Install-Module -Name VMware.Powercli, behind the proxies!

Are you trying to install PowerCLI from your corporate server? If yes, then you might have faced some sort of errors simillar to this-

nuget

Issue: 

Based on my experience this issue happens mainly because your powershell session is not able to talk to powershell gallery through Nuget package providers. This happens because of corporate proxy connection.

Or

Sometime you don’t have required package provider. In that case ensure FIPS compliant encryption is disabled.

For detailed steps please refer below

  1. Ensure you are running with PSVerion 5 or above. run $psversiontable to check the ps version. 
  2. Ensure you have required package providers
    • Open powershell as an administrator and Run this Get-PackageProvider
    • If you see output as below then you are good. check the step 2.
    • MicrosoftTeams-image
    • If you do not see any package provider than there could be a possibility that FIPS is enabled on your system.
      • Disable FIPS
        • open gpedit.msc
        • Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
        • In the Details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing and Disable it.

Important: if you do not have default package provider as shown above (more specifically PowerShellGet) then you will not be able to use commands such as install-module/ Find-Module /Update-Module /Save-module etc. 

2. Check the PSRepository

  • Ensure that Powershell gallery is register as PSRepository.
  • Run This command
    • Get-PsRepository
    • PSRepo1.PNG
    • If you see above warning then it means that there is no PSRepo exists.
    • Register PSRepository. 
      • Run this to register a PSRepository.
      • if you recieve below error, then your corporate proxy server is not allowing PSRepository to communiate with your system.
      • PSrepoErr
    • bypass connections via a proxy server.
      • You would require proxy server details (ProxyServerName and Port number)
      • Create a powershell profile by following steps, If its not there. check the below snap and follow exactly the samae
        • New-item -itemtype file -Path $Profile
        • Test-Path $profile
        • notepad $profile
        • Profile
      • With this pase below lines of code in your profile, save and close it. Change your proxy server address and port number
      • This will allow communication to PSgallery after you restart your PSSession.

  • Again run get-Psrepository and you have PSGallery available and registered as ps repository

PSRepApp

3. Now you have Packagemanager and PSRepository. 

4. Run Install-module -name VMware.PowerCLI -Force

5. This will require Nuget and as you have allowed PSgallery communication via proxy, It will first install Nuget and then it will install VMware.Powercli. 

Summary:

Coporate systems do have proxy and sometime FIPS compliance enabled. These 2 security standards stops commincation to PSgallery. Disable FIPS if its enabled and not required and then allow communication to PSgallery via proxy server as explained above.

 

-Jatin Purohit

 

Automate VMFS6 Upgrade – Update-VMfsdatastore cmdlet

By now you must be switching onto vSphere 6.5. During this time you would have also figured it out that there is no online upgrade for VMFS5 to VMFS6, which means that there is a little bit of planning would require to upgrade your VMFS datastores to VMFS6 version.

As of now, the most common approach (and I believe the only approach) is to-

  • Create a temporary VMFS5 datastore
  • Migrate VM, files, and folder from source datastore to temporary datastore
  • Unmount source datastore and delete the source datastore
  • Re-create a new VMFS6 datastore with the same LUN
  • Move back all the VMs and its folder to new VMFS6 datastore

A lot of manual pieces of work right! if its a matter of 5-10 datastore then there should not be any problem in upgrading datastores manually. However, almost all enterprise infrastructures work with hundreds or even thousands of datastores and you certainly need an automated way to do the upgrade.

Update-VMfsdatastore 

PowerCLI has introduced this cmdlet with PowerCLI 6.5, and all the steps which I explained to you earlier are done by this cmdlet.

The “Script”

The above script is just a snippet from my actual production script, You can modify this to suit your environment and need.

Key Take Aways

    • There should be an update required from VMware to allow users to define max number of VMs to storage vMotion at a time. This will eventually speed up the upgrade process. As of now update-vmfsdatastore migrates one VM at a time.
  • During my tests in POC, It was observed that upgrade was failing on datastores which had vmkdump files stored on it, skip any datastore which has vmkdump files, You can skip those datastores by doing something like this-
  • After migrating all active or registered VMs from the source datastore, if swap files or delta.vmdk (snapshots of a virtual disk) files are found, the datastore will not be upgraded.

Visit PowerCLI reference to know more about this cmdlet and its usage.

Hope you have enjoyed this post. Would love to hear back your feedback, challenges and use case regarding VMFS6 upgrade.

Thanks,

Setting Up VSCode for PowerShell in 3 easy step

Recently I have switched from PowerShell ISE to VSCode for script development. I was very comfortable with PowerShell ISE except it’s “intellisense” feature which used to hang my system a lot. Switching to VSCode certainly improved my development experience and gave me a better tool for debugging and testing my Powershell scripts.

VSCode is an open-source source code editor which supports multiple programming languages with the help of VSCode extensions.

