Use VMWare VMA to manager your VI

Geschrieben von Tris am in esx, vcenter, VMware

They are three different ways to manage the VI with a vma. If you want to run only a single command use: working without sessionfile If you want to run commands withing a timeperiod of 30 minutes use: working with sessionfile If you want to run commands for more than 30 minutes use: vifastpass working without sessionfile (username and password must be entered for each command) e.g. vicfg-nics -l –server server1 –username xxx –vihost xxxx resxtop –server server1  –username xxx –vihost xxx working with sessionfile (session lasts for 30 minutes) Create sessionfile per vcenter server: 1.    type cd /usr/share/doc/vmware-cli/samples/session 2.    for vcenter-p: ./ –savesessionfile /tmp/vcenter1 –server xxx –username xxx for vcenter-t: ./ –savesessionfile /tmp/vcenter2 –server xxx –username xxx 3.    run commands: e.g. vicfg-nics -l –sessionfile /tmp/vcenter1 –vihost xxx vicfg-nics -l –sessionfile /tmp/vcenter2 –vihost xxx resxtop does not work with sessionfile! working with vifastpass 1.  sudo vifp addserver vcenter1 or/and sudo vifp addserver vcenter2 2.  run vifp listservers to verify that the vcenter server(s) have been added as target. 3.  Inititalize the vcenter server you need to manage (e.g.  vifpinit vcenter1) 4.    run commands e.g. resxtop –vihost xxx (esxhost) vicfg-nics -l –xxx

How to Update Driver on ESXi via vMA or CLI

Geschrieben von Tris am in esxi

If you need to update a driver on ESXi which is not yet available with vCenter UpdateManager, you need to login to vmax or vmay to update the driver. 1. Download the driver ISO on the VMWare site: 2. Place the driver CD in the CD-ROM drive of the host where either the vSpher CLI package is installed or vMA is hosted. 3. Mount the driver CD: sudo mount /dev/cdrom /mnt 4. Navigate to /offline-bundle/ and locate the .zip file. 5. Run the vihostupdate command to install drivers using the offline bundle: vihostupdate –server XXX –install –bundle 6. Reboot the ESXi Host 7. Check if the patch has been installed: vihostupdate –server XXX –query

vSpehre ESX4 HP EVA 5000 Active/Passive solution

Geschrieben von Tris am in esx

I recently discovered a problem with a HP EVA 5000 Firmware 3028 which is only able for active/passive, but the driver loaded by esx was: VMW_SATP_DEFAULT_AA This resulted in two dead paths for each attached LUN. To fix this issue run following command: esxcli nmp satp addrule –satp=”VMW_SATP_DEFAULT_AP” –vendor=”COMPAQ” –model=”HSV110 (C)COMPAQ” –description=”active/passive Compaq EVA 5000″ esxcli nmp satp listrules -s VMW_SATP_DEFAULT_AP should now list your new rule. Reboot the host and make sure VMW_SATP_DEFAULT_AP driver is loaded.

Manually patch a ESX4 Host through cli

Geschrieben von Tris am in esx

When I install new ESX4 Hosts, most of the time I patch them manually, have the patches with me on a USB Stick. This saves me lot of time.
  1. Use following cli command on ESX4 to put the host into maintenance mode: vimsh -n -e /hostsvc/maintenance_mode_enter
  2. Put the Patch Archive e.g.  to the ESX4 Host
  3. Run following cli to manually install the Patch Bundle:  esxupdate –bundle update
  4. Reboot the Host: reboot
  5. Exit maintenance mode: vimsh -n -e /hostsvc/maintenance_mode_exit

Replace VMware VirtualCenter Certificate

Geschrieben von Tris am in vcenter

I messed around with the official Whitepaper of VMware to replace the VC Certificate with SSL, but this did not work for me. How i maked it working: 1. Download the openssl binaries on following site: 2. Extract the folder to c:openssl 3. Create a file: serial in the bin directory, open it and write 10000 into this file 4. Create a file: certindex.txt in the bin directory 5. Create a file openssl.cnf in the bin directory with following content: dir                    = . [ ca ] default_ca                = CA_default [ CA_default ] serial                    = serial database                = certindex.txt new_certs_dir                = certs certificate                = cacert.pem private_key                = cakey.pem default_days                = 3650 default_md                = md5 preserve                = no email_in_dn                = no nameopt                    = default_ca certopt                    = default_ca policy                    = policy_match [ policy_match ] countryName                = match stateOrProvinceName            = match organizationName            = match organizationalUnitName            = optional commonName                = supplied emailAddress                = optional [ req ] default_bits                = 1024            # Size of keys default_keyfile                = key.pem        # name of generated keys default_md                = md5                # message digest algorithm string_mask                = nombstr        # permitted characters distinguished_name            = req_distinguished_name req_extensions                = v3_req [ req_distinguished_name ] # Variable name                Prompt string #————————-      ———————————- 0.organizationName            = Organization Name (company) organizationalUnitName            = Organizational Unit Name (department, division) emailAddress                = Email Address emailAddress_max            = 40 localityName                = Locality Name (city, district) stateOrProvinceName            = State or Province Name (full name) countryName                = Country Name (2 letter code) countryName_min                = 2 countryName_max                = 2 commonName                = Common Name (hostname, IP, or your name) commonName_max                = 64 # Default values for the above, for consistency and less typing. # Variable name                Value #————————      —————————— 0.organizationName_default        = Example Company localityName_default            = Location stateOrProvinceName_default        = ZH countryName_default            = CH [ v3_ca ] basicConstraints            = CA:TRUE subjectKeyIdentifier            = hash authorityKeyIdentifier            = keyid:always,issuer:always [ v3_req ] basicConstraints            = CA:FALSE subjectKeyIdentifier            = hash 6. Open CMD and navigate to the openssl/bin directory 7. Use following command to create the CA Cert: openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 -config openssl.cnf 8. Import the cacert.pem to your local Trusted Root CA (use MMC) 9. Create the certificate request for VC openssl req -new -nodes -out mycsr.csr -config openssl.cnf 10. Send this Request to an official CA or use your newly created CA to sign this request: openssl ca -out rui.crt -config openssl.cnf -infiles mycsr.csr 11. Rename key.pem to rui.key 12. Create a PFX openssl pkcs12 -export -in rui.crt -inkey rui.key -passout pass:YOURPASSWORD -out rui.pfx 13. Install the PFX to your local computer account certificates (use mmc) 14. Place the following files to your VC Cert directory: C:Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterSSL - rui.crt - rui.key - rui.pfx 15. Restart VC Service and reconnect all your ESX Hosts. 16. Have Fun ;) You can also use your Windows CA to generate a VC Cert On your CA certificate request web form, choose advanced then on Advanced Certificate Request page select Webserver template and type in the name of the server (usually the DNS or FQDN) in Name text box.Certificate Add-in in MMC Select Mark keys as exportable check box and submit. You still need to install openssl to export the private key from the certificate . # Export the private key file from the pfx file openssl pkcs12 -in rui.pfx -nocerts -out key.pem # Convert .pem to .key openssl rsa -in key.pem -out rui.key