Last week I purchased ProfessionalVMware.com. Over the next week or two, we'll be installing WordPress and getting the content migrated over. See you at the new diggs.
Sunday, November 23, 2008
Wednesday, November 19, 2008
Those esxcfg- commands.
Found a great resource explaining quite a few of the esxcfg-* commands, what they are and their use. They're copied here for future reference.
NOTE: These will work from the rcli, SSH to the service console, or via VIMA. I've not tested these on ESXi (as the Service Console is 'unsupported')
To get a feel for what commands are available, log on to the console (or via ssh if you like), and type
esxcfg-[TAB][TAB].
[root@vi3host root]# esxcfg-
esxcfg-advcfg esxcfg-firewall esxcfg-module esxcfg-pciid esxcfg-swiscsi esxcfg-vswif
esxcfg-auth esxcfg-info esxcfg-mpath esxcfg-rescan esxcfg-upgrade esxcfg-vswitch
esxcfg-boot esxcfg-init esxcfg-nas esxcfg-resgrp esxcfg-vmhbadevs
esxcfg-dumppart esxcfg-linuxnet esxcfg-nics esxcfg-route esxcfg-vmknic
esxcfg-advcfg
From the man page "…provides an interface to query and modify the advanced options of the VMkernel. These options control a wide variety of different areas in the VMkernel including storage, resource, and networking global settings."
Use esxcfg-info -o (discussed below) to output the advanced parameters to a file for further investigation.
Here are some examples:
[root@vi3host root]# esxcfg-advcfg -g /VMFS3/ZeroedThickVirtualDisks
Value of ZeroedThickVirtualDisks is 1
[root@vi3host root]# esxcfg-advcfg -g /Disk/SupportSparseLUN
Value of SupportSparseLUN is 1
[root@vi3host root]# esxcfg-advcfg -g /Disk/MaxLUN
Value of MaxLUN is 256
[root@vi3host root]# esxcfg-advcfg -g /Scsi/ConflictRetries
Value of ConflictRetries is 80
[root@vi3host root]# esxcfg-advcfg -g /LVM/EnableResignature
Value of EnableResignature is 0
[root@vi3host root]# esxcfg-advcfg -g /Net/NotifySwitch
Value of NotifySwitch is 1
So what can you configure? Read through the output of esxcfg-info -o and look at how the values are listed.
esxcfg-auth
From the man page "…provides an easy way to configure your server to allow network based authentication as well as password complexity settings for your machine. It supports setting up your system to do authentication against an Active Directory Server, but not user management, as well as authentication against a NIS server, a Kerberos server, or an LDAP server. You can configure the way that passwords are stored and the complexity of the password when a user sets a new password.
This utility is experimental. It is likely to change."
So let's do something with it and update vmware-authd as well.
esxcfg-auth -enablead -addomain=domain.net -addc=adserver.domain.net -krb5realm=domain.net -krb5kdc=adserver.domain.net -krb5adminserver=adserver.domain.net
esxcfg-auth -passmaxdays=0
Update vmware-authd to allow AD logon
echo "#%PAM-1.0″ > /etc/pam.d/vmware-authd
echo "# Built by script" >> /etc/pam.d/vmware-authd
echo "auth sufficient /lib/security/pam_unix_auth.so shadow nullok" >> /etc/pam.d/vmware-authd
echo "auth required /lib/security/pam_krb5.so use_first_pass" >> /etc/pam.d/vmware-authd
echo "auth sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd
echo "account required /lib/security/pam_unix_acct.so" >> /etc/pam.d/vmware-authd
echo "account sufficient /lib/security/pam_ldap.so" >> /etc/pam.d/vmware-authd
echo "vmware-authd updated"
esxcfg-boot
esxcfg-boot -h -help
-q -query boot|vmkmod
-p -update-pci
-b -update-boot
-d -rootdev UUID=<uuid>
-a -kernelappend <kernel append>
-r -refresh-initrd
-g -regenerate-grub
Queries cannot be combined with each other or other options.
