Thursday, 28 December 2017

Configuring iSCSI on ESXi using host client GUI

Recently we have implemented a new storage solution by Pure Storage so we were moving from presenting datastore/s via NFS to iSCSI. In the past, it was quite simple to create VMKernel ports for NFS and you just mount the NFS volumes, no need to format disk or create targets, etc. In this post, I will show you the steps using the built in ESXi host client GUI (ESXi 6.0 U2, ESXi 6.5) to create a standard vSwitch, configure the basics of iSCSI and to configure port binding. If you are unsure if you need to use port binding then please refer to this documentation kb2038869

First document what you will name the new standard vSwitch and the names of the two physical network cards that you would be used in this vSwitch. You will require two port groups so we will need to have two port group names. We are using port binding so in each port group there will only be one active network card so we will document those and also the IP addresses assigned for each of the physical network cards. Below is how I have documented for reference to use throughout the article.
Note : If you are using ESXi 6.5 please ensure you update your host client to 1.24.0 otherwise you will get errors when you try to add a 2nd physical link
Log in to your ESXi host via your favourite browser https://<host-IP>/ui
Once we have logged in, select “Networking” and then “Physical NICs” tab. In here make sure the network card/s you wish to use for your iSCSI connections are displayed here so my vmnic1 and vmnic2 is displayed
Now select “Virtual Switches” tab and select “Add standard virtual switch”
Give your vSwitch a name, my one is "vSwitch1" as defined in the table above. For “uplink 1” ensure the correct physical network adapter is selected then click on “Add Uplink”
You should see “uplink 2” as a property within the vSwitch properties. Ensure the correct physical network adapter is selected. For MTU size make sure you configure the right size from end to end otherwise you could have problems. For example if you decide to use 9000 make sure all the interface/networking devices all have MTU of 9000 end to end. Once you have made all the changes click “Add”
You should now see the new vSwitch created and can see that there are 2 uplinks
Next steps are to create the VMkernel NICs to be used for our iSCSI so select “VMKernel NICs” tab and click “Add VMKernel NIC”
As we haven't created any port groups yet we can leave "Port group" as “new port group”. Give your port group a name (e.g. "iSCSI-A") and select the vSwitch you have created for iSCSI. Make sure the MTU size is correct. Under “IPv4 Settings” if you are using “DHCP” then you leave that selected but if you have selected “Static” then click the down arrow next to “IPv4 Settings” and enter in the IP address and subnet you wish to assign to this interface. The rest of the settings you can leave as default and click “Create”
You will see that the 1st VMkernel adapter is created. Check that the portgroup and IP address (if assigned static) are correct to your knowledge. Next click “Add VMkernel NIC” to create the 2nd VMkernel adapter
Again as we are creating a new port group you can leave port group as “new port group”. Give your port group a name (e.g. "iSCSI-B") and select the vSwitch you have created for iSCSI which should be the same as the previous step above. Make sure the MTU size is correct. Under “IPv4 Settings” if you are using “DHCP” then you leave that selected but if you have selected “Static” then click the down arrow next to “IPv4 Settings” and enter in the IP address and subnet you wish to assign to this interface. The rest of the settings you can leave as default and click “Create”
You should see the 2nd VMkernel adapted created now. Check that the portgroup and IP address (if assigned static) are correct to your knowledge and also both of them should not be in the same portgroup
Select the “Port Groups” tab and select one of the port groups you created above and select “Edit settings”
Click the down arrow next to “NIC teaming” and change “Override failover order” to “yes”. Under “failover order” select the network card that would NOT be used for this port group based. So for my example I am working on port group "iSCSI-A" and based on the table above "vmnic2" should be unused so I have highlighted this card.  Once the card is selected click “Mark unused”
Now you should see that the network card that you selected has its status changed to “Unused”. Click “Save”
Now select the other port group and click “Edit Settings”
Click down arrow next to “NIC teaming” and change “Override failover order” to “yes”. Under “failover order” select the network card that would NOT be used for this port group. Again with my example I am working on port group "iSCSI-B" and based on the table above "vmnic1" should be unused so I have highlighted this card.  Once the card is selected click “Mark unused”
Now you should see the network card that you selected has its status changed to “Unused”. Click “Save”
Now that we have the networking elements configured. We will look to enable the iSCSI software adapter. Go to “Storage” then “adapters” tab, select “Configure iSCSI” 
On the “Configure iSCSI” screen by default it is selected as "Disable"so we need to enable the service so select “enabled”
Make a note of the iSCSI IQN so that you can add/amend for your storage system. Under “Network Port Bindings” click “Add port binding”
Select one of the vmkernel adapters for your iSCSI connection and click “select”. I have selected "vmk1"
You should now see the vmkernel adapter listed under Network Port Bindings. Click “Add port binding” again to add the second adapter
Select the second vmkernel adapter and click “select”. I have selected "vmk2"
Now that you see both vmkernel adapters listed under “Network Port Bindings” you should select “Save configuration”. This will now go off and enable the software iSCSI adapter and create the port bindings
Still under “adapters” tab click on “rescan” followed by “refresh”. You should see your iSCSI software adapter status change to “online”. Click on “Configure iSCSI”. If the adapter still doesn’t come online then click “rescan” and “refresh” before moving on to the next steps as you need the iSCSI adapter online
Down towards the bottom of the iSCSI configuration page you have two options of discovering your iSCSI array, “Static” or “Dynamic”. Choose the one you normally use. In this article I will be covering using “dynamic”
Under “Dynamic targets” click “Add Dynamic Target”. The words “click to add address” should appear. Click within this space to add the target IP of your iSCSI array. If the port number is different from the default of 3260 then again click in the port space to change
Your iSCSI setting page should be similar to the one I have below which has iSCSI enabled, port binding configured and the target iSCSI array address. Click “Save Configuration”
Under “Storage” select “Devices” tab. You may already see your iSCSI Array device showing there already or you would need to click “rescan” and “refresh” which should display the device. From here onwards you can create your vmfs datastore to be used for your ESXi host/s


