Tocano's Posts

I like to keep connections to my multiple vCenters in different console windows. I started renaming the console WindowTitle to address the challenge of keeping straight which console is connected... See more...
I like to keep connections to my multiple vCenters in different console windows. I started renaming the console WindowTitle to address the challenge of keeping straight which console is connected to which server. This works, but consoles still lack the functionality and flexibility of the ISE (copy/paste, syntax highlighting, debugging commands, script variables accessible in console, etc). So I started using tabs within the ISE - each tab a different VI server - and I love how much easier and more efficient it is ... except. Every time I switch to a new tab/server, I have to reconnect. Because of the way that ISE manages global scope variables vs consoles, whenever I Connect-VIServer, the other tabs/servers lose their mind and will error with: You have modified the global:DefaultVIServer and global:DefaultVIServers system variables. This is not allowed. Please reset them to $null and reconnect to the vSphere server. I believe this has something to do with the difference in scoping between individual PS consoles vs the ISE - though I'm not exactly positive what/why. Global variables do not appear to actually be accessible across tabs, yet Connect-VIServer does appear to break something with regard to the global:DefaultVIServer(s) variables. So is it even possible to have different connections in different ISE tabs or does the way PowerCLI uses the DefaultVIServers variables make that impossible? Some things I've tried: * Setting PowerCLI to run in Multiple Server mode      - Set-PowerCLIConfiguration -DefaultVIServerMode Multiple -Scope AllUsers * Setting ISE to run in Multi-thread Apartment mode      - [launching] PowerShell_ISE.exe -mta Neither appear to work. Any help would be appreciated.
Thanks for the insight. Though I don't get what being written in Java has to do with anything. Java and Javascript have little in common beyond their name. You're right that this question was ... See more...
Thanks for the insight. Though I don't get what being written in Java has to do with anything. Java and Javascript have little in common beyond their name. You're right that this question was spawned due to the investment our group has made in trying to focus our systems to just a handful of languages. Yes the JS syntax is fairly easy to get into - though trying to bounce back and forth between Python, Powershell, etc and now Javascript, just keeping simple things like the proper concatenation syntax seems to require a lookup again. The biggest challenge so far has been largely with object introspection. Powershell, Python, PHP are dead simple to see what properties and methods an object has and their types. Javascript always seems to make it a battle. I seem to have to write some complicated loop to see what property pairs exist and methods are even more difficult. Deeply nested objects? That may take me 20-30 minutes of running, selecting sub-object, re-running, and repeat, just to find the specific piece of data I'm looking for. Oh well, I guess I'm just ranting whining now. I do appreciate the explanation. Thank you.
I know there must be some rationale and reasoning behind the decision to choose Javascript as the language underpinning vRO. I'm sure there's some architectural tie-in that I'm overlooking that a... See more...
I know there must be some rationale and reasoning behind the decision to choose Javascript as the language underpinning vRO. I'm sure there's some architectural tie-in that I'm overlooking that allows it to all make sense. However, I am struggling to see or find any explanations for this choice, which makes it feel somewhat arbitrary. Is it simply based on some popularity matrix? Is it because vRO's primary "partner" application is vRA - a web application? Is the assumption that the primary automation engineers of a virtualization environment are going to be web developers?! Is this just some remnant of some orchestration software VMware acquired a decade ago? Of all the languages that could have been used for this, Javascript is one of the last, in the back of the bus with languages like ColdFusion and PHP, that I would have considered. This is not because Javascript is not popular or frequently used, but because it is predominantly (I realize not exclusively, but predominantly) a front-end/display language (i.e. the View in MVC), and far less a back-end/automation language. I could have understood Python or even Perl - languages used by both developers and sysadmins (usually for various automation and scripting tasks) alike. Java also would also have made sense due to 1) how much Java applications (Tomcat, etc) are used throughout the vR* suite and 2) the Orchestrator Client itself is written in Java. But coming from a sysadmin (who is Not-A-Developer (tm) ) that has learned enough Python, Perl, bash, Powershell, etc to be able to automate many aspects of our environment, and that has to manage our vRA/vRO installation, Javascript seems like such an odd choice. Again, I'm sure there's some architectural piece I'm not seeing that necessitates Javascript as the obvious choice. I just can't see or find any explanation for it.