Passing -p or -d enables -b even if it is not passed explicitly.
-b implies -g plus a new initrd creation.
-b and -r are incompatible, but -g and -r can be combined.
esxcfg-dumppart
From the man page "…provides an interface to query, set, and scan for diagnostic partitions on an ESX Server. That is, it can be used to configure or list the VMkernel crash dump partition."
[root@vi3host root]# esxcfg-dumppart -l
VM Kernel Name Console Name Is Active Is Configured
vmhba0:0:0:10 /dev/sda10 yes yes
[root@vi3host root]# esxcfg-dumppart -f
Partition number 10 on vml.0000000000766d686261303a303a30 -> vmhba0:0:0:10 -> /dev/sda10
esxcfg-firewall
esxcfg-firewall "…provides an interface to query and modify the service console firewall settings."
For example, if you want to open all of the ports on your firewall, issue the following commands:
esxcfg-firewall -allowIncoming
esxcfg-firewall -allowOutgoing
You might then want to re-enable the firewall, by doing the following:
esxcfg-firewall -blockIncoming
esxcfg-firewall -blockOutgoing
Rules are no fun without exceptions, so here's how to add them to your ruleset. ESX comes with a number of pre-canned exceptions that can be added by name. Some examples are below:
esxcfg-firewall -enableService snmpd
esxcfg-firewall -enableService ntpClient
These are the services you can enable by name:
nfsClient
ftpServer
ntpClient
dellom
nisClient
vncServer
tmpLicenseClient
swISCSIClient
CIMHttpsServer
sshClient
snmpd
tmpAAMClient
vpxHeartbeats
smbClient
hpim
tmpHostVmdbServer
tmpHostdSOAPServer
ftpClient
sshServer
ibmdirector
CIMHttpServer
telnetClient
If, however, you want to do something non-standard (in this case for IBM Director), do this:
esxcfg-firewall -openPort 14247,tcp,out,IBMDirector
esxcfg-firewall -openPort 14247,tcp,in,IBMDirector
esxcfg-firewall -openPort 14247,udp,in,IBMDirector
esxcfg-firewall -openPort 14247,udp,out,IBMDirector
esxcfg-firewall -openPort 14248,tcp,out,IBMDirector
esxcfg-firewall -openPort 14248,tcp,in,IBMDirector
Once you've made your changes, restart the firewall service:
service firewall restart
esxcfg-info
From the man page "…provides a view of the internal state of the VMkernel and Service Console components. This tool is designed to provide information used in debugging and troubleshooting VMware ESX Servers."
I suggest you pipe these to a text file, as the output is substantial, and takes an age to scroll through on my terminal.
Usage: esxcfg-info mode
-a, -all Print all information
-w, -hardware Print hardware information
-r, -resource Print resource information
-s, -storage Print storage information
-n, -network Print network information
-y, -system Print system information
-o, -advopt Print advanced options
-h, -help Print this message.
[root@vi3host root]# esxcfg-info -a >esxcfg-info.output
[root@vi3host root]# less esxcfg-info.output
esxcfg-init
From the man page "…is used to initialize pci device names and advanced configuration options for the VMkernel on system boot
and is NOT intended for use outside of initialization scripts."
esxcfg-linuxnet
esxcfg-linuxnet -setup
-remove
-h -help
The -setup option cannot be combined with the -remove option.
Used to replicate the IP parameters assigned to vswif0 to eth0 in Linux troubleshooting mode
esxcfg-module
From the man page "…provides an interface into the driver modules loaded on system startup and allows modules to be disabled or added."
Example usage:
[root@vi3host root]# esxcfg-module -l
Device Driver Modules
Module Type Enabled Loaded
vmkapimod vmkapimod true true
vmklinux linux true true
bnx2 nic true true
aacraid_esx30 scsi true true
[root@vi3host root]# esxcfg-module -q
vmkapimod vmkapimod
vmklinux linux
bnx2 nic
aacraid_esx30 scsi
esxcfg-mpath
esxcfg-mpath configures multipath settings for Fibre Channel or iSCSI LUNs.
