[VMware] vCSA 6.5.x how to remove orphaned virtual machine

** ready PowerCLI 6.5 U1 or above **

在管理VM時發現有二台vCSA(orphaned)孤立狀況且無法使用GUI delete or remove .

orphaned-vm-001.jpg

Workaround > use PowerCLI

step01. open PowerCLI

step02.
%:\> Connect-VIserver -Server 10.10.10.200 -User {account} -Password {password}

step03.
%:\> Get-VM | select name | findstr /i “VMware vCenter Server Appliance*"

step04.
%:\> Remove-VM “VMware vCenter Server Appliance (1)"
%:\> Remove-VM “VMware vCenter Server Appliance"

Done.


(未實驗過)
vim-cmd /vmsvc/getallvms // get vmid

vim-cmd /vmsvc/unregister <Vmid>


Reference :

  1. VMware Cmdlet Reference
  2. HEX64 – How To Remove Invalid VMs From ESXi Using CLI
  3. VMware KB:1011468 – Deleting an orphaned virtual machine when the Remove option is not available
  4. ALTARO – How to deal with orphaned virtual machines

[Windows] How to flush kerberos tickets

有時為了存取Windows 或 NetApp 之類機器檔案伺服器,總是遇到驗證不過。老是叫使用者重開機或登出再登入這有點老套。或是使用者有耐心叫他等個九個小時等票證過期 .(Default kerberos tickets age 9 hours)

換個方式若能像ipconfig /release  或 ipconfig /flushdns 清除快取之類總是時效好一些。

CIFS / SMB在存取檔案伺服器與Windows Active Directory 驗證時是用kerberos。微軟在Vista後的版本都有內建清除kerberos tickets.

[after vistat os]

step01. cmd.exe

step02.klist  // check current 快取的票證有幾個 ; 再者用 klist tgt (票證授予票(ticket-granting ticket))查看詳細票證相關資訊

step03.klist purge

呼叫者登入識別碼: (0x0,0x3E7)
klist -li 0x3e7 purge

klist -lh 0 -li 0x3e7 purge

 

[Window XP & Windows Server 2003]

step01. download Windows Server 2003 Resource Kit Tools

step02. extract or perform ‘rktools.exe’

step03. klist.exe tickets // check current 快取的票證有幾個

step04. klist.exe purge

*補充*
啟用kerberos log
step01. regedit.exe

step02.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters

step03.
Entry: LogLevel
Type: REG_DWORD
Default Value: 0 改為 1 (0x1)


Reference :

  1. Microsoft – Kerberos protocol registry entries and KDC configuration keys in Windows
  2. Microsoft – Kerberos Authentication Tools and Settings (事件代碼參考)
  3. Web Debug – Kerberos认证问题的调试试验
  4. Norman Bauer – How to purge Kerberos tickets of the system account
  5. zhulinu的专栏 – Windows登录日志详解
  6. 从kinit到kerberos安全机制
  7. MIRU-CH – How to update group membership without logoff / logon /restart

[VMware] Reclaim disk space Datastore & VM

若虛擬機器空間使用所謂 ‘ Thin Provisioned ‘ 常會遇到當初劃分500GB空間時,則是慢慢增長加大。當然對該虛擬機器的.vmdk也是正向增長。但會遇到一個問題是明明OS層佔用空間已達400GB時另外刪了將近200GB,卻發現.vmdk還是未減少。這是因為未將OS層作所謂空間回收(Reclaim)動作.

Resolution:

@OS level
[Windows] 下載 SDelete工具
01. cmd.exe
02. sdelete.exe -c –z [driver-letter]
PS:
-c > Clean free space. Specify an option amount of space to leave free for use by a running system.
z > Zero free space (good for virtual disk optimization)

利用vmwar-tools 工具需以administrator最高權限才能執行
01. “C:\Program Files\VMware\VMware Tools\VMwareToolboxCmd.exe" disk shrink c:\ d:\
[Linux]
利用vmwar-tools 工具需以root最高權限才能執行
# vmware-toolbox-cmd disk shrink {mount-point}
-RedHat series
# dd if=/dev/zero of=/[mounted-volume]/zeroes && rm -f /[mounted-volume]/zeroes