> $response.content[0].resourceData entries ------- {} EDIT: Just to expand on this, if I add the ID to the URL https://[vraserver]/catalog-service/api/consumer/resources/bca1f1ce-5... See more...
> $response.content[0].resourceData entries ------- {} EDIT: Just to expand on this, if I add the ID to the URL https://[vraserver]/catalog-service/api/consumer/resources/bca1f1ce-50de-4288-ac55-12e0a9b10fe8 I can get details on that specific VM. I'm looking for a CustomProperty named '[orgAbbr].TestCustomProperty' yet all I get is this: http://pastebin.com/sYuf9dK9
This may not *technically* be PowerCLI specific, but I'm using PowerShell to interact with a VMware product, so I'm hoping it's related enough to qualify. (Also, I did submit to the API Community... See more...
This may not *technically* be PowerCLI specific, but I'm using PowerShell to interact with a VMware product, so I'm hoping it's related enough to qualify. (Also, I did submit to the API Community, but very small numbers there) I'm sure I'm just overlooking something because surely they wouldn't allow you to create Custom Properties on so many entities, but not provide a mechanism to access those properties programmatically. I've got some PowerShell that is calling the vRA REST API, and getting information about some VMs (sample below). $authPostContentText = @{               "username"=[username]               "password"=[password]               "tenant"=[tenant] } $authPostContent = $authPostContentText | ConvertTo-Json $authHeaders = @{"Content-Type"="application/json"} $authResponse = Invoke-RestMethod -Uri $authURL -Method Post -Body $authPostContent -Headers $authHeaders $token = $authResponse.ID $restHeaders = @{"Content-Type"="application/json";"Authorization"="Bearer $token"} $response = Invoke-RestMethod -Uri $resourceURL -Method Get -Headers $restHeaders echo $response.content[0] <# @type                  : CatalogResource id                     : bca1f1ce-50de-4288-ac55-12e0a9b10fe8 iconId                 : cafe_default_icon_genericCatalogItem resourceTypeRef        : @{id=Infrastructure.Virtual; label=Virtual Machine} name                   : testVMwithCustomProperties description            : 1234 status                 : ACTIVE catalogItem            : @{id=fff8944a-af62-4edf-9ee6-8de2f424e2c2; label=Server 2012 R2 (usb)} requestId              : b1a9f791-65af-4075-8e0e-61864f611fdf providerBinding        : @{bindingId=3a0e1795-df96-4be2-b339-d74751891357; providerRef=} owners                 : {@{tenantName=[tenant]; ref=[user]@domain; type=USER; value=[user]}} organization           : @{tenantRef=[tenant]; tenantLabel=[tenantLabel];                          subtenantRef=5082ded7-fa03-4664-c620-35dfaf177fd0; subtenantLabel=[...]} dateCreated            : 2015-07-29T16:34:28.072Z lastUpdated            : 2015-07-29T16:34:32.203Z hasLease               : True lease                  : @{start=2015-07-29T16:32:55.000Z} leaseForDisplay        : hasCosts               : True costs                  : @{leaseRate=} costToDate             : @{type=money; currencyCode=USD; amount=0.0} totalCost              : childResources         : {} operations             : forms                  : @{catalogResourceInfoHidden=True; details=} resourceData           : @{entries=System.Object[]} #> However, there doesn't seem to be an array of CustomProperty references associated with this VM or anything. And I seem to be unable to locate where to access custom properties of a VM (or a Reservation or Business Group, etc) through the REST API. Is that really not presented/available information? Any help or guidance would be appreciated.
I don't believe that happens even if you use New-Template. These are basically Linux filesystems. So a new file get a new modified date. Yep, just tested with PowerCLI 5.5 using New-Template ... See more...
