Month: July 2013

PowerCLI function to grab WWPN’s

Leave a comment

PowerCLI function to grab WWPN’s

Why?

As speaking with our storage administrators they sometimes ask for the exact WWPN so they are sure to remove the right LUNs etc. Because it’s a few mouseclicks to find the WWPN and it’s hard to copy, I managed to get it done by a little PowerCLI function below.

Function


function Get-WWN{
<#
.SYNOPSIS
Get WWN name from ESX hosts
.DESCRIPTION
This scripts gathers the WWN portname from ESX hosts
.NOTES
Authors: Patrick Heijmann
.PARAMETER VMhosts
Specify the VMhosts To gather the ports from
.EXAMPLE
PS> get-wwn -VMhosts ESXhost001
.EXAMPLE
PS> Get-Cluster -Name *|get-vmhost|Get-WWN
.EXAMPLE
PS> Get-vmhost *|Get-WWN
#>
Param (
[Parameter(
Valuefrompipeline = $true,
ParameterSetName = "VMhosts",
Mandatory = $true,
HelpMessage = "Enter Host name")]
[String[]]$VMhosts)

process
{foreach ($vmhost in $vmhosts){Write-Host -foregroundcolor green "Server: " $vmhost
$hbas = Get-VMHostHba -vmhost $vmhost -Type FibreChannel
foreach ($hba in $hbas){$wwpn = "{0:x}" -f $hba.PortWorldWideName
Write-Host -foregroundcolor green `t "World Wide Port Name:" $wwpn}
}
}
}

VMWare 5.1 Security Hardening Guide 5.1

Leave a comment

According to the VMWare hardening guide for vSphere 5.1, I had some time to edit all the templates with the desired settings.
http://www.vmware.com/files/xls/hardeningguide-vsphere5-1-ga-release-public.xlsx

I created a list of VM’s which will be edited in D:\template.txt, with a simple loop all the settings will be applied.


foreach ($VM in gc D:\template.txt){
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.copy.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.dnd.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.setGUIOptions.enable" -value $false -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.paste.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.diskShrink.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.diskWiper.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.hgfsServerSet.disable" -value $true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "vmci0.unrestricted" -value $false -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.autologon.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.bios.bbs.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.getCreds.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.launchmenu.change" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.memSchedFakeSampleStats.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.protocolhandler.info.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.ghi.host.shellAction.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.dispTopoRequest.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.trashFolderState.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.ghi.trayicon.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unityInterlockOperation.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.taskbar.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unityActive.disable" -value $True -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.windowContents.disable" -value $True -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.unity.push.update.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.vmxDnDVersionGet.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.guestDnDVersionSet.disable" -value $true -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "RemoteDisplay.maxConnections" -value 2 -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "log.keepOld" -value "10" -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "log.rotateSize" -value "100000" -Force:$true -confirm:$false
Get-VM $VM | New-AdvancedSetting -Name "tools.setInfo.sizeLimit" -value 1048576 -Force:$true -confirm:$false
}

07-04-2014 Removed:

Get-VM $VM | New-AdvancedSetting -Name "isolation.tools.autoInstall.disable" -value $true -confirm:$false

This setting disabled “VMware tools installation from the vCenter console”. It still was possible to do it manually, but not anymore by right clicking  “Upgrade VMware tools”

 

Convert Linux KVM machines to VMware ESXi5.x

2 comments

We are preparing a migration from some KVM VM’s to our ESXi5.1 farm. We came up with the procedure below to be the fastest and most reliable way to convert these VM’s. Somehow VMware converter didn’t work properly with the linux disk formats or something.

1 Preparations

1.1 Preparing the ESX Host

1.1.1 Create a local user account to be used by the Linux administrators

– Log in directly on the ESX host which will be used as a port to connect to the datastore.
– Select “Local Users and groups”
– Rightclick and choose  “add new user” – Create a new user; for example “User = Linux”

1.1.2 Permissions

– Go to the tab “Permissions”
– Select the right user and add it to the group “Administrator”

1.1.3 Connect storage

– Configure some datastore which will be used to upload the Linux disks to and to be used to connect to the VM

1.1.4 Enable SSH

– Enable SSH so your Linux administrators can access it directly and upload the the correct datastore

1.1.5 Locate VMFS location

-Connect to the ESX host trough SSH (you could use the ‘linux’ user to test if this works)
– Use  ls –l  /vmfs/volumes to see your datastores. For example you see :
ECA12331_M1_001 -> 51837959-2748d5fb-9914-001cc4dfb348
The path which will be used by your Linux adminstrators for uploading will be:
/vmfs/volumes/51837959-2748d5fb-9914-001cc4dfb348/<VM Name>

1.2 VM Preparations

– Create a VM on the correct datastore using a previously build Linux Template and the right specifications (CPU/Memory/NICS)
– When creating this VM, a folder will be created on the datastore according to the VM name like the example below.