This is useful to check your zoning on large SAN implementations.
[root@vi3host root]# esxcfg-mpath -l
Disk vmhba0:0:0 /dev/sda (139900MB) has 1 paths and policy of Fixed
Local 4:0.0 vmhba0:0:0 On active preferred
Disk vmhba1:0:1 /dev/sdb (307200MB) has 2 paths and policy of Most Recently Used
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:1 On active preferred
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:1 Standby
Disk vmhba1:0:2 /dev/sdd (307200MB) has 2 paths and policy of Most Recently Used
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:2 Standby preferred
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:2 On active
Disk vmhba1:0:3 /dev/sde (307200MB) has 2 paths and policy of Most Recently Used
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:3 On active preferred
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:3 Standby
Disk vmhba1:0:4 /dev/sdg (204800MB) has 2 paths and policy of Most Recently Used
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:4 Standby preferred
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:4 On active
Disk vmhba1:0:5 /dev/sdh (204800MB) has 2 paths and policy of Most Recently Used
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:5 On active preferred
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:5 Standby
Disk vmhba1:0:6 /dev/sdi (25600MB) has 2 paths and policy of Most Recently Used
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:6 Standby preferred
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:6 On active
Disk vmhba1:0:7 /dev/sdj (25600MB) has 2 paths and policy of Most Recently Used
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:7 On active preferred
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:7 Standby
Disk vmhba1:0:8 /dev/sdl (691200MB) has 2 paths and policy of Most Recently Used
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:8 On active preferred
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:8 Standby
Disk vmhba1:0:31 /dev/sdf (20MB) has 1 paths and policy of Fixed
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:31 On active preferred
Disk vmhba1:0:10 /dev/sdc (691200MB) has 2 paths and policy of Most Recently Used
FC 28:0.0 210000e08b9d2a7a<->200400a0b829871d vmhba1:0:10 On active preferred
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:10 Standby
Disk vmhba2:0:31 /dev/sdk (20MB) has 1 paths and policy of Fixed
FC 28:0.1 210100e08bbd2a7a<->200500a0b829871e vmhba2:0:31 On active preferred
esxcfg-nas
esxcfg-nas provides an interface to manipulate NAS file systems on an ESX Server.
esxcfg-nas <options> [<label>]
-a|-add Add a new NAS filesystem to /vmfs volumes.
Requires -host and -share options.
-o|-host <host> Set the host name or ip address for a NAS mount.
-s|-share <share> Set the name of the NAS share on the remote system.
-d|-delete Unmount and delete a filesystem.
-l|-list List the currently mounted NAS file systems.
-r|-restore Restore all NAS mounts from the configuration file.
(FOR INTERNAL USE ONLY).
-h|-help Show this message.
For example, if you want to connect to a NAS
[root@vi3host root]# esxcfg-nas -a -o 100.100.100.253 -s /Test NFS02
esxcfg-nics
From the man page "…provides information about the Physical NICs in use by the VMkernel. This will print the VMkernel name for the NIC, its PCI ID, Driver, Link state, Speed, Duplex, and a shore PCI description of the card. It also allows users to set speed and duplex settings for a specific NIC."
[root@vi3host root]# esxcfg-nics
esxcfg-nics <options> [nic]
-s|-speed <speed> Set the speed of this NIC to one of 10/100/1000/10000.
Requires a NIC parameter.
-d|-duplex <duplex> Set the duplex of this NIC to one of 'full' or 'half'.
Requires a NIC parameter.
-a|-auto Set speed and duplexity automatically. Requires a NIC parameter.
-l|-list Print the list of NICs and their settings.
-r|-restore Restore the nics configured speed/duplex settings (INTERNAL ONLY)
-h|-help Display this message.