I don't believe that happens even if you use New-Template. These are basically Linux filesystems. So a new file get a new modified date. Yep, just tested with PowerCLI 5.5 using New-Template and the new copy gets new Modified dates.
Might also take a look at the Copy-DatastoreItem cmdlet. Not sure if that would work for what you're wanting, but might be an option to try. Good luck.
Can you not deploy a new VM from the template, migrate that VM to the new datastore, then convert that new VM back into a template? Something like: > $newVM = Get-Template "template-name" |... See more...
Can you not deploy a new VM from the template, migrate that VM to the new datastore, then convert that new VM back into a template? Something like: > $newVM = Get-Template "template-name" | New-VM > $newVM | Move-VM -Datastore (Get-Datastore "destination-datastore-name") > $newVM | New-Template Just a thought.
I have a utility server that I use to administer our vSphere environment. I use PowerCLI pretty heavily. We also have a Hyper-V environment and are starting to increase our scripting and automati... See more...
I have a utility server that I use to administer our vSphere environment. I use PowerCLI pretty heavily. We also have a Hyper-V environment and are starting to increase our scripting and automating of that as well. The problem is that I'm getting cmdlet conflicts. > gcm -type cmdlet,function,alias | group name | where { $_.count -gt 1 } (shows about 20 conflicting commands between Hyper-V and PowerCLI (New-VM, Start-VM, Stop-VM, Get-VM, Export-VM, Get-VMHost, etc). I don't necessarily want to completely eliminate the Hyper-V module from the server as we are starting to use it and that looks to increase. If there was a way to disable it whenever I am starting PowerCLI or running a PowerCLI script, that would probably be the best option. I have tried things like: > (Get-Module -Name Hyper-V) | Remove-Module -Force But while I get no error, it doesn't seem to remove the cmdlets. I get the same results with the gcm command and I continue to get errors due to conflicts. Any help would be appreciated. Thank you
Found my own answer. Changing the event type to "VmBeingClonedEvent", the Vm.Name property is the Source VM and the DestName is the new VM. Here's some sample code for others that may be se... See more...
Found my own answer. Changing the event type to "VmBeingClonedEvent", the Vm.Name property is the Source VM and the DestName is the new VM. Here's some sample code for others that may be searching for this: # Get EventManager Obj $em = get-view (get-view ServiceInstance).Content.EventManager # Instantiating Event Filter $filter = New-Object VMware.Vim.EventFilterSpec echo "$(date -format s) - Getting VM Clone Events" $filter.Type = "VmBeingClonedEvent" $cloneEvents = $em.QueryEvents($filter) echo "$(date -format s) - Looping through VM Clone Events" $cloneObjs = @() foreach ($nextEvent in $cloneEvents) {     echo "$(date -format s) - Next VM Clone: $($nextEvent.Vm.Name) -> $($nextEvent.DestName)"         $o = New-Object System.Object     $o | add-member NoteProperty CreatedTime $nextEvent.CreatedTime # datetime VM was cloned     $o | add-member NoteProperty UserName $nextEvent.UserName # name of the user who cloned the VM     $o | add-member NoteProperty SourceVMName $nextEvent.Vm.Name # name of the VM     $o | add-member NoteProperty NewVMName $nextEvent.DestName # name of the VM     $o | add-member NoteProperty Message $nextEvent.FullFormattedMessage # message associated with event         $cloneObjs += $o }
I'm trying to run a powercli script that, among other things, is trying to get a list of all cloned VMs. One important piece of data in this is what was the original source of that clone. I'm str... See more...
I'm trying to run a powercli script that, among other things, is trying to get a list of all cloned VMs. One important piece of data in this is what was the original source of that clone. I'm struggling to find that data. Whether I run Get-VIEvent and find clone events or run a $filter.Type = "VmClonedEvent" and $events = $em.QueryEvents($filter), I get an object of type "VmClonedEvent" that, while having a SourceVm property, seems to be self-referencing (perhaps the source of the Event) but doesn't refer to the original source VM of the clone. Can someone let me know if getting that information is possible and if so where I can find it? Any help would be appreciated. Thank you.
