nested hypervisor (on ESXi 5.1)

Sometimes you might want to run a hypervisor on a hypervisor for testing purposes…. this is how you pass through the required CPU extensions in ESXi 5.1

Remember you will also need to enable promiscuous mode on the networking side also.

http://www.virtuallyghetto.com/2012/08/how-to-enable-nested-esxi-other.html

There are some changes with Nested Virtualization in vSphere 5.1 also officially known as VHV (Virtual Hardware-Assisted Virtualization). If you are using vSphere 5.0 to run Nested ESXi or other nested Hypervisors, then please take a look at the instructions in this article. With vSphere 5.1, there have been a few minor changes to enable VHV.

  1. The new Virtual Hardware 9 compatibility will be required when creating your nested ESXi VM, Virtual Hardware 8 will not work if you are running ESXi 5.1 on your physical host. You will still need to enable promiscuous mode on the portgroup that will be used for your nested ESXi VM for network connectivity.
  2. vhv.allow = “true” is no longer valid for ESXi 5.1 to enable VHV. A new parameter has been introduced called vhv.enable = “true” that is now defined on a per VM basis to provide finer granularity of VHV support. This also allows for better portability between VMware’s hosted products such as VMware Fusion and Workstation as they also support the vhv.enable parameter.
  3. You can now enable VHV on a per VM basis and using the new vSphere Web Client which basically adds the vhv.enable = “true” parameter to the VM’s .VMX configuration file.

 

vmware – updating vcenter email alert for monitoring

I’ve used the following powershell script to assist with setting up a consistant email alert on various vmware envionrments.


# Usage ;
# Please manually connect to vCenter, use "Connect-VIServer" -- this promotes usernames and passwords not beings saved with script.
# Update below variable with email(s) use comma as delimita 
$MailtoAddresses= “[email protected]

#—-These Alarms will send a single email message and not repeat —-
$LowPriorityAlarms=”Timed out starting Secondary VM”,`
“No compatible host for Secondary VM”,`
“Virtual Machine Fault Tolerance vLockStep interval Status Changed”,`
“Migration error”,`
“Exit standby error”,`
“License error”,`
“Virtual machine Fault Tolerance state changed”,`
“VMKernel NIC not configured correctly”,`
“Unmanaged workload detected on SIOC-enabled datastore”,`
“Host IPMI System Event Log status”,`
“Host Baseboard Management Controller status”,`
“License user threshold monitoring”,`
“Datastore capability alarm”,`
“Storage DRS recommendation”,`
“Storage DRS not supported on host”,`
“Datastore is in multiple datacenters”,`
“Insufficient vSphere HA failover resources”,`
“License capacity monitoring”,`
“Pre-4.1 host connected to SIOC-enabled datastore”,`
“Virtual machine cpu usage”,`
“Virtual machine memory usage”,`
“License inventory monitoring”

#—-These Alarms will repeat every 24 hours—-
$MediumPriorityAlarms=`
“Virtual machine error”,`
“Health status changed alarm”,`
“Host cpu usage”,`
“Health status monitoring”,`
“Host memory usage”,`
“Cannot find vSphere HA master agent”,`
“vSphere HA host status”,`
“Host service console swap rates”,`
“vSphere HA virtual machine monitoring action”,`
“vSphere HA virtual machine monitoring error”

#—-These Alarms will repeat every 2 hours—-
$HighPriorityAlarms=`
“Host connection and power state”,`
“Host processor status”,`
“Host memory status”,`
“Host hardware fan status”,`
“Host hardware voltage”,`
“Host hardware temperature status”,`
“Host hardware power status”,`
“Host hardware system board status”,`
“Host battery status”,`
“Status of other host hardware objects”,`
“Host storage status”,`
“Host error”,`
“Host connection failure”,`
“Cannot connect to storage”,`
“Network connectivity lost”,`
“Network uplink redundancy lost”,`
“Network uplink redundancy degraded”,`
“Thin-provisioned LUN capacity exceeded”,`
“Datastore cluster is out of space”,`
“vSphere HA failover in progress”,`
“vSphere HA virtual machine failover failed”,`
“Datastore usage on disk”

