Section 4 – Installing, Configuring, and Setting Up a VMware vSphere Solution
Objective 4.1 – Understand basic log output from vSphere products
VMware has come a long way from when I started troubleshooting their products. Their logs have gotten easier to get to, and improved in their quality. What I will do here is give you a quick overview of where to find the logs and how to read them.
Where before the easiest option was to open a SSH session to the host and look at the logs, you can easily do that from within the host UI now. If you go to Monitor you can see a list of all the logs available to peruse.
Here in the screenshot, you can see
- Monitor menu and the tab for logs
- Logs available
- Log output
And here is a list of the logs on the ESXi host along with a description for what the log keeps track of.
You can still access these logs through the DCUI or a SSH session as well.
Alright so you got the log now… How do you use it? Here is a sample taken from a VMKernel.log. This was after shutting down a switch port using a Software ISCSI controller to a SAN LUN.
2013-12-05T21:42:47.944Z cpu25:8753)<3>bnx2x 0000:04:00.0: vmnic4: NIC Link is Down
2013-12-05T21:43:12.090Z cpu16:8885)WARNING: iscsi_vmk: iscsivmk_StopConnection: vmhba45:CH:0 T:0 CN:0: iSCSI connection is being marked “OFFLINE” (Event:4)
2013-12-05T21:43:12.090Z cpu16:8885)WARNING: iscsi_vmk: iscsivmk_StopConnection: Sess [ISID: 00023d000001 TARGET: iqn.2001-05.com.equallogic:0-8a0906-0f6407f09-1173c8a93ab4f0f6-aim-2tb-1 TPGT: 1 TSIH: 0]
2013-12-05T21:43:12.090Z cpu16:8885)WARNING: iscsi_vmk: iscsivmk_StopConnection: Conn [CID: 0 L: 192.168.3.123:61632 R: 192.168.3.3:3260]
2013-12-05T21:43:22.093Z cpu31:8261)StorageApdHandler: 248: APD Timer started for ident [naa.6090a098f007640ff6f0b43aa9c87311]
2013-12-05T21:43:22.093Z cpu31:8261)StorageApdHandler: 395: Device or filesystem with identifier [naa.6090a098f007640ff6f0b43aa9c87311] has entered the All Paths Down state.
Let’s decipher this a bit more.
- This part is the time stamp of the log entry.
- This is what is the reporter. In this case it is the bn2x driver
- This is what it is reporting on, specifically vmnic4 at the hardware address referenced 0000:04:00:0
- This is data about what it saw. Namely the NIC link went down.
Some entries are a bit more difficult to read than others but the structure stays pretty close. You can also use something like Log Insight to help search through the logs and decipher them.
vCenter Server Logs
We have logs we may need to retrieve for vCenter Server as well. Unfortunately, it doesn’t have a browser like the hosts. (Hint Hint VMware) Here is where you can get to them though.
This is accessing the Appliance Config at port 5480.
Once this is done downloading you have a decent size .tar file. You will need to unzip this a couple times. When you finally have a regular directory structure all the logs will be under the /var/log/vmware folder. Here is a list of the files and locations and what they do.
|Windows vCenter Server||vCenter Server Appliance||Description|
|vmware-vpx\vpxd.log||vpxd/vpxd.log||The main vCenter Serverlog|
|vmware-vpx\vpxd-profiler.log||vpxd/vpxd-profiler.log||Profile metrics for operations performed in vCenter Server|
|vmware-vpx\vpxd-alert.log||vpxd/vpxd-alert.log||Non-fatal information logged about the vpxd process|
|perfcharts\stats.log||perfcharts/stats.log||VMware Performance Charts|
|eam\eam.log||eam/eam.log||VMware ESX Agent Manager|
|invsvc||invsvc||VMware Inventory Service|
|netdump||netdumper||VMware vSphere ESXi Dump Collector|
|vapi||vapi||VMware vAPI Endpoint|
|vmdird||vmdird||VMware Directory Service daemon|
|vmsyslogcollector||syslog||vSphere Syslog Collector|
|vmware-sps\sps.log||vmware-sps/sps.log||VMware vSphere Profile-Driven Storage Service|
|vpostgres||vpostgres||vFabric Postgres database service|
|vsphere-client||vsphere-client||VMware vSphere Web Client|
|vws||vws||VMware System and Hardware Health Manager|
|workflow||workflow||VMware vCenter Workflow Manager|
|SSO||SSO||VMware Single Sign-On|
It would be simpler again to use a program like Log Insight to help you parse through the logs. And you wouldn’t need to download them as they are being streamed to Log Insight. You’ll see output similar to what I mentioned above.
