XtraVirt’s vAlarm

I’ve been trying out XtraVirt‘s vAlarm:-

vAlarm is a Windows® based application which monitors alarms generated by VMware® vCenter.

The product is designed to be installed on an administrators PC, and provides automated monitoring of vCenter alarms without needing to be logged into a full VI Client console.

The software automatically communicates with a vCenter server on a user configurable schedule, and notifies any active alarms via a popup information bubble in the notification area of a users desktop.

The option to show details of all active alarms displays an information dialogue which lists individual alarms with detailed descriptions.

The software supports VMware vCenter 2.5 & 4.0.

It’s turned out to be quite handy, as it’s making me far more conscious of alarms. It might even encourage me to modify the default set of alarms – I’m generally not interested in guests going into the red because of CPU or memory due to the nature of the way they’re used, but I do need to know when hosts and datastores are running close to capacity.

The system tray application pops up a bubble, even when there are no alarms, which isn’t strictly necessary, and it might be nice to be able to collate notifications from more than one vCenter Server (I’m currently watching over two); but these are minor quibbles about a free product.

You can download vAlarm from XtraVirt (free registration required).

Understanding Memory Resource Management in VMware ESX Server

Photo from Flickr, courtesy C Wood

VMware have published an excellent white paper on memory management [pdf].

The document is technically detailed, but makes interesting reading. The authors do a good job of describing the methods ESX uses to manage and allocate virtual memory; and how when guests deallocate memory it’s not necessarily freed up for reuse by other guests. This should prevent you from allocating more memory to guests than is physically available on the host (overcommitting); however the hypervisor uses three memory reclamation strategies which allow overcommitment:-

• Transparent Page Sharing (TPS). Where ESX detects that multiple guests are using identical memory pages (such as those used by common OS components), it presents one shared copy to the guests. By default, this is active all the time. If the guests need to write to the memory, a copy needs to be made, which incurs a slight performance penalty.
• Ballooning. Is where VMware tools allows the hypervisor to see inside the guest operating system and reclaim unused memory. This typically occurs when ESX drops to less than 4% free memory (the Soft threshold). It has more of an overhead than TPS, but is still preferable to the alternative.
• Hypervisor swapping. This is used as a last-resort when TPS or Ballooning cannot provide enough memory (or cannot provide it quickly enough). Swapping tends to affect the guest more than the other two methods.

In the unlikely event that Hypervisor Swapping is unable to provide enough memory to meet the requirement, the hypervisor blocks the execution of all virtual machines which exceed their memory limit.

The whitepaper details the results of various benchmarks to evaluate the performance overhead of each of the reclamation strategies. While I’d certainly heard that the performance impact of TPS was negligible, I had always been slightly sceptical, but the data provided by VMware would appear to back it up.

The whitepaper also includes some best practices for memory management, some of which have had me thinking about our memory allocation strategy:-

• Do not disable page sharing or the balloon driver. These two techniques are enabled by default in ESX4 and I can’t imagine that anyone would disable them unless they had specific reason to. It’s also another reason to make sure you have VMware tools installed on all your guests.
• Carefully specify the memory limit and memory reservation. Our environment is pretty fluid, with a large number of small guests with 10-15% of them being . For this to be useful for us, these values would need to be constantly checked and reconfigured.
• Host memory size should be larger than guest memory usage. I generally try to limit our hosts to a 20% potential overcommit on RAM allocated to guests, and as there are usually only about 80% of our machines switched on at any one time, the hosts are normally pretty comfortable. However, this conservative approach means our RAM allocations need to be carefully managed, and kept as low as possible; which may be hitting us elsewhere (see below)
• Use shares to adjust relative priorities when memory is overcommitted. Our environment is pretty unique in that the vast majority of the machines have equal priority, so there’s little need for us to add another management overhead.
• Set appropriate Virtual Machine memory size. The virtual machine memory size should be a little larger than the average used by the guest. I think this is an area we need to look at in our environment. Our default RAM allocations for guests is probably a little on the low side, due to historical reasons, and due to our current environment being configured with a  rather paltry 16GB of physical RAM (a problem that will be resolved in the next couple of months). We may be keeping our memory usage in check, but the resultant disk-swapping might be stressing our storage infrastructure.

