Skip to main content

Posts

Showing posts from October, 2019

vROPS | Custom Groups

It helps to group scattered VMs across multiple datacenters but belongs to same entity. To elaborate, Goal - I want to have a heatmap dashboard for all VMs of my client and in a single pane. Challenge - My client's VMs are scattered around 4 data centers and in multiple folders and it is on vCloud Director platform. But vROPS will not be able to show the data in single pane of view because VMs are spread across and not in a single container. Solution - Create Custom Group to monitor all those in a single pane of view. It will create a single container to give dashboard a source object to monitor and give the data. Let's see how to do that... My vROPS Version is 7.0.0. Step 0:  Login vROPS. Of course :) Step 1: Click on "Environment" tab - Click on "Custom Groups" Under Groups and applications and then click on Green (+) icon Step 2: Follow the below- Name  - Type any name here. I will give it vCloudGroup Group Type - Select the group

Python | Web page automation with Selenium

Below example is to auto-login in web-page. Already there are lots of websites sharing the same but I would like to have all the info at one place(Because this is my vCloud Notes) :) #Start here from selenium import webdriver  #Install the selenium package from selenium.webdriver.common.by import By import time import selenium, os, time from selenium import webdriver from selenium.webdriver.common.by import By from selenium.webdriver.common.keys import Keys from selenium.webdriver.common import keys import pyautogui baseUrl = "Enter URL here" exepath = 'C:\\Python\\geckodriver.exe' # download and save geckodriver (for firefox)in this location. For chrome it is different one. driver = webdriver.Firefox(executable_path=exepath) driver.get(baseUrl) time.sleep(7) username = driver.find_element(By.XPATH, "//input[@name='username']").send_keys("gjohar") password = driver.find_element(By.XPATH, "//input[@name='password

Happy Diwali Folks

NSX | MicroSegmentation

Micro-segmentation is a fancy term, basically it is kind of next level security provided by NSX. It is well known as "Micro" because it helps us to control the traffic flow even from a vNIC. This Micro-segmentation basically we achieve by DFW that is Distributed Firewall. Internet is already flooded with lots of articles and documentation on it. But here I will just simplify the things, but only for those who at least knows that what is NSX :) How to apply it- Step 0:  Login vCenter server and go to Networking and Security plugin Step 1: Create Security groups between which you want to apply the policy. It doesn't mean that it is possible only with security groups. You can apply the firewall policy between two VMs, portgroups, IP address, SGs, vAPPs etc. it is just and example. Step 2: Create required firewall rules and apply on security groups Step 3: It is done Steps explained- Let's say I want to apply security between APP and Web VMs. I will cre

vROPS | Health Check of cluster

Sometime we have to check the cluster health. In terms of database size, collected metrics size etc.. for that I have a script which gives you very beautiful view of each and every thing of all the vrops cluster nodes. Run the script and you see it by yourself. Step 1: Login vrops master node with root Step 2: Copy below script and paste in CLI interface of vROPS   echo -e "\e[1;31mHOSTNAME:\e[0m" > $HOSTNAME-status.txt | hostname >> $HOSTNAME-status.txt;getent hosts | nslookup >> $HOSTNAME-status.txt; uname -a >> $HOSTNAME-status.txt; echo -e "\e[1;31mDNS CONFIGURATION:\e[0m" >> $HOSTNAME-status.txt | cat /etc/resolv.conf >> $HOSTNAME-status.txt; cat /etc/hosts >> $HOSTNAME-status.txt; echo -e "\e[1;31mVERSION INFO:\e[0m" >> $HOSTNAME-status.txt | cat /usr/lib/vmware-vcops/user/conf/lastbuildversion.txt >> $HOSTNAME-status.txt; echo -e "" >> $HOSTNAME-status.txt;cat /etc/SuSE-rel

Zerto Virtual Manager | Change Recovery VRA VM with powershell cmdlet

As a pre-requisite, you might need to download and install Zerto PowerShell Package from here #Start here clear function LoadSnapin{ param($PSSnapinName) if (!(Get-PSSnapin | where {$_.Name -eq $PSSnapinName})){ Add-pssnapin -name $PSSnapinName } } # Loading snapins and modules LoadSnapin -PSSnapinName "Zerto.PS.Commands" clear Write-host "Welcome to Zerto Powershell Script to change the Recovery VRA VMs one by one" -ForegroundColor Yellow echo "################################ZERTO CMDLETS#####################################" $ZVM =  read-host "Enter IP address of ZVM server " Write-host "What is the full name of source host in vCenter Server? " -ForegroundColor yellow $sourcehost = Read-host "Enter source host name " Write-host "List of VMs is being extracted. Please bear with me." -ForegroundColor Green Get-VMsReplicatingToHost -HostIp $sourcehost -ZVMIP $ZVM -ZVMPort 9080 -Username administr