[root@vi3host root]# esxcfg-nics -l
Name PCI Driver Link Speed Duplex Description
vmnic0 03:00.00 bnx2 Up 1000Mbps Full Broadcom Corporation Broadcom NetXtreme II BCM5708 1000Base-T
vmnic1 06:00.00 bnx2 Up 1000Mbps Full Broadcom Corporation Broadcom NetXtreme II BCM5708 1000Base-T
vmnic2 08:03.00 tg3 Up 1000Mbps Full Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet
vmnic3 08:03.01 tg3 Up 1000Mbps Full Broadcom Corporation NetXtreme BCM5704 Gigabit Ethernet
esxcfg-pciid
esxcfg-rescan
esxcfg-rescan <vmkernel SCSI adapter name>
[root@vi3host root]# esxcfg-rescan vmhba0
Rescanning vmhba0…done.
On scsi0, removing: 0:0.
On scsi0, adding: 0:0.
[root@vi3host root]# esxcfg-rescan vmhba1
Rescanning vmhba1…done.
On scsi1, removing: 0:1 0:10 0:2 0:3 0:31 0:4 0:5 0:6 0:7 0:8.
On scsi1, adding: 0:1 0:10 0:2 0:3 0:31 0:4 0:5 0:6 0:7 0:8.
[root@vi3host root]# esxcfg-rescan vmhba2
Rescanning vmhba2…done.
On scsi2, removing: 0:31.
On scsi2, adding: 0:31.
[root@vi3host root]#
esxcfg-resgrp
From the man page "…provides an interface to manipulate resource group hierarchy.
Usage: esxcfg-resgrp [options] [resgrp path]
-a, -add rgname Add a new group under the path
-d, -delete Delete the resource group
-l, -list List all the resource groups
Or stats about a specific resource group
-restore Restore all resource groups from configuration
file (FOR INTERNAL USE ONLY).
-h, -help Show this message
esxcfg-route
From the man page "…provides an interface to manipulate VMkernel IP stack's default route entry."
esxcfg-route <options> [<network> [<netmask] <gateway>]
<network> can be specified in 2 ways:
* As a single argument in <Network>/<Mask> format
* Or as a <Network> <Netmask> pair.
<gateway> is either an IP address or 'default'
-a|-add Add route, to the VMkernel,
requires network address (or default)
and gateway IP address
-d|-del Delete route from VMkernel.
Requires network address (or "default")
-l|-list List configured routes for the service console
-r|-restore Restore route setting to configured values
on system start. (INTERNAL USE ONLY)
-h|-help Show this message.
[root@vi3host root]# esxcfg-route -l
VM Kernel Routes:
Network Netmask Gateway
192.168.100.0 255.255.255.0 Local Subnet
default 0.0.0.0 Local Subnet
esxcfg-swiscsi
From the man page "…provides an interface to configure Software iSCSI. if no arguments are given, esxcfg-swiscsi displays the help message."
Usage: esxcfg-swiscsi options
-e, -enable Enable sw iscsi
-d, -disable Disable sw iscsi
-q, -query Check if sw iscsi is on/off
-s, -scan Scan for disk available through sw iscsi interface
-k, -kill Try to forcibly remove iscsi sw stack
-r, -restore Restore sw iscsi configuration from file
(FOR INTERNAL USE ONLY)
-h, -help Show this message
[root@vi3host root]# esxcfg-swiscsi -q
Software iSCSI is enabled
[root@vi3host root]# vmkiscsi-tool -h
vmkiscsi-tool -h -help
-R -discoveryStatus : Print discovery status.
-D -discovery
-S -static: Static Discovery Targets
-A -Authentication
-T -Target
-L -Lun
-P -Phba
-N -Network: network properties
-p -Pnp: Physical Network Portal properties
-t -ipv4AddrType
-i -ipv4Address
-d -dnsserver
-g -gateway
-s -subnetmask
-I -iSCSIname
-k -Alias
-e -ethernet: Link Status
-c -ipconfig: enable/disable DHCP, ARP redirect
-X -Reset
Subcommands
-l -list
-r -remove
-a -add
-m -authMethod : specify method for add/remove
-f -flag: set a discovery or authentication flag
adapterName
Combine -l with an option to display the current information.
