2015-03-30

A Triangle is Not a Circle & Some Things Don’t Fit in the Cloud

Baby Blocks

We all started off as babies, and I am sure that not many of you remember that one of the first toys you played with (and if you do not remember - then I am sure those of you with kids have probably done the same with your children) was a plastic container with different shapes on the lid and blocks that were made of different shapes.

A triangle would only go into the triangle, a circle in the circle, a block in the block and so on.

This is a basic skill that teaches us that no matter how hard we try, there are some things that just do not work. Things can only work in a certain way (of course coordination, patience and whole lot of other educational things).

It is a skill that we acquire, it takes time, patience, everyone gets there in the end.

And why am I blogging about this – you may ask?

This analogy came up a few days ago in a discussion of a way to provide a highly available database in the cloud.

And it got me thinking….

There are certain things that are not meant to be deployed in a cloud environment because they were never meant to be there in the first place. The application needed an Oracle database and it was supposed to be deployed in a cloud environment.

What is the default way to deploy Oracle in highly available configuration? Oracle RAC. There are a number of basic requirements (simplified) you need for Oracle RAC.

  1. Shared disk between the nodes.
    That will not work in a cloud environment.
    So we can try using dNFS – as the shared storage for the nodes – that might work..
    But then you have to make an NFS mount available to the nodes – in the cloud.
    So let’s deploy an NFS node as part of the solution.
    But then we have to make that NFS node highly available.
  2. Multicast between the nodes - that also does not work well in the cloud.
    So maybe create a networking environment in the cloud that will support multicast?
    Deploy a router appliance in the cloud.
    Now connect all the instances in the cloud into the router.
    But the router poses as a single point of failure.
    Make the router highly available.

And if not Oracle RAC – then how about Data Guard – which does not require shared storage?

But it has a steep licensing fee.
And you have to find a way for managing the virtual IP address – that you not necessarily will have control over.
But that can be overcome by deploying a VRRP solution with IP addresses that are manually managed.

ENOUGH!!!

Trying to fit a triangle into a square – yes if you push hard enough (it will break the lid and fit).
If you cry hard enough – Mom/Dad will come over and put it in for you.

Or you come up with half-assbaked solution like the one below…

blocks

Some things will not fit. Trying to make them fit creates even more (and sometimes even bigger) problems.

In this case the solution should have been - change the code to use a NoSQL database that can be deployed easily and reliably in a cloud environment.

As always your thoughts and comments are welcome.

2015-03-26

Installing OpenStack CLI clients on Mac OSX

I usually have a Linux VM that I use to perform some of my remote management tasks, such a OpenStack CLI commands.

But since I now have a Mac (and yes I am in enjoying it!!) I thought why not do it natively on my Mac. The official documentation on installing clients is on the OpenStack site.

This is how I got it done.

Firstly install pip

easy_install pip

Now to install the clients (keystone, glance, heat, nova, neutron, cinder, swift and the new OpenStack client)

pip install python-keystoneclient python-novaclient python-heatclient python-swiftclient python-neutronclient python-cinderclient python-glanceclient python-openstackclient

First problem – was no permissions

No Permissions

Yes you do need sudo for some things…

sudo –H pip install python-keystoneclient python-novaclient python-heatclient python-swiftclient python-neutronclient python-cinderclient python-glanceclient python-openstackclient

Success!

Success!

Or so I thought…

Maybe not...

Google led me here - https://github.com/major/supernova/issues/55

sudo –H pip uninstall six

uninstall six

And then

sudo –H easy_install six

reinstall six

And all was good

nova works

nova list

Quick and Simple!! Hope this is useful!

2015-03-19

Deploying the VCSA 6.0 Appliance directly into vCenter

Hey… Is that even possible? It seems that it is not – at least that is what I heard this week over Twitter.

The documentation also says the same thing.

Documentation

When trying to put in a vCenter as the target for deployment it will throw an error.

Error

I actually find this really silly and a really weird move on behalf of VMware. Why limit this to connecting directly to an ESXi host?

Also I am quite intrigued to know what is the benefit of using such a tool for deployment. I do understand that VMware wanted to provide a generic tool that could be used on any platform to deploy a vCenter Server. If you look at the ISO that is provided for download – you will see a folder structure there for all platforms in the vcsa-cli-installer

Multi Platform

But this got me thinking. The VCSA is appliance after all – which means it is probably an OVF – like most of VMware’s appliances.

Disclaimer – This is probably not supported – definitely not endorsed by VMware – so use it at your own risk!

I went and did some detective work. The ISO is about 3GB in size which means that it actually has to be appliance is probably there somewhere. It was not hard to find.

In the VCSA folder you will find a file vmware-vcsa which is almost 2GB in size.

vmware-vcsa

It is obvious that the file is not an OVF – but probably an OVA – because of its size.

So for my test I copied the vmware-vcsa file and added the .OVA extension to the file

Create OVA

I then proceeded to deploy this appliance as I would any virtual appliance. I even went so far as to use the vSphere Client!