Zerto Virtual Manager | Pause replication on all VPGs with CMDlets

It is simple, if you know it. Let's us powershell to do that. function LoadSnapin{ param($PSSnapinName) if (!(Get-PSSnapin | where {$_.Name -eq $PSSnapinName})){ Add-pssnapin -name $PSSnapinName } } # Loading snapins and modules LoadSnapin -PSSnapinName "Zerto.PS.Commands" $VPGs = Get-ProtectionGroups -ZVMIP 1.1.1.1 -ZVMPort 9080 -Username administrator -Password password -SiteName ALL #1.1.1.1 - ZVM Server IP #9080 - ZVM port number #administrator - username #password - Password #ALL - It is for all sites. Because service provider might have many sites connected to it. foreach ($VPG in $VPGs){ Pause-ProtectionGroup -ZVMIP 172.22.2.30 -ZVMPort 9080 -Username administrator -Password password -ErrorAction SilentlyContinue -VirtualProtectionGroup $vpg -Confirm:$false } Please note: Run any script in your test environment first before applying into production. There is no harm in running above script but it is just an information :)

vCenter Server | How to get percentage free space of a datastore?

$vcenter = read-host "Enter vCenter server FQDN " Connect-VIServer $vcenter echo "Welcome to Datastore free space calculator tool" echo "" echo " Press 1 to search details for single datastore" echo " Press 2 to search details for all the datastores" $data = Read-Host "Enter your choice" If($data -eq 1 ) { $a= Read-Host " Please enter the name of DS" $DS= Get-Datastore Get-Datastore | where{$_.Name -eq $a} | Select @{N="DataStoreName";E={$_.Name}},@{N="Percentage Free Space(%)";E={[math]::Round(($_.FreeSpaceGB)/($_.CapacityGB)*100,2)}} | Where {$_."Percentage(<20%)" -le 20} } elseif ($data -eq 2 )   {   Get-Datastore | Select @{N="DataStoreName";E={$_.Name}},@{N="Percentage Free Space(%)";E={[math]::Round(($_.FreeSpaceGB)/($_.CapacityGB)*100,2)}} | Where {$_."Percentage(<20%)" -le 20} }

NSX | How to disable SSH on all NSX edges?

Enabled SSH can be a security threat so it is recommended to keep it disabled and enable only when highly required. Again disabling it manually is a tedious task (at least for me) so I thought to do it through powershell. Below example is for selected edges, in case you want it to run for all then simply remove the source file and run "Get-Nsxedge".  To disable SSH on selected Edges   #Connect NSX Manager and replace 1.1.1.1 with actual IP address of NSX Manager Connect-NsxServer -nsxserver 1.1.1.1 #put a file with edge-ID in below location. In case you want to disable on selected edges foreach($edgelist in (Get-Content -Path C:\TEMP\edgelist.txt)){ #below command will disable ssh on all the mentioned edges in above .txt file  Get-NsxEdge -objectId $edgelist | Disable-NsxEdgeSsh -Confirm:$false #Let's cross check the status after disabling it $ssh = Get-NsxEdge -objectId $edgelist $ssh.id $ssh.clisettings.remoteaccess } To disable

NSX | How to get IPSec VPN Tunnel Statistics for all NSX edges

I simply recalled the NSX API through powershell and got the required result. #Start clear #replace 1.1.1.1 with actual IP address of NSX Manager Connect-NSXServer -NSXServer 1.1.1.1 #Put all the edge-IDs in below location, for which you want to see the result. $edgeids = Get-Content -path C:\Temp\gjohar.txt  foreach($edgeid in $edgeids){      $EdgeApi =  Invoke-NSXRestMethod -method "GET" -uri "/api/4.0/edges/$edgeid/ipsec/statistics"    $EdgeApi.ipsecStatusAndStats.InnerText    } #End   I haven't taken output in a file. I just ran the command, copied entire data and pasted in notepad++ to review. But if you want, you can do so. Below is the sample output. Note that : output for each edge's data is separated with help of "out-string". One liner output is for those edges which don't have any VPN configured.   Feel free to comment in case of any query\doubt. We are quite reactive. Thank you, Team v

NSX | How to Connect NSX Manager in Rest API client?

To connect with APIs of NSX Manager, you can use any tool like Postman or Insomnia. Let's see, how we can do that. I use insomnia, so will demonstrate via insomnia only. However process is quite similar. Step 1: Install and open Insomnia 1.a : It is freeware tool and downloaded from here . Please get it installed on your pc 1.b : As usual an icon will be placed on your desktop in installation process 1.c : Open it and you will see this tool as similar as below. Step 2: Connect NSX manager 2.a :  Authentication is the first step before doing any other thing. isn't it? For authentication, select  basic authentication  (as shown above) 2.b : Give username and password of NSX manager, again as shown in above image. 2.c : Enter NSX manager URL as shown above "https://192.168.1.1" and make sure GET is selected and press Send. If you get that green "200 OK" message then you are connected guys else check your credentials. That's it!