Objective 4.2 – Create and configure vSphere objects
Creating and configuring objects can be done several ways. You can do this through the HTML5 client, or you can do this from the CLI using PowerCLI or use commands at the ESXi SSH prompt. Inside the HTML5 client it is as simple as right clicking on the parent object (such as a cluster) and then selecting Add Host or New Virtual Machine. This is the window you may see when you right click on the parent object:
Configuring an object depends on the object. Configuring a VM is as simple as right clicking on it and Configuring Settings. You can also select the object and then use the center pane to bring up the Configure pane. This may give you different options to configure based on the object. Here is a screenshot of the Configure pane for a ESXi host.
As you can see there are a number of ways to accomplish this task.
Objective. 4.3 – Set up a content library
Setting up a content library is straightforward. To do this:
- Click on Menu at the top of your screen and then select Content Libraries
- Click on the ‘+’ to add a new Content Library
- Specify a Name for the library and any notes. Also if needed change what vCenter Server you will host this off of.
- This screen has options for how you want to use it. This can be setup as a Local or you can Subscribe to someone else’s library. If you do create a local library, do you want others to be able to subscribe to it. If publishing, will they need to authenticate.
- You need to store the Content Library somewhere. You do that on this screen.
- That’s it! Click Finish
Objective 4.4 – Set up ESXi hosts
Pre-requisites was gone over in Section 1, so I imagine if you got to this point you already know those. You can install ESXi several different ways.
- Interactive Installation – this is you sitting at a console or in front of the server and running the installation. This can be installed from an ISO file, USB stick, CD-ROM, or PXE. The actual installation is fast and straightforward, taking about 15 min or so.
- Scripted Installation – This is more efficient than the interactive as you can do many more at the same time and you aren’t required to answer prompts. The prompts are filled out automatically by an unattended file. The installation script needs to be stored in a location that the host can access with HTTP, HTTPS, FTP, NFS, CD-ROM, or USB.
- Auto Deploy Installation – This can provision hundreds of machines at the same time. This can be setup to use a remote disk and can store that setup locally or pull it down every time the machine boots. These options are known as Stateless Caching and stateful installations. With Auto Deploy you create a host profile that allows you to configure the host with specific things like Virtual Standard Switches with a specific name etc. This is great for enterprise because it allows you to keep a standard image and settings.
Once the machine is setup you can further configure it using the configure pane as we saw in Objective 4.2 (screenshot). This allows you to change options such as NTP and more. These settings could be setup if using host profiles.
- To add hosts in vCenter Server, you first must have a Datacenter. You create that by right clicking on the vCenter Server and choose New Datacenter
- After that is created, you can right click on the Datacenter and Add Host.
- Enter the IP or Fully Qualified Domain Name (FQDN). Make sure it can be resolved by DNS
- Enter connection details for username and password
- You are asked to check the certificate and after approving it, you will be given a summary
- Assign a license to it
Assign a lockdown mode if you want to use it
- Assign where you want to put the VMs from this host (if there are any on it)
- Click Finish and Complete it.
Objective 4.5 – Configure virtual networking
You configure virtual networking different ways, depending on your environment. Configuring VSSs can be done using the ESXi HTML5 client as seen here
Physical NICs are how you access your Physical Network. You create VMKernel ports which are how ESXi accesses the internal switch for management tasks and you have Virtual switches to connect both together. Finally, you have port groups which is a grouping of vNICs or the virtual machine NICs. A better way to show this is with a picture.
