Friday, April 19, 2019

Cisco switch configuration backup using PowerShell

In this article, I will briefly explain how to back up the running configuration of Cisco switches to a TFTP server location using PowerShell.

Prerequisites
  • A TFTP server should be configured and running.
  • PowerShell module Posh-SSH should be installed on the node from which the script is running.

Workflow
  1. Collect credentials to SSH into the switch
    $creds = Get-Credential
  2. Create a new SSH session to the first switch in the list
    $sw_ssh = New-SshSession -ComputerName <Management IP of Cisco switch> -Credential $creds -Force -ConnectionTimeout 300
  3. Invoke the command to backup running config to TFTP server over the SSH session
    $cmd_backup = "copy running-config tftp://<IP of TFTP server>/config_backup.txt vrf management"
    Invoke-sshcommand -Command $cmd_backup -SSHSession $sw_ssh

You can schedule this PS script using a task scheduler so that the running configuration of switches can be backed up automatically on a daily basis or as per requirements. Hope this was useful. Cheers!

Complete project reference
https://github.com/vineethac/cisco_switch_backup

Related article
Dell EMC switch configuration backup using PowerShell

Friday, April 12, 2019

VMware VVols: Integrating Dell EMC Unity with vSphere environment

This article provides the step by step procedure to configure a Virtual Volume (VVol) based vSphere environment using Dell EMC Unity SAN storage. You can go through my previous post to get an understanding of the differences between VMFS and VVol.

Step1: Register a new storage provider in vCenter

Note: Registering a storage provider exposes all the array capabilities to vCenter through VASA API.

Select: vCenter server -> Configure -> Storage providers -> Register a new storage provider (+)

Register new storage provides in vCenter

After successful registration of storage provider


Step2: Create a VVol datastore on the storage array (Unity)

Create VVol datastore (storage container)

Provide a name

Select capability profiles for the VVol datastore

Note: Each pool has its own characteristics and is associated with a specific capability profile. Adding capability profiles to a VVOL datastore basically adds the corresponding pools to that VVOL construct. In the above figure we have added 3 capability profiles, which means pool_01/02/03 are now part of VVOL_Datastore_01.

Configure access to ESXi hosts

Summary

VVol datastore (storage container) creation completed

The storage container (VVOL datastore) has been created on the array and the next step is to add it to ESXi hosts.

Step3: Add a new datastore in the vSphere environment through vCenter

Add new VVol datastore

Select the VVol datastore and provide a name

VVol datastore creation complete

VVol datastore

Step4: Create VM storage policies

Select VM Storage Policies

Create VM storage policy

Select vCenter and provide a name



Storage type and rule

Select service level

Select the compatible storage


Now the storage policy (Platinum) has been created. Similarly, I have created Silver and Bronze policies which are shown below.

Sample storage policies

Step5: Migrate virtual machines to VVol datastore

Migrate VM01 to VVol datastore

While migrating the VM, you can choose the disk format and the VM storage policy and it will display the compatible VVOL datastores.


Select compatible storage


If you would like to apply storage policies at disk level you can edit the VM storage policies setting of the VM and apply policy as per the requirement as shown below.


Select VM storage policy per VMDK
Hope this was helpful. Cheers!

References:




Friday, March 15, 2019

VMFS vs VVOL

Let's start with a quick comparison.

VMFS
VVOL
  • LUN centric approach
  • Pre-provisioning of LUNs
  • Use of multiple datastores for different performance capabilities
  • Management difficulties as a single VM may span across multiple datastores

  • VM centric
  • vSphere is now aware of array capabilities through VASA provider
  • No pre-provisioning
  • One VVOL datastore can represent the whole array
  • Storage policies can be applied per vmdk level
  • Some of the vSphere operations are offloaded to array using VAAI (full cloning, snapshots)
  • VVOL snapshots are faster (different from traditional snapshots with redo logs)
            

Note: The explanations below regarding SAN is based on Dell EMC Unity (hybrid array) 

VMFS environment

A traditional VMFS datastore setup is given below. Say, you have two VMs. One with 3 virtual disks and the second one with 2 virtual disks. And your array has 4 storage pools with specific capabilities. Based on those capabilities the pools are classified into 4 service levels (Platinum, Gold, Silver and Bronze). In this case you need to provision 4 datastores/ LUNs from the respective pool to meet requirements of the two virtual machines.

