Section 4 – Installing, Configuring, and Setting Up a VMware vSphere Solution
Objective 4.1 – Understand basic log output from vSphere products
VMware has come a long way from when I started troubleshooting their products. Their logs have gotten easier to get to, and improved in their quality. What I will do here is give you a quick overview of where to find the logs and how to read them.
Where before the easiest option was to open a SSH session to the host and look at the logs, you can easily do that from within the host UI now. If you go to Monitor you can see a list of all the logs available to peruse.
Here in the screenshot, you can see
And here is a list of the logs on the ESXi host along with a description for what the log keeps track of.
You can still access these logs through the DCUI or a SSH session as well.
Alright so you got the log now… How do you use it? Here is a sample taken from a VMKernel.log. This was after shutting down a switch port using a Software ISCSI controller to a SAN LUN.
2013-12-05T21:42:47.944Z cpu25:8753)<3>bnx2x 0000:04:00.0: vmnic4: NIC Link is Down
2013-12-05T21:43:12.090Z cpu16:8885)WARNING: iscsi_vmk: iscsivmk_StopConnection: vmhba45:CH:0 T:0 CN:0: iSCSI connection is being marked “OFFLINE” (Event:4)
2013-12-05T21:43:12.090Z cpu16:8885)WARNING: iscsi_vmk: iscsivmk_StopConnection: Sess [ISID: 00023d000001 TARGET: iqn.2001-05.com.equallogic:0-8a0906-0f6407f09-1173c8a93ab4f0f6-aim-2tb-1 TPGT: 1 TSIH: 0]
2013-12-05T21:43:12.090Z cpu16:8885)WARNING: iscsi_vmk: iscsivmk_StopConnection: Conn [CID: 0 L: 192.168.3.123:61632 R: 192.168.3.3:3260]
2013-12-05T21:43:22.093Z cpu31:8261)StorageApdHandler: 248: APD Timer started for ident [naa.6090a098f007640ff6f0b43aa9c87311]
2013-12-05T21:43:22.093Z cpu31:8261)StorageApdHandler: 395: Device or filesystem with identifier [naa.6090a098f007640ff6f0b43aa9c87311] has entered the All Paths Down state.
Let’s decipher this a bit more.
Some entries are a bit more difficult to read than others but the structure stays pretty close. You can also use something like Log Insight to help search through the logs and decipher them.
vCenter Server Logs
We have logs we may need to retrieve for vCenter Server as well. Unfortunately, it doesn’t have a browser like the hosts. (Hint Hint VMware) Here is where you can get to them though.
This is accessing the Appliance Config at port 5480.
Once this is done downloading you have a decent size .tar file. You will need to unzip this a couple times. When you finally have a regular directory structure all the logs will be under the /var/log/vmware folder. Here is a list of the files and locations and what they do.
|Windows vCenter Server||vCenter Server Appliance||Description|
|vmware-vpx\vpxd.log||vpxd/vpxd.log||The main vCenter Serverlog|
|vmware-vpx\vpxd-profiler.log||vpxd/vpxd-profiler.log||Profile metrics for operations performed in vCenter Server|
|vmware-vpx\vpxd-alert.log||vpxd/vpxd-alert.log||Non-fatal information logged about the vpxd process|
|perfcharts\stats.log||perfcharts/stats.log||VMware Performance Charts|
|eam\eam.log||eam/eam.log||VMware ESX Agent Manager|
|invsvc||invsvc||VMware Inventory Service|
|netdump||netdumper||VMware vSphere ESXi Dump Collector|
|vapi||vapi||VMware vAPI Endpoint|
|vmdird||vmdird||VMware Directory Service daemon|
|vmsyslogcollector||syslog||vSphere Syslog Collector|
|vmware-sps\sps.log||vmware-sps/sps.log||VMware vSphere Profile-Driven Storage Service|
|vpostgres||vpostgres||vFabric Postgres database service|
|vsphere-client||vsphere-client||VMware vSphere Web Client|
|vws||vws||VMware System and Hardware Health Manager|
|workflow||workflow||VMware vCenter Workflow Manager|
|SSO||SSO||VMware Single Sign-On|
It would be simpler again to use a program like Log Insight to help you parse through the logs. And you wouldn’t need to download them as they are being streamed to Log Insight. You’ll see output similar to what I mentioned above.
