Wednesday, October 18, 2017

create role and assign privileges via powercli in VMware

we often create a backup user in our vxblocks which needs some privileges to function. I just cooked up a script which can do that for you. the privileges here are just samples.
# variables
$VcenterIP = Read-Host "vCenter's address" 
$VcUser = Read-Host "vcenter's username"
$Password = Read-Host "vcenter's password"
$roleName = Read-Host "name of the role"
$role_user = Read-Host "name of the user that has to be created" 
$role_user_pwd = Read-Host "password for the above user?"
$role_user_description = Read-Host "description for the user to be created" 

# connect to vcenter
Connect-VIServer -Protocol https -Server $VcenterIP -User $VcUser -Password $Password

# make a list of privileges
$privileges = @(
'Alarm.Create',
'Alarm.DisableActions',
'Alarm.Edit',
'Alarm.SetStatus',
'Alarm.Delete',
'Extension.Register',
'Extension.Update',
'Extension.Unregister',
'Global.Health',
'Global.LogEvent',
'Global.ManageCustomFields'
)

# Create new user and add privileges
New-VIRole -Name $roleName -Privilege (Get-VIPrivilege -id $privileges)

# create username
New-VMHostAccount -user -Id $role_user -Password $role_user_pwd -Description $role_user_description

# Get the Root Folder
$rootFolder = Get-Folder -NoRecursion

# Create the Permission
New-VIPermission -Entity $rootFolder -Principal $role_user -Role $roleName -Propagate:$true


The unavoidable handshake [by (not) sheldon cooper]

I was thinking the other day about what my friend said and how would my favorite character from my favorite show big bang theory will approach this?
I am talking here about handshakes. If there are 100 team mates and let us say that there is one person who goes and does a handshake with everyone
let us do some data analysis

n = 100
x = 0
secs = 0 # seconds spent per person in shaking hands and hi, hello, how r u, i'm fine, how r u doing? am fine too...etc.,
while (x < n):
    m = n-x # number of unique handshakes
    secs += m*30 # 30 seconds per handshake
    x=x+1

mins = secs/60 # 151500 seconds
hours = mins/60 # 2525 minutes

print(hours) # 42 hours
'mutual loss of hours' = 42*2 = 84 hours a day# since both of the parties spend these 30 seconds during a handshake

So you already know that on an average even if you spend a minimum of 30 seconds per unique handshake (excluding the time it takes to walking upto each person) then there are 21 weekdays per month, so it is 21days*12 months*84 hours = 21,168 hours = 2,646 shifts wasted per year (8 hours shift).
Let us now look at the hygiene part of it...
There is at least one nose picker out of 100,
There is at least one sweaty person with sweaty hands in the team,
There is at least one person who every now and then scratches somewhere which you don't want to know,
There is at least someone who touches their face with lotion or make up,
There is at least one person who has, or gong to have or has but not affected with cold, fever or some kind of mild air borne stuff that you don't want to catch.
Please note that all of the above are extremely conservative points to consider when i say ' there is at least one'.
Now there are many weeks per year where suddenly the weather is such that people start getting fever, cold, cough or something else of that sort and what better way to spread it across the team than a hand shake which has touched their leaky nose, or the scarf/tissue with which they are controlling their cold. If god forbid there is someone who has bought some sweets or eatables or even some chocolates or biscuits and if you happen to eat them with your hands which now has germs from 99 other members of your team then good luck with that.
So what is the solutions?
Namaste!!!
but when someone fetches their hand towards you then you can't just say namaste and keep doing whatever you were doing. The other less offensive and positive approach to it would be, you be the one to do it and get it over with it :).
You come in.
dock your laptop.
go to each person of the team from corner A to corner Z.
shake their hand.
you : how are you?
they: i'm fine, thanks. how are you?
you: i'm doing fine as well. thank you.
(repeat)*x where x is the number of team mates left to shake hand for the day.
Once you are done with the last member, you go wash your hands, sit at your desk and start doing whatever you do.

