The vSphere DSC – Just another perspective

In the last couple of weeks, I have done rounds of meeting with our customers and discussed ways to automate ESXi build and configuration. The most common piece which I found in each of the environment was vSphere auto-deploy. Today, most of our customers deploy ESXi hosts using auto-deploy and post configuration tasks via host profiles. Majority of question or concerns which I got were related to the host profile. My understanding says that customers tend to find host profiles difficult to understand, which is not the case in reality.

Host profiles are excellent. It’s just you need to fine-tune them initially. You rarely get any issue if you have cracked the host profiles successfully. The key here is to set up a reference host and extracting the host profile from it.

Having said that, let me bring you another perspective on doing the post configuration tasks. Today many of you love to do Infrastructure as a Code and believe in a configuration management ecosystem. When you look around all the configuration management tools, you will find that vSphere Desired State Configuration (DSC) is very close to being a complete solution for vSphere configuration management.

vSphere DSC is an open-source module that provides PowerShell DSC resources for VMware. PowerShell DSC resources follow declarative code style, like most configuration management tools, and allow you to document infrastructure configurations. The module has 71 resources that cover most of the configuration aspects of vSphere infrastructure.

We shouldn’t be looking at vSphere DSC in isolation and rather look at complimenting it with vSphere auto-deploy. Think about this, PXE boot ESXi hosts from vSphere auto-deploy and let vSphere DSC do all the post configurations for you, isn’t that cool!

When you extract the host profile, you get all the configurations of an ESXi host, and at times you need to trim down the configurations to ensure that you have control over it. 

vSphere DSC is just the opposite of this approach. You can start with an empty configuration file and keep adding the resource definitions to it as and when required. vSphere DSC configuration gives a complete picture of configurations that you want to Ensure and allows you to quickly replicate the same in other environments.

Just take a look at the below snippet and a demo of my Lab configuration which does range of things on vCenter and ESXi host.

Concluding this, I would say that vSphere DSC just opens up another way of automating the infrastructure builds and config. The project has come a long way now and has done significant improvements in terms of resource coverage.

Stay tuned with the vSphere DSC project and soon you will get new updates from the VMware PowerCLI team.

Learn More about vSphere DSC: https://github.com/vmware/dscr-for-vmware/wiki



PSProvider and VMware datastore – PowerCLI

Hello everyone,

I am writing this short blog after a long time. While explaining in-out of PowerShell to some of my friends in person, I discussed about PSProviders. Most of the knowledge about PSProvider is information only and as a script writer we dont really bother about how powershell is playing with different resources (Variable/function/Filesystem/Registery Keys etc) which are used in PowerShell Session or a Script.

However as a VMware Admin I do use PSProvider in background alot in order to move the datastore item from,

  1. datastore to datastore
  2. Datastore to local drive (Windows Drive or Shared Drive) or vice versa

In this Post we will learn about Copy-DatastoreItem cmdlet and PSProviders.

What is PSProvider?

In Simple Term, PSProviders are special repository(data stored within Powershell)  to process the data as it recieves during PowerShell execution. This data is presented in their respective PowerShell drives which are known as PSDrive.

For Ex. See the below command output from Get-PSProvider

Get-Provider.PNG

by default, you get above psproviders which are registry, Alias, Environment, Filesystem, Function and variable. You can also see the respective drives associated to its PSProvider. This means that if you are creating any variable it will be stored in variable: , If you are creating a function then it will be stored in Function: 

check the below image, where i am going into respective drive and able to see the variable which i have created. 

CDVariable

In conclusion, whatever variable/function/etc which I create in powershell gets stored in their respective drives.

vimstore PSProvider. 

vimstore is a one of the PSProvider which you get after connecting to VMware vCenter via PowerCLI. Do this, Connect-VIServer vCenter-ip and then run get-PSProvider cmdlet and you will see additional PSProviders are available to you. These providers are something which provides VMware Inventory and datastore resources to the POwerCLI or PowerShell.
POwerCLIProviders

So, After connecting to vCenter via PowerCli you can see additional PSDrives are available to you, provided by 2 additional PSProviders. I can do cd vmstore: and can actually list the available datastore in the datastore inventory (Simillar to how we list the directories and files in a path) or can list the host inventory.

Once you are connected you can follow below commands to create a New-PSDrvive with ‘Vimdatastore’ PSProvider.

DatastoreDS

Now you have DS: drive which is available to you and you can basically navigate through the same way you do it for any other drive.

Use below command to move data from your local drive to the VMware datastore using PowerCLI. Please note that i am already in DS: , If you are in any other drive then give proper path using vimdatastore drive

copydatastore.PNG

Note: This method is quite helpful in case you are trying to move things around from datastore and you can automate the move operation. also this is an alternate to certificate error which you may receive while moving data from Web Client. For ex, Operation failed when I tried to upload the same ISO using web client.

CertError

Use PowerCLI vimdatastore Psprovider and copy-datastoreitem cmdlet to work around this.

 

Thanks

Jatin

 

 

 

 

 

 

 

 

 

Install-Module -Name VMware.Powercli, behind the proxies!

Are you trying to install PowerCLI from your corporate server? If yes, then you might have faced some sort of errors simillar to this-

nuget

Issue: 

Based on my experience this issue happens mainly because your powershell session is not able to talk to powershell gallery through Nuget package providers. This happens because of corporate proxy connection.

Or

Sometime you don’t have required package provider. In that case ensure FIPS compliant encryption is disabled.

For detailed steps please refer below

  1. Ensure you are running with PSVerion 5 or above. run $psversiontable to check the ps version. 
  2. Ensure you have required package providers
    • Open powershell as an administrator and Run this Get-PackageProvider
    • If you see output as below then you are good. check the step 2.
    • MicrosoftTeams-image
    • If you do not see any package provider than there could be a possibility that FIPS is enabled on your system.
      • Disable FIPS
        • open gpedit.msc
        • Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
        • In the Details pane, double-click System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing and Disable it.

Important: if you do not have default package provider as shown above (more specifically PowerShellGet) then you will not be able to use commands such as install-module/ Find-Module /Update-Module /Save-module etc. 

2. Check the PSRepository

  • Ensure that Powershell gallery is register as PSRepository.
  • Run This command
    • Get-PsRepository
    • PSRepo1.PNG
    • If you see above warning then it means that there is no PSRepo exists.
    • Register PSRepository. 
      • Run this to register a PSRepository.
      • if you recieve below error, then your corporate proxy server is not allowing PSRepository to communiate with your system.
      • PSrepoErr
    • bypass connections via a proxy server.
      • You would require proxy server details (ProxyServerName and Port number)
      • Create a powershell profile by following steps, If its not there. check the below snap and follow exactly the samae
        • New-item -itemtype file -Path $Profile
        • Test-Path $profile
        • notepad $profile
        • Profile
      • With this pase below lines of code in your profile, save and close it. Change your proxy server address and port number
      • This will allow communication to PSgallery after you restart your PSSession.

  • Again run get-Psrepository and you have PSGallery available and registered as ps repository

PSRepApp

3. Now you have Packagemanager and PSRepository. 

4. Run Install-module -name VMware.PowerCLI -Force

5. This will require Nuget and as you have allowed PSgallery communication via proxy, It will first install Nuget and then it will install VMware.Powercli. 

Summary:

Coporate systems do have proxy and sometime FIPS compliance enabled. These 2 security standards stops commincation to PSgallery. Disable FIPS if its enabled and not required and then allow communication to PSgallery via proxy server as explained above.

 

-Jatin Purohit