VMFS

You can clearly see that the first VM is spanned across 3 datastores and the second VM is spanned across 2 datastores. If your environment has hundreds and thousands of VMs management becomes too complicated. In this case, as the datastores are properly named the vSphere admin can easily identify the service level/ capability of a specific datastore. But if naming convention is not followed, then vSphere admin has to contact the storage admin to know about the capabilities of that specific datastore/ LUN. Again lots of communication needed, making it a complex process!

VVOL environment

Now let’s have a look at the VVOL environment which is shown the figure below. You are having the same array, but instead of provisioning datastores/ LUNs from the respective pools, here we are creating one vvol datastore. The array has 4 storage pools, each having specific capabilities like drive type, RAID level, tiering policy, FAST Cache ON/ OFF etc. and are classified into 4 service levels as Platinum, Gold, Silver, and Bronze. So each pool has its own capability profile. You can provide any name, but here I just gave the same name as the service level of each pool.

Pool_01   -> Service level: Platinum         -> Capability profile: Platinum
Pool_02   -> Service level: Silver               -> Capability profile: Silver
Pool_03   -> Service level: Bronze            -> Capability profile: Bronze
Pool_04   -> Service level: Gold                -> Capability profile: Gold


Note: vvol datastores cannot be created without capability profile

Next steps are:

  • Create vvol datastore in the SAN
  • Provide a name for the vvol datastore
  • Add capability profiles that need to be part of the vvol datastore
  • In this case, all 4 capability profiles are part of the vvol datastore
  • You can also limit the amount of space that will be used from each capability profile by the vvol datastore
  • Once it’s done, vvol datastore is created in the SAN
VVOL

At this point, you can go ahead and configure host access to this vvol datastore. Now you have to let your Vsphere environment know about the capabilities of the storage array. That is done by registering the new storage provider on your vCenter server making use of VASA (VMware vStorage API for Storage Awareness) provider. Once registered the vSphere environment will communicate with the VASA provider through the array management interface (OOB network) which forms a control path. Next step is creating a vvol datastore on the ESXI host which you provided access earlier. For each vvol datastore created on the storage array, two protocol endpoints (PEs) will be automatically generated to communicate with an ESXI host forming a data path. If you create another vvol datastore on the array and provide access to same ESXI host, two more PEs will be created. PEs act like a target. And on the ESXI side, if you look at the storage devices, you can see 2 proxy LUNs which connects to the respective PEs.

Now you have to create VM storage policies based on service levels. Here you have 4 service levels, so you have to create 4 storage policies. Assign storage policy per vmdk basis as per requirements.

Eg: Storage_Policy_Gold -> VMDK 02 (second VM) -> it will be placed in Pool_04 automatically

So in this case, instead of having 4 VMFS datastores we needed only 1 VVOL datastore which has all the required capabilities. This means you don't need to provision more LUNs from the SAN. Storage management becomes easy with just one VVOL. There is more granularity with SPBM at each VMDK level. With VVOLs the SAN is aware of all the VMs and its corresponding files hosted on it. This makes space reclamation very easy and straight. The moment a VM or a VMDK is deleted, that space will be immediately made free as SAN is having the complete insight of virtual machines stored in it. Data mobility between different storage pools based on its service level becomes effortless as it is handled directly by the SAN internally based on SPBM. All together VVOL simplifies storage/ LUN management.

Hope it was useful. Cheers!

