Uncategorized

VMware vSphere and Enterprise Plus

So here are the new editions.

Hmm.  My current Enterprise licenses will not give me the all of the feature of the new version.  There are a lot of angry blog posts out there on this new policy.  I do not know if I would consider myself angry, but I am disappointed and more than a little confused.

I understand that as new products come out (* Manager) I will be expected to pay extra for them.  They add a lot more value than the existing stack and I expect that.  In the case of new vSphere features VMware is introducing enhancements, but that is expected for a new product.

I do not understand being expected to pay more for something that is adding incremental value on a new product.  That is what the subscription is supposed to be for.

Here is a good write up of some other ramifications of this policy. VMware Slaps Enterprise and Cisco In Face, Opens Door For Competitors

Using ScriptProperty members in PowerShell

I was looking for information on ScriptProperty members in PowerShell and was running into trouble finding anything useful. The PowerShell in Action book saved me on page 229.

Here is the object I am using in a piece of code that I am finishing for persisting server credentials to disk in a secure fashion. It shows a real world example of when a ScriptProperty is needed instead of the simpler NoteProperty.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
Function SecureCredentialStoreItem
{
    $item = New-Object PSObject
 
    # Hostname
    $item | Add-Member -MemberType NoteProperty -Name hostname -Value ""
 
    # Username portion of the credential
    $item | Add-Member -MemberType ScriptProperty -Name username -Value `
            { # Get
                $this.credential.username
            } `
            { # Set
 
                param
                (
                    [String]$username
                )
 
                # Username is read only so we create a replacement credential.
                $newCred = New-Object System.Management.Automation.PSCredential $username, $this.credential.password
                $this.credential = $newCred
            }
 
    # Password portion of the credential
    $item | Add-Member -MemberType ScriptProperty -Name password -Value `
            { # Get
                $this.credential.password
            } `
            { # Set
 
                param 
                (
                    [System.Security.SecureString]$password
                )
 
                # Password is read only so we create a replacement credential.
                $newCred = New-Object System.Management.Automation.PSCredential $this.credential.username, $password
                $this.credential = $newCred
            }
 
    # Credential
    $item | Add-Member -MemberType NoteProperty -Name credential -Value `
                       (New-Object System.Management.Automation.PSCredential "<empty>", 
                            (New-Object System.Security.SecureString))
 
    # In general I would recommend against using this, but there are times
    # when it must be done.  Done as a method so it is not run unless called
    # explicitly.  Setting should be done via the securestring password property.
    $item | Add-Member -MemberType ScriptMethod -Name passwordToPlainText -Value `
            {
                $ptr=[System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($this.credential.password)
                $str = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($ptr)
                [System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($ptr)
                $str
            }
    $item
}

Version Control for (VMware) System Administrators

It has been long held that *nix administrators should use version control, but this knowledge has not really made it over to the Windows world where a lot of VMware administrators come from.

I consider version control for scripts and configuration files to be an essential part of any well run site. It is something that can be set up in a few hours (Window or *nix) and most admins will need to learn only the basics of the tools.

The benefits of version control are many, but here are the ones that stick out for me:

  • The ability to revert to a known good file if problems are encountered during a change.
  • Much more scalable than creating file.bak, file.bak001, file.bak002, etc.
  • A known good source to determine what has been modified in a file.
  • An authoritative source for files that can be made easily accessible via http or the version control tools.
  • The ability for multiple admins to work on scripts and track when and what changes were made.

Here is an article that was written for Login magazine that gives a good overview of the process.
Using Version Control in System Administration by Luke Kanies

VMware Update Manager Profile Updates

I added these to my Powershell profile to make working with the VMware Update Manager Toolkit a little easier from my standard shell.

Add-PSSnapin VMware.VumAutomation
function Get-VumCommand {Get-Command -pssnapin VMware.VumAutomation}

Script for VM advanced settings

I created this one so I could easily apply multiple advanced settings to a list of VMs. The $advancedSettings array is easily modified to change what get configured.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# Usage: <vmobject> | .\Configure-VmAdvancedSettings.ps1
# Examples: Get-VM myTestVM | .\Configure-VmAdvancedSettings.ps1
#           Get-Cluster myCluster | Get-VM | .\Configure-VmAdvancedSettings.ps1
 
BEGIN
{
    # The settings as an array of arrays.  ("key", "value)
    $advancedSettings = @( ("isolation.tools.copy.disable", "true"),
                           ("isolation.tools.paste.disable", "true"),
                           ("isolation.tools.setGUIOptions.enable", "false"),
                           ("log.rotateSize", "100000"),
                           ("log.keepOld", "10"),
                           ("isolation.tools.connectable.disable", "true"),
                           ("isolation.device.connectable.disable", "true"),
                           ("isolation.tools.diskWiper.disable", "true"),
                           ("isolation.tools.diskShrink.disable", "true")
                         )
    $keyIndex = 0
    $valueIndex = 1
}
 
PROCESS
{                      
    $vmView = Get-View $_.Id
    $vmConfigSpec = New-Object VMware.Vim.VirtualMachineConfigSpec
 
    foreach ($setting in $advancedSettings)
    {
        $vmConfigSpec.extraconfig += New-Object VMware.Vim.optionvalue
        $vmConfigSpec.extraconfig[-1].Key = $setting[$keyIndex]
        $vmConfigSpec.extraconfig[-1].Value = $setting[$valueIndex]
    }
    $vmView.ReconfigVM($vmConfigSpec)
}

Added VMware Logforwarder to the Scripts/Programs Page

I have updated my Scripts/Programs page to include the bundle of scripts that I created when testing out forwarding options for logs that are not normally accessible via the service console syslog subsystem.

This set of scripts is functional, but ended at POC stage when I decided to go another route.  If there are any questions about them let me know, but they should not be used for production systems until more error checking added and testing is done.

Plug for SAGE and USENIX

This is for the admins out there who have not heard of sage or Usenix or those that think that this is only for *nix people (Windows and VM admins).

I think that both of these groups are great and have memberships to both.  They focus on issues that are important to IT professionals and provide a forum for a professional system administrator to learn and grow.  Some topics have a *nix bias but beneath it all most of the current OSes are  based on the same principles.

http://www.sage.org/
http://www.usenix.org/

The conference proceedings are great.

Creating content

For the past 10 years I have been doing system administration and have benefited greatly from search engines and forums, but I have not provided much content.  I am trying to correct this by creating this blog and participating in online forums.

Time will tell if I can keep it up.