Getting started with the vCSA 6.x – Part 2

30/07/2017

In the previous post we started to unravel the vCSA and discussed topics like the Appliance shell, the file system and the services. In this post we will continue with the vCSA Health.

Health

Knowing the health of your system is important. Like the Windows vCenter Server, the vCSA is also able to report its health. Most common is using the vSphere Web Client and from the main menu, choose: System Configuration and watch the “Service Health” pane. Detailed information can be found by clicking on the various Services.

Figure 1

However, from the Appliance shell, the following API command will also inform you”

Command> system.health.get

If everything is OK, it will report; Health: green

In the Bash shell, you can browse to the folder: /etc/vmware-sca/health/.
On a vCSA 6.0, you will find two files with health status information:

vmware-vpxd-health-status.xml
vmware-postgres-health-status.xml

On a vCSA 6.5, you will only find the first file.

Logging

When it comes to logging and support bundles, you will most probably use the vSphere Web Client or VMware Loginsight. In case you want to know where the log files are actually stored, VMware followed the general rule for all things Unix/Linux. Start in the well-known /var/log folder. Here you will find the common Linux log files.

The folder  /var/log/vmware, a symbolic link to /storage/log/vmware is the starting point for the vCSA specific log files. Here you will find a sub-folder for each service running on the vCSA, e.g.
/var/log/vmware/vpxd.

Database

One of the most important parts of the vCSA is the embedded vPostgres database. vPostgres is a VMware tweaked version of the well know PostgreSQL database. If you’re looking for more information about the nuts and bolts of PostgreSQL, the official documentation is a good starting point: https://www.postgresql.org/docs/9.3/static/

VMware employee Adam Eckerle wrote an interesting three-part blog post about vPostgres and the vCSA, the links are here, one, two and three.

One of the most important parts of a DBMS is the configuration files. For vPostgres these can be found in the following folder: /storage/db/vpostgres/

If you want to interact with the vPostgres database yourself, you can start with this KB “Interacting with the vCenter Server Appliance 6.5 embedded vPostgres Database (2147285)

Note: Although this post covers vPostgres on a Windows based vCenter Server and it is fully unsupported, the idea certainly is original.

A vCenter Server, whether it be a Windows based or an appliance, is a precious item, so backup and restore is really important. If you are not sure if your backup method of the vCenter Server is supported, start reading VMware KB “Overview of Backup and Restore options in vCenter Server 6.x (2149237)”.

VMware KB “Back up and restore vCenter Server Appliance/vCenter Server 6.0 vPostgres database (2091961)” presents more information when using a not supported method.

vCenter Server Appliance version 6.5 has many new features, one of these is the built-in native file-based backup and restore. For more information and links to the Walkthroughs, see this post.

Some more reading about vPostgres, although the first post is based on the Windows version, you will find some useful information.

http://www.virtually-limitless.com/vsphere-6-0/interacting-with-the-vpostgres-database-in-vsphere-6-0/

https://nilic.github.io/2015/03/21/exploring-vcsa-embedded-postgresql-database/

Extra tools

The VCSA has two hidden gems. The first one is a tool named “VIMtop” and can best be described as ESXtop de luxe for the VCSA. VIMtop has three views; Processes, Networks and Disks.

VIMtop can be started from both shells.

Figure 2

For a deep dive, a description of all metrics and the keyboard shortcuts, see this post by William Lam.
vCSA 6.5 comes with a newer version (0.9) of this tool.

The other tool is “pgtop”, a plug-in that can be used to monitor the vPostgres database. As it’s a plug-in, you can only start pgtop from the appliance shell.

Figure 3

At first glance pgtop shows information about the vPostgres processes, similar to what you see in VIMtop. However there are a few interesting options that can be explored by pressing just a few keys, for example:

  • Toggle the “c” key to see the current commands and queries.
  • After pressing the “L” you can find out which locks are held by one of the processes.

Pressing the “h” key presents an overview of all available single-character commands.

Finally

I hope these posts were helpful to get you more comfortable with the vCSA. One final tip (as it happened to me a few times in my home lab), if you ever lose the root password and need to reset the vCSA, see this useful VMware KB “ Reset root account, Unable to log in to the root account of vCenter Server Appliance (2069041).


Getting started with the vCSA 6.x – Part 1

12/07/2017

The vCenter Server Appliance is the new vCenter Server. In the old days, we had a brand new Windows Server on which the vCenter Server was installed. The necessary database server was quite often an external MS SQL database and sometimes an internal database. In the those days, tweaking the Windows Server and the installed components was more or less a common practice, due to the familiarity with Windows.

But now the vCenter Server Appliance (vCSA) is the new and preferred standard. The vCSA comes as a virtual appliance and is ready to run within minutes compared to the old vCenter Server. Although a (virtual) appliance still means; (virtual) hardware, an operating system, middleware and applications, VMware likes to treat the vCSA as a “black box”. Like most appliances, the operating system is a Linux flavor and you can log in. After a successful log in, you will encounter the first discouragement; you are not welcomed by a Bash shell but with the default “Appliance Shell”. For more information read my post on the vCSA shells.
In this post, a brief introduction on the following topics; Appliance shell, File system and the Services.

Read the rest of this entry »


vCSA how to disable IPv6?

18/04/2017

For me it was already a common practice to disable IPv6 on ESXi hosts, but until recently I did not realize that vCenter Server can also benefit from it. For vCenter Server on Windows, you reconfigure the Windows network configuration. But how do you disable IPv6 on the vCSA?

