Wednesday, August 15, 2012

PowerCLI for the rest of us.....

So if you're not using it already powershell can be a very powerful and useful utility. Powershell can save you many hours of digging through lists and trying to export data out of graphical interfaces. It can also be used to make configuration changes to a large group of objects you can't normally select all together. I'm going to give a few basic examples of useful powershell commands. First we'll cover what tools you should get in order to properly use powershell and make it as easy as possible to write and run your own scripts.

The very first thing you need to do is download the latest version of VMware PowerCLI, which can be found at the VMware site in the downloads section.

PowerCLI Download

Second thing I would recommend is bookmarking the PowerCLI command reference guide

PowerCLI Command Reference guide

Third thing is optional but something that I personally do. Get a script editor that has some integration with PowerCLI powershell snapin's. The one I use is open source and called PowerGUI. This will allow you to "tab complete" some commands etc.


So lets take a look at some of the basics. The one of the better definitions I've seen out there comes from the Powershell Wiki;

Windows PowerShell is Microsoft's task automation framework, consisting of a command-line shell and associated scripting languagebuilt on top of, and integrated with the .NET Framework. PowerShell provides full access to COM and WMI, enabling administrators to perform administrative tasks on both local and remote Windows systems.
In PowerShell, administrative tasks are generally performed by cmdlets (pronounced command-lets), specialized .NET classesimplementing a particular operation. Sets of cmdlets may be combined together in scriptsexecutables (which are standalone applications), or by instantiating regular .NET classes (or WMI/COM Objects).[2][3] These work by accessing data in different data stores, like the filesystem or registry, which are made available to the PowerShell runtime via Windows PowerShell providers.

Basically you can use this object orient platform to make calls from all sorts of different things and use them to perform all kinds of different tasks. As far as vSphere is concerned this can be very useful for SRM command integration or simple tasks such as figuring out what VM's have a snapshot and how old is it. For purposes of this post we're going to look at some basic commands and cmdlets. I'll also give a few simple examples.

Before we can do anything we'll need to open a powershell window which can be done by going to start menu > all programs > vmware > vmware vsphere powercli > vmware vsphere powercli. This brings up what looks like a normal command window. It has the ability to do powershell windows commands right now but you will also see a message at the top of the screen as depicted below

This is normal it's just programmed to add the VMware powershell snapin every time, in case it's not loaded. There are a few commands that we should set to make sure we get good operation for the tasks that we perform;

Set-ExecutionPolicy unrestricted -Confirm:$false

The set-execution policy command will allow us to run scripts that aren't "trusted" if we create them on our own. See Microsoft for more detail.

Set-PowerCLIConfiguration -DefaultVIServerMode Multiple -Confirm:$false

The Set command above will allow us to connect to multiple vcenters or esxi hosts

We can also use these same commands in our powergui as well. If we open powergui you'll see three panes one for the script you are constructing, one for the commands that are run and to run/test commands in, and the other has some syntax info in it.

Next we need to connect to something to run commands against. You can connect to either a vCenter or an ESX(i) host directly by using the following command

connect-viserver <ip of host> -User <username> -Password <password>

Now that we are connected the first basic task that we need to perform is collecting some objects to do something with. This type of cmdlet usually starts with a "get-". There are a variety of these, see the powercli cmdlet reference for the full list, but lets do something simple like "get-vm". This will return a list of vm's

You can see a full list of VM's and this is what's refered to as the default view, meaning these are the default things that are displayed to you. Name, Powerstate,NumCPU, and Memory. Let's say we wanted to see something different about the VM's. You can use the command "get-vm | get-member" the "get-vm" part gives the list of the VM's and the "|" passes that list to the "get-member" command. This will prompt powershell to give you a list of all the valid Methods and Properties on the "get-vm" objects.

