Virtualization, Cloud, Infrastructure and all that stuff in-between

Dates for your diary for our future events, keep an eye on http://vmug.com/london for details of the agenda – Also feel free to join our LinkedIn group or follow our London VMUG Twitter feed and UKVMUG Feed to be kept up to date, we will post/tweet when the agenda and registration link is live as well as any logistical info.
2016

23 June at TechUK in London – followed by Luxury vBeers at a brewery
November 17th National Motorcycle Museum for the national UKVMUG

2017

19 January TechUK, London
6 April TechUK, London
22 June at TechUK, London
#UKVMUG 16th November at the National Motorcycle Museum, Solihull (Near Birmingham)

We (the committee) pride ourselves on promoting community content, we’re all about the U in VMUG – if you have an idea for a session at one of these events – you can use our handy call for papers form

Look forward to seeing you at a future meeting

I’m a DOS/Windows old-timer, but have been using a Mac for a number of years.. I find the OS X terminal (which is the *NIX bash shell) very flexible, but needs some tweaks to help me with my embedded DOS muscle memory – this is probably very basic and old-hat for *NIX types, but it’s here for my reference as I keep forgetting when I move to a new Mac.

If you look in your home dir “cd ~” you need to create (or edit, if it already exists) the “.bash_profile” file – you can do this with TextEdit, or use nano (“nano .bash_profile”)

Paste in the following contents

———–

export CLICOLOR=1
export LSCOLORS=GxFxCxDxBxegedabagaced
alias dir=”ls -ahl”

———–

Save the file (CTRL-X, yes, enter) in nano

then type “source .bash_profile” to load the changes (or start a new terminal session)

You now have a more DOS-like prompt with the full path in it, colour coding for different types of files and a “dir” command which shows the contents of the current directory by aliasing the “ls” command and adding some parameters to show it list-like.

Some really helpful references here http://natelandau.com/my-mac-osx-bash_profile/

Also – in terminal, terminal->preferences/profiles and you can set the “pro” profile as default by hitting the “default” button at the bottom of the pick list – also remember to check “Antialias Text” for sharper text.

If you have a cluster where maybe there are some hosts with spared out RAM due to a fault or a non-standard amount of RAM you can quickly find them with this command

get-vmhost | where {$_.MemoryTotalGB -lt THE_AMOUNT_YOU_EXPECT}

For example; to find all hosts with less than 512GB of RAM

get-vmhost | where {$_.MemoryTotalGB -lt 512}

“-lt” is “less than” which is slightly less intuitive than the usual < <= operators you'd use in other languages – but handy reference here http://ss64.com/ps/syntax-compare.html

As I go deeper with PowerShell (POSH) I like convenient things like the $_. syntax – makes it dead simple to come up with useful one-liners like this.

I found recently that despite the KB article saying no reboot is required that my ESX hosts would not authenticate AD users unless they were rebooted.

to work around this you can use the following PowerShell code to restart the relevant services without rebooting.

Get-VMHost $esx | Get-VMHostService | where {$_.Key -eq “lwiod”} | Restart-VMHostService -Confirm:$false
        Get-VMHost $esx | Get-VMHostService | where {$_.Key -eq “netlogond”} | Restart-VMHostService -Confirm:$false
        Get-VMHost $esx | Get-VMHostService | where {$_.Key -eq “lsassd”} | Restart-VMHostService -Confirm:$false
        Get-VMHost $esx | Get-VMHostService | where {$_.Key -eq “lbtd”} | Restart-VMHostService -Confirm:$false

Feel free to reuse the whole script, but do so at your own risk. (Download file (rename to .ps1)

# http://vinf.net Simon Gallagher (@vinf_net)
# Script to join all ESX hosts in a vCenter to the domain, adding a specific group into a vSphere advanced setting to add the YOUR_AD_GROUP group to the local ESX admins group on the ESX host

#Version 1.0

function ESXDomainJoin ([STRING]$doVC)
{
connect-viserver $doVC -credential $vCenterAcct
#connect to vCenter using the credentials we stored earlier