I recently found that a vCSA 6.0 has at least three options to reconfigure the network settings. But only one option enables you to disable IPv6.

Using a web browser you can log in to the vCSA Web console by entering URL: https: //<vCSA hostname or IP address>:5480

From there go to Networking, under Networking Interfaces, choose Edit to open the “Edit IP Configuration” window. Here you can configure IPv4 and IPv6 and disable IPv4, but no option to disable IPv6.

Fig.1

Read the rest of this entry »


vCSA default shell is BASH

14/04/2017

A quick post about a little caveat while working in the vCenter Server Appliance (vCSA) shells. Yes correctly, shells in plural. The vCSA is bundled with at least two different shells:

  • Appliance Shell (default)
  • BASH shell

The “Appliance shell” is the default shell. After you log in to the vCSA, it will present the following well known screen.
Fig 1.

The appliance shell can be used for updating the vCSA, using the software-packages command and has some other use cases. From here you can enable the BASH shell as shown in the Fig 1. for the duration of your session with the following commands:

# shell.set --en -s /bin/bash root
# chsh -s /bin/bash root

You can also set the BASH shell as the default shell by performing the following command. Make sure, you first enable the BASH shell as shown above:

# chsh -s /bin/bash root

For the change to take effect, log out and log in again. Now you will directly enter the BASH shell.

But while working in the BASH shell, you need to temporarily switch to the Appliance shell?
In that case, provide the following command:

# appliancesh

That’s it. A shell is nothing more or less than an executable; the “Appliance shell” is no exception and can be found as /bin/appliancesh.

For more information, see: VMware KB “Toggling the vCenter Server Appliance 6.x default shell (2100508)


Best way to create vCSA support bundles

09/04/2017

In general, during contact with a Customer Support team, whether being a Hardware vendor (Servers, Storage) or a Software vendor, the likelihood that you will be asked to upload some log files for further investigation is significantly.

In case of VMware vSphere, you will have multiple options for collecting a support bundle; to name a few:

  • Windows vSphere Client
  • vSphere Web Client
  • PowerShell scripts

See also VMware KB “Collecting diagnostic information for VMware vCenter Server 4.x, 5.x and 6.x (1011641)” for a complete overview.

Using some of these methods is very convenient; however there is a little caveat, when the vCenter Server is a vCenter Server Appliance (vCSA) 6.x.

Under certain conditions, a vCSA might contain core dump files. When requested to create a support bundle these core dump files will be added to the support bundle, together with the log files. The issue that may arise is that the location where the support bundle will be created (partition /storage/log) has a fixed size and possibly is too small.

Is that is the case, the creation of the support bundle will halt with error “Cannot create a diagnostic bundle” and the desired support bundle will not be created.

VMware recommendation is to create and download a support bundle using the web browser. To do so enter the following URL:
https ://<VCSA Hostname or IP address>/appliance/support-bundle

Fig 1

After providing the credentials, the support-bundle (filename is: vm-support.tgz) will start downloading. The progress of the process will be shown in the browser.

Using this method, the files will be directly downloaded to your local computer, instead of being prepared on the vCSA.

As always, I thank you for reading.


Check_MK and vSphere – vCenter Server

22/08/2016

This post is the third part in a series about Check_MK and vSphere. In the second part, I showed you the options for monitoring an ESXi host without using vCenter Server. In this post we will explore the options for monitoring a vCenter Server on Windows and also the vCenter Server Appliance (VCSA).

vCenter Server Windows

For this POC we have a vCenter Server 6.0 U2 (build 3634793) on a Windows Server 2012 R2. As this is a normal Windows server, I installed the Check_MK agent for Windows and added the host to Check_MK. For the property Agent type, select “Check_MK Agent (Server)”.

2016-08-21_01Figure 1

By default the Check_MK Windows Agents presents – without further tweaking – a lot of information; CPU and Memory utilization, Disk I/O, status of the filesystems, status of the Network interfaces and many more.

Now it’s time to reveal the vSphere options. We follow the same procedure as we did for the ESXi host. In the WATO configuration go to Host & Service Parameters \ Datasource Programs and select Check state of VMware ESX via vSphere. Now create a second rule for the vCenter Server, start with providing a descriptive name.

Read the rest of this entry »


Implementing CA signed SSL certificates with vSphere 5.x – Part 3 – vCenter Server Appliance

11/03/2015

In the previous post, we highlighted the default template needed, in case of an Organizational CA, and ended with the creation of the certificates needed for the vCenter Server components.

According to our compass KB “Implementing CA signed SSL certificates with vSphere 5.x (2034833)”, the next step is to replace the vCenter Single Sign-On certificate and it points us to KB “Configuring CA signed SSL certificates for vCenter Single Sign-On in vSphere 5.5 (2058519)”.

Unfortunately, we are in trouble now, as KB 2034833 refers to the Windows vCenter Server components, with no reference to the vCenter Server Appliance. We will return to this KB later, for the vSphere Update Manager.

Luckily, KB “Configuring Certificate Authority (CA) signed certificates for vCenter Server Appliance 5.5 (2057223)” is available for the vCenter Server Appliance. In fact this KB contains all steps for setting up OpenSSL, generating certificate requests, getting and implementing certificates.

The Script

In fact, we have reached the section “Installation and configuration of the certificates for all the components”. This 40 step long section contains a lot of commands. To overcome the differences and make the installation process easier, I have created a script which can be found in this post. Copy and paste the content in a notepad and save as vcsa_certs.sh.

Read the rest of this entry »