What about someone who is crossing your way and asks, how are you?
by the time you say: 
I am fine,
thank you.
how are you doing?
and then they say: i am fine too.
thanks.
take care.
they would have moved so much away from you. This is awkward. So what would jesus do? I mean shelly do?
He would say one of the following...
(almost) as good as you,
(almost) as great as you,
(almost) as pretty as you...

So the cons are:-
  1. each of your 100 employees will get disturbed or had to pause whatever that they are doing for 99 minutes
  2. if anyone of your 100 employees is unwell or has cold/fever/cough or anything which has 'airborne transmission' then the rest 99 of the employees have a chance of getting infected which may result in more sick times of your employees.
  3. 21,168 hours per year spent on handshakes
  4. it is hard to get back to what you were doing (imagine you are writing some complex machine learning algorithm ) when you get 99 greetings per day at different and unexpected times a day.
  5. It makes the receiver of such a greeting on each day feel that he/she being less social by not doing the same and thus he/she has to do the same too and thus by peer pressure do the same as the other person did.
Will I listen to sheldon cooper than and follow this?
Naaaaaaaaaaaaa, coz i'm ambi not s cooper. :)


Friday, July 28, 2017

Get the right version of vcenter and other management tools for your esxi/vsphere

Many a times i have seen few of my colleagues trying to download the new vsphere client to manage the newer version of esxi that we are shipping with our dell emc ci/hci. They google it, log into vmware, search again, match the build number and download or sometimes just use a usb pen drive to share such files. If you are in your own environment or even home lab then it is better for your own product to guide you to download the other products which are to be used with it or can be used with it.
just click on advanced and add certification.
 Once you do this,  you will be presented with the following
click on the download vsphere client for windows to install the one which for sure will work with your esxi. It won't take you to VMware site but you will get the file itself. the link below that will launch the vsphere client. Rest of the links to other products will take you to their site and they all are self explanatory.




Thursday, July 27, 2017

Changing the vmkernel/management ip address (and subnet mask too if you want) using powercli


powercli just rox. we at dell emc today had an issue where we had
3 UCS domains and client wanted all the 110+ blades to be distributed across these 3 domains. IP addresses were not in range. We use a custom linux virtual machine which install esxi on UCS with proper vmkernel networking. However that is not designed for such scenarios. So the ip addresses how this esxi deployer assigned was not at all matching what the customer wanted. We thought by the time our storage guys assign boot luns then i could figure out a script to change the ip addresses of all these 110+ blades. I even took my buddy gowtham's data center without asking him and played around with it. It worked for the 8 blades that we had. I used plink to deliver the esxcli command as mentioned by duncan epping . Needless to say what worked on a small solution didnt work on this one for some reason. I was using a csv file to input the
old ip
new ip
username
password
vmkernel (it was vmk0)
but it failed and we as a team shared all 15 blades per head and changed the ip addresses manually. We did not have much time to play. I just reached home and so far i have this.
connect to the esxi host first

PS C:\WINDOWS\system32> Connect-VIServer 192.168.248.136 -User root -Password 'vmware1'
WARNING: There were one or more problems with the server certificate for the server 192.168.248.136:443:

* The X509 chain could not be built up to the root certificate.

* The certificate's CN name does not match the passed value.

Certificate: [Subject]
  OID.1.2.840.113549.1.9.2="1477497341,564d7761726520496e632e", CN=localhost.localdomain, E=ssl-certificates@vm
ware.com, OU=VMware ESX Server Default Certificate, O="VMware, Inc", L=Palo Alto, S=California, C=US

[Issuer]
  O=VMware Installer

[Serial Number]
  00A4602D4BBDF6

[Not Before]
  26-10-2016 9.25.42 PM

[Not After]
  26-04-2028 9.25.42 PM

[Thumbprint]
  360BDA508071AF7832778CA9C038195A14468A4F



The server certificate is not valid.
   
WARNING: THE DEFAULT BEHAVIOR UPON INVALID SERVER CERTIFICATE WILL CHANGE IN A FUTURE RELEASE. To ensure script
s are not affected by the change, use Set-PowerCLIConfiguration to set a value for the InvalidCertificateAction
 option.
      

