Using MDT to Deploy Optimized Windows 7 for View 4.5 VDI Implementation

Using MDT to Deploy WIndows 7 for View 4.5 VDI Implementation

https://docs.google.com/document/pub?id=1XS1ToHcdZAPmMZQKzPVAZDgo5juXHzukKtsLm6Jt_p4

Report of HBA info in csv format using Powershell

A user on the VMTN wanted to extend LucD’s ESX Fibre – SAN identifier script by adding device, model, and status info to the report.  I provided changes to LucD’s script as highlighted below to accomodate the request.

See the maroon text for my changes.

$report = @()
foreach ($esx in get-cluster | get-vmhost | get-view | sort-object name){
foreach($hba in $esx.Config.StorageDevice.HostBusAdapter){

if($hba.GetType().Name -eq “HostFibreChannelHba”){

$row = “” | select Name,WWN,device,model,status

$row.Name = $esx.name

$wwn = $hba.PortWorldWideName

$wwnhex = “{0:x}” -f $wwn

$row.WWN = $wwnhex

$row.device = $hba.device

$row.model = $hba.model

$row.status = $hba.status

$report += $row

}

}
}
$report | export-csv c:\Temp\hbainf-to-host.csv -NoTypeInformation

VMworld 2010 Schedule

Monday
9:00 AM-10:00 AM	MA7140	vCloud Architecture Design Strategies and Design Considerations
10:30 AM-11:30 AM	TA6720	Troubleshooting using ESXTOP for Advanced Users
12:00 PM-1:00 PM	EA7061	Creating an Internal Oracle Database Cloud Using vSphere
1:30 PM-2:30 PM	ALT2004	Building the VMworld Lab Cloud Infrastructure
3:00 PM-4:00 PM	TA7994	vStorage Update for vSphere 4.1

Tuesday
11:00 AM-12:00 PM	EA7860	Java Apps on vSphere: Technical Best Practices and Why Now Is Better Than Ever
12:30 PM-1:30 PM	GD10	HIgh Availability with Banjot Chanana
2:00 PM-3:00 PM	BC8432	SRM Futures: Host Based Replication
3:30 PM-4:30 PM	ALT3004	VMware vSphere™ Troubleshooting
5:00 PM-6:00 PM	ALT3003	VMware vSphere™ Performance & Tuning

Wednesday
9:00 AM-10:00 AM	MA6580	Bridge the ESX/ESXi Management Gap Using the vSphere Management Assistant (vMA) – Tips & Tricks Included
10:30 AM-11:30 AM	GD19	Site Recovery Manager with Arturo Fagundo
12:00 PM-1:00 PM	BC7773	VMware Site Recovery Manager: Misconceptions and Misconfigurations
1:30 PM-2:30 PM	ALT3001	VMware vCenter™ Site Recovery Manager – Extended Config & Troubleshooting
3:00 PM-4:00 PM	EA7726	Virtual Machines Outperforming Physical Machines – Crossing the Performance Barrier
4:30 PM-5:30 PM	TA8102	Tuning Linux for Virtual Machines

Thursday
10:30 AM-11:30 AM	TA6944	PowerCLI Is For Administrators!
12:00 PM-1:00 PM	TA7750	Understanding Virtualization Memory Management Concepts
1:30 PM-2:30 PM	TA8133	Best Practices to Increase Availability and Throughput for VMware
3:00 PM-4:00 PM	TA8233	Prioritizing Storage Resource Allocation in ESX Based Virtual Environments Using Storage I/O Control

Finding unused IP addresses and invalid DNS entries

The method used in the example below will not help eliminate all invalid DNS entries or find IPs that are live yet unused, however, it will provide a fairly efficient means of finding unused IPs that are not pingable at the moment and provide a list of potentially invalid reverse lookup entries which in turn would also give you clues you need to start looking for invalid A records, etc.