# sudo dd if=/dev/zero of=zero.file ; rm -f zero.dat

# cat /dev/zero > zero.dat; rm -f zero.dat

若是VMware Workstation
–GUI–
Disk Utilities > Compact

–CLI–先重組後壓縮

“C:\Program Files\VMware\VMware Workstation\vmware-vdiskmanager.exe" -r  -k D:\VM\test.vmdk -t 0 D:\VM\test-shrink.vmdk // PS: -r 重組 ; -k shrink

@Host level
PS: 可以online
最後在datastore再作個動作即達到整體瘦身囉
* 利用vMotion datastore 轉換過程為 ‘ Thin Provisioned

PS: 需關機才能作動
* ssh esxi
# vmkfstools -K /vmfs/volumes/{datastore-name}/{vm}/{vm}.vmdk

 

@針對LUN是Thin provisioning的話

check#1. esxcli storage core device vaai status get -d {naa.xxxxxxxxxxxxxxxxxxxxxxx} // 查看 Zero Status: support
check#2. esxcli storage core device list -d {naa.xxxxxxxxxxxxxxxxxxxxxxxx} // 查看Thin Provisioning Status:support

ESXi 5.0前用 vmkfstools -y

ESXi5.1~後用 esxcli storage vmfs unmap –volume-label=volume_label | –volume-uuid=volume_uuid (–reclaim-unit=number)
*sample*
# esxcli storage vmfs extent list

# esxcli storage vmfs unmap –volume-label=VM_Datastore
Devices backing volume 560e3db4-a6c9df25-6756-e41f132d2b98 do not support UNMAP
以上來看不支援此storage ;因為在check#1 得知它可能不是thin provisioning format


Reference:

  1. Master Dragon 的 Wiki – VMware Virtual Disk Shrink 將vmdk檔案縮小
  2. D R Y ! -geek~ VMWare 回收磁盘空间
  3. Black Manticore – Reclaim disk space from thin provisioned VMDK files in ESX
  4. vswitchzero – Using SDelete and vmkfstools to Reclaim Thin VMDK Space
  5. VMware Docs – 壓縮虛擬磁碟
  6. How to reclaim VMFS deleted blocks on thin-provisioned LUNs (2014849)
  7. sysadmintutorials.com – How to Reclaim Free Block Space from a Lun with VMware vSphere 5.5 and Netapp Cluster Mode

[VMware] How to install vCSA 6.5 & 6.7 on Workstation

step01. extract vCSA iso , into \vcsa\VMware-vCenter-Server-Appliance-6.7.0.12000-8832884_OVF10.ova

step02. Workstation open %\vcsa\VMware-vCenter-Server-Appliance-6.7.0.12000-8832884_OVF10.ova

step03.
匯入好之後暫不要開機

step04.
編輯 .vmx加入
——————————————————————————————-
guestinfo.cis.appliance.net.addr.family = “ipv4″
guestinfo.cis.appliance.net.mode = “static"
guestinfo.cis.appliance.net.pnid = “vcsa67.homelab.local"
guestinfo.cis.appliance.net.addr = “10.1.110.88″
guestinfo.cis.appliance.net.prefix = “24″
guestinfo.cis.appliance.net.gateway = “10.1.110.253″
guestinfo.cis.appliance.net.dns.servers = “10.1.130.1″
guestinfo.cis.appliance.root.passwd = “P@ssw0rd"
guestinfo.cis.appliance.ssh.enabled = “True"
guestinfo.cis.deployment.autoconfig = “True"
guestinfo.cis.appliance.ntp.servers = “time4.google.com"
guestinfo.cis.vmdir.password = “P@ssw0rd"
guestinfo.cis.vmdir.site-name = “default-site"
guestinfo.cis.vmdir.domain-name = “homelab.local"
——————————————————————————————-
PS: 發現以上有餵食失敗幾行 e.g.
guestinfo.cis.appliance.root.passwd = “P@ssw0rd"
guestinfo.cis.vmdir.password = “P@ssw0rd"
在開機後會發現密碼無法登入需重新reset

step05.Power-on vCSA

step06.Waiting os enter success

step07.Reset root password

step08.登入時看到畫面按下 ‘e’

step09.在 Linux開頭最後面按下 end 跳到後面 加入 rw init=/bin/bash

step10.按下 ‘F10’ boot

step11. // 建議作一下免後重置密碼無效
> ls -sh /var/log/audit
rm /var/log/audit/*.log

step12.
> whoami // check account is root
> passwd

step13.
umount /

step14.
reboot -f

step15.
confirm root account can login

step17.
https://10.1.110.88:5480 // start initiate

step18.
需調入 SSO domain , 最後即需一段時間即完成stage2

Done.


