how to make an iso with the latest image!

ever wanted to make an ISO with the latest stuff so no need to reinstall or reupdate the host?

Get-EsxImageProfile ESXi-5.1.0-20130304001-standard | Export-EsxImageProfile -ExportToIso -FilePath C:\AlanTemp\esx51latest.iso

SSH, suppress shell, syslog, firewall

making ssh and syslog and enabling via powercli

Get-VMHost atl* | sort name | Foreach {
Start-VMHostService -HostService ($_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} )
$_ | Get-VMHostService | Where { $_.Key -eq "TSM-SSH"} | Set-VMHostService -Policy on
$_ | Set-VMHostAdvancedConfiguration UserVars.SuppressShellWarning 1
$_ | Set-VMHostAdvancedConfiguration -Name -Value ""
$_ | set-vmhostAdvancedconfiguration -name Vpx.Vpxa.config.log.level -Value "info"
$_ | set-vmhostAdvancedconfiguration -name Config.HostAgent.log.level -value "info"
$_ | Get-VMHostFirewallException |?{$_.Name -eq 'syslog'} | Set-VMHostFirewallException -Enabled:$true

vcpus, more the merrier?

Here we are, back to the tried and true thought that more vcpus equals better performance.

If you are running a fairly low vm:host ratio, this might not be as big of a deal because your physical cpu to virtual cpu ratio is lower. I recently ran into a vendor that “had” to have 8 cpus. Now this client has the latest and greatest most awesomeness host, some dell r620 2x 8 core (ht enabled) with 256gb of ram at 1600mhz - I mean this host is quick. The problem is there are two of them for the whole cluster. I’ve built it this way on purpose: it’s a basic smb that runs everything (and I do mean everything, virtualized, 99% of it is for dr purposes) and it’s backed by some nice eql arrays. So now that you know the background of the client, it’s time I introduce everyone to some important concepts in virtualization.

Welcome to the world of the vmk scheduler. Its job is to tell the vmk when to run vcpus; it likes to run Symmetric multiprocessing (SMP) vcpus at the same time. It will wait until it can, if smp vcpus aren’t run at the same time and the application is multithreaded, some very bad things will happen (cpu returns instruction sets out of order, blah blah blah). So now that we have a basic understanding of that, let's look and see what some metrics are to see how long it’s taking the scheduler to do its thing…

First let’s discuss the metrics we will be using…
Taking directly from VMware
• Run - Amount of time the virtual machine is consuming CPU resources.
• Wait - Amount of time the virtual machine is waiting for a VMkernel resource.
• Ready - Amount of time the virtual machine was ready to run, waiting in a queue to be scheduled.
• Co-Stop - Amount of time a SMP virtual machine was ready to run, but incurred delay due to co-vCPU scheduling contention.

Esxtop and advanced perf stats to the rescue!!

If you don’t know how to use esxtop, go read elsewhere.
These are the values of this server: (click the image below)

High ready time bad!! 16% of it's time trying to do work and it can't...

Ouch… this server just spent 16.3% of its time waiting to be run… poor thing, sad part is it is using less than 600mhz at this time.
Let's try some things, like only running this one vm on a host, and clearing off all other vms. We would expect ready time to decrease because the scheduler isn’t doing anything because it’s only one vm! It doesn’t even have to cross numa nodes!! (click image below)

As expected, it's low… super low. That’s great - it’ll be able to rock out any time now..
Okay, so what if I change it so everything is running on one host again…
As expected, it’s back to high again (16.5%). Typically over 5% and you’ll notice performance issues, unless you're reading this article, or you’ve been around the VMware block before, you won’t really know how to describe it other than “sluggish."