~ # ls -l /vmfs/volumes/51837959-2748d5fb-9914-001cc4dfb348
drwxr-xr-x    1 root     root           560 May  3 08:57 ISO for Xenapp6
drwxr-xr-x    1 root     root          3080 Jun 23 10:26 VM262

2 Implementation

2.1 Finding/converting Linux Disks

Check RHEV manager to locate the host which is running your VM. Log in to that host.

ps -ef | grep <VM>

This will return a long line

-drive file=/rhev/data-center/2c4c4629-df2c-46f5-9ea7-72279d5f97b1/46e85862-1f1d-4adc-9e21-d3ad2831e212/images/dd8b57b7-efb5-4c3e-8562-418fb6ed63fc/fa524f99-6567-40aa-ba78-b88be26793bb

These are the disks mounted to the VM, if a VM has more disks, more entries will be shown. The last part of the line contains the LV, this can be checked on the Linux machine

[root@lin ~]# lvs | grep fa524f99-6567-40aa-ba78-b88be26793bb fa524f99-6567-40aa-ba78-b88be26793bb 46e85862-1f1d-4adc-9e21-d3ad2831e212 -wi-ao--- 15.00g

This contains a 15.00G disk (rootvg), because the VM is still running this logical volume is in use (-wi-ao—).To be sure we have the correct VM we will change the state of the LV when the VM is powered off.

[root@lin~]# lvs | grep fa524f99-6567-40aa-ba78-b88be26793bb fa524f99-6567-40aa-ba78-b88be26793bb 46e85862-1f1d-4adc-9e21-d3ad2831e212 -wi------ 15.00g

This LV isn’t active anymore and can be converted, make sure to check if there is enough space available.

Manually activate the logical volume:

lvchange -ay /dev/a8f28fa5-28ca-40af-a841-50ad69f37594/17ee3415-1d68-44fa-ae5a-4e92b08c1700

Then start the conversion, we used QEMU-IMG for this

qemu-img convert -f raw -O vmdk -o compat6 /rhev/data-center/2c4c4629-df2c-46f5-9ea7-72279d5f97b1/a8f28fa5-28ca-40af-a841-50ad69f37594/images/2c6ce7e2-ae16-49b3-9785-028c23158a39/17ee3415-1d68-44fa-ae5a-4e92b08c1700 /var/lib/libvirt/qemu/<VM>_rootvg.vmdk

After the conversion the Logical volume needs to be set to inactive using the command below:

lvchange -an /dev/a8f28fa5-28ca-40af-a841-50ad69f37594/17ee3415-1d68-44fa-ae5a-4e92b08c1700

2.2 Upload Linux disk to datastore

Upload the newly created VMDK using SCP

scp <VM>_rootvg.vmdk your_username@remotehost.esx:/vmfs/volumes/51837959-2748d5fb-9914-001cc4dfb348/<VM Name>

2.3 Connect VM to VMDK

– Go to “edit settings” at the VM
– Choose “add” -> “Hard Disk” -> “Use an existing virtual disk” -> “Browse”
Now browse to the datastore where the VMDK’s are uploaded and select the right disk to connect it to the VM. Repeat this for all the disks you want to add.

2.4 Power on the  VM

Check if the VM powers on fine and starts.
If you receive disk errors, it’s possible something didn’t go right with the disks, probably a wrong format. You could use the command below (directly on the ESXi host) to inflate the disk to a proper ESXi format.

vmkfstools -i originaldisk.vmdk -d zeroedthick targetdisk.vmdk

I noticed that the disks I added are in  a 2GB Sparse format, so a disk will be little chunks of 2 GB you can use the command above or a storage vMotion to make it to a single disk file.

2.5 vMotion to the right destination

You also can use a storage vMotion to let VMware inflate the disk