[root@vi3host root]# vmkiscsi-tool vmhba40 -P -l
=========PHBA Properties for Adapter vmhba40=========
VENDOR : VMware
MODEL : VMware-Isoft
DESCRIPTION : VMware Software Initiator
SERIAL NUMBER :
=========Node Properties for Adapter vmhba40=========
NODE NAME VALID : 1
NODE NAME : iqn.1998-01.com.vmware:vi3host-3fc07e31
NODE ALIAS VALID : 1
NODE ALIAS : vi3host.network.internal
NODE NAME AND ALIAS SETTABLE: 1
So if you combine this command, vmkiscsi-tool and esxcfg-rescan, you can automate iscsi setup in scripted installs (useful when combined with UDA).
Set-up iSCSI Software Emulator and Force a Rescan of vmhba40
esxcfg-swiscsi -e
vmkiscsi-tool -D -a 192.168.100.139 vmhba40
esxcfg-swiscsi -s
esxcfg-rescan vmhba40
esxcfg-upgrade
esxcfg-upgrade -h -help
-g -convert-grub
-f -convert-fstab
-r -upgrade-pre-vmkernel
-o -upgrade-post-vmkernel
The -g option may only be used with the -r option.
esxcfg-vmhbadevs
From the man page "…provides information about the LUNs available on the ESX Server. By default, the command will print a mapping of vmhbaX:X:X names to console /dev/ names."
This is useful when you want to set VMFS filesystem alignment on EMC CLARiiON arrays but don't know what LUNs are mapped to what devices in fdisk.
esxcfg-vmhbadevs
esxcfg-vmhbadevs <options>
Print the mappings between vmhba names and /dev names
-m|-vmfs Print mappings for VMFS volumes to their
Service Console partitions and vmhba names.
-q|-query Print mapping in 2.5 compatibility mode to mimic
vmkpcidivy -q vmhba_devs.
-h|-help Show this message.
[root@vi3host root]# esxcfg-vmhbadevs -m
vmhba0:0:0:2 /dev/sda2 4667158e-899da7f8-ae73-00145eccccba
vmhba40:1:0:1 /dev/sdd1 4692c9ad-1a501875-f252-00145eccccba
vmhba40:0:0:1 /dev/sdb1 4692c987-14967ce4-a9a1-00145eccccba
[root@vi3host root]# esxcfg-vmhbadevs -q
vmhba0:0:0 /dev/sda
vmhba1:0:1 /dev/sdb
vmhba1:0:2 /dev/sdd
vmhba1:0:3 /dev/sde
vmhba1:0:4 /dev/sdg
vmhba1:0:5 /dev/sdh
vmhba1:0:6 /dev/sdi
vmhba1:0:7 /dev/sdj
vmhba1:0:8 /dev/sdl
vmhba1:0:31 /dev/sdf
vmhba1:0:10 /dev/sdc
vmhba2:0:31 /dev/sdk
esxcfg-vmknic
From the man page "…provides an interface to configure VMkernel NIC. if no arguments are given, esxcfg-vmknic displays the help message. The Portgroup option specifies the portgroup to which the VMkernel NIC is associated."
esxcfg-vmknic <options> [[<portgroup>]]
-a|-add Add a VMkernel NIC to the system,
requires IP parameters and portgroup name.
-d|-del Delete VMkernel NIC on given portgroup.
-e|-enable Enable the given NIC if disabled.
-D|-disable Disable the given NIC if enabled.
-l|-list List VMkernel NICs.
-i|-ip <X.X.X.X> The IP address for this VMkernel NIC.
Setting an IP address requires that the
-netmask option be given in same command.
-n|-netmask <X.X.X.X> The IP netmask for this VMkernel NIC.
Setting the IP netmask requires that the -ip
option be given in the same command.
-r|-restore Restore VMkernel TCP/IP interfaces from
Configuration file (FOR INTERNAL USE ONLY).