For this example I am going to assume we want to find unused IP addresses and potentially invalid DNS entries for the network range 192.168.1.1-100

From the prompt of your linux host with nmap installed run:

nmap -v -sP 192.168.1.1-100|grep down |for i in `awk ‘{print $2}’`;do host $i;done

• nmap -v -sP 192.168.1.1-100 performs ping scan and returns status for specified range
• grep down – filters the list to only  return non-pingable hosts
• for i in `awk ‘{print $2}’` – filters the list further to only return the IP addresses in a loop to do the host [ip address] lookup for each IP returned

One could easily substitute host with nslookup or dig but I chose host to streamline the output for readability.

Bottom line is that if you see output similar to the following:

Host 5.1.168.192.in-addr.arpa. not found: 3(NXDOMAIN)

Then you can probably safely use 192.168.1.5 for a new device and DNS entry although it would be safer to scan the DNS table by IP for forward lookup entries first.

On the other hand, if you see output similar to:

5.1.168.192.in-addr.arpa domain name pointer name.domain.com

Then you most likely have a system that is shutdown at the moment which uses that address or an invalid/outdated DNS entry to clean up.

One could easily schedule this command to run with cron and send output to an email or ticketing system for regularly scheduled DNS maintenance

XSUDO for secure elevated perms over X session

add the following to /etc/profile

# Setup sudo X authentication if token is available

XAUTH=/usr/bin/xauth

if [[ ! -z “$DISPAUTH” ]]; then

echo “sudo X authentication detected, seeting up display”

$XAUTH add $DISPAUTH

fi

create /usr/bin/xsudo with 755 perms and  containing:

#!/bin/bash

USER=$1

if [[ -z “$USER” ]]; then

echo “Usage: xsudo <username>”

echo “Invokes a shell as specified user and transfers X authentiation to new session”

exit 1

fi

if [[ -z “$DISPLAY” ]]; then

echo “You have no DISPLAY set, make sure X is”

echo “running or X forwarding is enabled and working.”

exit 1

fi

DISPAUTH=`xauth list \`sed -e ‘s/^[^:]*//’ <<<$DISPLAY\“

sudo -u $USER DISPAUTH=”$DISPAUTH” –i

update /etc/sudoers with users that require sudo over X  i.e.

username  ALL=(xsudogroup)  NOPASSWD: ALL

%group  ALL=(xsudogroup)  NOPASSWD: ALL

Install XMing or other suitable Windows X Client on the users’ PC ensuring that the X0.hosts file contains the servers client will access with xsudo.

Use putty to connect to server from client

Set display with:

export DISPLAY=mypc:0.0

Run xsudo with:

xsudo xsudouser

Test with:

xclock

Prepare a shared cifs mount for JBoss deploy

PROBLEM: An application is failing to deploy files to a cifs share mounted on linux because users have files open which the deployment process is trying to overwrite.

SOLUTION: Needed to kill all processes for user accounts with open files in the /data cifs mount other than my deployment and root user accounts.

for i in `fuser -u -v /data 2>&1 |grep -v root|grep -v deploy|awk ‘$2 !~ /[a-z]/’`; do kill -9 $i; done

The “fuser -u -v /data 2>&1 |grep -v root|grep -v deploy” portion of command finds all processes with open files on /data for all users other than root and deploy. Note that the “2>&1” was used because fuser was generating some output to stderr and other to stdout so I combined them by sending stderr to stdout to allow grep to work as desired in this case.

The “awk ‘$2 !~ /[a-z]/'” portion simply removes the PID and any alpha character lines from output and prints all the resulting numeric PID’s each on it’s own line from the fuser command.

Finally “do kill -9 $i” kills all the PID’s returned from command above without prejudice, so beware, goodbye – gone – finito to them all!

I would not want to do this against files which I would want to keep! This should only be done for files that will be deleted or replaced anyway since the integrity of the files after running this command cannot be guaranteed in any way. At a minimum a full backup and verification should be performed prior testing.

An even safer version of the command above would target specific files or subdirectories to prevent killing processes unrelated to the deploy. For example, instead of /data as above you might run multiple commands with each specific file passed to fuser such as /data/file1 for the first iteration and so on through /data/filex.

To perform as a regular user you can update sudo by adding something like the following to /etc/sudoers:

%deploy ALL = NOPASSWD: /sbin/fuser -u -v /data

Then update the above command as follows to run as your deploy(regular) user:

for i in `sudo /sbin/fuser -u -v /data 2>&1 |grep -v root|grep -v deploy|awk ‘$2 !~ /[a-z]/ {print $2}’`; do kill -9 $i; done

Update to exclude mounts from vCheck5

To exclude a mount point from disk space checks in vCheck5 script

See comment on the publishers site here

Extract values within quotes from command output on Linux using perl

For example:
To obtain all values within quotes from the output of a jstack command you could

./jstack [pid] |perl -lne ‘print $1 if (/”(.*)”/)’
or for just worker threads
./jstack [pid] |perl -lne ‘print $1 if (/”(Worker.*)”/)’

and if you wanted a count of how many quoted values there are

./jstack [pid] |perl -lne ‘print $1 if (/”(.*)”/)’ |wc -l

Oracle on Linux RMAN from Netbackup to Avamar Client

I recently migrated some Oracle 10g and 11g RHEL 5 VM’s and Physical boxes from Netbackup based clients to Avamar clients with the RMAN plugin. I will create a separate post regarding automation of the AvamarClient setup and focus on the RMAN configuration for event/client driven backup here.

First thing I did before automating any of the processes was to download the required docs and binaries from the Avamar web interface. There is a Documents and Downloads link at the bottom of the page of the following sample url:

http://avamarservernameorip

Then I downloaded the Avamar Oracle Client User Guide and the appropriate binaries for the platform from the right hand column, for example:

AvamarClient-linux-rhel4-x86_64-5.0.101-32.rpm

AvamarRMAN-linux-rhel4-x86_64-5.0.101-32.rpm

Also, ask your friendly EMC Avamar installer to provide a copy of AvOracleRMAN.pdf and AvOracleDatabasePrep.pdf which provide a lot more detail than the Client User Guide.

Installation and registration of the Avamar Client

1. As root cd to location of downloaded rpms

2. Type rpm -ivh AvamarClient-linux-rhel4-x86_64-5.0.101-32.rpm

3. Type /usr/local/avamar/bin/avregister

4. Enter the fqdn of the Administrator server when prompted [avamarserver.domain.com]

5. Enter the Avamar server domain [clients] when prompted

6. The Avamar Client installation is now complete

Installation of the AvamarRMAN Plugin

1. As root cd to location of downloaded rpms

2. Type rpm -ivh AvamarRMAN-linux-rhel4-x86_64-5.0.101-32.rpm

3. Update iptables with following rules to allow secure backups and also update any firewalls to allow backup through these ports:
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 28002 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 27000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 29000 -j ACCEPT
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 8672 -j ACCEPT

4. Create a new user account that will have access to backup/restore jobs on the domain containing the Oracle backup jobs using the Avamar Administrator Console.

5. Create a my-avtar-flags.txt file for linux in /usr/local/avamar/bin containing:
–pidname=Oracle
–pidnum=1002
–logfile=/usr/local/avamar/var/avtar.log
–vardir=/usr/local/avamar/var
–id=[userid from prior step]
–ap=[password from prior step]
–path=[/domain/oracleservername]
–expires=[number in days]
–server=server.fqdn.name

Note that the user created above required Administrator privileges, and I’m still investigating how to lock this down further, for now I’ve isolated the oracle backups to their own respective domains of control to reduce risk.
Also note that permissions on the /var/avamar directory must be set so that the user launching the rman scripts has write access

6. Create RMAN scripts (avorabackup and avorarestore) that can be launched with cron or scheduler of your choosing, examples below:

launch this example backup script from a file named avorabackup as follows:
rman target / nocatalog @avorabackup

Note that configure device type sbt clear; does not need to run every time but it is a good idea to leave in for migration process because otherwise any netbackup based backups will continue to be attempted and never go to avamar.

run {
configure device type sbt clear;
allocate channel c1 type ‘SBT_TAPE’ PARMS=”SBT_LIBRARY=/usr/local/avamar/lib/libobk_avamar64.so, ENV=(PATH=/bin:/usr/bin:/usr/local/avamar/bin)” format ‘%d_%U’;
send ‘”–flagfile=/usr/local/avamar/bin/my-avtar-flags.txt” ‘;
send ‘”–sysdir=/usr/local/avamar/etc” “–bindir=/usr/local/avamar/bin” “–vardir=/usr/local/avamar/var”‘;
configure retention policy to recovery window of 10 days;
configure retention policy to redundancy 2;
backup database plus archivelog;
delete noprompt obsolete;
crosscheck backupset;
release channel c1;
}

Another Example with no archive log backup:

run {

configure device type sbt clear;

allocate channel c1 type ‘SBT_TAPE’ PARMS=”SBT_LIBRARY=/usr/local/avamar/lib/libobk_avamar64.so, ENV=(PATH=/bin:/usr/bin:/usr/local/avamar/bin)” format ‘DBNAME_%t_%s_%d’ ;

send ‘”–flagfile=/usr/local/avamar/bin/my-avtar-flags.txt” ‘;

send ‘”–sysdir=/usr/local/avamar/etc” “–bindir=/usr/local/avamar/bin” “–vardir=/usr/local/avamar/var”‘;

configure retention policy to recovery window of 7 days;

configure retention policy to redundancy 1;

backup database;

delete noprompt obsolete;

release channel c1;

}

launch this example restore script from a file named avorarestore as follows:
rman target / nocatalog @avorarestore

run {
allocate channel c1 type ‘SBT_TAPE’ PARMS=”SBT_LIBRARY=/usr/local/avamar/lib/libobk_avamar64.so, ENV=(PATH=/bin:/usr/bin:/usr/local/avamar/bin)” format ‘%d_%U’;
send channel=’c1′ ‘”–flagfile=/usr/local/avamar/bin/my-avtar-flags.txt” ‘;
send ‘”–sysdir=/usr/local/avamar/etc” “–bindir=/usr/local/avamar/bin” “–vardir=/usr/local/avamar/var”‘;
restore database;
recover database;
release channel c1;
}

PowerCLI Notes

Stolen from Tim Oudin who stole it from blogosphere – needed a one liner to add VLAN to existing vSwitch for each host in Cluster

foreach ($ESXhost in get-cluster “ClusterName”| get-vmhost) { get-virtualswitch -vmhost $ESXhost -name vSwitch0| new-virtualportgroup -name “Description” -VLanId XXX }

Substitutions:

ClusterName i.e. Dev Cluster 1

vSwitch0 – use appropriate vSwitch name here

Description i.e. Control-Dev-VLANID

XXX  i.e. 920

Similar one liners for PGs

PG with VLAN Id:

foreach ($ESXhost in get-cluster “Test”| get-vmhost) { get-virtualswitch -vmhost $ESXhost -name vSwitch0| new-virtualportgroup -name “Control” -VLanId 854 }

PG without VLAN Id:

foreach ($ESXhost in get-cluster “Dev”| get-vmhost) { get-virtualswitch -vmhost $ESXhost -name vSwitch0| new-virtualportgroup -name “Control” }

Set VLAN Id on existing PG:

foreach ($ESXhost in get-cluster “Dev”| get-vmhost) { Get-VMHost $ESXhost | Get-VirtualSwitch -Name “vSwitch0” | Get-VirtualPortGroup -Name “Control” | Set-VirtualPortGroup -VLanId 852 }

Delete PG:

foreach ($ESXhost in get-cluster “Dev”| get-vmhost) { Get-VMHost $ESXhost | Get-VirtualSwitch -Name “vSwitch0” | Get-VirtualPortGroup -Name “Control” | remove-VirtualPortGroup -confirm:$false }

And from http://www.virtu-al.net/2009/06/11/storage-vmotion-the-powercli-way/

Get-VM “MyVM“ |Move-VM -datastore Get-datastore “MyDatastore“

The Move-VM Cmdlet covers a multiple of sins, lets check some out, you want VMotion:

Get-VM -Name “MyVM“ |Move-VM -Destination Get-VMHost  MyHost

And also what you would expect, moving a VM to a new folder:

Move-VM -VM Get-VM -Name MyVM -Destination Get-Folder -Name Production

And moving a VM to a new resource pool, what a multifunctional cmdlet this is !

Move-VM -VM Get-VM -Name MyVM -Destination Get-ResourcePool -Name “Important“