Tag Archive for vSphere

Quick Tip: Install a VIB into an Existing vSphere 5.5 ESXi Host

The following will likely work in other versions of vSphere, but I used it in vSphere 5.5 a while ago, then forgot to hit publish on this post!

In that case I had installed a new ESXi host and not included the custom VIB with the drivers for the SATA card. I did this deliberately as I thought I would have no need at this time to use the local HBA. The thing I forgot is that the host profiles I had created from other hosts included a local HBA, therefore the host profiles would not remediate without one. Annoying! So I used the following steps to manually add the specific VIB I needed (in this case sata-xahci-1.10-1.x86_64.vib).

SSH to your ESXi host (having enabled the SSH server from the vSphere Client):

# ssh [email protected]<hostip>
# cd /tmp

 

Copy the vib file into the host image (in my case I had it stored on my web server, but you could equally use any other standard method to get the file onto the host):

# wget http://www.tekhead.org/wp-uploads/www.tekhead.org/sata-xahci-1.10-1.x86_64.zip

 

Unzip the vib file:

# unzip sata-xahci-1.10-1.x86_64.zip

 

Install the vib:

# esxcli software vib install -v file:/tmp/sata-xahci-1.10-1.x86_64.vib
 
Installation Result
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
Reboot Required: true
VIBs Installed: VFrontDe_bootbank_sata-xahci_1.10-1
VIBs Removed:
VIBs Skipped:

 

Check that the vib is installed:

# esxcli software vib list | grep -i <vib name in my case ahci>
sata-xahci   1.10-1   VFrontDe   CommunitySupported   2014-10-31

 

Remove the old files (no longer needed):

# rm sata-xahci-1.10-1.x86_64.*

 

Finally, reboot your ESXi host, job done!

 

Assigning vCenter Permissions and Roles for DRS Affinity Rules

Today I was looking at a permissions element for a solution. The requirement was to provide a customer with sufficient permissions to be able to configure host and virtual machine affinity / anti-affinity groups in the vCentre console themselves, without providing any more permissions than absolutely necessary.

After spending some time trawling through vCentre roles and permissions, I couldn’t immediately find the appropriate setting; certainly nothing specifically relating to DRS permissions. A bit of Googling and Twittering also yielded nothing concrete. I finally found that the key permission required to be able to allow users to create and modify affinity groups is the “Host \ Inventory \ Modify Cluster” privilege. Unfortunately the use of this permission is a bit like using a sledgehammer to crack a nut!

roles

By providing the Modify Cluster permission, this will also provide sufficient permissions to be able to enable, Configure and disable HA, modify EVC settings, and change pretty much anything you like within DRS. all of these settings are relatively safe to modify without risking uptime (though they do present some risk in the event of unexpected downtime); what is a far more concerning is that these permissions and allow you to enable, configure and disable DPM! It doesn’t take a great deal of imagination to come up with scenario where for example a junior administrator accidentally enables DPM on your cluster, a large percentage of your estate unexpectedly shuts down overnight without the appropriate config to boot back up, and all hell breaks loose at 9am!

The next question then becomes, how do you ensure that this scenario is at least partly mitigated? Well it turns out that DPM can be controlled via vCenter Scheduled Tasks. Based on that, the potential workaround for this solution is to enable the Modify Cluster privilege for your users in question, then set a scheduled task to auto-disable DPM on a regular basis (such as hourly). This should at least minimise any risk, without necessarily eradicating it. Not ideal, but it would work. I’m not convinced as to whether this would be such a great idea for use on a critical production system. Certainly a bit of key training before letting anyone loose in vCenter, even with “limited” permissions, is always a good idea!

I have tested this in my homelab on vSphere 5.5 and it seems to work pretty well. I don’t have vSphere 6 set up in my homelab at the moment, so can’t confirm if the same configuration options are available, however it seems likely. I’ll test this again once I have upgraded my lab.

It would be great to see VMware provide more granular permissions in this area, as even basic affinity rules such as VM-VM anti-affinity are absolutely critical in many application solutions to ensure resilience and availability of services such as Active Directory, Exchange, web services, etc. To allow VM administrators achieve this, it should not be necessary to start handing out sledgehammers to all and sundry! 🙂

If anyone has any other suggested solutions or workarounds to this, I would be very interested to hear them? Fire me a message via Twitter, and I will happily update this post with any other suggested alternatives. Unfortunately due to inundation with spam, I removed the ability to post comments from my site back in 2014. sigh

 

NanoLab – Part 8 – Quick Tip for Blank Screen on vPro Intel NUC

Just a very quick tip for an annoying issue I have experienced with my Intel NUC DC53427HYE and never quite found the time to look into it and find a proper fix, that is until a recent twitter conversation! Kudos and many thanks to Frank Brix Pedersen and Mads Fog Albrechtslund for finding the solution and an EU reseller, and Frank for testing and posting it on his blog site.

If you have a vPro NUC and dont connect it permanently to a screen, then when you next connect to it via the vPro remote KVM interface, you get nothing but a blank black screen.

Link to Franks post is here which explains the symptoms and fix in detail:
http://www.vfrank.org/2015/04/28/running-the-intel-nuc-headless-with-vmware-esxi/

Frank has the NUC5i5MYHE model, but the fault looks identical to the issue I have been seeing so I will be following his post and purchasing a Fit Headless dongle from Tiny Green PC for £12 (and a rather ripoff £12 postage cost unfortunately, but there don’t seem to be any other UK suppliers). It is also available from opencompany.dk for others in the EU.

I will update this post once I have tested it on the DC53427HYE!

 

Free vSphere 6 Training! (Yes this title is blatant click bait!)

Yes I fully admit that this article is click bait, but i can promise you that attending the event below will help you learn all about VMware’s latest and greatest release (and a few other things besides), as well as having the opportunity to network with some awesome like-minded individuals!

The event agenda is below and follows the usual mix of vendor sponsors and top notch community sessions, followed by a couple of cheeky lemonades at the vBeers event at the Pavilion End at the end of the day.

As an added bonus it seems that the night before the meeting, the crew from TECHUnplugged will be in town and everyone is invited to a vWhatever session (vBeers, vWine, vCurry, vWhatever!), location TBC. Keep an eye on Jane Rimmer’s blog for more info!

London VMUG 23rd April 2015 Agenda

I am hoping to be at the event, having only missed one in about the last 3 years, so if you do spot me there (I’m the 6’7” Scottish bloke”)!

%d bloggers like this: