vROPS | Custom Groups

It helps to group scattered VMs across multiple datacenters but belongs to same entity.

To elaborate,

Goal - I want to have a heatmap dashboard for all VMs of my client and in a single pane.
Challenge - My client's VMs are scattered around 4 data centers and in multiple folders and it is on vCloud Director platform. But vROPS will not be able to show the data in single pane of view because VMs are spread across and not in a single container.
Solution - Create Custom Group to monitor all those in a single pane of view. It will create a single container to give dashboard a source object to monitor and give the data.

Let's see how to do that...

My vROPS Version is 7.0.0.

 Step 0: Login vROPS. Of course :)
Step 1: Click on "Environment" tab - Click on "Custom Groups" Under Groups and applications and then click on Green (+) icon
Step 2: Follow the below-

Name  - Type any name here. I will give it vCloudGroup
Group Type - Select the group where you want to place this group in. Here, many confuses. We can create a new "Group Type" as well or you can select existing "Group Type" if you want.
Policy - Select Default Policy, if you want know much about it.
Keep Group Membership up to date - Check the box

Now, Define the membership criteria-

Select the object type - We will select "Virtual Machine" here because our goal is around the virtual machine. If you have any other goal then it might change to host, datacenter, datastore etc..

Right below this option, I will click on drop down and will select the "Object Name". why?

Because for all the VMs, there is one thing in common that all have a specific word in their VM Name. My logic would be, "Bind all the VMs in this Group which has xxx in its name. got it?"

Next, I will select "Contains" and then "xxxx".

 Now, you can click on okay but if you explicitly want any other VM of client, which doesn't have this xxx in its name then you can click on "Object to always include" or you don't want a particular VM to monitor then choose "Object to always exclude" and then click on save.

Now, search the Group Name "vCloudGroup" in vROPS search bar and will see all those VMs in it which has "xxx" in its name. It might take sometime to sync depending upon your environment size.


Feel free to put any question here!




 Thank you,
Team vCloudNotes




Python | Web page automation with Selenium

Below example is to auto-login in web-page. Already there are lots of websites sharing the same but I would like to have all the info at one place(Because this is my vCloud Notes) :)

#Start here
from selenium import webdriver  #Install the selenium package
from selenium.webdriver.common.by import By
import time
import selenium, os, time
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.common.keys import Keys
from selenium.webdriver.common import keys
import pyautogui

baseUrl = "Enter URL here"
exepath = 'C:\\Python\\geckodriver.exe' # download and save geckodriver (for firefox)in this location. For chrome it is different one.
driver = webdriver.Firefox(executable_path=exepath)
driver.get(baseUrl)
time.sleep(7)
username = driver.find_element(By.XPATH, "//input[@name='username']").send_keys("gjohar")
password = driver.find_element(By.XPATH, "//input[@name='password']").send_keys("blablabla")
time.sleep(2)
#I applied below tweak to click on login button because in my situation, there was no ID or Class mentioned for login button.
pyautogui.hotkey("tab")
pyautogui.hotkey("Enter")

#End here.



 Thank you,
Team vCloudNotes


NSX | MicroSegmentation

Micro-segmentation is a fancy term, basically it is kind of next level security provided by NSX. It is well known as "Micro" because it helps us to control the traffic flow even from a vNIC.

This Micro-segmentation basically we achieve by DFW that is Distributed Firewall.

Internet is already flooded with lots of articles and documentation on it. But here I will just simplify the things, but only for those who at least knows that what is NSX :)

How to apply it-

 Step 0: Login vCenter server and go to Networking and Security plugin
Step 1: Create Security groups between which you want to apply the policy. It doesn't mean that it is possible only with security groups. You can apply the firewall policy between two VMs, portgroups, IP address, SGs, vAPPs etc. it is just and example.
Step 2: Create required firewall rules and apply on security groups
Step 3: It is done

Steps explained-

 Let's say I want to apply security between APP and Web VMs.

I will create two Security Groups and will name them like SG_APP and SG_Web or anything you want.

Once done.

I will create firewall rules on the basis of below criteria.

Ex.1 - I want to block all the communication between WebServer1 and WebServer2 (Let's say I have multiple webservers)
Ex.2 - I want to allow all communication between web servers and app servers but only on port number 23
Ex.3- I want to allow all incoming connection coming toward web servers with any port number

In all the above rules, source and destination will be my Security Groups.

For example,

Ex.1
Source - SG_Web
Destination - SG_Web
Service - Any

Ex.2
Source - SG_APP
Destination - SG_Web
Service - 23

Ex.3
Source - Any
Destination - SG_Web
Service - Any

 That's it!

 Above is just an example and to explain the workflow. You can anyhow manipulate the security policies and firewall as per your requirement.

Below is an example that what can be in the source and destination list. As I said it give us option to select even a vNIC. Scroll down and you will get an idea.


 Now let's think about one use case of, where we might need to select vNIC as a source or destination. I have a VM which is internet facing as well as it can access my internal network as well and of course have two vNICs (One is internet facing and second is intranet facing)

I don't want any traffic can go from my one vNIC to another vNIC.

Got an idea?

Still any doubt.Feel free to comment. I will answer it for sure..



Thank you,
Team vCloudNotes


vROPS | Health Check of cluster

Sometime we have to check the cluster health. In terms of database size, collected metrics size etc..

for that I have a script which gives you very beautiful view of each and every thing of all the vrops cluster nodes. Run the script and you see it by yourself.

Step 1: Login vrops master node with root
Step 2: Copy below script and paste in CLI interface of vROPS


 echo -e "\e[1;31mHOSTNAME:\e[0m" > $HOSTNAME-status.txt | hostname >> $HOSTNAME-status.txt;getent hosts | nslookup >> $HOSTNAME-status.txt; uname -a >> $HOSTNAME-status.txt; echo -e "\e[1;31mDNS CONFIGURATION:\e[0m" >> $HOSTNAME-status.txt | cat /etc/resolv.conf >> $HOSTNAME-status.txt; cat /etc/hosts >> $HOSTNAME-status.txt; echo -e "\e[1;31mVERSION INFO:\e[0m" >> $HOSTNAME-status.txt | cat /usr/lib/vmware-vcops/user/conf/lastbuildversion.txt >> $HOSTNAME-status.txt; echo -e "" >> $HOSTNAME-status.txt;cat /etc/SuSE-release >> $HOSTNAME-status.txt; echo -e "\e[1;31mDATE:\e[0m" >> $HOSTNAME-status.txt | date >> $HOSTNAME-status.txt; echo -e "\e[1;31mSERVICES:\e[0m" >> $HOSTNAME-status.txt | service vmware-vcops status >> $HOSTNAME-status.txt; echo -e "\e[1;31mCASA:\e[0m">> $HOSTNAME-status.txt| service vmware-casa status >> $HOSTNAME-status.txt; echo -e "\e[1;31mDISKSPACE:\e[0m" >> $HOSTNAME-status.txt | df -h >> $HOSTNAME-status.txt; echo -e "\e[1;31mHEAPDUMP:\e[0m">> $HOSTNAME-status.txt | ls -lrSh /storage/heapdump/>> $HOSTNAME-status.txt; echo -e "\e[1;31mIFCONFIG:\e[0m">> $HOSTNAME-status.txt | ifconfig >> $HOSTNAME-status.txt; echo -e "\e[1;31mCASADB.SCRIPT:\e[0m" >> $HOSTNAME-status.txt | tail -n +51 /data/db/casa/webapp/hsqldb/casa.db.script >> $HOSTNAME-status.txt; echo -e "\e[1;31mROLE STATE:\e[0m">> $HOSTNAME-status.txt | grep adminroleconnectionstring /usr/lib/vmware-vcopssuite/utilities/sliceConfiguration/data/roleState.properties >>$HOSTNAME-status.txt | grep adminroleenabled /usr/lib/vmware-vcopssuite/utilities/sliceConfiguration/data/roleState.properties >>$HOSTNAME-status.txt; echo -e "\e[1;31mGEMFIRE PROPERTIES:\e[0m">> $HOSTNAME-status.txt | grep locators /usr/lib/vmware-vcops/user/conf/gemfire.* >> $HOSTNAME-status.txt; grep bind-address /usr/lib/vmware-vcops/user/conf/gemfire.* >> $HOSTNAME-status.txt; grep shardRedundancyLevel /usr/lib/vmware-vcops/user/conf/gemfire.properties >> $HOSTNAME-status.txt;grep "serversCount" /usr/lib/vmware-vcops/user/conf/gemfire.properties >> $HOSTNAME-status.txt; echo -e "\e[1;31mPERSISTENCE PROPERTIES:\e[0m">> $HOSTNAME-status.txt | grep ^db* /usr/lib/vmware-vcops/user/conf/persistence/persistence.properties >> $HOSTNAME-status.txt; grep replica* /usr/lib/vmware-vcops/user/conf/persistence/persistence.properties >> $HOSTNAME-status.txt; grep "repl.db.role" /usr/lib/vmware-vcops/user/conf/persistence/persistence.properties >> $HOSTNAME-status.txt; echo -e "\e[1;31mCASSANDRA YAML:\e[0m" >> $HOSTNAME-status.txt | grep broadcast_rpc_address: /usr/lib/vmware-vcops/user/conf/cassandra/cassandra.yaml >> $HOSTNAME-status.txt | grep listen_address: /usr/lib/vmware-vcops/user/conf/cassandra/cassandra.yaml >> $HOSTNAME-status.txt; echo -e "\e[1;31mNODE STATE INFO:\e[0m">> $HOSTNAME-status.txt | $VMWARE_PYTHON_BIN $ALIVE_BASE/tools/vrops-platform-cli/vrops-platform-cli.py getShardStateMappingInfo | sed -nre '/stateMappings/,/}$/p' >> $HOSTNAME-status.txt; echo -e "\e[1;31mWRAPPER RESTARTS:\e[0m" >> $HOSTNAME-status.txt |find /usr/lib/vmware-vcops/user/log/ -name "*wrapper.log" -print -exec bash -c "grep 'Wrapper Stopped' {} | tail -5" \; | cut -d'|' -f3 >> $HOSTNAME-status.txt; echo -e "" >> $HOSTNAME-status.txt; echo -e "\e[1;4;35mPERFORMANCE RELATED INFORMATION\e[0m" >> $HOSTNAME-status.txt; echo -e "" >> $HOSTNAME-status.txt; echo -e "\e[1;31mvCPU INFO:\e[0m" >> $HOSTNAME-status.txt |grep -wc processor /proc/cpuinfo >> $HOSTNAME-status.txt; echo -e "\e[1;31mMEMORY INFO:\e[0m" >> $HOSTNAME-status.txt | awk '$3=="kB"{$2=$2/1024**2;$3="GB";} 1' /proc/meminfo | column -t | grep MemTotal >> $HOSTNAME-status.txt; echo -e "\e[1;31mTOP OUTPUT:\e[0m" >> $HOSTNAME-status.txt; /usr/bin/top -d 0.5 -n 1 -b | head -5 >> $HOSTNAME-status.txt; echo -e "\e[1;31mADAPTER TYPE OBJECT COUNTS:\e[0m" >> $HOSTNAME-status.txt; su - postgres -c "PGDATA=/storage/db/vcops/vpostgres/repl PGPORT=5433 /opt/vmware/vpostgres/current/bin/psql -d vcopsdb -c 'select count(*),adapter_kind from resource group by adapter_kind;'" | awk '{ SUM += $1; print} END {print "Total";print SUM }' | cut -d ':' -f 5 >> $HOSTNAME-status.txt; echo -e "\e[1;31mCASSANDRA ACTIVITIES:\e[0m" >> $HOSTNAME-status.txt | /usr/lib/vmware-vcops/cassandra/apache-cassandra-2.1.8/bin/./nodetool --ssl -h 127.0.0.1 --port 9008 -u maintenanceAdmin --password-file /usr/lib/vmware-vcops/user/conf/jmxremote.password  cfstats -H globalpersistence.activity_2_tbl >> $HOSTNAME-status.txt; echo -e "\e[1;31mALERT DB COUNT:\e[0m" >> $HOSTNAME-status.txt | su - postgres -c "/opt/vmware/vpostgres/9.3/bin/psql -d vcopsdb -A -t -c 'select count(*) from alert'" >> $HOSTNAME-status.txt; echo -e "\e[1;31mALARM DB COUNT:\e[0m" >> $HOSTNAME-status.txt | su - postgres -c "/opt/vmware/vpostgres/9.3/bin/psql -d vcopsdb -A -t -c 'select count(*) from alarm'" >> $HOSTNAME-status.txt; less -r $HOSTNAME-status.txt


Step 3: If you have any doubt on output of this script you can run in your test environment first. I use this script many times to check the health of vROPS.

Below snippet is taken after running this command. You will get more data by keep pressing the down arrow key in your vrops putty session (note here :D)





Thank you,
Team vCloudNotes

Zerto Virtual Manager | Change Recovery VRA VM with powershell cmdlet

As a pre-requisite, you might need to download and install Zerto PowerShell Package from here


#Start here
clear
function LoadSnapin{
param($PSSnapinName)
if (!(Get-PSSnapin | where {$_.Name -eq $PSSnapinName})){
Add-pssnapin -name $PSSnapinName
}
}
# Loading snapins and modules
LoadSnapin -PSSnapinName "Zerto.PS.Commands"
clear
Write-host "Welcome to Zerto Powershell Script to change the Recovery VRA VMs one by one" -ForegroundColor Yellow
echo "################################ZERTO CMDLETS#####################################"
$ZVM =  read-host "Enter IP address of ZVM server "
Write-host "What is the full name of source host in vCenter Server? " -ForegroundColor yellow
$sourcehost = Read-host "Enter source host name "
Write-host "List of VMs is being extracted. Please bear with me." -ForegroundColor Green
Get-VMsReplicatingToHost -HostIp $sourcehost -ZVMIP $ZVM -ZVMPort 9080 -Username administrator -Password password

write-host "Which VM you want me to migrate? Select any VM in above list please  " -ForegroundColor Yellow
$VM = Read-Host "Enter VM Name "
Write-host "What is the full name of destination host in vCenter Server? " -ForegroundColor yellow
$desthost = Read-host "Enter destination host name "
Set-ChangeRecoveryHost -VMname $VM -CurrentTargetHost $sourcehost -NewTargetHost $desthost -ZVMIP $ZVM -ZVMport 9080 -username Administrator -password password -ErrorAction SilentlyContinue

Zerto Virtual Manager | Pause replication on all VPGs with CMDlets

It is simple, if you know it. Let's us powershell to do that.

function LoadSnapin{
param($PSSnapinName)
if (!(Get-PSSnapin | where {$_.Name -eq $PSSnapinName})){
Add-pssnapin -name $PSSnapinName
}
}
# Loading snapins and modules

LoadSnapin -PSSnapinName "Zerto.PS.Commands"

$VPGs = Get-ProtectionGroups -ZVMIP 1.1.1.1 -ZVMPort 9080 -Username administrator -Password password -SiteName ALL

#1.1.1.1 - ZVM Server IP
#9080 - ZVM port number
#administrator - username
#password - Password
#ALL - It is for all sites. Because service provider might have many sites connected to it.

foreach ($VPG in $VPGs){

Pause-ProtectionGroup -ZVMIP 172.22.2.30 -ZVMPort 9080 -Username administrator -Password password -ErrorAction SilentlyContinue -VirtualProtectionGroup $vpg -Confirm:$false
}

Please note: Run any script in your test environment first before applying into production. There is no harm in running above script but it is just an information :)
,

vCenter Server | How to get percentage free space of a datastore?


