vExpert 2011

Last Friday I received the following email from John Troyer:

Novellcongres.nl 2011

Yesterday was the 10 time that the novellcongres.nl was held in Ede the Netherlands. Although the amount of vistors was less than the years before, it’s was a nice day with a lot of interesting sessions.

Especially the keynote session from Dirk Schmidt (Novell VP Sales EMEA) and Richard Lindstedt (PM Neutron) where really interesting.

Because my work nowadays is more with VMware than Novell my session was about testing your vSphere environment with SuSE Linux Enterprise. The feedback from the audience was great and I want to thank everyone who took the time to get to my session at the end of the day.  If you like a dutch copy of the slides, leave a comment with you email and I will send it to you.

Personally I found the session from Raymond Meijl and Roel van Buren Windows 7 deployment with ZENwork Configuration Management really interesting.

Monitoring time synchronisation on ESXi

As you all probably know vSphere 4 is the latest version where there will be a service console. With the new version VMware ESX 5 there will only be a ESXi version.  Some system administrators are disappointed with this decision  of VMware. Personal I can understand the decision to eliminate the service console, because what doesn’t run on your system cannot cause you any trouble. But like most system administrator I used the service console primarly for troubleshouting and scripting.

So how can we (remotly) troubleshout our vSphere enviroment? Most administrators use the VMware Management Assistant (vMA) for a centralized service console. In the vMA you can find almost all CLI commands which we’re familiar to use, these CLI tools are also called rCLI (Remote CLI). But there is no rCLI command to monitor the status of NTP time synchronization. When we had a service console we where using ntpq to monitor the status of our time synchronization like stratum, reach, jitter and offset. If you like to know more about NTP check this site.
So how can we monitor our NTP status with remote tools?

The answer is:…. ntpq! Yes, you can still monitor remote your NTP status remotely with ntpq. You just have to start ntpq from your Linux server/desktop or from the vMA with the option –peers.
For example:

ntpq –peers vsphere1

Most NTP configuration won’t allow you to remotely query the NTP status. This is configured with the noquery option in the ntp.conf file. By default the noquery option is not set in the ntp.conf file for a vSphere ESXi 4.1 server.  If  you cannot remotely query your vSphere ESXi host:

• SSH to your vSphere ESXi server (you may have to enable remote tech support).
• use vi to remote the noquery option from the /etc/ntp.conf file.
• Restart NTP by evoking the command services.sh restart.

Tip: If your on a Linux machine you may want to use the command:

watch “ntpq –peers [IP or DNS vSphere host]”

The watch command issues the command between the quotes every 2 seconds.

Enable SNMP on vSphere ESXi 4.1

In the vSphere client you have a option to monitor your hardware status. This is of course  a very nice feature but only if you have your vSphere client open the whole day. When you have a management server like Nagios you want to use SNMP for monitoring your vSphere enviroment.

By default SNMP modules are provided by the installation but there not enabled. You can enable SNMP by doing the following steps:

1. Configure the community string, target and port
   vicfg-snmp –server [ip of vSphere host] -c [community string] -p [port, default 161] -t [destinationhost]@[port, default 161]/[community string]
   example: vicfg-snmp –server 192.168.1.1 -c public -p 161 -t 192.168.1.10@161/public
2. Enable SNMP
   vicfg-snmp –server [ip of vSphere host] -E
   example: vicfg-snmp –server 192.168.1.1 -E
3. Verify your settings
   vicfg-snmp –server [ip of vSphere host] -s
   example: vicfg-snmp –server 192.168.1.1 -s
4. Test your settings
   vicfg-snmp –server [ip of vSphere host] -T
   example: vicfg-snmp –server 192.158.1.1 -T

Al off these setting are written in /etc/vmware/snmp.xml. Below is a example file.

cat /etc/vmware/snmp.xml
<config>
<snmpSettings>
<communities>pubic</communities>
<enable>true</enable>
<port>161</port>
<targets>192.168.1.10@161/public</targets>
</snmpSettings>

If you want to provide these setting during your kickstart install put the following line into your ks.cfg file.

echo “<config><snmpSettings><enable>true</enable><communities>public</communities><port>161</port><targets>192.168.1.10@161/public</targets></snmpSettings></config>” > /etc/vmware/snmp.xml

Make sure you have a reboot at the end of the script or put a services.sh restart command in your ks.cfg file

If your are looking for the ESXi SNMP mib file, look here.

Given Services are not enabled on the port group

When trying to apply a host profile to a vSphere host you can receive a error:

Given Services are not enabled on the port group

After some investigation and googling around I found this kb articel on vmware.com.
This KB articile discribes that the error only occurs when you have 2 vmk’s on a single portgroup (in my case one form management and one for vMotion) on a Distributed Switch.
The solution is to use seperate distributed portgroups voor de vmk’s or disable compliance check for these vmk’s.

In order to disable compliance check:

1. Edit the profile of the services and navigate to Host virtual NIC folder > profile > Services for the virtual NIC policy, where is in the format : : .
2. In the right pane, go to Compliance details and deselect the checkbox which lists the validation rule.
3. Click OK to save the profile.
4. Repeat this procedure for each service profile