-h|-help Show this message.
[root@vi3host root]# esxcfg-vmknic -l
Port Group IP Address Netmask Broadcast MAC Address MTU Enabled
VMOTION 10.0.0.2 255.0.0.0 10.255.255.255 00:50:56:61:d8:2b 1514 true
esxcfg-vswif
From the man page "…provides an interface to configure Service Console NIC. if no arguments are given, esxcfg-vswif displays the help message. VSWIF is the name of the interface. This should begin with 'vswif' followed by a unit number, for example 'vswif0' for the first Service Console interface."
esxcfg-vswitch
From the man page "…provides an interface for adding, removing, and modifying virtual switches and their settings. By default, there is a single virtual switch called vSwitch0."
Sample DEV network configuration script
# !/bin/bash
# Tear down and rebuild network
# Remove current config
echo "Removing current network configuration"
/usr/sbin/esxcfg-vswitch -U vmnic0 vSwitch0
/usr/sbin/esxcfg-vswitch -U vmnic1 vSwitch0
/usr/sbin/esxcfg-vswif -d vswif0
/usr/sbin/esxcfg-vswitch -d vSwitch0
service mgmt-vmware restart
# Recreate SC
echo "Reconfiguring Service Console NIC"
cp /etc/vmware/esx.conf /tmp/esx.conf.bak
/usr/sbin/esxcfg-vswitch -a vSwitch0
/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic0
/usr/sbin/esxcfg-vswitch vSwitch0 -L vmnic1
/usr/sbin/esxcfg-vswitch vSwitch0 -A "Service Console" -p "Service Console"
/usr/sbin/esxcfg-vswif -a vswif0 -p "Service Console" -i 192.168.100.7 -n 255.255.255.0
route add default gw 192.168.100.253
# echo "GATEWAY=192.168.100.253″ >> /etc/sysconfig/network
echo "Service Console configured"
# Create VM Network
echo "Configuring VM Network"
/usr/sbin/esxcfg-vswitch vSwitch0 -A VMnetwork -p VMnetwork
echo "VM network configured"
# Setup VMotion
echo "Setting up VMotion"
/usr/sbin/esxcfg-vswitch vSwitch0 -A VMotion
/usr/sbin/esxcfg-vmknic -a VMotion -i 10.0.0.3 -n 255.255.255.0
/usr/sbin/esxcfg-route 10.0.0.3
echo "Activating vMotion"
service mgmt-vmware restart
sleep 20
vimsh -n -e "/hostsvc/vmotion/vnic_set portgroup4″
echo "VMotion configured"
# Create internal-only vswitch
echo "Configuring Private Network"
/usr/sbin/esxcfg-vswitch -a vSwitch1
/usr/sbin/esxcfg-vswitch vSwitch1 -A Internal -p Internal
echo "Private network configured"
# Setup iSCSI Network
echo "Configuring iSCSI Network"
esxcfg-vswitch -A iSCSI vSwitch0
esxcfg-vmknic -a iSCSI -i 192.168.200.100 -n 255.255.255.0
esxcfg-vswitch -A iSCSI-COS vSwitch3
esxcfg-vswif -a vswif1 -p iSCSI-COS -i 192.168.200.101 -n 255.255.255.0
Technorati : esx, esx cli config, esxcfg, esxi, rcli, service console, vima
Del.icio.us : esx, esx cli config, esxcfg, esxi, rcli, service console, vima
Zooomr : esx, esx cli config, esxcfg, esxi, rcli, service console, vima
Flickr : esx, esx cli config, esxcfg, esxi, rcli, service console, vima
Tuesday, November 18, 2008
VMware Security Updates
Today, at some ungodly hour of the morning, VMware updated two security announcements:
VMSA-2008-0017.1 - Was updated to change some CVE numbers
VMSA-2008-0016.2 - Was updated to include information about update 3
As last time you can get all security advisories from VMware's site: http://www.vmware.com/security/advisories/
Technorati : ESX, ESXi, Security, VMware, VMware Security
Del.icio.us : ESX, ESXi, Security, VMware, VMware Security
Zooomr : ESX, ESXi, Security, VMware, VMware Security
Flickr : ESX, ESXi, Security, VMware, VMware Security
Monday, November 17, 2008
Common system management issues in VMware Infrastructure
This is actually a nice VMware common support issue matrix put together by VMwarewolf. Click the link or the picture, extract the zip, open the resulting html in your browser, and go!