Objective 4.2 – Create and configure vSphere objects
Creating and configuring objects can be done several ways. You can do this through the HTML5 client, or you can do this from the CLI using PowerCLI or use commands at the ESXi SSH prompt. Inside the HTML5 client it is as simple as right clicking on the parent object (such as a cluster) and then selecting Add Host or New Virtual Machine. This is the window you may see when you right click on the parent object:
Configuring an object depends on the object. Configuring a VM is as simple as right clicking on it and Configuring Settings. You can also select the object and then use the center pane to bring up the Configure pane. This may give you different options to configure based on the object. Here is a screenshot of the Configure pane for a ESXi host.
As you can see there are a number of ways to accomplish this task.
Objective. 4.3 – Set up a content library
Setting up a content library is straightforward. To do this:
Objective 4.4 – Set up ESXi hosts
Pre-requisites was gone over in Section 1, so I imagine if you got to this point you already know those. You can install ESXi several different ways.
Once the machine is setup you can further configure it using the configure pane as we saw in Objective 4.2 (screenshot). This allows you to change options such as NTP and more. These settings could be setup if using host profiles.
Objective 4.5 – Configure virtual networking
You configure virtual networking different ways, depending on your environment. Configuring VSSs can be done using the ESXi HTML5 client as seen here
Physical NICs are how you access your Physical Network. You create VMKernel ports which are how ESXi accesses the internal switch for management tasks and you have Virtual switches to connect both together. Finally, you have port groups which is a grouping of vNICs or the virtual machine NICs. A better way to show this is with a picture.
The picture above can be accessed on the host page under the configure tab. You can also make changes there. A VDS is accessed under the sub category networking by using the menu up top or corresponding icon.
The picture for VDS looks much like the one for VSS but will mention all the different uplinks on each host.
You can make changes there as well. Or by right-clicking on the actual switch on the navigation pane on the left.
Objective 4.6 – Deploy and configure VMware vCenter Server Appliance (VCSA)
This objective is the installation and configuration of vCenter Server Appliance. The installation may vary a tad depending on the type of installation you do. Here is a workflow. I am going to assume you already have at least one ESXi host setup since we covered that a couple of objectives ago. There are two workflows. One for large environments and one for smaller.
The vCenter Server UI install, whether for a vCenter Server or PSC, is a two-stage process. The installer contains files for both GUI and CLI deployments so you only need the one ISO. The first stage is deployment of the OVA file into your environment. The second stage configures and starts all the services of your shiny new appliance. The CLI is slightly different. You run a CLI command against a JSON file you have inputted your configuration parameters in. This in turn creates an OVF Tool command that deploys and configures the appliance in one go.
Once setup, you log into the appliance with the username “root” and whatever password you set while deploying. Single Sign On comes later. Lets see what the install looks like.
That’s all there is to the setup. You can configure it when its done through the appliance setup page. This is the normal address for the vCenter Server but put :5480 at the end. For example https://vCenter.vsphere.local:5480
That page will allow you make changes to many of the parameters as you can see here.
There are quite a few setting you can set through the HTML5 UI as well as seen here.
Objective 4.7 – Set up identity sources
You can setup additional identity sources in your VMware environment to allow more granular control of permissions and for better management. You can set them up by going to the Menu at the top and clicking on Administration. Then going to configuration and adding the identity source.
An Active Directory, AD over LDAP, or OpenLDAP identity source can be used. You can use a machine account in Active Directory or a Service Principle Name to authenticate.
Objective 4.8 – Configure an SSO domain
The only real way of configuring SSO that I can find is just users. This is done from within the same place as our identity sources. Instead of configuration menu item, you click on Users and Groups right above that. This allows you to see the Users for your SSO. You then click on the 3 dots in front of the user to change/edit/delete them.
That’s it. Moving on!