Now we can change the command to make our own custom list. Let's say we want the names of the VM's and the esxi host they reside on;

get-vm | select-object Name,VMHost

This gives you a different view of the same list as before, notice the columns are different and all the values displayed back to me are only what I selected to see with the "select-object" option

Lets say I wanted to share this list with some co-workers. Powershell offers the ability to export this output to something easy to work with such as a CSV file saving it in the reports folder on my C drive, this can be accomplished by issuing the following command.

get-vm | select-object Name,VMHost | export-csv "C:\reports\vm-host.csv"

If you look in C:\reports\vm-host.csv you'll see two columns and one will have names the other will have hosts in it.

Now lets take a look at our list of VM's and figure out how much memory is allocated to all of the VM's we have built. We can use a cmdlet called "measure-object" which will allow us to do all sorts of statistical calculations on the numbers that are returned. We can "-count" the number of objects, "-sum" the objects, "-average" the objects, or find the "-min"/"-max" values.

get-vm | measure-object MemoryMB -sum

this default view shows how many objects there were and what the sum was.

There are many great ways to use this data, and many more advanced functions you can perform. Apply any scripting knowledge you have to this and it can help to accelerate the tasks you would normally have to perform by hand. Below are a few other single line useful commands I've found helpful;

Gets a list of VM's that have snapshots and the list of snapshots/powerstate of vm/Name of snap/Size of snap in MB;
Get-VM | Get-Snapshot | Select-Object ParentSnapshot,Powerstate,Name,SizeMB

Gets a list of VM's who's CD-ROM's are connected;
Get-VM | Where-Object {$_ | Get-CDDrive | Where-Object { $_.ConnectionState.Connected -eq "true"  } } | Select-Object Name

Set DNS servers on esxhosts
Get-VMHost | Get-VMHostNetwork | Set-VMHostNetwork -DnsAddress <DNS1>,<DNS2>

Tuesday, August 7, 2012

Teradici PCoIP Firmware 4.x Certificate issues

I came across an interesting issue with a certificate. As described in previous posts you need to upload your Root and Intermediate certificates to the PCoIP devices connecting to VIEW. If you do not you'll see an error message when connecting to your connection servers saying "the certificate is not rooted". Typically when you see this message all you have to do is locate the intermediate and rootCA that signed your broker certificate and upload it, however people are seeing issue with some intermediate/root CA's. I think that these messages in the thin client log are the link to the problem;

08/06/2012, 16:15:25> LVL:1 RC:-510 X509_UTIL :get_issuer() failed!

08/06/2012, 16:15:25> LVL:1 RC:-510 MGMT_CERT :ERROR: tera_x509_util_get_tree failed for certificate 1

08/06/2012, 16:15:25> LVL:1 RC:-510 MGMT_CERT :ERROR: certificate is not valid (tera_mgmt_cert_add_certificate_by_index)

08/06/2012, 16:15:25> LVL:1 RC:-510 MGMT_CMI :ERROR: tera_mgmt_cert_add_certificate failed!

08/06/2012, 16:15:26> LVL:2 RC: 0 GSOAP :SOAP 1.2 fault: SOAP-ENV:Sender [no subcode]

08/06/2012, 16:15:26> LVL:2 RC: 0 GSOAP :"Failed to add certificate to certificate store" Detail: [no detail]

08/06/2012, 16:15:26> LVL:0 RC: 12 MGMT_CMI :Error serving SOAP request!

It appears that the Teradici Firmware is expecting content in certain fields of the Certificate, and GoDaddy is not providing them in this case. In fact when you upload the godaddy cert to the teradici management appliance they look incomplete compared to a verisign, as you can see in the image below

After a bit of research I've found that this is a known issue with the 4.x release of the PCoIP firmware. You can find the KB article here. The issue is not limited to just Godaddy Certs, a VMware Community article found here shows others having this issue with other cert vendors. The community article also contains the fix, which is opening a ticket with Teradici Support. Apparently the only way to resolve this is using a Release Candidate of the next firmware revision.