Some basic troubleshooting tips :
Connectivity - Make sure you can ping between your host and array by using vmkping to ensure there is no issues with the path
MTU sizing - Make sure they are all the same otherwise you could have issues, using vmkping with "-s" to specific a frame size so that you can check if has no issues with MTU sizing. For example "vmkping -s 8972 192.168.171.100" (The IP address is my array address so replace with your one)
IQN Name - Each time you rebuild a ESXi host the IQN name changes so make sure the correct one is on the array otherwise you will not see any of the LUNS


I hope you find this article useful for creating the basic iSCSI connection to your array from using the built in host GUI. This feature is useful as you don't need to use your C# vSphere client anymore to do the configurations. In my next article I will show you how to use powercli to do all the above work which would configure your host in less than 10 minutes saving you time for host deployment.


Wednesday, 13 December 2017

Suppress ESXi SSH and Shell Warning

By default whenever I build a new ESXi host I tend to enable both SSH and ESXi Shell so that I can troubleshoot my ESXi server via SSH or shell on the console itself if I need to.
As soon as you enable either one of them you will start to get these messages within the web client or vSphere C# client
The host health also changes to give you a heath warning to tell you that it has detected some issues and it is understandable that is should alert you if SSH or Shell access has been enabled.

The manual way to change this is either to selec the "suppress warning" on the error message to disable the warning or via the web client to set the value. First you select the host then go to "Manage > Settings > Advanced System Settings". From there look for "UserVars.SuppressShellWarning" and change the value from "0" to "1".


But as I have already scripted most of my host build I wanted my script to also change this value so that 1) we don't get this warning any more, 2) If I see a warning message on my host after a new build then I know it is something else that is not right on the host.

I am assuming you have powercli installed and also the script is connecting to a single host

#### Variables ####
$ESXHost = "Your ESXi Host Name or IP Address Here" #Put your ESXi host name or IP address
###################
#Connect to your ESX Host
Connect-viserver $ESXHost
#Get the current setting
Get-VMhost $ESXHost | Get-AdvancedSetting - Name UserVars.SuppressShellWarning 
#Set the value to 1 and suppress confirmation of running this command
Get-VMhost $ESXHost | Get-AdvancedSetting - Name UserVars.SuppressShellWarning | Set-AdvancedSetting -Value 1 -Confirm:$False
#Show the setting
Get-VMhost $ESXHost | Get-AdvancedSetting - Name UserVars.SuppressShellWarning 

The script is here too https://github.com/myvmx/myvmx/blob/master/VMware/SuppressShellWarning.ps1

Azure Resource Support for Availability Zone

Over the years, an increasing number of services are consumed in the cloud and as architects one of the key considerations is designing the ...