Found a solution: $command = "VAR=`$(pidof -s sshd) && /sbin/services.sh restart && kill `$VAR" - Grabs the latest/newest ssh connection PID (your own) and stores in VAR     - NOTE: It's c... See more...
Found a solution: $command = "VAR=`$(pidof -s sshd) && /sbin/services.sh restart && kill `$VAR" - Grabs the latest/newest ssh connection PID (your own) and stores in VAR     - NOTE: It's conceivable that there's a very small (fraction of a second) window where someone else *MAY* be able to log in after you do, but before the pidof command runs, just be aware - Run service restart command - Kill your own ssh connection PID to return control back to powershell script This does what I needed it to. Hope this approach helps someone else.
Unfortunately, running it in the background only returns the exit code earlier (Server sent command exit status 0), as soon as the command is executed. But this doesn't actually change the result... See more...
Unfortunately, running it in the background only returns the exit code earlier (Server sent command exit status 0), as soon as the command is executed. But this doesn't actually change the result - it still runs through but fails to disconnect when completed. Is anyone able to replicate this? I've done this on multiple systems, so I don't think this is something specific to my environment. Thanks for the help.
I have a PowerCLI script that, among other things, loops through a list of ESXi hosts (5.0) and executes command(s) on each using PuTTY\plink.exe. While this works 99% of the time, we've run into... See more...
I have a PowerCLI script that, among other things, loops through a list of ESXi hosts (5.0) and executes command(s) on each using PuTTY\plink.exe. While this works 99% of the time, we've run into a couple of occurences (e.g. restarting management services) where it hangs, failing to return program control when the remote command completes. For example, using the following code: $command = "/sbin/services.sh restart" foreach ($nextHost in $hostList) {     $userhost = $user + "@" + $nextHost     echo "$(date -format s) Executing command '$command' on host $nextHost"     & $plinkPath -v -batch -pw $pw $userhost $command     echo "$(date -format s) Command completed."     echo "Sleeping for $delay seconds"     sleep -Seconds $delay } It will successfully connect and run the command, thus restarting services, but at the end, I get this: ... Running vmware-fdm restart Starting vmware-fdm:success Server sent command exit status 0 Where it just sits, waiting for ... something. Since it doesn't close the connection, it doesn't return program control to the PowerShell script and it won't continue on to the next host. I've even tried running the command '/sbin/services.sh restart && exit' or && return 2' or even && ls' without luck. I've tested this on both multiple 2008 R2 and 2012 systems. You can probably easily replicate it (assuming PuTTY installed) by simply opening up a PowerShell console and executing: > & 'C:\Program Files (x86)\PuTTY\plink.exe' -v -batch -pw "[root password]" root@[FQDNesxihostname] '/sbin/services.sh restart' Contrast that behavior with something like: >  & 'C:\Program Files (x86)\PuTTY\plink.exe' -v -batch -pw "[root  password]" root@[FQDNesxihostname] 'ls' Any help on how to get this to close the connection and return program control would be appreciated.
As this happens consistently in multiple scripts, that seems a bit irrelevant but ok. The code I'm using to test is as follows: $initiated = Get-Date $secsToLoop = 1000 echo "$(date -forma... See more...