#—Set Alarm Action for Low Priority Alarms—
Foreach ($LowPriorityAlarm in $LowPriorityAlarms) {
Get-AlarmDefinition -Name “$LowPriorityAlarm” | Get-AlarmAction -ActionType SendEmail| Remove-AlarmAction -Confirm:$false
Get-AlarmDefinition -Name “$LowPriorityAlarm” | New-AlarmAction -Email -To @($MailtoAddresses)
# Get-AlarmDefinition -Name “$LowPriorityAlarm” | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus “Green” -EndStatus “Yellow”
Get-AlarmDefinition -Name “$LowPriorityAlarm” | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus “Yellow” -EndStatus “Red” # This ActionTrigger is enabled by default.
# Get-AlarmDefinition -Name “$LowPriorityAlarm” | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus “Red” -EndStatus “Yellow”
# Get-AlarmDefinition -Name “$LowPriorityAlarm” | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus “Yellow” -EndStatus “Green”
}

#—Set Alarm Action for Medium Priority Alarms—
Foreach ($MediumPriorityAlarm in $MediumPriorityAlarms) {
Get-AlarmDefinition -Name “$MediumPriorityAlarm” | Get-AlarmAction -ActionType SendEmail| Remove-AlarmAction -Confirm:$false
Set-AlarmDefinition “$MediumPriorityAlarm” -ActionRepeatMinutes (60 * 24) # 24 Hours
Get-AlarmDefinition -Name “$MediumPriorityAlarm” | New-AlarmAction -Email -To @($MailtoAddresses)
# Get-AlarmDefinition -Name “$MediumPriorityAlarm” | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus “Green” -EndStatus “Yellow”
Get-AlarmDefinition -Name “$MediumPriorityAlarm” | Get-AlarmAction -ActionType SendEmail | Get-AlarmActionTrigger | Select -First 1 | Remove-AlarmActionTrigger -Confirm:$false
Get-AlarmDefinition -Name “$MediumPriorityAlarm” | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus “Yellow” -EndStatus “Red” -Repeat
# Get-AlarmDefinition -Name “$MediumPriorityAlarm” | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus “Red” -EndStatus “Yellow”
# Get-AlarmDefinition -Name “$MediumPriorityAlarm” | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus “Yellow” -EndStatus “Green”
}

#---Set Alarm Action for High Priority Alarms---
Foreach ($HighPriorityAlarm in $HighPriorityAlarms) {
Get-AlarmDefinition -Name "$HighPriorityAlarm" | Get-AlarmAction -ActionType SendEmail| Remove-AlarmAction -Confirm:$false
Set-AlarmDefinition "$HighPriorityAlarm" -ActionRepeatMinutes (60 * 2) # 2 hours
Get-AlarmDefinition -Name "$HighPriorityAlarm" | New-AlarmAction -Email -To @($MailtoAddresses)
# Get-AlarmDefinition -Name "$HighPriorityAlarm" | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus "Green" -EndStatus "Yellow"
Get-AlarmDefinition -Name "$HighPriorityAlarm" | Get-AlarmAction -ActionType SendEmail | Get-AlarmActionTrigger | Select -First 1 | Remove-AlarmActionTrigger -Confirm:$false
Get-AlarmDefinition -Name "$HighPriorityAlarm" | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus "Yellow" -EndStatus "Red" -Repeat
# Get-AlarmDefinition -Name "$HighPriorityAlarm" | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus "Red" -EndStatus "Yellow"
# Get-AlarmDefinition -Name "$HighPriorityAlarm" | Get-AlarmAction -ActionType SendEmail | New-AlarmActionTrigger -StartStatus "Yellow" -EndStatus "Green"
}
This is another version i created that just grabs all alarms and sets email trigger. Note that it will delete all the current triggers (so ensure you dont have SNMP traps etc that you need)


# v3 : grab all alarms from vcenter (so should work all versions) and use these for alarm variables
# Usage ;
# Please manually connect to vCenter, use "Connect-VIServer" -- this promotes usernames and passwords not beings saved with script.
# Any alarm that is currently active will send email alert -- please confirm appropriate values for tiggers before running this script.