$vcenter = read-host "Enter vCenter server FQDN "
Connect-VIServer $vcenter
echo "Welcome to Datastore free space calculator tool"
echo ""
echo " Press 1 to search details for single datastore"
echo " Press 2 to search details for all the datastores"

$data = Read-Host "Enter your choice"
If($data -eq 1 )
{
$a= Read-Host " Please enter the name of DS"
$DS= Get-Datastore
Get-Datastore | where{$_.Name -eq $a} | Select @{N="DataStoreName";E={$_.Name}},@{N="Percentage Free Space(%)";E={[math]::Round(($_.FreeSpaceGB)/($_.CapacityGB)*100,2)}} | Where {$_."Percentage(<20%)" -le 20}
}

elseif ($data -eq 2 )
 { 
Get-Datastore | Select @{N="DataStoreName";E={$_.Name}},@{N="Percentage Free Space(%)";E={[math]::Round(($_.FreeSpaceGB)/($_.CapacityGB)*100,2)}} | Where {$_."Percentage(<20%)" -le 20}

}


,

NSX | How to disable SSH on all NSX edges?


Enabled SSH can be a security threat so it is recommended to keep it disabled and enable only when highly required.

Again disabling it manually is a tedious task (at least for me) so I thought to do it through powershell.

Below example is for selected edges, in case you want it to run for all then simply remove the source file and run "Get-Nsxedge". 

To disable SSH on selected Edges
 
#Connect NSX Manager and replace 1.1.1.1 with actual IP address of NSX Manager
Connect-NsxServer -nsxserver 1.1.1.1
#put a file with edge-ID in below location. In case you want to disable on selected edges
foreach($edgelist in (Get-Content -Path C:\TEMP\edgelist.txt)){
#below command will disable ssh on all the mentioned edges in above .txt file 
Get-NsxEdge -objectId $edgelist | Disable-NsxEdgeSsh -Confirm:$false
#Let's cross check the status after disabling it
$ssh = Get-NsxEdge -objectId $edgelist
$ssh.id
$ssh.clisettings.remoteaccess
}


To disable SSH on all NSX edges.
 Connect-NsxServer -nsxserver 1.1.1.1
 Get-NsxEdge  | Disable-NsxEdgeSsh -Confirm:$false
 


Any query? Feel free to ask.



Thank you,
Team vCloudNotes


, ,

NSX | How to get IPSec VPN Tunnel Statistics for all NSX edges

I simply recalled the NSX API through powershell and got the required result.

#Start
clear
#replace 1.1.1.1 with actual IP address of NSX Manager
Connect-NSXServer -NSXServer 1.1.1.1

#Put all the edge-IDs in below location, for which you want to see the result.
$edgeids = Get-Content -path C:\Temp\gjohar.txt

 foreach($edgeid in $edgeids){
 
   $EdgeApi =  Invoke-NSXRestMethod -method "GET" -uri "/api/4.0/edges/$edgeid/ipsec/statistics"
   $EdgeApi.ipsecStatusAndStats.InnerText

   }
#End
 

I haven't taken output in a file. I just ran the command, copied entire data and pasted in notepad++ to review. But if you want, you can do so.


Below is the sample output.

Note that : output for each edge's data is separated with help of "out-string". One liner output is for those edges which don't have any VPN configured.
 


Feel free to comment in case of any query\doubt. We are quite reactive.



Thank you,
Team vCLoudNotes

,

NSX | How to Connect NSX Manager in Rest API client?

To connect with APIs of NSX Manager, you can use any tool like Postman or Insomnia.

Let's see, how we can do that.

I use insomnia, so will demonstrate via insomnia only. However process is quite similar.

Step 1: Install and open Insomnia

1.a : It is freeware tool and downloaded from here. Please get it installed on your pc
1.b : As usual an icon will be placed on your desktop in installation process
1.c : Open it and you will see this tool as similar as below.


Step 2: Connect NSX manager
2.a : Authentication is the first step before doing any other thing. isn't it? For authentication, select basic authentication (as shown above)
2.b : Give username and password of NSX manager, again as shown in above image.
2.c : Enter NSX manager URL as shown above "https://192.168.1.1" and make sure GET is selected and press Send.

If you get that green "200 OK" message then you are connected guys else check your credentials.

That's it! You are connected with NSX Manager now in your RestAPI client.

I will post more on API operations some other day! Stay tuned.



Thank you,
Team vCloudnotes




Subscribe to: Comments (Atom)