As this happens consistently in multiple scripts, that seems a bit irrelevant but ok. The code I'm using to test is as follows: $initiated = Get-Date $secsToLoop = 1000 echo "$(date -format s) - Going to loop for $secsToLoop seconds" $i=1 while ($i -lt $secsToLoop){     echo "$(date -format s) - Sleeping for a sec ($i)"        sleep -s 1     echo "$(date -format s) - Waking up"     echo "-------------"            if (($i % 10) -eq 0) {             $now = Get-Date                $diff = Get-DateDiff -date1 $initiated -date2 $now                echo "Has been $diff since initiation"         echo "Now $(($i / $secsToLoop) * 100)% completed"     }         $i++ } And in the log file, I consistently get to: ------------- 2013-02-19T18:48:41 - Sleeping for a sec (280) 2013-02-19T18:48:42 - Waking up ------------- Has been 00:04:44.0294322 since initiation Now 28% completed 2013-02-19T18:48:43 - Sleeping for a sec (281) 2013-02-19T18:48:44 - Waking up ------------- 2013-02-19T18:48:44 - Sleeping for a sec (282) 2013-02-19T18:48:45 - Waking up ------------- 2013-02-19T18:48:45 - Sleeping for a sec (283) 2013-02-19T18:48:46 - Waking up ------------- 2013-02-19T18:48:46 - Sleeping for a sec (284) 2013-02-19T18:48:47 - Waking up ------------- 2013-02-19T18:48:47 - Sleeping for a sec (285) 2013-02-19T18:48:48 - Waking up ------------- 2013-02-19T18:48:48 - Sleeping for a sec (286) 2013-02-19T18:48:49 - Waking up ------------- 2013-02-19T18:48:49 - Sleeping for a sec (287) 2013-02-19T18:48:50 - Waking up ------------- 2013-02-19T18:48:50 - Sleeping for a sec (288) 2013-02-19T18:48:51 - Waking up ------------- 2013-02-19T18:48:51 - Sleeping for a sec (289) 2013-02-19T18:48:52 - Waking up ------------- 2013-02-19T18:48:52 - Sleeping for a sec (290) At which point the script simply ends and vCenter shows an Event with the error mentioned in the OP.
I have a script (PowerCLI) that I trigger from an HA Alarm. This script works just fine and it outputs to a log file as it runs. It is initiated correctly, it connects to vCenter correctly, it pa... See more...
I have a script (PowerCLI) that I trigger from an HA Alarm. This script works just fine and it outputs to a log file as it runs. It is initiated correctly, it connects to vCenter correctly, it parses through events to find the list of VMs affected (which BTW should be a built-in report/function IMO, but I digress). The script works correctly. However, in certain circumstances, enough VMs were affected or enough events need sorting that what I've noticed is that ~5 minutes from the initation of the script, it dies. In the events, I get the following: Alarm 'HA_Alarm' did not complete script: A general system error occurred: Failed to run script: Script timed out, terminated I look at the log file for the script and it is functioning perfectly until about 5 minutes after initiation at which point it simply stops, like something just killed the process tree. There are other Alarm-triggered scripts that I'm planing right now that I *KNOW* will run longer than 5 minutes, but I cannot find the setting that controls this timeout to increase it. Can anyone help me?
I guess I need to try to write my own version of Get-VIAccount to create the LDAP query and pass it to the Directory Service. Thanks. I wasn't trying to be critical of PowerCLI itself. Just ho... See more...
I guess I need to try to write my own version of Get-VIAccount to create the LDAP query and pass it to the Directory Service. Thanks. I wasn't trying to be critical of PowerCLI itself. Just hoping that if we could identify the source of the ... errant alogorithm, we could encourage/initiate a fix. Other than initiating a support request, do you have any better recommendations to try to inform VMware of this issue? Thank you.
For the get-all-groups, I don't doubt it's a domain limitation. But it should never hit that limitation if it's asking the domain for a single group. Unless the algorithm behind Get-VIAccount ... See more...
