Tag: VMWARE

Troubleshooting Deploying Server 2019 using Packer

I am working on rebuilding my homelab and I was looking for a way to quickly automate building out my templates onto my VMware environment. I have used Packer in the past for this process but its been so long I had forgot how to do anything. With a quick Google I found this https://github.com/guillermo-musumeci/packer-vsphere-iso-windows-v2 that had everything ready to be customized for my environment. When I ran packer build .\win2019.json I received the following error.

I verified I had all my credentials correct in the credentials.json and I was following all of the instructions. After some troubleshooting I found that I needed to add the variable -var-file. So the completed command was packer build -var-file .\credentials.json .\win2019.base.json.

0

VMware Project Pacific at Tech Field Day Extra 2019

This post has been in my draft folder for way too long. VMworld seems like just a short time ago, but so much time has already passed. It was a great time meeting up with old friends and making new ones. During that time I was lucky enough to be a part of Tech Field Day crew and be a part of some of the presentations from VMware. One of the most exciting announcements of week was about project Pacfic, but I think it should had been called vPacific to be like the rest of VMware products. What this project is doing is bringing native support for Kubernetes into vSphere. I can see this as a real game changer for the Enterprise as it brings Containers out of the development side over to the operations side. Kubernetes seems to be the next big thing, and I think with VMware it is about to really take off for enterprise.

The session kicked off with Jared Rosoff (who I think is trying to look like Bob Ross) one of the co-creators of Project Pacific. Talking about the challenges that are present with the modern Data Center. How can developers rapidly build, and how can Op’s keep the infrastructure working optimally. At the same time keeping cost down, ensuring up time and keeping everything secure.

Kubernetes is more than just an container orchestrator platform, but more of a platform for all kinds of orchestration and at the core of that is controlling the desired state. Project Pacific wanted to be able to build a new kind of cloud platform. Be able to deploy Kubernetes clusters, virtual machines and serverless environments and change how the developer use the cloud. One way this is accomplished is by going from managing at the VM level to managing at the Logical Application layer, by integrating the Kubernetes namespace into vSphere. This makes it go from managing 1000’s of VMs to managing only at the Application layer.

I am really excited to see what VMware is doing with Kuberenetes is doing. It is a powerful product, but in its current state it is hard for most enterprises to take advantage of it. VMware is in a great position to really push Kubernetes into the Enterprise, and I look forward to being able to use it soon.

This has been just a short overview of what VMware Pacific is. If you would like to learn more about this and other events you can see the entire presentation at Tech Field Day

1

Bitfusion at VMworld 2019 with TFDx

AI and ML the next big thing in IT, and at one time is was all hand crafted by programmers. This has created great demand for processing power, but is usually on a monolithic machine that is expensive, and not effectively used. If you wanted to build a way for a computer to recognize a certain object lets say the Internets favorite the cat; how would that be done? At one time that would required a lot of manual work to make this happen, and a lot of processing power. Now this is all done automatically with things such as GPU’s and FPGA’s through a process of inferring and training.

Bitfusion was recently acquired by VMware. I had never heard of this company before the acquisition, but once I learned about them I quickly realized why VMware did the acquisition. They have created a solution that over comes all these issues that I mentioned before, and have done for the AI/ML world what VMware did for the Storage world. Basically this is vSAN for AI/ML. Creating a large pool of resources from devices that are not in the same chassis, but on they are on the same network. It runs in the software layer and in the user-space which makes it very secure. This software breaks out workloads to run across multiple remote nodes to effectively use all available resources all with an overhead of less than 10%. I can see this a great cost effective way to bring more ML workloads into enterprises. It does this by intercepting API calls at the API layer as this is the “sweet spot” for Bitfusion to run. Then it can transfer the data over the network to a remote device such as GPU to be processed, and the application does not even need to be aware of this. This is all done with Bitfusion FlexDirect which the following slides do a good job of explaining what FlexDirect is.

It uses also CUDA to intercept the applications calls.. Then the process goes down the stack to a remote device over the network for processing. Bandwidth is not an issue with workloads such as these as latency is the main concern, and it this has been optimized to minimize latency. Check out the above slide, as it does a great job of explaining the entire process of how this all works. It inte

GPU’s can be really expensive so to make them be cost effective they need to be optimally used. That is what makes Bitfusion such an interesting product in that it can optimally use your hardware investment. I could see an organization using GPU during the day for things such as VDI, but during the night they would go idle. Jobs could be scheduled to run at night and fully use all the GPU’s.