Name                           Port  User                         
----                           ----  ----                         
192.168.248.136                443   root

Let us see to whom we are connected with
------------------
PS C:\WINDOWS\system32> Get-VMHost
 
Name                 ConnectionState PowerState NumCpu CpuUsageMhz CpuTotalMhz   MemoryUsageGB   MemoryTotalGB
----                 --------------- ---------- ------ ----------- -----------   -------------   -------------
192.168.248.136      Connected       PoweredOn       4          69       16000           1.418          11.718 
 
Now we should find out who this is
 
 PS C:\WINDOWS\system32> (Get-VMHost).NetworkInfo
 
HostName     DomainName   DnsFro ConsoleGateway  ConsoleGatewayD DnsAddress          
                          mDhcp                  evice                               
--------     ----------   ------ --------------  --------------- ----------          
host1        ambi.com     False                                  {192.168.248.136} 
 
 
Now change the ip address  
 
 
 PS C:\WINDOWS\system32> (Get-VMHost | Get-EsxCli).network.ip.interface.ipv4.set('vmk0','192.168.248.135', '255.255.255.0', $null, 'static')
true 
 
That true is really encouraging. I connected to the new changed ip address now.
  
 PS C:\WINDOWS\system32> Connect-VIServer 192.168.248.135 -User root -Password 'vmware1'
 
Name                           Port  User                          
----                           ----  ----                          
192.168.248.135                443   root 
 

I checked the name of this new ip.
 
 
PS C:\WINDOWS\system32> (Get-VMHost).NetworkInfo
 
HostName     DomainName   DnsFro ConsoleGateway  ConsoleGatewayD DnsAddress          
                          mDhcp                  evice                               
--------     ----------   ------ --------------  --------------- ----------          
host1        ambi.com     False                                  {192.168.248.136}   
 
 
 
PS C:\WINDOWS\system32>
------------------

Yes, you can change any vmkernel ip address like this but i am trying to figure out an esxcli -v2 version of it. Nay sayers listen to this. If you do not know how to do it then it doesn't mean it can't be done.
Now here is the esxcli -v2 version.


PS C:\WINDOWS\system32> $esxcli = Get-VMHost | Get-EsxCli -v2
$esxcliset = $esxcli.network.ip.interface.ipv4.set
$args = $esxcliset.CreateArgs()
$args.interfacename = 'vmk0'
$args.type = 'static'
$args.ipv4 = '192.168.248.136'
$args.netmask = '255.255.255.0'
$esxcliset.Invoke($args)



true

PS C:\WINDOWS\system32> disconnect-viserver * -confirm:$false
Connect-VIServer 192.168.248.136 -User root -Password 'vmware1'

WARNING: There were one or more problems with the server certificate for the server 192.168.248.136:443:

* The X509 chain could not be built up to the root certificate.

* The certificate's CN name does not match the passed value.

Certificate: [Subject]
  OID.1.2.840.113549.1.9.2="1477497341,564d7761726520496e632e", CN=localhost.localdomain, E=ssl-certificates@vmware.com, OU=VMware ESX Server Defaul
t Certificate, O="VMware, Inc", L=Palo Alto, S=California, C=US

[Issuer]
  O=VMware Installer

[Serial Number]
  00A4602D4BBDF6

[Not Before]
  26-10-2016 9.25.42 PM

[Not After]
  26-04-2028 9.25.42 PM

[Thumbprint]
  360BDA508071AF7832778CA9C038195A14468A4F



The server certificate is not valid.
    
WARNING: THE DEFAULT BEHAVIOR UPON INVALID SERVER CERTIFICATE WILL CHANGE IN A FUTURE RELEASE. To ensure scripts are not affected by the change, use
 Set-PowerCLIConfiguration to set a value for the InvalidCertificateAction option.
       

Name                           Port  User                          
----                           ----  ----                          
192.168.248.136                443   root                          



PS C:\WINDOWS\system32> $esxcli = Get-VMHost | Get-EsxCli -v2
$esxcliset = $esxcli.network.ip.interface.ipv4.set
$args = $esxcliset.CreateArgs()
$args.interfacename = 'vmk0'
$args.type = 'static'
$args.ipv4 = '192.168.248.135'
$args.netmask = '255.255.255.0'
$esxcliset.Invoke($args)



true

PS C:\WINDOWS\system32> disconnect-viserver * -confirm:$false
Connect-VIServer 192.168.248.135 -User root -Password 'vmware1'


Name                           Port  User                          
----                           ----  ----                          
192.168.248.135                443   root                          



PS C:\WINDOWS\system32> 
good night.

