomation.Vds'                        | Out-File -FilePath $profile -Append
    'Import-Module VMware.VimAutomation.License'                    | Out-File -FilePath $profile -Append
}
notepad $profile

PowerCLI 5.5 and Below

if (! (Test-Path $profile)) {
    New-Item -Path $profile -Type file -Force
    'Add-PSSnapin VMware.VimAutomation.Core -ea "SilentlyContinue"'    | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.VimAutomation.Vds -ea "SilentlyContinue"'     | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.VimAutomation.License -ea "SilentlyContinue"' | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.VimAutomation.Cloud -ea "SilentlyContinue"'   | Out-File -FilePath $profile -Append
    'Add-PSSnapin VMware.DeployAutomation -ea "SilentlyContinue"'      | Out-File -FilePath $profile -Append 
    'Add-PSSnapin VMware.ImageBuilder -ea "SilentlyContinue"'          | Out-File -FilePath $profile -Append
}
notepad $profile

Verify the profile contents are correct (this should preserve existing profiles, but check that new content didn’t merge at the end of the previous content). You can add any additional PoSH commands, such as aliases, to your profile, then save the file. Restart Powershell (ISE). Your startup will take a little longer now, but you end up with tab completion, intellitype AND PowerCLI. If you messed anything up, you should still have notepad open, just edit what’s needed and restart the PoSH shell till you get it right.