This is just an overview of what Bitfusion is capable of. If you like to dive more into this please watch the following embedded videos, and check out TechFieldDay.com.

1

Deploy OVA with PowerCLI

It has been a while since I have written anything for my blog. Life has become crazy busy for me the last few months. Between normal work and family time I do not have a lot of free time. The following meme really sums up my life right now.

I have had to deploy a few OVA recently, but wanted to let those that are a little less technical have an easy quick way to accomplish this. Its not that complicated of a script, but it works and gets the job done. By using the Read-Host capability it allows user input into a Powershell script which can really expand Powershells capabilities.

connect-viserver “Your vCenter”

$vmSource = Read-Host – Prompt “File path to OVA”

$vmCluster = Get-Cluster – Name “Name of Cluster you want to use”

$vmHost = ($vmCluster | Get-VMHost)

$vmDatastore = Get-Datastore -Name “Name of Datastore to be used”

$vmName = Read-Host -Prompt “What to name VM?”

$vmHost | Import-vApp – Source $vmSource -Location $vmCluster -Datastore $vmDatastore -Name $vmName -Force

0

Transferring Files Using PowerCLI

I recently had a unique issue in that I needed to transfer some files to VM’s that were running in a secure environment. This meant there was no network access in our out of this environment except the one used by VMware Tools.  There is a powershell command that can be used to transfer files by utilizing VMware Tools.  This is very useful when transferring files even if it is not a secure environment.

Copy-VMGuestfile -Source “C:\Path\” -Destination “C:\Path\” -VM VMName -LocalToGuest -GuestUser “domain\user” -GuestPassword “password”

If you want to retrieve the file then replace -LocalToGuest with -GuestToLocal

One issue you may encounter is when you have multiple VM’s with the same name.  If they are using different folders then you can point to the correct folder path.

-VM $(Get-VM -Name VMName -Location folder)

0

My time at VMworld 2018

fond memoriesWow how time flies. VMworld was just last week, and its hard to believe that its already over. It was a very busy week with all of the announcements from VMware. Visiting with all of the vendors and seeing what new products they are offering. So much happens in such a short amount of time.  I never like the process of traveling.  All the time spent commuting to the airport just to wait a few hours to board the plan.  With all the possible delays I always a fear that I will get trapped in the airport over night.  In the end it is all worth it because it was an exciting week.

recap

It was great being able to meet up with all my old friends from the vExpert community.  It was great to see Jeremy Mayfield again. I have not seen him since .NEXT in Washington DC.  He lives quite far away from me in the frozen white north of Alaska.  It was great to have someone to hang out with during the week, and grab some food at the casino buffet. It was great to finally meet Thom Greene in person. It is always interesting talking to him because we have had such a similar career path.

When I had some free time I spent most of it at the VMTN booth in the Village.  There were a lot of people from the community hanging around it all day.  It was a great place to meet new people, and catch up with old friends. During the day vBrownBag had presentations going on from various people in the community.  It is one of the many things that makes VMworld a unique experience.

At night after all the presentation were over; there was a Hackathon going on.  I had a great time at it, even though I was not able to contribute much. There were some really smart people there. It was amazing to see what the different groups were able to accomplish in just a few hours.

The two big highlights for me were the vExpert party at the Pinball Museum. It was great meeting all the fellow vExperts while enjoying great barbecue and playing some pinball. Then on Wednesday night instead of going to the big party I went to an Influencer dinner.  It is put on by the legend Howard Marks.  It was at this great Thai place and met a lot of great people.  I really had some impostor syndrome kicking in while I was there, because it was full of famous people from the industry.  The contributions that they have made to the community have really helped me in my career.

Tech Field Day Extra was at VMworld this year.  I was a delegate at it for two different sessions. Tuesday morning DELL EMC presented on its Data Protection.  I enjoyed the presentation since I started my career using those data protection products. Wednesday afternoon BlueMedora, Barefoot Networks and Netscout presented. They had a lot a great of information, and as always it was a great event to be a part of. I am very thankful of the Tech Field Day crew inviting me, and over the next few weeks I will be publishing some more post detailing the presentations from these great companies.  So keep an eye on this site over the coming weeks.

