Automating the beast.. vrealize workflows

Okay so for years now I have played with vmware, vcloud and powercli. I always wanted to spend some time with orchestrator or vrealize as it is now known but never had the chance to dive in… That has changed of late and I have been having great fun building up some simple automation and learning javascript along the way.

Over the next few days I am doing to try and detail what I have done for everybody out there, they are rather simple workflows but very effective at reducing the time spent on your first level calls.

What will be covered.

  • Simple virtual machine build blueprint
  • Modify CPU (up or down whilst checking for hotplug)
  • Modify Memory (up or down whilst checking for hotplug)
  • Extend Disk
  • Rename Virtual Machine
  • Snapshot Virtual machine (with date to delete, asking for confirmation and an extend option)
  • Snapshot Report
  • Virtual Machine Detail Report

Simple virtual machine workflow and lessons learnt.

Originally I was trying to cram everything into the one workflow, operating system, datacenter design, tier 1 disk, tier 2 disk and on and on.. But quite frankly the workflow became unwieldy and complicated for the end users.. see screenshot below. Now it looks simple enough but the end user ended up with two pages of questions for the one workflow. Another approach to make it both easier and simpler for the end user needed to be found.

create-virtual-machine

So I decided to break it down to what we actually needed. In our environment we have three flavours* at the time of writing this. Microsoft 2012 R2, Redhat 7, Centos 7 and three datacenters. Therefore it is actually an easier approach to use the vcac blueprint style and show a OS-Datacenter model.

*flavours, being the main server OS built. Everything else is considered and exception and manual intervention at this stage is conducted.

  • Datacenter1-Windows 2012 R2
  • Datacenter1-Redhat 7 x64
  • Datacenter1-Centos 7 x64

Defaults to the datacenter, alllow automatically picking the host, datastore, cluster, OS, and due to pxe builds the starting vlan.

The end user is presented with one quick fill screen asking for the following.

  1. Virtual Machine Name
  2. Memory Size GB
  3. Cpu Number
  4. Size of Disk 1
  5. Size of Disk 2 (optional)
  6. Size of Disk 3 (optional)

Virtual machine name is converted to lowercase automatically, memory size in GB has a maximum set, cpu number has a maximum set.

The script at the beginning connects to Active Directory and grabs the users first name, last name and email address for a personal touch. Also means the user does not have to fiddle around putting in their contact details. And we end up with a very simple workflow, although it seems simple looking at the schema..

create-virtual-machine-blueprint

The main issue is that you will use the inbuilt workflow ‘Create Custom Virtual Machine’.. This calls on the actions;

  • createVirtualEthernetCardDvNetworkConfigSpec
    • not being vmxnet 3.. grrr
  • As well as only one choice of datastore
    • Now this is not normally an issue with auto-tiering SAN but in some workplaces SAN admins still prefer to run a manual tiering system.

I will continue on these and add some audio but here are some teasers..

vm unknown but what is it??

Ok so open up powercli and type in

get-vm unknown | fl *

Take note of the Id… VirtualMachine-vm-####

Now open up excel, click data, from other sources, SQL, type in your vcenter sql server and connect to [vcenter name] VCDB VPX_VM and find the id number..

To the right you will see the folder path and the name and location of the vmx to import. ds://vmfs/volumes/##############/vmname/vmname.vmx

linux admins worst nightmare

EVERYTHING IN UPPERCASE… grrrr..

okay so you have taken over a vmware environment and your ocd is burning out your eyeballs because the old naming convention contained uppercase characters.

for those not aware… When you do anything from the command line with linux it is case aware, so if I typed something like this on an esx(i) host.

I want to capture all network traffic going through an esx host and filter by a certain hostname.
So I run on a host using putty.

tcpdump-uw | grep hostname.whackddidy.com.au

But I get no results because some muppet has put the hostname as HostNamE so I need to type

tcpdump -uw | grep HostNamE.whackdiddy.com.au

grrr – does not sound frustrating but trust me when you are looking after a large environment and need to launch the viclient or powercli to get the correct mix of upper and lowercase it becomes frustrating.

So lets change all to lowercase shall we..

This is the magic bit here…

get-?? | ForEach { $_ | set-?? -Name ($_.Name).tolower()}

So as a few examples.

vm’s

get-vm | ForEach { $_ | set-vm -Name ($_.Name).tolower()}

dv-portgroups
note – when you change the port groups from upper to lower the vm’s will automatically adjust (tested on vsphere 5.5)

get-vdportgroup | ForEach { $_ | set-vdportgroup -Name ($_.Name).tolower()}

To hit just one port group for testing.

get-vdportgroup dv-wHaCkdiDdy | ForEach { $_ | set-vdportgroup -Name ($_.Name).tolower()}

folders.

Get-Folder | ForEach { $_ | set-Folder -Name ($_.Name).tolower()}

That should give you enough to continue with.

Apologies to the person I stole this initial bit of magic from that got me started..

Get-VM | Foreach { $_ | Set-VM -Name ($_.Name).tolower()}

Stripping the fat and a bit of the bacon

Okay so I have always loved the DRS rules, and find them so under utilised in almost every scenario.

So lets take this scenario on board.

1050 virtual servers spread across 30 vSphere 5.1 hosts on mixed vlans.
DRS Rules in place – none…?

Q. What would happen if we found the top talkers on the same vlans and placed them on the same hosts?
A. Well when two of the guests needed to talk to each other (provided they were on the same vlan) would talk through the virtual switch, whether standard or dv.

Q. Really?
A. Yes really, unless they need to talk to another vlan (and of course users) they would not need to go over the physical network, physical switch.

Q. What are the implications of this?
A. Well for starters you are taking load off the physical switches (yes most physical switches are designed with capacity in mind and can handle the load easily) but we can still reduce that load so if on a particular day there was a high level of traffic (Backups, Vmotion, DRS actions for example) the physical switches would simply laugh at you saying is that all you got…

Q. So what you are saying is that if I have two sql servers configured with database mirroring then the network component will simply go over the virtual switch.
A. Yes, however in the scenario you describe you would have to put a lot of faith into vmware HA. This is not something I would advise, dont get me wrong HA is awesome if you lost a fan or anything on the physical host you would most likely drop at least one packet to each sql server and there are so many applications that cannot handle a drop out to their Database. But in theory yes, a better scenario is if you had an application server that fetched data from its sql server, if you put these on the same host you would reduce network traffic to the virtual switch only.

Q. That seems like a lot of effort, are there any tools to tell me what my top talkers are and to put them in groups for me?
A. Sadly there are a number of applications out there but they are high end and whilst they may tell you what the top talkers are they will not create the DRS groups for you.

Q. Is there a better way..
A. Yes there is, you can create a DRS group via powershell. So all we need to do is sort the guests by vlan or port group name and then add all those in the same port group to a DRS group labelled as the port group name. Then we create a rule “Virtual Machines to Hosts” , vlan 202 , should run on hosts in group , clu8ter host group name.

Q. Should run on hosts in group?
A. I try never to use the Must run on hosts in group as it restricts DRS options for moving machines around, and this type of rule applies even with DRS turned off, so it can be a bit dangerous in my opinion.