Reference:

  1. vmwarearena – How to Deploy vCenter Server appliance 6.5 on VMware Workstation 14
  2. enterprisedaddy – Deploy VCSA 6.5 on Workstation
  3. VMware KB: 2147144 – How to reset the lost or forgotten root password in vCenter Server Appliance 6.5

[NetApp] 2 nodes upper Data lif happen redundant migrate other node not work?

在一般Case案件大多安裝是一套NA,於同事發生一件案例是二套NA FAS8200等於有 4 nodes,在驗證Data Lifs過程會發生lif移到線路down port造成問題。

Sample : node1 & node 2 (pairs) ; node3 & node4 (pairs)

node1 – 拔除nic cable ,lif migrate to node3

node2 – 拔除nic cable , lif migrate to node1 (馬上GG,因為node1線路全部拔除)

Resolution :

::> net int modify -vserver {SVM} -lif {lif-name} -failover-policy broadcast-domain-wide // 預設 SVM Data Lif 都用 system-defined

** 共有五種 Failover policy **

  • broadcast-domain-wide :
    This is the default setting for the cluster management LIF.You would not want to assign this policy to node management LIFs or cluster LIFs because in those cases the ports must be on the same node.
  • system-defined :
    This is the default setting for data LIFs.This setting enables you to keep two active data connections from two unique nodes when performing software updates. It allows for rolling upgrades; rebooting either odd-numbered or even-numbered nodes at the same time.
  • local-only:
    This is the default setting for cluster LIFs and node management LIFs.

    This value cannot be changed for cluster LIFs.

  • sfo-partner-only :
    Only those ports in the failover group that are on the LIF’s home node and its SFO (storage failover) partner node.
  • disabled:
    The LIF is not configured for failover.


    Reference :
    NetApp – Types of failover policies

 

 

[IBM] x3650 M4 Setting BIOS Parameters for Performance

step01. press ‘F1‘ enter UEFI/BIOS

step02. choice ‘System Settings

step03. choice ‘Operating Modes

Choose Operating Mode <Custom Mode>
Memory Speed <Max Performance>
Memory Power Management <Disabled>
Proc Performance States <Disabled>
C1 Enhanced Mode <Disabled>
QPI Link Frequency <Max Performance>
Turbo Mode <Enable>
CPU C-States <Disable>
Power/Performance Bias <Platform Controlled>
Platform Controlled Type <Maximum Performance>

圖片.png

step04. choice ‘Power’
Active Energy Manager < Capping Disabled>
Workload Configuration < I/O sensitive>

圖片.png

PS:

  • Active Energy Manager

    Select this choice to enable or disable Active Energy Manager Power Capping. If you enable Power Capping, the Active Energy Manager program will limit the maximum power that is consumed by the server.

  • Workload Configuration

    Select this choice to determine how to balance between I/O bandwidth and balanced workload. Choosing I/O sensitive will get higher I/O bandwidth when expansion cards are used. Choosing Balanced will allow enough frequency for the workload while the microprocessor cores are idle.

 

[VMware] import VDP 6.1.x error ‘The OVF package is signed with an invalid certificate ( 簽署 OVF 套件所用的憑證無效 )

在滙入 vDP 6.1.4時發生如下畫面錯誤訊息 " The OVF package is signed with an invalid certificate ( 簽署 OVF 套件所用的憑證無效 ) "

試解無效:

1.匯入"Publisher EMC Corporation"提供憑證也無解

2.匯入vCenter提供也是不行.

尋求Google大神總結有三個方式

vdp-error-invalid-certificate.jpg

Method#1. 改用 HTML5方式來匯入是最快方式

Method#2. 用7-zip 打開 .ova刪除裡頭的 .mf檔案

Method#3. 利用 ovftool工具轉換 , 載點
ovftool.exe –skipManifestCheck c:\tmp\vSphereDataProtection-6.1.5.ova c:\vdpfix.ova