The white paper is definitely worth reading; it’s certainly going to help me plan a memory management strategy for the implementing our infrastructure on the new hardware .

Running SQL Queries against the Virtual Center Database

In a previous post, I said that there was no real way of extracting information from the VC database.

This isn’t entirely true, as until I started using PowerShell, I was using SQL to query the VC database directly.

List XP Machines and their RAM allocation

SELECT VPX_VM.GUEST_OS, VPX_VM.MEM_SIZE_MB
FROM VC_DB.dbo.VPX_VM VPX_VM
WHERE (VPX_VM.GUEST_OS='winXPProGuest')

List Information about Templates

SELECT VPX_VM.LOCAL_FILE_NAME, VPX_VM.GUEST_OS, VPX_VM.IS_TEMPLATE, VPX_VM.MEM_SIZE_MB, VPX_VM.HOST_ID, VPX_VM.ID
FROM VC_DB.dbo.VPX_VM VPX_VM
WHERE (VPX_VM.IS_TEMPLATE=1)
ORDER BY VPX_VM.LOCAL_FILE_NAME

Host names and memory

SELECT VPX_HOST.ID, VPX_HOST.DNS_NAME, CAST (VPX_HOST.MEM_SIZE AS BIGINT)
FROM VC_DB.dbo.VPX_HOST VPX_HOST
ORDER BY VPX_HOST.DNS_NAME

Guest Information

SELECT VPX_VM.LOCAL_FILE_NAME, VPX_VM.DNS_NAME, VPX_VM.GUEST_OS, VPX_VM.IS_TEMPLATE, VPX_VM.IP_ADDRESS, VPX_VM.MEM_SIZE_MB, VPX_VM.GUEST_STATE, VPX_VM.POWER_STATE, VPX_VM.HOST_ID, VPX_VM.ID, VPX_VM.BOOT_TIME
FROM VC_DB.dbo.VPX_VM VPX_VM
WHERE (VPX_VM.IS_TEMPLATE<>;1)
ORDER BY VPX_VM.DNS_NAME, VPX_VM.LOCAL_FILE_NAME

These were based on ideas from Wayne’s World of IT. While it’s a lot less friendly to work with, the advantage is that it’s a lot quicker than the VI Toolkit’s Get- commands, and I still use them from time-to-time.

Although you could use this approach to modify entries in the database, I would only ever feel comfortable using this to extract information.

Introduction to using VMware vSphere PowerCLI

About 2 years ago, I moved from working as an application packager, and being responsible for two or three (VMware Workstation) virtual machines, to working on the supporting infrastructure for over 200 packagers who require around 700 virtual machines on VMware vSphere (which was at that point called VMware ESX).

While I was (and I still am) impressed by VMware’s hypervisor based virtualisation, there were a few things that started to grate with such an otherwise excellent product:-

• Performing repetitive tasks – for example setting a group of virtual hard-drives to non-persistent – using the vSphere Client GUI was time-consuming (and RSI inducing!).
• There was also no real way of extracting information from vCenter in any structured way. For example, if I wanted to know how many of our Microsoft Windows XP guests had over 512MB RAM allocated to them, they had to be counted manually.

I had a look into running scripts on the host, and toyed with the Remote CLI Appliance, but it was the VMware PowerCLI that unlocked the functionality I’d been looking for.

VMware PowerCLI (formerly VI Toolkit for Windows)  utilises Windows PowerShell to provide a command-line driven interface for your virtual infrastructure. This can dramatically reduce the amount of time taken to perform almost all batch-style tasks and also enables some pretty advanced reporting functionality.