#Set Notification emails here;
$MailTo= “[email protected]

#define alarms to be set;
$Alarms = Get-AlarmDefinition | sort Name | select name | ft -HideTableHeaders

foreach ($Alarm in $Alarms)
{
# Delete Trigger;
Get-AlarmDefinition -Name “$Alarm” | Get-AlarmAction | Remove-AlarmAction -Confirm:$false

# Create Trigger;
Get-AlarmDefinition -Name “$Alarm” | New-AlarmAction -Email -To “$MailTo”
}

UPDATE : I generally use the following script now. Less to maintain, and covers any alarms that have not been managed.

# Author : Darren Taylor
# v5 : grab all alarms from vcenter (so should work all versions) and use these for alarm variables
# Usage ;
# Please manually connect to vCenter, use “Connect-VIServer” — this promotes usernames and passwords not being saved with script.
# Any alarm that is currently active will send email alert — please confirm appropriate values for tiggers before running this script.
#
# Note ;
# This script needs to be modified to exclude alarms that are not critical (exclusive rather than inclusive)
# Once Exceptions list is updated, re-run script.

# ——————- VARIABLES ————————-

#Set Notification emails here;
$MailTo= “[email protected]

# These are the names of the alarms to ignore — i.e. do NOT setup email alert
# THESE ALARMS ARE CONSIDERED NON CRITICAL
$Exceptions= `
“Virtual machine cpu usage”,`
“Virtual machine memory usage”

# ——————- CODE ONLY BELOW ——————-

# TODO:
# Change triggers on some alarms?

#define alarms to be set; (ALL ALARMS)
$Alarms = Get-AlarmDefinition | sort name | select name

foreach ($Alarm in $Alarms)
{

# Test variable in array
Write-Host “Setting Alarm… ” -NoNewLine; Write-Host $Alarm.Name -NoNewLine;

# Delete Trigger; (clears all existing EMAIL triggers)
Get-AlarmDefinition -Name $Alarm.Name | Get-AlarmAction -ActionType:SendEmail | Remove-AlarmAction -Confirm:$false;

# Exceptions to email trigger
$SetAlarm = 1;
foreach ($Exception in $Exceptions) {if($Alarm.Name -eq $Exception){$SetAlarm=0; Write-Host ” Ignored” -foregroundcolor red;}}

# Create Trigger;
if($SetAlarm -eq “1”){Get-AlarmDefinition -Name $Alarm.Name | New-AlarmAction -Email -To $MailTo}

}

 

vmware and NLB (unicast vs multicast)

Thought I’d get a bit of clarification around this one. VMWare states –

VMware recommends that you use multicast mode, because unicast mode forces the physical switches on the LAN to broadcast all Network Load Balancing traffic to every machine on the LAN.

There are some issues which come to the surface if you are using unicast. Where possible we should always try to use a Multicast NLB as Unicast can cause some complications around vSwitch configurations. (requirement to change switch notifications to “No” – and seemingly break port id teaming). Detail below;

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1556

• All members of the NLB cluster must be running on the same ESX host.
• All members of the NLB cluster must be connected to the single portgroup on the virtual switch
• VMotion for unicast NLB virtual machines is not supported (unless you want to migrate ALL NLB members to a different ESX host)
• The Security Policy Forged Transmit on the Portgroup is set to Accept
• The transmission of RARP Packet is prevented on the Portgroup/Virtual Switch as explained in the later part of the article.