I was skeptical to see if there was actually anything extra that was put into the installer – because we all know that it most of the customization is provided within the OVF itself. I checked to see if the same functionality is available from both the new installer and a regular vSphere client deployment. The feature parity seems to be equal at least – with some addiitonal functionality that is available only when deploying as a virtual appliance.

Such as Inventory Location

Inventory

Choice of Cluster / Host

Host/Cluster

And most importantly – the option to deploy to a Distributed vSwitch – something that is not possible when directly to a host. It would only recognize a Standard vSwitch

dvSwitchvSwitch Only

All the rest was mostly all the same.

Size1 Size2

IP_1 IP_2SSO1 SSO2Embedded1 Embedde2

Credentials1Credentials2

Network3 Network4Network5

Summary1 Summary2

Now of course there a things that are not visible in the regular installation interface – things that related to the upgrade.

Upgrade1Upgrade2Upgrade3

So there you have it – Deploying a vCenter Server Appliance – directly into an existing vCenter.

Sometimes the stuff we are used to is the stuff that is also the easiest way to do things.

If anyone has any insight to problems that might occur using this method please feel free to leave them in the comments below, and of course – please feel free to leave any other thoughts or comments as well.

2015-03-14

vSphere 6.0 Release Notes - Part #2

This is the second half of my thoughts on the vSphere 6.0 release notes. Part 1 can be found here

Disclaimer:
These are my own thought and ramblings. I think they should be questions you should be asking VMware, your TAM and the support people. These are not the only items in the Release Notes - just those that got my attention. Your mileage may differ and there may be other things that are of importance in the original document.

NFS_1

Takeaways:

  • Another NFS 4.1 caveat.
  • Makes me think that as with all new technologies – maybe we should wait until it is more stable and not jump into it feet first.

NFS_2

Takeaways:

  • Same As Above
  • It seems this is an all or nothing so no mixing between NFS versions – because this will cause problems.

NFS_3

Takeaways:

  • Same As Above

Upload

Takeaways:

This is not really an error – but by design. It seems that people will have learn how to interact with vVOLs – as opposed to the way they are used to working.

Thin

Questions:

  • Why is the default thick?
  • If there are certain Storage solutions that do not support thick – then why not make the default thin?

Different Datastores

Questions:

  • If it might fail – why even give the option?
  • Will it always fail? Ad if not –is there a common denominator that causes the failure?

Dell

Takeaways:

Dell and QLogic specific. Learn the implications if this is relevant to your environment.

Emulex

Takeaways:

It is always good to wait a while until the worms come out of the cracks.

Questions:

Does Emulex have a solution?

tags1

Questions:

  • If the features does not work – why enable it?
  • Is it possible to automate this? If so how?

Flash Cache

Takeaways:

Another whopper. If you suffer an APD (which can happen) and you are using Flash Cache. the I/O acceleration will not work properly until the VM undergoes a power cycle to re-enable functionality.

Questions:

  • Is it possible to create some kind of report to find which machines can / have been affected?
  • If a full power off/on required – or is a restart of the VM sufficient?

Storage policy

Takeaways:

This is strange – because the storage policy is based on the disk itself and should have no dependency on the VM itself.

Questions:

  • What are the implications of having different storage policies for different machines?
  • When will this be fixed?
  • Is there a way to automate this?

SCSI aborts

Takeaways:

If you have a problem with your local RAID controller – this can cause your host to crash.

Questions:

  • Is this a bug?
  • With ESXi?
  • The MegaRaid driver?
  • When will this be fixed?

add LUN

Questions:

Is it not possible to put in a check to or a delay to alleviate this problem?

plugin

Takeaways:

Again an all or nothing. Make sure that your plugins support 6.0 before the upgrade – otherwise you will not be able to use them.

LUN2

Takeaways:

  • There will be certain cases that adding a new LUN will require a full reboot of the host.
  • Check to see if this is relevant to your environment

Questions:

If the LUN is added – not by the storage array tool – will this also happen?

missing

Takeaways:

  • Seems to be another LSI issue.
  • Will not display in any event – and can only be obtained from the CLI.

Questions:

If the the information is there – why is it not displayed?

missing info

Takeaways:

Evidently a bug

Questions:

When will it be fixed?

static IP

Takeaways:

Wasn’t the purpose of having Host Profiles being able to take a current host and make a profile from it?

Questions:

  • Won’t changing the IP address of the Host (to a static one) cause a disconnect of the host?
  • Will this effect VM’s?
  • Can this be done live?

service restart

Questions:

  • Why done they restart?
  • Windows Only?
  • is service-control for both the Windows vCenter and the appliance?

different locations

Takeaways:

Good to know this information.

alarms1

Takeaways:

If I remember correctly the service console was retired with ESXi 5.0 – Quite a while back? Was that not enough time to remove this?

charts

Takeaways:

This is really a case of WYSIWYG (What you see is what you get)

Questions:

  • Can or will this be fixed?
  • Was this also an issue in previous versions?

support bundle

Takeaways:

Using the Web client doesn’t always seem to work. It seems that it would be a good idea to use one or the other client but not mix and match.

permissions1

Takeaways:

I guess permissions are not always what they seem – you might need a little something extra.

bitfrost

Takeaways:

Who was the genius who chose this name

Questions:

  • Is this being worked on with the Anti-virus vendors to solve this?
  • Who says that if I copy it back to the location – that the AV will not quarantine it again (whack-a-mole anyone)?

tag

Takeaways:

administrator@vsphere.local is the all powerful being!!