$esxHosts = get-VMHost #list all the hosts in this vCenter, then do something with them

    foreach ($esx in $esxHosts) {

        Write-Host “Doing domain join on $esx” -ForegroundColor Green
        $esxParam = “Config.HostAgent.plugins.hostsvc.esxAdminsGroup” # the advanced setting we want to change to the AD group
        $esxValue = “YOUR_AD_GROUP” #the name of the group we want to add to the setting
        Get-VMHost $esx | Get-AdvancedSetting -Name $esxParam | Set-AdvancedSetting -value $esxValue -Confirm:$false #-WhatIf # set it and don’t ask 1st
        #set DNS domain name (required for domain join)
        Get-VMHostNetwork -VMHost $esx  | Set-VMHostNetwork -DomainName your.domain.com  #-WhatIf
        #join domain using build account
        Get-VMHostAuthentication -VMHost $esx | Set-VMHostAuthentication -domain your.domain.com -user $buildAcct.getNetworkCredential().Username     -password $buildAcct.getNetworkCredential().Password -JoinDomain -Confirm:$false  #-WhatIf
        #Restart services so that the YOUR_AD_GROUP group gets automatically ACLd on local host without a reboot
        # takes 2-5mins to apply from AD after services are restarted, but then you should be able to logon using VI client/SSH to an individual ESX host using your AD creds
        Write-Host “Restarting services on $esx..” -ForegroundColor Green
        Get-VMHost $esx | Get-VMHostService | where {$_.Key -eq “lwiod”} | Restart-VMHostService -Confirm:$false
        Get-VMHost $esx | Get-VMHostService | where {$_.Key -eq “netlogond”} | Restart-VMHostService -Confirm:$false
        Get-VMHost $esx | Get-VMHostService | where {$_.Key -eq “lsassd”} | Restart-VMHostService -Confirm:$false
        Get-VMHost $esx | Get-VMHostService | where {$_.Key -eq “lbtd”} | Restart-VMHostService -Confirm:$false
        write-host “Completed restarting services, domain logon should be available in 5mins on $esx” -ForegroundColor Green
    }
disconnect-viserver * -Force #disconnect from all vCenters to be safe (get-VMhost connects to all vCenters you are connected to)
Write-Host “Done!” -ForegroundColor Green
} #end of function

#———–Start

write-host “Disconnecting from all current vCenter servers, just to be safe” –  -ForegroundColor Green
disconnect-viserver * -Force # disconnect from everything at the start, just to be safe

#build password list to work with
$vCenterAcct = Get-Credential -Message “Please enter credentials for vCenter administrator account”
$buildAcct = Get-Credential -Message “Please enter credentials to join machines to domain”

#now call the function for each vCenter in-turn
ESXDomainJoin(“FQDN_OF_YOUR_VCENTER”)

If you have been through the pain of changing ESX host certificates from self-signed to real (CA signed certificates), you can check which certificate you are currently using for vCenter–>ESX host traffic by issuing the following command in an SSH session on the host

openssl x509 -noout -in /etc/vmware/ssl/rui.crt –text

You will see the details inside the SSL cert, signing authority etc. If the SSL cert contents make reference to VMware, you’re still using a self-signed certificate.

The vpxa (vCenter management) service on the ESX host is hard-coded to use /etc/vmware/ssl/rui.crt when the service is started (or restarted) so you can examine its properties using the above command to check
I can’t find any graphical way of checking this in the VI Client.

I found this issue recently – working on an environment where the ESX 5.5 hosts (build 1892794) had to be added to the domain. We needed to add a custom domain group in to grant it root access to the ESX host.
We followed this KB article http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2075361 to set the advanced parameter on each host (using PowerCLI) Config.HostAgent.plugins.hostsvc.esxAdminsGroup to be equal to the domain group we want to be granted admin access to the host e.g VMware_Admins so you can use AD credentials for SSH etc without relying on root all the time if you are a member of this group.

However – this did not work – if I connected the VI client directly to the host and logged on as root, I could not see the domain group on the permissions tab, I tried a lot of different things, combinations of DOMAIN\GROUPNAME and just GROUPNAME to no avail – the permission did not apply when I left & re-joined the domain.

It turns out that, in my environment despite the article saying no reboot required a reboot was actually required to enact the change and make it work (thanks to Julian Wood on twitter for sharing his identical experience).