References:



Wednesday, March 13, 2019

Working with Cisco Nexus 9K switches using PowerShell

In this article, I will explain briefly about how to work with Cisco NX-API CLI through PowerShell. Before getting into the steps and sample PowerShell code, lets first familiarize with NX-API Developer Sandbox. You can access the sandbox by entering the management IP of your Cisco switch in a web browser. Provide user name and password. Once successfully logged in, you will get a page as shown below. The developer sandbox will convert the normal CLI commands into JSON request and will also provide result/ response in JSON format.

NX-API Developer Sandbox

In the above screenshot, I am using "show hostname" command. The message format is set to JSON and command type is set to cli_show to get a response in JSON. Once done, hit POST. You can see the corresponding request and response in JSON format.

Now, let's try to do the same using PowerShell.

#Step1:

<# 
To fix the connection issues <The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.>
#> 
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
    public bool CheckValidationResult(
        ServicePoint srvPoint, X509Certificate certificate,
        WebRequest request, int certificateProblem) {
        return true;
        }
    }
"@

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 -bor [System.Net.SecurityProtocolType]::Tls11

#Step2:

$creds = Get-Credential

#Step3:

$request = @'
{
    "ins_api": {
          "version": "1.0",
          "type": "cli_show",
          "chunk": "0",
          "sid": "1",
          "input": "show hostname",
          "output_format": "json"
    }
}
'@

#Step4:

$result = Invoke-RestMethod -Uri "http://<IP of switch>/ins" -Method post -Credential $creds -ContentType "application/json" -Body $request


Output:


Hope it was useful. Cheers!

Reference:

Friday, February 15, 2019

Deleting inaccessible objects from vSAN cluster

Scenario:


Resolution:

  • Login to vSAN VCSA as root
  • rvc
  • Provide a username that has administrator privileges @localhost as shown below
  • Change directory to localhost
  • Now browse through and set the directory to the respective cluster (in my case cluster name is "Cluster-Rack7")
  • vsan.check_state -r <path to your cluster>
  • You can purge vswp objects using: vsan.purge_inaccessible_vswp_objects <path to cluster>
  • In this case its not a vswp object. So we have to find the owner node of the object and delete it forcefully from there.
  • vsan.cmmds_find -u <UUID of object> <path to cluster> to find owner of the object
  • SSH into the owner node and delete the inaccessible object file forcefully using /usr/lib/vmware/osfs/bin/objtool delete -u <UUID of inaccessible object> -f -v 10
  • Perform vSAN health check to verify status

Hope it was useful. Cheers!

References:

Friday, January 25, 2019

How to manually add multiple NICs to the vROps 7.x appliance

This article explains how to add multiple network interfaces to a vROps 7.0/ 7.5 appliance. Recently we had a scenario where the vROps appliance needs access to different networks which are isolated/ not routed with the primary network management interface of vROps. In my case the vROps instance needed access to 3 different networks.

Initially while installing the vROps there will be only one interface (eth0) and its the default interface for vROps appliance.  


For configuring additional interfaces follow the steps below:

  • Add a network card and connect to the respective port group by editing VM settings
  • Login to vROps with root creds
  • cd /etc/sysconfig/network
  • Create an entry for the new interface eth1 (as it will not be present!)
  • vi ifcfg-eth1
  • Provide all necessary IP details and save

  • Reboot the appliance
  • Verify details

  • Similarly, follow the above steps if you require more interfaces 
Note: I am not sure whether this is officially supported by vROps, but it works! Haven't found any VMware documentations related to this.

Wednesday, December 12, 2018

Inactive or missing VMware VMFS datastore

Today I came across a situation where one of the shared VMFS datastores in a 4 node ESXi 6.5 cluster was found missing/ inactive after a planned reboot. This post is about the steps I followed to resolve this issue/ re-mount the inactive shared datastore.

On a ESXi node, to list the datastores that are available to mount: esxcfg-volume –l
To mount the available datastore: esxcfg-volume –M <UUID>

Sample screenshot is given below:


Hope it was useful. Cheers!

Reference:
https://community.spiceworks.com/topic/2108624-missing-datastore-after-upgrade-from-esxi-6-0-to-6-5