Changes to the book with the introduction of ESX v3.5

From AstroArch

Contents 1 Chapter 2 2 Chapter 3 2.1 Step 14: File System Layouts 3 Chapter 4 3.1 Other ESX Security Considerations 4 Chapter 5 5 Chapter 6 5.1 Patch Management 6 Chapter 8 6.1 NTP 7 Chapter 9 7.1 Creating a VMotion vSwitch 8 Chapter 10 8.1 Modification of VM settings within VIC

Chapter 2

Page 37: Add after (RHEL3-ES)., in the first paragraph of the Version Differences subsection, the following:

VMware Virtual Infrastrature 3.5 is based on Red Hat Enterprise Linux Server version 3.0 Update 8.

Chapter 3

Step 14: File System Layouts

Page 66: Add the following at the end of the page:

In ESX v3.5 the /vmimages directory is now only used by the mounting of VMware Tools images and not as a per machine repository of general ISO images. The only data stores available as a per machine repository is any VMFS that it can see. It is recommended then that /vmimages not be resized or allowed to take up the rest of the space, but the rest of the space be assigned to the local VMFS-3. This way you still can keep local copies of the ISO images. It is not recommended, but often done, to use shared storage as that will cause SCSI Reservation Conflicts (See Chapter 6 for more discussions on SCSI Reservation Conflicts). All other aspects of Table 3.2 apply to ESX v3.5, just not the /vmimages partition.

This has been changed for ESX v3.5 Update 1 to allow /vmimages to be used again. The fix for this for unpatched versions of ESX v3.5 was to edit /etc/vmware/configrules to add after this line

accept prefix_case "/vmfs/"

The line

accept prefix_case "/vmimages/"

You can also use /etc/vmware/configrules to allow access to other locations on the filesystem for stored ISO or floppy images.

Chapter 4

Other ESX Security Considerations

Page 155: Add the following to the end of the page:

Virtual Center 2.5 allows one to cut-n-paste from one VM to another by default. The isolation tools settings will disallow this behavior.

Chapter 5

Page 200: How to Unlock a LUN

vmkfstools -D now works only on files. So reference How to find host that holds the file lock and free the lock.

However to discover LUN locks you should use

esxcfg-info -s | grep -i -B 12 pending

Chapter 6

Page 215: Add the following before Conclusion:

Patch Management

Patch Management for ESX and VI3 has been done by hand or using various third party tools like VMTSPatchManager, or Dominic Rivera's esx-autopatch.pl script. The issue has always been what order to apply the patches as they were order specific. These tools alleviated the need to determine the order yourself. Now built into VMware Virtual Center 2.5 is the VMware Update Manager. Simply put the Update Manager uses the capabilities of VMware Virtual Center to automate the patching of your VMware ESX Servers.

The steps are follows:

1. Goto Plugins->Manage Plugins and select the plugins to install. Install both the Update Manager and Converter plugins
2. Select the Installed tab and Enable all the plugins
3. Create a baseline or use the ones pre-downloaded when the Update Manager queries VMware for updates. It will also query an external source for VM updates it can apply.
4. Right click on the Host in question and select Scan for Updates
5. Click on the host in question and then the Update Manager Tab and select the Attach Baseline... link
6. Select the Baselines to attach to the host
7. Migrate VMs to another host or shutdown all VMs on the host. This step alleviates some timeout failures. You could also enter maintenance mode then exit maintenance mode as the next step will reenter maintenance mode.
8. Right click on the Host in question and select Remediate...

Now if you have VMware DRS the VMs will be moved to another host and the system will enter maintenance mode where the patches will be applied. Be careful if a VM can not normally be moved to the other host due to a vMotion limitation (i.e. connected CDROM/Floppy, using a Private network, or CPU considerations) the VM should be moved by hand or powered off. Remediation will could timeout if a VM can not be shutdown in time or if the host could not be placed into Maintenance Mode then the remediation step will fail.

If during the Scan for Updates step above you receive the error metadata for patch missing then the ESX Server can not reach the Update repository on your Update Manager server. The Update Manager requires that this server allow port 80 to connect. If you have another service running on port 80 instead of the Update Manager, this will also cause the error.

If you receive a failure due to a missing package or library find the offending package and exclude it from the baseline. Samba security updates is an example of this. The Samba package is not included by default on any ESX server.

Chapter 8

NTP

Page 263: Add the following:

NTP can now be configured using the VIC, please note that in order to do so, you will have to place the ESX server into Maintenance Mode in order for the changes to take effect. You can still use the following steps as well.

Chapter 9

Creating a VMotion vSwitch

Page 316 Add the following:

To setup vMotion from the command line there is a change to the way the hostsvc.xml file is created. Instead of using the portgroup number (i.e portgroup6 represented by $vMotion in the script on page 315) in the <nic>...</nic> clause below, you now use the portgroup alias (i.e vMotion as used by the script on page 315. Therefore the changes to the hostsvc.xml file are as follows and can be substituted in the script on page 315.

cat >> /etc/vmware/hostd/hostsvc.xml <<EOF
<ConfigRoot>
<vmotion>
<nic>vMotion</nic>
</vmotion>
</ConfigRoot>
EOF

or use

esxcfg-vmknics -l

Grab the vmknic name i.e. vmk1 and use below

vimsh -e "hostsvc/vmotion/vnic_set vmk1"

Chapter 10

Add before the conclusion of chapter 10:

Modification of VM settings within VIC

It is now possible to change the size of a virtual disk by Editing the Settings of the VM. This does not grow the filesystem, but will grow the size of the virtual disk.