Installing and setting up VSCode for PowerShell

  1. Install VSCode
    VSCode is available for Windows, Linux and Mac devices. You can install VSCode from https://code.visualstudio.com/Download
  2.  Install PowerShell extension for VSCode
    • Go to Extension
    • Search for ‘Powershell’
    • Select and install ‘Powershell’ extension
    • Reload
  3. Change your default language mode to PowerShell, Once your PowerShell extension is installed you will see that intellisense in VSCode does not provide suggestions like it does for PowerShell ISE, That is because you have not set up your working environment to PowerShell. To change your working environment to PowerShell do follow below steps-
    • In VSCode, hit ctrl + shift + p 
    • Type “Change Language Mode”
    • and, Select Powershell

With the above steps intellisense will work in the current script file but it will not work in a new script file,

  • To make PowerShell as your default language mode do follow below steps.
    • Got to Settings
    • Search for ‘defaultlan’ and you will find below key 
    •  Set this key to ‘Powershell’ and hit ctrl+s,

That’s all you need to do in order to set up VSCode for PowerShell.

Thanks,

VMware Home Lab – Ravello

After a long time, I am coming back here and sharing my work, experience, and thoughts with all of you. A year back I started writing blogs about technology but it quickly went under the carpet and couldn’t able to continue the same. I felt that without having my own lab i won’t be able to engage with the community the way i wanted to. So here I am with my off-premise cloud lab.

I was doing a little bit of research to get the best lab setup for my learning and thought about Intel NUC to consider my physical hosts but quickly realized that it won’t be a good idea to have a bunch of physical hosts and dangling cables at my home. I didn’t feel the need for the on-prem lab as it was not offering me any additional benefits. So the only option left for me was to set up my VMware lab on the Public Cloud.

There were mainly 3 reasons for opting out a cloud-based solution.

  • Pay as you Go, the Capital cost of setting up the on-prem home lab was very high for me.

 

  • Scalability, ability to scale up/down compute resources is simply a cakewalk for us, all thanks to virtualization and cloud infrastructure. Scalability by default allows you to optimize your resources and results in an efficient infrastructure, However, that’s not the case with the hardware infrastructure. 

 

  • Hardware refresh, a typical lifecycle of any hardware is around 3-5 years and after that, it requires an upgrade to catch up with the trend. It is certainly not a good idea to have a bunch of hardware (Host, switches, Routers etc.) and periodically upgrading them. you simply can’t afford hardware maintenance cost just to keep your Lab infrastructure running.

927091980

#Ravello

Ravello was a startup founded by few KVM hypervisor developers and after that, it was acquired by Oracle. The unique ability of nested virtualization provided by #ravello allows us to host ESXi as a virtual machine on HVX hypervisor. I guess it is the only cloud provider which is offering nested virtualization thus becoming the only option for hosting VMware home lab on the public cloud. I figured it out about Ravello a few months back but at that time Ravello offering was not available for trial in India. However, the good news is that it’s now available for 30 days trial and has very competitive rates. It provides all the key feature which requires you to get started.

The interesting thing which I liked most about Ravello is, it provides key network services like DNS, DHCP, L2/L3 networking layer, VLAN and firewall services on the fly, Which essentially means that you can save few $$$ by not to deploy additional VM just to use these services for your lab environment.

As of today, I am able to setup 3 ESXi hosts, 1 VCSA 6.5, and a windows server 2016. Able to quickly configure my lab environment with public IPs so that I can seamlessly access all my workloads over the internet as an when required. In fact, I was impressed with the new ESX #H5client which was accessible on my smartphone and giving seamless experience on my mobile phone though it’s not a required thing for production infrastructure.

Take a look at below screenshot of ESXi which was accessed over the internet on a mobile browser.

Lab

The plan is to build this lab environment with different use cases, test vSphere upgrades with different test scenarios, and to build/test cloud-based automation solutions around it. I will keep sharing interesting use cases and “how to” stuff as I go along with this.

Feel free to post your queries, feedback or suggestions on “Virtual Reality” 

Thanks,

 

 

 

My Failed Attempt with PowerShell DSC + VMware !

The Idea: 

  1. Have a DSC Configuration for vSphere which get status of  vSwitch Security Policies like Forged transmit, Promiscuous mode and MAC address change.
  2. All 3 security settings must be set to Reject.
  3. DSC Configuration should set above 3 settings to Reject if it is not.
  4. And finally apply this configuration to all ESXi host in vCenter. 

In recent days I am learning PowerShell DSC. No doubt it is a great tool but need more DSC resources for various technologies. I am sure that PowerShell community will rise above all and work toward making DSC more powerful.