I’ve provided some feedback to the KB article, but if you come across this issue – this is the cause! I did join/leave the domain a number of times with this host whilst testing so maybe this was a factor.

As a fellow VMware community member I know how much I have benefited from sharing my experiences with my peers ; since I started doing so – I’ve given numerous presentations around the world on my work projects and my home lab projects I’ve met a lot of interesting people, I wrote a book about a product that VMware discontinued almost as soon as it was published http://www.amazon.co.uk/books/dp/1118180585  (ok, maybe gloss-over that last one!)

TL;DR version of this post

Come and present a 10min talk at London VMUG on 22nd Jan 2015 and win Apple shiny good or Amazon vouchers – submit abstract & rules here now http://vmug.com/london

As a member of the London & UK VMUG steering committee I also know how hard it is for VMUGs to find people willing to talk about their experiences with their peers by giving a short talk or hosting a discussion group – so, in order to help encourage (well, ok bribe!) people to get them on their way to community stardom we are announcing EXCELLENT PRIZES for 5 first-time VMUG presenters who are end-users and are willing to deliver just a short 10-minute talk on a VMware related topic of their choosing at the next London VMUG meeting (Jan 22nd in central London)

And when I say FANTASTIC PRIZES – I mean…

1st Prize: MacBook Air
2nd Prize: iPad Air
3rd Prize: iPad Mini
4th Prize: Amazon voucher
5th Prize: Amazon voucher

You can submit your abstract using this online form here http://tinyurl.com/vFACTORLONDON

We will pick 5 submissions from the entries to present at the event and the closing date is 19th December 2014 – everyone who presents will win something, and the audience will vote for their favourite to determine what loot you go home with from the above list?

Not convinced…? Read on.

Below are the most common reasons I hear not to do a talk… and are all my own personal opinion..

I’m nervous, I’m no Duncan Laverick, or Mike Dennemann  I can’t do public speaking

We all have been here, we’re a friendly crowd and it’s an excellent way to learn some important life & professional skills. To help with this the community at-wide offers the feed forward initiative, you can read more about this here http://www.vmug.com/feedforward – it can help you find a mentor to help you prepare for the day – one of our own members – Alex Galbraith did just this – read about his experiences on his blog here http://www.tekhead.org/blog/2014/08/my-vmug-presentation-and-feedforward-experience/

I cant think of anything to talk about

We all have great experience from environments small and massive – I’ve personally found the best way to capitalise on this knowledge is to share it with others, having to distil it down to a presentation or blog post is a great way to help you focus on the important facts of what you did and how you did it – I have a tendency to whitter on (if you’ve read this blog for a while you already know this!) and doing this is an excellent tool, especially if you have to explain it to someone outside of your organisation

I work for a 3 man band company, nobody is interested in what I do

Wrong, I started my VMUGging talking about my 1 node home lab, you don’t have to have a data centre the size of the starship enterprise to have something interesting to say. Infact – I’d say from personal experience people from SMB type organisations have much more limited budgets and have to find far more creative ways to get things done

I work in a nuclear bunker, and I have access to your home address and browser history – I can’t talk about what I do

Now I know some of you maybe do work in nuclear bunkers, 3-letter govt. agencies or centres of commercial finance and are unable to talk about what you do for fear of exposing commercial secrets – I understand this, so do I.. My suggestion is that if you want to submit a talk – anonymise what you do – if you work for Goliath National Bank, just say you work for “a major bank”, or “an airline” – this is a VMUG, not Panorama. VMUG attendees are interested in the tech, what you did, how you did it & what could have gone better; not what impact it had on your Q4 financial results.

If you take this approach and remember to say you are not there as a company spokesperson, this is my own opinion etc. this is usually acceptable.

So, that’s it – submit here http://tinyurl.com/vFACTORLONDON and I look forward to giving you your prize on 22nd January 2015.

..And to be honest – what’s the worst that could happen… 10mins of your time for a prize? …and we go to the pub afterwards anyway 🙂

If, even after all my objection handling you really can’t bring yourself to do it; that’s fine 🙂 you’re still welcome to come along and soak up the excellent content – you can register online at http://vmug.com/london