Questions:

  • Evidently this is a bug – when will it be fixed?
  • Why does only the administrator user have the rights to do this – I assumed that the roles should have solved this?

linked mode

Questions:

  • Then why is the options there?
  • And happens if I really need to isolate a vCenter server?

hw sensor

Takeaways:

That must also effect hardware alarms as well then

Questions:

  • When will this be fixed?
  • Will this affect my current environment?

sysprep

Takeaways:

Have to look at the documentation

Questions:

  • Isn’t the bash console enable by default?
  • Where do they have to be uploaded to?

protected vCenter

Takeaways:

But VMware wants us to stop using the “legacy Windows client” – don’t they? This is another reason to keep it.

Questions:

  • How does the Web client know that I am running vCenter inside a Windows machine?
  • Does that mean that VMware Tools is reporting also back on the applications inside?

configure

Takeaways:

Don’t change the SSO domain.

Questions:

  • What happens if I really have to change the SSO domain?
  • Is there is a workaround?

mixed

Takeaways:

Yep another reason to keep the Windows Client :)

datastores1

Takeaways:

  • Test in the lab
  • Will I need to remove a host every time I make a change to my storage?

Questions:

  • So does this mean that I need to remove the host from the inventory every time I want to add / remove a datastore?
  • Should the host be vacated before I make changes to storage?
  • What happens to all the statistics that I had on the host before hand?

health status

Questions:

  • Which services?
  • When will this be fixed?

full screen

Takeaways:

  • Don’t go full screen!
  • Better get learning those keyboard shortcuts

nonreadable

Questions:

Then who is it readable by?

new privilege

Takeaways:

It seems that I will need to allow System.Read on the vCenter for all user that need access to performance charts.

Questions:

Why was this privilege added to 6.0 ?

don't change the password

Takeaways:

  • There are some things that will break if you change passwords
  • Don’t tell OPSEC (shhhhhh……)

Questions:

What do you think auditors will do when they find that there is a password that can do anything they wan tin the whole environment that has never been changed?

pRDM

Questions:

Why am I allowed to choose the option if it is not supported?

timeout

Takeaways:

vSphere Web client will time out after an hour.

Questions:

Can the timeout be extended with a configuration changed?

tags2

Questions:

When will this be fixed?

permission

Takeaways:

Nested Groups do not work, even though they should.

Questions:

When will this be fixed?

refresh

Takeaways:

Don’t refresh your browser when working with the web client.

vCloud Air

Takeaways:

Multiple management interfaces to manage something that was integrated before sucks.

NIOC

Takeaways:

Good to know.

Questions:

If it is disabled why is vMotion still taking this into account?

vApp

Questions:

Evidently a bug. When will it be fixed?

refresh2

Takeaways:

But did you just not say a few minutes ago that you should never refresh the web browser??

Questions:

  • How will it impact performance?
  • What other options are there?

OVF

Takeaways:

When is an error not an error??

Questions:

When will this be fixed?

OVF2

Takeaways:

  • Again mix and max problems with versions.
  • And yes the Windows client is still in use.

Export

Takeaways:

This is ridiculous. I am exporting a VM and I need to configure it manually as well? What is the use of the export then?

JVM

Takeaways:

vMotion problems sometimes have nothing at all to do with what you think.

Questions:

Why should an external process like profile storage have an effect on vMotion? DRS as well I assume?

300VMs

Takeaways:

Consolidation ratios!! If you are anywhere near that – then beware!

Delete1

Questions:

Why allow the delete – if the datastore is not accessible?

Delete2

Takeaways:

Got to love generic error messages.

Questions:

When will the non-informative error be fixed?

Content Library

Takeaways:

Then who can read it?

Questions:

  • Which tasks?
  • How do Upload or export items then?

Content Library2

Takeaways:

If using a UNC – the vCenter has to be in the same domain as the storage.

Questions:

  • Subdomains?
  • Forest Trusts?

FT

Questions:

If it is irrelevant – then why is it still there?

FT2

Takeaways:

Storage vMotion between different datastores – could have unexpected consequences.

Questions:

Is it not possible to raise an alert?

FT3

Takeaways:

Don’t use the vSphere client – unless you need to.

Questions:

Would it be more correct to raise a proper error?

FT4

Questions:

Evidently a bug – when will it be fixed?

FT5

Questions:

Does this mean that I need to cancel out of the wizard and start over?

hw2

Questions:

Evidently a bug – when will it be fixed?

Nested

Takeaways:

Damn! Just when I thought ESXi was a supported OS…

hw3

Questions:

  • Does it work on the appliance?
  • What happens with alarms?

Auto Deploy

Questions:

So does Autodeploy work or not?

That concludes my thoughts and questions on the new release.

I hope that this was useful, and will help you adopt the new versions, safely and properly in your environment.