1

Etherchannel, LACP and VMware

Recently I have had some discussions about using LACP and static etherchannel with VMware.  The conversations have mainly revolved around how to get it setup, and what are the different use cases for it. The biggest question was about what exactly is the difference between the two.  Are they the same thing with different names or are they actually different things?

nirclecom_user_file_VR9EFwHQTILTpFyG4tnAFjWnKn6tVUGoSyBc

Etherchannel and LACP are used to accomplish the same thing, but they both do it in a slightly different way.  They are used to form a link-aggregation-groups (LAG) made of multiple physical links to connect networking devices together.  This is needed to avoid getting a loop in the network, that is normally handled by using the Spanning Tree Protocol.   So what is the real difference between the two?  LACP has two modes.  Active and passive, if one or both sides are set for active then they form a channel.   With Etherchannel one side must be set for active and the other set for passive.  Otherwise no channel will form.  Seems fairly simple but…

The reason all of this matters is that the virtual switches with VMware cannot form a loop.  So by setting up LACP or etherchannel you are just increasing your operational cost, and the complexity of the network.  It requires greater coordination with the networking team to ensure that LACP or etherchannel are setup with the same exact settings.   LACP and etherchannel offer different forms of load balancing.  This is accomplished by using hashes based on things such as source IP, source MAC. There are quite a few options to choose from.  Once the hash is created the packet is sent down a certain link determined by the hash that was generated..  This creates a constraint because now every packet is sent down that same link, and will keep using it until a link fails and it is forced to use another link.  So it is possible that if 2 VM’s are communicating over a LAG all traffic could be going across just one link, and leaving the other links underutilized.  The distributed switch and physical switch must be setup to use the same settings or a link will not be established. LACP is only available by using the Distributed switch which is only available with Enterprise Plus Licensing.

If you are able to use the Distributed switch it also supports Load Base Teaming.  LBT is the only true load balancing method.  It will send traffic across all links based on the actual utilization of the link.  This is a far superior load balancing feature and if you are already paying for it you should be using it.  There is also the myth that bonding two 10gb links will give you 20gb of throughput.  As I discussed earlier the limitation is that vNIC can only utilize one link at a time.  It cannot break up streams across two links for increased throughput.  You can only really gain the throughput advantage with multiple VM’s utilizing them.

download (2)

As a best practice you should always use trunk ports down to your hypervisor hosts, this allows the host to utilize multiple VLAN’s as opposed to placing the switch ports into access mode and allowing only one VLAN, customers who do this often end up re-configuring their network later on and its always a pain. I generaly recommend setting up each port on the physical switch in a standard trunk mode with all the VLAN’s that you need.  Then on the virtual switch build out all of your portgroups and have the traffic tagged there with the VLAN needed for that portgroup.  By doing this and using LBT you have a simple yet efficient design.

Now there is one caveat to all of this  vSAN does not support LBT, but it does support LACP, and if you have vSAN you are licensed for the distributed switch.  LACP has one advantage over LBT and that is the fail over time.  This is the time it takes for a dead link to be detected and traffic sent to another link. LACP failover is faster than that of LBT, and this failover time could mean the difference between a failed write with vSAN.  Which can limit any downtime, but with a production hopefully there will not be many links going offline.

0

VMworld 2018!!!

It is finally that time of year.  The greatest time of year. It is time for VMworld!!!  August 26-30 is the the time where everyone packs up and spends a week in Las Vegas with some of the greatest minds in Virtualization.

download

VMworld is a great opportunity to learn about some of the latest technology in the industry.  The show floor will be backed with tons of vendors.  Some you have heard of and some that you haven’t.  You may find that vendor that has just the solution that you have been looking for.  All the vendors will have lots of information about the various products and solutions that they offer.  It is a great idea to talk to as many as you can.  Always a great opportunity to learn something new, and they usually have some great prize and swag!

The sessions will be excellent as always presented by some of the smartest people you have ever met.  You can take a look of all the sessions here.  If you can’t make it to VMworld they will post most of the sessions on Youtube shortly after.