This is nowhere near a proper introduction in how to use PowerShell, but should give enough information to get you started, and hopefully make you want to find out more.

PowerCLI pre-requisites

Powershell is included in Windows 7, and Server 2008, but if it’s not included in your version of Windows, you’ll need to  download and install the appropriate version of Windows PowerShell for your operating system.

Then you need to download and install VMware vSphere PowerCLI (registration required).

If you’re running  PowerShell for the first time you need to change the default execution policy.  To do this:

1. As a user with local Administrator rights, run Windows PowerShell  (on machines with UAC, right-click and Run as Administrator)
2. In that window – run the command

Set-ExecutionPolicy - ExecutionPolicy RemoteSigned

This allows you to run local scripts which have not been signed with a digital signature (which will almost certainly include the scripts you’re using to learn). Scripts from remote sources will still require signing.

Security considerations

The PowerShell security model is designed to address some of the  failures of VBScript – a common virus attack vector. PowerShell scripts (which have a PS1 suffix) do not run by default when invoked in Windows.  Also, as noted above, the default execution policy is not to run unsigned scripts. In order to run a script, you need to modify the execution policy, and then run the script name from the command line. This helps to prevent them from being launched by accident.

In vSphere, users running PowerCLI scripts  have the same permissions as they would get if they logged into vSphere Client. However, as with all scripting languages,  when modifications can be  made easier and faster, the potential impact of mistakes is made greater. PowerShell includes specific measures to alleviate risk, and it’s worth being familiar with this functionality before trying anything more complex.

PowerShell fundamentals

PowerShell works using cmdlets. These are typically fairly descriptive, and great care has been taken to make them work in a consistent and logical way. Most cmdlets follow the format verb-noun, with modifiers for the target of the action, and any cmdlet specific options. They are not case sensitive.

The downside of the commands being so descriptive is that they are sometimes quite long. In order to alleviate this PowerShell allows Aliases to be created. Most common Windows Shell commands already exist in PowerShell as aliases. For example CD, DIR, CLS & REN all work as expected. I find these quite useful when working interactively (entering commands at the prompt for immediate execution), but I tend to avoid them in scripts for the sake of consistency and clarity.

When launching scripts, you need to use absolute paths. For example, if you want to launch the script C:\Scripts\ExampleScript.ps1, when you’re in C:\Scripts you would either need to enter the whole path, or use  ./ExampleScript.ps1.

In order to use PowerShell, you need to import the VI commands using

Add-PSSnapin VMware.VimAutomation.Core

Running the VMware vSphere PowerCLI shortcut created when you install the application does this on launch.

Running the standard PowerShell shortcut does not.

You can however add it to your PowerShell profile, which will enable it in all PowerShell sessions, no matter which shortcut you use to launch them.

PowerShell is object-oriented, meaning that the information returned from commands can be easily used as the input for another command.

If you want to put comments into your scripts, PowerShell ignores anything after the #symbol.

Some simple Cmdlets

Here are a couple of commands to get you started. Open up the PowerCLI command line using the VMware vSphere PowerCLI shortcut, then enter them as shown.

Get-Help

Can display help on the various cmdlets. Running this as above shows the syntax for getting help.

Get-Command

Use to find out all the commands containing certain keywords. For example…

Get-Command *-VM

…uses the wildcard character (*) to show all commands that end with VM, this shows all the  cmdlets that can be used to operate on Virtual Machines. Let’s try a simple one…

Get-VM

You should now get an error message saying “You are not currently connected to any servers. Please connect first using Connect-VIServer or one of its aliases.”. Let’s do that…

Connect-VIServer Name_of_your_vCenter_Server

This uses your current windows credentials to connects to the specified server.  You need to do this before you run any VMware specific PowerShell commands. Now try this again…

Get-VM

You should now be looking at a list of virtual machines managed by your vCenter server.  You can reduce the scope by adding switches, for example…

