VMA v. Powershell

Submitted by jbredehoeft on Tue, 12/27/2011 - 22:49

With the deployment of ESX 5 comes the loss of the the ESX console. it actually happened with the advent of ESXi, but now with 5 there isn't an option to have a console. VMware addressed this with the creation of the Virtual Management Assistant (VMA). Powershell is Microsoft's answer to easier administration via CLI (Command Line Interface).

i come from both Unix/Linux and Windows Admin backgrounds, so I both hate CLI and love it. I live in a graphical world and for a quick view, nothing beats the visual RED, YELLOW, GREEN. If something is red I instantly know there is a problem (hopefully). It is hard to say if a load value of 4 is bad, especially if 5 minutes earlier it was 3.8. I'm starting to digress, both the VMA and Powershell are CLI.

Powershell's strength is in scripting and creating scripts for management. With practice and google you can write some scripts that an automate tasks for you. As an example, I asked my Data Administrator to present an NFS share to 12 of my new ESX hosts so that I could store ISOs and templates there instead of on my higher priced Tier2 storage. He responded by asking for the NIC addresses of my hosts. Since this involved 12 hosts in non-contiguous IP space, I decided that I would gather the addresses with a powershell script. The DA. did his magic on the hosts.allow file for the NFS export. I then wrote another quick script to add the NFS mount to those same hosts. Voila each of them now has the NFS mount.

I've installed the PowerGUI from Quest with VM PowerPacks, all of this extends the capability of powershell and the infomation or management that I can perform. Alan Renouf and Luc Dekens have some great powershell scripts that I have both modified and learned from, they are powershell experts and great resources.

I'm often called to collect statistics on the health of our environment or to create an excel report and email it to team members or upper management. Borrowing on an idea, I'm writing a powershell script that collects statistics and compares the changes and emails out this data to senior management and also the VM owner. This is a chargeback type of report and is perfect for a powershell script. I suppose I could do this with Perl in the VMA, but I haven't figured that out yet. If you doing any kind of Windows adminstration and you aren't doing powershell you are missing the boat. If you add to your Windows Administration VM/vSphere administration then you really need to start doing powershell. With the Quest PowerGUI and PowerPacks there really is no good excuse not to. It's free!!

The VMA is a Redhat(VMA 4.x & older)/Suse (VMA 5+) appliance that provides a console similar to the "classic" ESX Service Console. The VMA includes the vCLI and the vSphere Perl SDK, so it is also quite capable of scripting. I have a collection of perl scripts that I have collected for administration of Redhat & Suse server and also ESX. These I have in my own VMA that I use as a consultant. One of the biggest benefits with the VMA is the vi-fastpass component. This allows an administrator to connect to multiple ESX hosts (think ESXi ) without having to re-authenticate everytime. The credentials are cached until they are manually cleared. This also works with vSphere Center server also.

This allows me to run ESXTOP (now RESXTOP) to a host and diagnose/troubleshoot host performance issues. One of the environments I'm managing uses Round-Robin multipathing for the SAN.
I already have a powershell script to set all of the existing datastores to Round Robin, but during a new ESX build I would like to set the default with
# esxcli nmp satp setdefaultpsp --satp VMW_SATP_SYMM --psp VMW_PSP_RR
so that any added datastores automatically use Round-Robin. This can be done by using the VMA to connect to the hosts. Setting the default policy in VMA is faster then setting Round-Robin on every datastore.

As a linux appliance the VMA retains a lot of the power of unix. I am able to leverage cron and some of the other inherent linux tools to create very powerful scripts in the VMA that run automatically. Once of the powers of the VMA is with vi-fastpass. vi-fastpass allows you to register hosts and the vCenter server to allow you to connect without having to authenticate each time you want to run a command or series of commands. This pings the power of script automation and statistics gathering to the forefront. VMware has included some scripts to make adding servers to the VMA as easy as typing the names into a text file. These are included as sample scripts, there are three in /opt/vmware/vma/samples/perl/. The script to add servers is "bulkAddServers.pl --filename ServerHostList"

Next the VMA supports Active Directory integration and this process is streamlined with the inclusion of Likewise. Run this with
sudo domainjoin-cli join yourdomainhere.com Domain_Account You will be prompted for the password of the account and everything will be setup. Next you will want to modify the sudoers file and add the line
%domain\\group ALL=(ALL) ALL (you have to escape "\" with a backslash which is why you see two in my example. If your group name has spaces you will also have to escape those with a backslash "TEST\Domain Admins" becomes "TEST\\Domain\ Admins". You can now login with "TEST\username" via SSH or the console. I use the same Domain Group for vCenter as I do with the VMA.

Although I am no longer using VMA(4.1) it came with vi-logger (think syslogd) to collect log information from the hosts. This is not in VMA 5+. This was likely dropped in favor of the VCSA (vCenter Server Appliance) that now has a syslog collector installed, or the VMware Syslog Collector for Windows vCenter, which can be installed along with your vCenter server. These are both worth looking at if you don't have a syslog server to send logs to. The preference is yours, but with ESX 5 you will want to have the logs sent to a syslog server as they won't survive a reboot of the host.

Finally, while I prefer to work on larger VMware/ESX environments, I have a number of clients running single ESXi instances. In these cases, we are running a Windows Server on the system and the VMA along side. I have found the VMA provides a lighter foot print for management than powershell in a windows server unless it is in the one that you are hosting. The VMA is able to send reports via smtp. By running one ESXi host I still separate the Windows OS workload from the physical HW and can move the system in the event of a HW failure onto a replacement system. This is great for my smaller clients. It is extra work to recover the VM but it is a lot less work than building a system from the backups (this doesn't work with total disk failures).

So, in closing VMA v. Powershell -- my conclusion is to use them both. How you use them will really depend on your scripting ability and preference, if you are already using powershell, spend some time with the VMA, at the very least it will prove to be a powerful tool for troubleshooting and diagnostics. Besides, it's free!! Free like beer!