They will also be offering training sessions on the various VMware products, and if you ready for it you can take one of the certification tests.  Maybe finally get that VCP or VCAP that you have been working on.

The best part of all of this is the networking, and the lifelong friends you will make.  Through VMworld and various other social events I met many great people and friends.  It is a great community to be a part of, and I hope this year I will be able to meet up with as many people I can at the various events.

download (1)

0

Stretched vSAN Cluster on Ravello

Stretched clustering has been something that I have wanted to set up for my home lab for a while, but it would not be feasible with my current hardware.  Recently I was selected to be a part of the vExpert program for the third year.  One of the perks of this is the use of Ravello cloud.  They have recently made a lot of advancements that has greatly increased the performance.  Now they have also added a bare metal option which which makes the performance even greater.  I am skipping most of the steps to setup vSAN, and trying to only include what is different for a stretched cluster.

The high level architecture of a stretched vSAN cluster is simple.

21640548292_faf47a713e_o

  • Two physically separated clusters.  This is accomplished using Ravello Availability grouping.
  • A vCenter to manage it all.
  • External witness.  This is needed for the quorum.  Which allows for an entire site to fail with it and the vm’s to fail over.
  • Less than 5ms latency between the two site.  This is needed because all writes need to be acknowledged at the second site.
  • 200ms RTT max latency between clusters and witness.

If this was a production setup there would be a few things to keep in mind.

  • All writes will need to be acknowledged at second site.  So that could be an added 5ms of latency for all writes.
  • You can use layer 2 and 3 networks between the clusters.  You would want at least 10gb for the connection between sites.
  • You can use layer 2 and 3 networks with at least 100mbs for the witness.

Deploying on Ravello

blueprint

For the architecture of this deployment we will need 3 sections

  • Management
  • Cluster Group 1 (Availability groups simulate separate data center)
  • Cluster Group 2 (Availability groups simulate separate data center)
  • vSAN network and Management/Data Network

Management

There needs to be a DNS server and a vCenter.  I used Server 2016 to setup both the DNS server and Domain Controller.  I used the vCenter appliance 6.5 which I then deployed to an separate mangement ESXi hosts.

Cluster Groups

These consist of 2 ESXi 6.5 hosts each.  They use Availability Groups to keep them physically separated to simulate the stretched cluster.  Group 1 used AG1 and Group 2 used AG2

AG

Network

 

I manually setup the DNS entries on the Server 2016 DNS, and the two networks consists of the following.

  • 10.0.0.0/16 Data/Management
  • 10.10.0.0/16 vSAN

Witness

The witness is an easy to deploy OVF.  It creates a nested ESXi host that runs on top of a physical host.  The networking consists of the following

  • vmk0 Management Traffic
  • vmk1 vSAN Traffic

Once the OVF is deployed add the new witness host into vCenter.  You will see it in vCenter as a blue ESXi host.

4

Creating the Cluster

Now that every is setup and online it is time to create the cluster.  All four hosts need to be in one cluster in vCenter.  Go to the cluster settings and start the setup of vSAN.  Choose configure stretched cluster.

stretched cluster

Now break out the two fault domains to correspond to the availability groups setup on Ravello

1

After the disk are claimed you now have a stretched vSAN cluster that provides high availability across two data centers.  One cluster or one node can go down, and your VM’s can fail over and keep on running.

 

0

ESXi 6.0 to 6.5 Upgrade Failed

The Problem

I am currently running vCenter 6.5 with a mix of 6.0 and 6.5 clusters.  I uploaded the latest Dell customized ESXi 6.5 image to update manager, and had no issues updating my first cluster from 6.0 to 6.5.  In the past I have had some weird issues with update manager, but since 6.5 was integrated into vCenter it has been a lot more stable.  I then proceeded to migrate the next cluster to 6.5 and received this weird error.

2

I then tried to mount the ISO to the host and install it that way, but now I get a much more detailed error.

3

The Solution

  1.  SSH into the host and run the following command to see list of installed VIB’s

esxcli software vib list

2. Remove the conflicting VIB.

esxcli software vib remove –vibname=scsi-mpt3sas

3. Reboot!

Now that the conflicting VIB has been removed you can proceed with installing the updates.

 

 

 

 

 

 

0

Blog at WordPress.com.

Up ↑