Get-VM –Name A*

…gets all machines with names starting “A”. For more information, try

Get-Help Get-VM -Detailed

Variables in PowerShell are always preceded by a $ symbol. You can set a variable to the result of any kind of PowerShell command, for example, you can store the results of a Get-VM in a variable…

$objVMs = Get-VM

then use that variable any time you need it, typing

$objVMs

Will display the virtual machine objects stored in the variable. This variable is a collection of objects, each object representing a virtual machine, so we can run more commands against this variable:

Get-VMGuest -VM $objVMs

This lists the State, IP Address and guest OS of all your machine objects.

Instead of using variables for commands like this, you can also pipe the result of one command, straight into another. The equivalent of the above command, using pipes rather than variables is

Get-VM | Get-VMGuest

The objects output byt he first command are piped straight into the second command. Pipes are used extensively in PowerShell, and many cmdlets can be linked together using pipes. This means you can run some complex commands in PowerShell at the command prompt in one line, rather than resorting to writing a script.

Have a  play around with these commands in your test environment before moving onto the next section. As long as you’re using Get- based commands, (rather than Set- or Remove-) you shouldn’t make any changes, but append -WhatIf and/or -Confirm to the end of your Cmdlets if you’re feeling extra-cautious.

Example scripts

Like batch files, PowerShell scripts are simply collections of commands linked together into a text file.

Here are a couple of example scripts, showing what can be done.  Copy into notepad, and save with a PS1 extension. You should run Connect-VIServer interactively before running any of the scripts (or add it as the first line to the script file).

Get information about a specific machine

$strVm = Read-Host "Please enter the VM name"
$vm = Get-VM -Name $strVm
if ($vm.PowerState -eq "PoweredOn") {
$event = Get-VIEvent -Entity $vm | Where-Object {$_.fullFormattedMessage -like "Task: Power on Virtual Machine"}
$VM.Name
$VM.PowerState
(Get-VMGuest -VM $VM).IPAddress[0]
if ($event -eq $null) { Set-Variable -Name user -Value "N/A" } else { Set-Variable -Name user -Value $event[0].username }
$strMessageText = "Machine: " + $VM.Name + "`n" + "Power State: " + $VM.PowerState + "`n" + "IP Address: " + (Get-VMGuest -VM $VM).IPAddress[0] + "`n" + "Switched on by: " + $user
$strMessageText
}
else
{Write-Host "Machine not powered on"}

This script asks the user for a machine name (using Read-Host), then converts that string to a computer object, then (assuming the machine is switched on and VMware Tools is running), displays the DNS name, IP address and the username of the last user to power on the machine (as shown in the machine’s Event Log). The `n is a carriage return.

Get All Windows XP Machines with more than 2Gb of RAM

ForEach ($strMachine in (get-vm | Where-Object {$_.MemoryMB -gt "2000"})){
Get-VMGuest -VM $strMachine | Where-Object {$_.OSFullName -like "Microsoft Windows XP Professional*"} | Select-Object VMName, IPAddress
}

This script could easily be modified and used as a component to make modifications on machines fulfilling certain criteria.

What else can you do?

Almost anything that can be done in the GUI can be done in PowerShell.  Machines can be deployed, customized, switched on, migrated between hosts and resource pools etc. Or you could get the last time a machine was switched on, and by whom.

You can also use PowerCLI to report on the status of guests and hosts. Check out Alan Renouf’s excellent PowerCLI Daily Report, or Hugo Peeter’s script to track free space in your datastores.

One drawback of the API is that performance of cmdlets (especially Get-VM) is quite slow.  Hopefully this will be addressed in future versions.

Further resources

There are many tools, example scripts and on-line resources available. Your first stop for help should be the VMware vSphere PowerCLI Community. I also recommend you keep Alan Renouf’s PowerCLI reference card close-to-hand when you’re just starting out.