My initial idea was to create a vSphere Security Configuration for vSwitch Security policies using PowerShell DSC. However, It didn’t work out for me as expected. Initially i struggled with Script resource and variable scope in GetScript, TestScript and SetScript block. Basically I was not able to pass variable in Script Block. This issue is documented here. Thankfully with the help of my colleague Rohit Sharma, We were able to resolve variable scope issue. Bottom line of that issue is, we have to use $using to pass the data in script block(Get,Set and Test).

It was a great relief for me to resolve above issue but…. Problems didn’t stop here. GetScript Block returns hash table values. So, If you try to return any PowerShell Object, Variable or any other object then this script block will throw an error. Ultimately you have to return hash table.

Well, That was sorted out. GetScript and TestScript looked to be working fine but another problem occurs at SetScript block. This time we figured out that session which was connected with Connect-VIServer is no longer available in SetScript block, which means that it will not execute any PowerCLI commands and will throw an error

DSC

“You are not currently connected to any servers. Please connect first using a Connect cmdlet.”

Why is it throwing this error? I figured out that DSC Script resource has 3 script block; GetScript, TestScript and SetScript. These script block does not execute anything but pass its value to Get-TargetResource(), Test-TargetResource() and Set-targetResource as a parameter respectively. These functions uses Invoke-command cmdlet on remote computer or localhost. That was the reason for sing $using: for local scope variables and also reason for not passing connected VMware sessions to SetScript block.

Below is the Code for reference. Feel free to test this in POC/Test environment. 

 

As of now i am still struggling to fix these issues. Looks like DSC Script resource has some limitations.

What Next?

  1. Will Understand “How to create custom DSC Resources using PowerShell Classes and Object?”
  2. Will try to build a custom resource by my own.

Hopefully I will be able to resolve this issue and will come out with a DSC Configuration for vSwitch Security policy.

Thanks

 

 

ESXCLI+PowerCLI: Perfect fusion for ESXi

powershell-cim_1

Hello Everyone,

In this post I will discuss about managing ESXi hosts using ESXCLI and PowerCLI. Yes, You got it right. ESXCLI is one of the widely used command line interface for ESXi whereas PowerCLI is a PowerShell based snap-in for VMware.

ESXCLI is intended to provide a single set of commands to perform host based administrative tasks. ESXCLI has set of namespace for various components like network, storage, device etc. Refer below pic to see available namespaces.

How to run ESXCLI?

Well working with ESXCLI is very simple. Take a putty session to host and type esxcliOnce you run this command then it will show you all the available namespace under ESXCLI. Further more you can type child namespace and it will show you available namespace and commands under that.

Ex. 1

~ # esxcli network nic list

The above command will list NIC details (MAC, Adapter type, Link status etc.)

ESXCLI
ESXCLI Namespace

When you have very small environment or performing specific tasks on 1-2 esxi then taking a putty session and running ESXCLI command is not a big pain. However there are scenarios where you want to perform management tasks on large number of ESXi hosts then above approach may not be a feasible one. Such scenarios could be-

  1. Getting certain reports across all the hosts (Firmware, driver version or specific configuration detail)
  2. Setting up standard configuration across multiple hosts or entire environment.

etc.

So in such type of scenario you would like to automate the task. For that obvious choice would be PowerCLI.

Tip: PowerCLI is a PowerShell snap-in for VMware. There is no specific training required for PowerCLI. 

How to execute ESXCLI Commands using PowerCLI?

PowerCLI has a cmdlet called Get-ESXCLI, This cmdlet can be executed against remote ESXi hosts. This can be done by passing a value (hostname) to -VMhost parameter. Refer below command-

PowerCLI C:\> Get-Esxcli -VMhost TestEsxi.poc

The above command will give you available ESXCLI namespace on TestEsxi.poc host.

For a moment let us consider Ex 1. ~ # esxcli network nic list

Same result can be achieved via executing below command in PowerCLI.

PowerCLI C:> (Get-Esxcli -VMhost "TestEsxi.poc").network.nic.list()

How to automate same task for multiple hosts?

Below is the PS script which will automate same task for multiple host. I don’t think that below script needs any explanation, It is very simple and straight forward script. First, You Get content from a .txt file. This file contains ESXi Host names. In later part you are just taking hostname one by one and dynamically passing it to cmdlet.

Please refer below screenshot for same, Though it does not harm anything to your environment but still i would highly recommend you to run this in POC first. Also please note that you have to connect vCenter first.

PowerCLI C:> Connect-VIServer -Server vCenterName

 

ESXCLItest.PNG
ESXCLI Test

Conclusion:

ESXCLI is a great tool for ESXi management and capability to integrate with PowerShell is just awesome. Next time if you have to collect few reports from multiple ESXi hosts then try to automate those reports using PowerCLI and ESXCLI.

FAQs:

  1. How to Learn PowerShell?
  2. How to install PowerCLI within PowerShell Console?
    • Check out this blog for your reference

Hope you liked this post, Please comment and share your feedback in comment section.

Thanks,