Technorati : esx, support, support matrix, vi3, vmware
Del.icio.us : esx, support, support matrix, vi3, vmware
Zooomr : esx, support, support matrix, vi3, vmware
Flickr : esx, support, support matrix, vi3, vmware
Update Manager – Changing Default Patch Location
If like me you accepted most of the defaults the first go around when installing VMware's Update Manager, you may have found yourself in a situation where there is not enough disk space to contain all of the files. Should this happen, and you need to change the location, you can edit the settings XML file:
"C:\Program Files\VMware\Infrastructure\Update Manager\vci-integrity.xml"
There are two locations you need to edit, <patchstore> and <path> under <docRootHostUpdates>.
Here is an example:
After changing these and restarting the Update Manager service you should be in good shape. NOTE: You may want to copy all of the files from the old location to the new one.
Source: gabesvirtualworld.com
Technorati : ESX 3.5, Update Manager, VMware
Del.icio.us : ESX 3.5, Update Manager, VMware
Zooomr : ESX 3.5, Update Manager, VMware
Flickr : ESX 3.5, Update Manager, VMware
Context Switched Page Faults
I didn't know this until today, but according to KB 1687 both soft and hard page faults will cause a context switch into the virtualization layer, which in turn causes additional overhead. This was clued in by a VMware engineer looking over a case of horrid performance that we've been encountering.
Hard page faults involve disk I/O and impact performance. Soft page faults also impact performance, but may not result in heavy performance loss in a physical environment. VMware software does not cause the guest operating system running in the virtual machine to see additional page faults, but VMware software must virtualize the page faults that originate from within the virtual machine. Both soft and hard page faults in a virtual machine cause a context switch into the virtualization layer and some additional processing to virtualize memory management data structures. As on native hardware, hard page faults in a virtual machine also require disk I/O to the page file. For best performance, avoid page faults whenever possible. You can investigate if your Windows application is generating page faults by using the Performance Monitor console (perfmon), which shows you the cumulative number of page faults on the system. Generally, if the rate of paging is slow, then the application is generating hard page faults. You can investigate the paging rate by monitoring the "page faults per second" counter.
So what do I mean by virtualization layer, and why is that actually a bad thing? VMware ESX will natively schedule user mode processes directly onto the processor in Ring 3. Context switching, at least in our limited case, means when the Guest OS of the virtual machine needs to go from running a user mode process to running a kernel mode process. The VM thinks it is executing this directly on Ring0, however, VMware ESX 3.5 does not yet utilize the virtualized Ring 0 provided by AMD & Intel's Hardware virtualization. Instead, it must thunk the process from user mode on the process and into the vmkernel, and virtualize the Ring 0 execution of the process.
So why is this bad? Because you are no longer running native on the processor, you are running virtualized within the vmkernel, which has more overhead and a higher performance penalty. Doing this on occasion is not bad, but when it is happening in the tens of thousands of times per second… it can really slow things to a crawl.
Not too bad.
Umm... WOW!
Technorati : Context Switching, Page Faults, VMware, Virtualization Layer
Del.icio.us : Context Switching, Page Faults, VMware, Virtualization Layer
Zooomr : Context Switching, Page Faults, VMware, Virtualization Layer
Flickr : Context Switching, Page Faults, VMware, Virtualization Layer
VMware VI Network Communications & Port Usage Diagram
After much exploring, I've found a nice little PDF that describes the communication flow, and IP port use. This is brought to you by the Virtualization Evangelist