- These are the VMKernel ports – These are used for management tasks such as vMotion etc.
- pNICS or Physical Network cards are on the other side and how you reach the physical network.
- VM Network is the name of my Port Group which is how I group all the NICs from the VMs underneath. I group them to easier perform tasks on all of them.
- The construct in the middle is my Virtual Switch. This one is a VSS
The picture above can be accessed on the host page under the configure tab. You can also make changes there. A VDS is accessed under the sub category networking by using the menu up top or corresponding icon.
The picture for VDS looks much like the one for VSS but will mention all the different uplinks on each host.
You can make changes there as well. Or by right-clicking on the actual switch on the navigation pane on the left.
Objective 4.6 – Deploy and configure VMware vCenter Server Appliance (VCSA)
This objective is the installation and configuration of vCenter Server Appliance. The installation may vary a tad depending on the type of installation you do. Here is a workflow. I am going to assume you already have at least one ESXi host setup since we covered that a couple of objectives ago. There are two workflows. One for large environments and one for smaller.
The vCenter Server UI install, whether for a vCenter Server or PSC, is a two-stage process. The installer contains files for both GUI and CLI deployments so you only need the one ISO. The first stage is deployment of the OVA file into your environment. The second stage configures and starts all the services of your shiny new appliance. The CLI is slightly different. You run a CLI command against a JSON file you have inputted your configuration parameters in. This in turn creates an OVF Tool command that deploys and configures the appliance in one go.
Once setup, you log into the appliance with the username “root” and whatever password you set while deploying. Single Sign On comes later. Lets see what the install looks like.
- For a Microsoft Windows admin station, you will mount the ISO and go to <CD-ROM Drive Letter>\vcsa-ui-installer\win32\installer.exe and double-click.
- You are then presented with this screen
- We are going to Install so click on that box. The first stage then begins.
- Click Next and Accept the End User Agreement. The next screen is where we decide what type of installation we want to perform.
- I am going to choose embedded. Notice the External PSC model will soon not be supported.
- We now need to choose the ESXi host to install to (or vCenter Server). Generally the port will be 443 unless you have changed your environment.
- Accept the Certificate warning
- Enter in the name you want to give your vCenter Server that will appear in the VM inventory. Type in a password that you want to use for the vCenter Server.
- Decide on Deployment Size and Storage Size. Keep in mind if this vCenter will be doing heavy processing you may want to upsize it. This will give it more vCPUs and memory to use.
- Select the datastore you want to install to and if you want to use Thin Disk Mode or Thick. You can also create a vSAN datastore to install to.
- Network settings now need to be entered in.
- It is now ready to complete stage 1. Let it finish.
- Stage 2 begins. You need to decide how to synchronize time and if SSH access will be open.
- You then need to create a SSO domain or join an existing one. If you create one, make sure it is not the same name as your Windows Domain as that can cause all sorts of issues. This is also where to set the password for Administrator@SSODomainyoumakeup.something.
- Decide if you and your company want to share anonymized data with VMware.
- Finish and watch it work.
That’s all there is to the setup. You can configure it when its done through the appliance setup page. This is the normal address for the vCenter Server but put :5480 at the end. For example https://vCenter.vsphere.local:5480
That page will allow you make changes to many of the parameters as you can see here.
There are quite a few setting you can set through the HTML5 UI as well as seen here.
Objective 4.7 – Set up identity sources
You can setup additional identity sources in your VMware environment to allow more granular control of permissions and for better management. You can set them up by going to the Menu at the top and clicking on Administration. Then going to configuration and adding the identity source.
An Active Directory, AD over LDAP, or OpenLDAP identity source can be used. You can use a machine account in Active Directory or a Service Principle Name to authenticate.
Objective 4.8 – Configure an SSO domain
The only real way of configuring SSO that I can find is just users. This is done from within the same place as our identity sources. Instead of configuration menu item, you click on Users and Groups right above that. This allows you to see the Users for your SSO. You then click on the 3 dots in front of the user to change/edit/delete them.
That’s it. Moving on!