Stay tuned for part two where we decrease the number of vpcus and watch the efficiency of the vm increase, even though the total amount of work it could do is decreased.

vmotion with dual nics on r810s leads to flooding out all ports

it appears that a bug in multi nic vmotion basically will allow it to work for about 5 mins, and then all traffic changes from uni cast to who knows what cast and floods out all ports. i have to have the networking guys remove our vmotion vlan to the core and to the other top of rack switch.

oi server got you down on vmware tools?

just make this file and rerun the config!

downloading vmware updates from a software depot!

don't forget to add the mime types for vib and sig as an application-octet stream! if you are using iis!

then it'll work

oi ip config

ifconfig -a

svcadm disable network/physical:nwam
svcadm enable network/physical:default

dladm show-phys

ifconfig e1000g0 broadcast + up


iscsi setup and stuff!

Here is a nice powercli way to setup iscsi networking, and set the vlans and all sorts of fun stuff! 🙂

$h = get-vmhost rey-esxi-03*
$vs = $h | Get-VirtualSwitch -name vSwitch0

New-VMHostNetworkAdapter -VMHost $h -PortGroup vmk-iscsi-01 -VirtualSwitch $vs -SubnetMask -IP
$vpg = $h | get-virtualportgroup -name vmk-iscsi-01
$vpg | Set-VirtualPortGroup -vlanid 152
$vpgo = $vpg | get-nicteamingpolicy
$vpgo | set-NicTeamingPolicy -makenicactive vmnic1

New-VMHostNetworkAdapter -VMHost $h -PortGroup vmk-iscsi-02 -VirtualSwitch $vs -SubnetMask -IP
$vpg = $h | get-virtualportgroup -name vmk-iscsi-02
$vpg | Set-VirtualPortGroup -vlanid 152
$vpgo = $vpg | get-nicteamingpolicy
$vpgo | set-NicTeamingPolicy -makenicactive vmnic3

New-VMHostNetworkAdapter -VMHost $h -PortGroup vmk-iscsi-03 -VirtualSwitch $vs -SubnetMask -IP
$vpg = $h | get-virtualportgroup -name vmk-iscsi-03
$vpg | Set-VirtualPortGroup -vlanid 152
$vpgo = $vpg | get-nicteamingpolicy
$vpgo | set-NicTeamingPolicy -makenicactive vmnic5

New-VMHostNetworkAdapter -VMHost $h -PortGroup vmk-iscsi-04 -VirtualSwitch $vs -SubnetMask -IP
$vpg = $h | get-virtualportgroup -name vmk-iscsi-04
$vpg | Set-VirtualPortGroup -vlanid 152
$vpgo = $vpg | get-nicteamingpolicy
$vpgo | set-NicTeamingPolicy -makenicactive vmnic7

openssl.cfg for vcenter 5.0 (not 5.1)

for god sakes please use ver .9.8, if you use 1.0, the pfx wont work correctly and web services will be broke and you will be pulling your hair out.


add sans to openssl.cfg
# Extensions to add to a certificate request

basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName= @alt_names

req_extensions = v3_req
And in the v3_req section:

[ v3_req ]
subjectAltName = @alt_names

DNS.1 = in2vc01
DNS.2 =
IP.1 =

openssl.exe genrsa 1024 > rui.key

mine had to be 2048

openssl.exe genrsa 2048 > rui.key

openssl req -config openssl.cfg -new -key rui.key > rui.csr
openssl req -text -noout -in rui.csr
to verify

submit as 64 to cert, approve

openssl pkcs12 -export -in rui.crt -inkey rui.key -name -passout pass:testpassword -out rui.pfx

# Get the hostsystem object for every host currently disconnected.
$VMhosts = Get-View -ViewType 'Hostsystem' `
-Property 'name' `
-Filter @{"Runtime.ConnectionState"="disconnected"}

Foreach ($VMhost in $VMhosts)
# Create a reconnect spec
$HostConnectSpec = New-Object VMware.Vim.HostConnectSpec
$HostConnectSpec.hostName = $
$HostConnectSpec.userName = 'root'
$HostConnectSpec.password = 'password'

# Reconnect the host
$taskMoRef = $VMhost.ReconnectHost_Task($HostConnectSpec,$null)

# optional, but i like to return a task object, that way I can
# easily integrate this into a pipeline later if need be.
Get-VIObjectByVIView -MORef $taskMoRef

Passed VCP5 Beta!!


WordPress Themes