Wednesday, June 21, 2017

setting up your road to data science via python, numpy, scipy

so if you want to do start your journey to data science or just explore what all the fuss about and then get terrorized by math (math always hated me, even though i loved it, it was just one way love, sigh....no one loves me back if i love them..lol) and back off.
So scipy, numpy, panda and many other packages depend heavily on C, cython, fortran and that is why they are so fast too. so before you just install these packages via pip you might want to set the stage right.
install python 3.6.1 (in my case)
https://www.python.org/downloads/
install pip
https://packaging.python.org/tutorials/installing-packages/#id14
install wheel
pip install wheel (optional but you better do it)
then install specific wheels for numpy and scipy
download the relevant wheels from http://www.lfd.uci.edu/~gohlke/pythonlibs/
install as below
pip install numpy-1.13.0+mkl-cp36-cp36m-win32
pip install scipy-0.19.1-cp36-cp36m-win32
 
Now go to your favorite python IDE or console and run
import scipy, numpy and they both should not throw error.
Remember that if you just import numpy or scipy it might work but if you import both it might not. If you have followed this it should not be a problem to you.

Wednesday, May 31, 2017

Powershell : Auto Intialize, Add, Format disks at log in

There are many scenarios where you have mass deployed VMs or present disks to users in a cloud environment where it is necessary for users to initialize, add, format the drives but it won't be wise to ask all users to do this. nobody wants to. Hence this.


Get-Disk | Where partitionstyle -eq ‘raw’ | Initialize-Disk -PartitionStyle MBR -PassThru | New-Partition -AssignDriveLetter -UseMaximumSize | Format-Volume -FileSystem NTFS -NewFileSystemLabel "$env:UserName" -Confirm:$false

  1. Create your .ps1 script and place it in a folder.  The path would look something like this:
C:\script.ps1
  1. Create a .cmd file and place it in
C:\Users\&lt;user_name&gt;\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\startup.cmd
 In this startup.cmd file
PowerShell -Command "Set-ExecutionPolicy Unrestricted" &gt;&gt; "%TEMP%\StartupLog.txt" 2&gt;&amp;1 
PowerShell C:\script.ps1 &gt;&gt; "%TEMP%\StartupLog.txt" 2&gt;&amp;1

Thursday, April 13, 2017

Dealing with snapshots on Enterprise Hybrid Cloud; selectively remove/create snapshots

So I had a situation with one of my colleague dayakar today where he was implementing an EMC EHC and we had some trouble with our standard EHC script. we had to take snapshots. We had to first remove all the snapshots on these VMs.

get-vm | Get-Snapshot | Remove-Snapshot -RunAsync -Confirm:$false

 Now we needed to create snapshots only on those VMs with certain domain name.


$cluster = "" #cluster name(put * to include all clusters)
$domainname = "" #name domain of the vms
$snapshotName = "" #name of the snapshot
get-cluster $cluster | get-vm | where name -Match $domainname | New-Snapshot -RunAsync -Name $snapshotName -Confirm:$false
 

Now we needed to get the snapshots under vapps.


$cluster = "" #cluster name(put * to include all clusters)
$vapp = "" #name of the vapp
$snapshotName = "" #name of the snapshot
get-cluster $cluster | get-vapp -Name $vapp | get-vm | New-Snapshot -RunAsync -Name $snapshotName -Confirm:$false
 In case if you are wondering what is EHC, EHC is Enterprise Hybrid Cloud which is a cloud offering build with the following
compute : Cisco
Network : Cisco
Storage : EMC
Hypervisor: VMware vSphere
Cloud/Automation/Managment layer: vRealize Automation.
If you are in the market for a top of the notch cloud platform then have a look at it. We build it and it is awesome.