For the get-all-groups, I don't doubt it's a domain limitation. But it should never hit that limitation if it's asking the domain for a single group. Unless the algorithm behind Get-VIAccount simply asks the domain for  all-groups in ALL cases, and THEN tries to process/search for the group name within  that list, instead of creating an LDAP query and letting the domain  server process the search. As for masks, if what I've described about its behavior is accurate, then it doesn't matter whether you wildcard or not as it doesn't apply that mask filter until after it gets the list of all groups (or what it believes is all groups). Thus for large domains where it caps that, if the string falls outside that first part of the alphabet, then it won't be included, if it falls inside that subset, it will be included. It just depends on how large the subset of all groups the algorithm receives to process. After I wrote that paragraph, I decided to test that assumption. Created 5 groups 'AAA_TEST_GROUP[1,2,3,4,5]' and 5 groups 'XXX_TEST_GROUP[1,2,3,4,5]' Sure enough: > $xxxGroups = Get-VIAccount -Domain "DOMAIN" -Id "XXX_*" -Group > $xxxGroups.Count [0] > $aaaGroups = Get-VIAccount -Domain "DOMAIN" -Id "AAA_*" -Group > $aaaGroups.Count 5 Now I'm pretty new to PowerCLI and even PowerShell itself, so I could be mistaken, but the more I play around with it, the more it seems that the PowerCLI process simply asks the domain for all groups and then tries to filter on them itself. To me, if this is accurate, it is a very bad method of fetching LDAP/Domain groups. Let the LDAP server process the search query - it's what it's designed to do. If there is another method or a workaround to applying VM role/permissions to a group, I would appreciate any guidance. Thank you.
I'm trying to add a group to have permissions on a VM: > Get-VM VMName | New-VIPermission -Role (Get-VIRole -Name "RoleName") -Principal "DOMAIN\GroupName" However, this fails with a "Could... See more...
I'm trying to add a group to have permissions on a VM: > Get-VM VMName | New-VIPermission -Role (Get-VIRole -Name "RoleName") -Principal "DOMAIN\GroupName" However, this fails with a "Could not find VIAccount with name 'DOMAIN\GroupName'" So I started trying to get the VIAccount object: > Get-VIAccount -Domain "DOMAIN" -Group -Id "GroupName" But this fails with 'ViAccount with id 'GroupName' was not found using the specified filter(s).' So I decided to open things up a bit and see if I could find it in the list myself: > $groups = Get-VIAccount -Domain "DOMAIN" -Group > $groups.Count 8500 Odd... this is only a portion of all groups. And looking at the members, it appears to pull them back in alphabetical order and stops well short of my groupname. Wonder if those groups early in the alphabet work ok? So I test my theory by specifying a group I create that starts with "AAA_...": > Get-VM VMName | New-VIPermission -Role (Get-VIRole -Name "RoleName") -Principal "DOMAIN\AAA_GroupName" Success! So it seems to me that the algorithm for New-VIPermission/Get-VIAccount, instead of working against the entire domain, just grabs some arbitrarily large number of groups/users, based on alphabetical order, and then searches for the specified name/id within that subset. For large domains, this means that groups/users toward the latter half of the alphabet may not be included in the search set and result in "not found" errors, even though that group/user does, in fact, exist within the domain. Does this make sense? Has this already been discovered by others and I'm just figuring it out myself? Is there a workaround to deal with group names (who I, as a VAdmin do not have control over) that may have names starting toward the later half of the alphabet? Thank you.
I believe I mean the former. As a vSphere admin, I can access the VM itself, modify hardware, change vLAN settings, view the console, etc. However, I do not have credentials to log into that cons... See more...
I believe I mean the former. As a vSphere admin, I can access the VM itself, modify hardware, change vLAN settings, view the console, etc. However, I do not have credentials to log into that console. Our setup is similar to a cloud service in some ways. Our VM admins are the administrators of the VMs and we just manage the physical infrastructure/hypervisor layer and they reimburse us for the hardware they use. So we have no credentials to access/log into the Guest OS, and so no way to run any commands which require Guest OS credentials. So I'm just trying to figure out if there is a method to get this information without such access. For the dynamic disk, I'm pretty sure that's not feasible as that's all self-contained within the Guest OS, so it seems likely that getting that information would require credentials. But I wondered if what VMtools settings are configured (i.e. vss.disableAppQuiescing) might be exposed or advertised in some way to the "higher" vSphere vmtools interface itself. Again, I appreciate the help.