Zerto Virtual Manager | How to read xml file extracted from ZVM (Zerto Virtual Manager)

To explain it completely, let me share the thought behind this post- In ZVM, when we recreate any VPG, we export its setting (Which include VMs name, IP settings, failover network, test network etc) before deleting it. So that, we don't need to create it from scratch and manually. When we have this exported settings, we just import it back and VPG automatically get created. This setting which we export and import, does save in .xml file format. In case, we don't export the settings before deleting any VPG then it is bit lengthy process to recreate it from scratch. Sometime it happens like we have exported the settings but now not able to import it back (due to n numbers of reasons). In that case, now we have to recreate the VPG. But being in operations, it is not very easy to go to client and request to share all the details again or we sometime not comfortable to request client to recreate the VPG. In that case, we need this exported .xml file, which we mu

vROPS | Views

vROPS is an amazing tool and it is essential to know about "Views and Reports" feature, which is kind of "must know" thing who work on vROPS. Let's explore how you can create "Views and Reports" and take benefit out of it. I will explain it with one use case. Use Case: Under some customer issue, my manager wants me to extract the information like, how much memory was assigned to this particular VM one week before or let's say on a date in past (it can be 6 months old). You need to understand the request first and then translate it into vROPS language (it demands experience on this tool). I think, request is pretty clear and simple and if I say in vROPS language then your manager wants to check the trend because such request comes under trend in vROPS's view. * All snippets are taken from vROPS version 7.0.0 Step 1: Login vROPS with admin privileges Step 2: Go to Views as shown in below image and click on green plus (+) sign to crea

NSX | Troubleshooting tricks to solve communication issues between two VMs in NSX environment

When I say between two VMs, there can be many use cases as below Use Case 1: These two VMs can be on same host and in same VXLAN Use Case 2: These two VMs can be on same hosts and in different VXLAN Use Case 3: These VMs can be on different host and in same VXLAN Use Case 4: These can be on different hosts and in different VXLAN Use Case 5: There might be edge router or firewall coming in between . . . etc.... *portgroup=VXLAN In any of the Use case, even when you do know or don't know the architecture and even you don't know the port\firewall configuration, you can troubleshoot this issue. Simply, use "Traceflow"  for NSX. You can find it in NSX plugin for vCenter Server. How to use it? Login vCenter server and go to Networking and Security plugin. Click on Traceflow as shown below and follow the given steps You will notice that packet has been successfully delivered to its destination by following the path. Source vNIC -> Firewall -&

NSX | How to capture network traffic on NSX edge and download captured file?

Capturing network traffic and downloading .pcap file is kind of must know thing when we do any network troubleshooting in NSX environment. To do so, you need to follow below steps in order- Step 1: Take console or putty of NSX edge device Step 2: login with admin credentials (username "root" doesn't work in NSX :)) #Hopefully you know how to know\reset credentials of NSX edge. If not, let me know. #When we say that capture the traffic, it does mean that traffic is flowing. If not then initiate a traffic first between source and destination. If both are VMs, then start a ping from source VM to destination VM. Step 3: Run below command on NSX edge (putty\console)to start capturing the traffic debug packet capture interface vNic_0 Please note: 1. After few seconds, stop the capture by pressing CTRL+C. 2. Output will looks like as shown below 3. Above command will capture all the traffic hitting on vNic_0 of this edge and will save a file in

NSX | When and why we need to redeploy NSX edge?

Hi Guys, So, Edge or ESG (Edge service Gateway) is component of NSX which provide services from L3-L7  that is from routing to load-balancing. I have seen few cases where communication was impacted between the VMs on either side of ESG. For example, VM in SITE A and VM in SITE B is not pinging with each other and there is a actual outage. And I checked I found no changes were made in physical network as well in NSX environment. Also, ESG any interface's IP was not reachable but there were no visible errors. In most of the case, if there is any health issues with ESG then it highlights and recommend to redeploy (For example, API requests are failing or ESG is not responding to health monitor) but in some cases, it neither show any error nor give any recommendation but all of sudden it went into unreachable state (Of course due to some reasons) but unidentified. Please note that you will find VMware KBs on most of the issues where it is known that it needs to redeploy but always keep

vCloud Director | How to re-synchronize inventory of vCenter server with vCD

Basically we need to do this due to stale entries in vCD database. It happens when any object get removed\deleted directly from vCenter while it was being managed by vCD. Hence vCD don't know if that was deleted and treat it like live object which creates issues in vCD operations. By re-sync inventory, vCD re-read all the inventory of vCenter server and update in database which resolve the issue. It demands downtime as well. Depending upon your environment it takes few minutes to an hour. Step 1: Take backup of vCD database. Step 2: Take backup of vCenter database. In order to minimize the impact, you should do this on all vCD cells one by one. First quiesce(stop) all the jobs coming on a cell. Step 3:  Login to the vCloud Director cell via SSH as root and change directory to where the cell-management-tool is located. Below is the command.   # cd /opt/vmware/vcloud-director/bin Step 4: Run the tool to verify the job count and active state (true):   # ./cell-man