Here is a bit about each type… (from vmware docs)

Multicast

Multicast mode allows communication among hosts because it adds a Layer 2 multicast address to the cluster instead of changing the cluster. Communication among hosts is possible because the hosts retain their original unique media access control (MAC) addresses and already have unique media access control (MAC) addresses and already have unique dedicated IP addresses. However, the address resolution protocol (ARP) reply that is sent by a host in the cluster (in response to an ARP request) maps the cluster’s unicast IP address to its multicast MAC address.

Some routers do not support the resolution of unicast IP addresses to multicast MAC addresses, and they discard the ARP reply. As a result, an administrator must add a static ARP entry in the router, mapping the cluster IP address to its MAC address.

  • Can be single nic
  • Add static ARP to default gateway

Unicast

Unicast mode works seamlessly with all routers and Layer 2 switches. However, this mode induces switch flooding, a condition in which all switch ports are flooded with Network Load Balancing
traffic, even ports to which servers not involved in Network Load Balancing are attached. To communicate among hosts, you must have a second virtual adapter for each host.

Normally, switched environments avoid port flooding when a switch learns the MAC addresses of the hosts that are sending network traffic through it. The Network Load Balancing cluster masks the cluster’s MAC address for all outgoing traffic to prevent the switch from learning the MAC address.

On an ESX host, the VMkernel sends a reverse address resolution protocol (RARP) packet each time
certain actions occur—for example, when a virtual machine is powered on, when there is a teaming failover, or when certain VMotion operations occur. The RARP packet gives physical switches the MAC
address of the virtual machine involved in the action. In a Network Load Balancing cluster environment, after a Network Load Balancing node is powered on, the notification in the RARP packet exposes the MAC address of the cluster NIC. As a result, switches might begin to send all inbound traffic destined for the Network Load Balancing cluster through one switch port to a single node of the cluster.

Because the virtual switch operates with complete data about the underlying MAC addresses of the virtual NICs inside each virtual machine, it always correctly forwards packets containing a MAC address
matching that of a running virtual machine. As a result of this behavior, the virtual switch does not forward traffic destined for the Network Load Balancing MAC address outside the virtual environment
into the physical network, because it is able to forward it to a local virtual machine.

  • Requires 2 nics if you want host to host communication.

vmware – cpu ready (what to look for) and performance

keeping things simple – below are the numbers to look for when your investigating cpu scheduling issues withing a vmware environment…

Look for the cpu “ready” counter which is a percentage of time that the virtual machine was ready, but could not get scheduled to run on the physical CPU. CPU ready time is dependent on the number of virtual machines on the host and their CPU loads.

These are the peak / average figures to watch for in vmware performance graphs. Anything above 5% cpu ready time is worth fixing. (Note : the sampling rate is different depending on which view you are looking at)

Realtime : 1000 x 20 (20 second sample) x 5% = 1000

Daily : 1000 x 300 (5 min sample) x 5% = 15000
Weekly : 1000 x 1800 (30 min sample) x 5% = 90000
Monthly : 1000 x 7200 (2hrs sample) x 5% = 360000

Note : above is 1vCPU only, see this reference for some more detail and some nice charts!

http://vmtoday.com/2013/01/cpu-ready-revisted-quick-reference-charts/

EMC Celerra Optimizations for VMware on NFS

go here http://blog.scottlowe.org/2010/01/31/emc-celerra-optimizations-for-vmware-on-nfs/

Turn on the uncached write mechanism for NFS file systems used as VMware datastores. This can have a significant performance improvement for VMDKs on NFS but isn’t the default setting. From the Control Station, you can use this command to turn on the uncached write mechanism:
server_mount <data mover name> -option <options>,uncached <file system name> <mount point>
Be sure to review pages 99 through 101 of the VMware on Celerra best practices document for more information on the uncached write mechanism and any considerations for its use.