get-admin

Within the PowerShell community there has been a lingering debate over modules and providers.  Initially everyone seemed compelled to do both. Personally, I’ve never been very impressed by third party providers.  Mainly because they always felt like a gimmick.  They forced the file system analog, and the results where not very good. They were buggy, slow, and didn’ t support the standard provider hooks.  This lead to many vendors never bothering, and focused instead on cmdlets.  I myself had come to the conclusion that providers where something for the PowerShell team, and third party ISV should just leave them alone.  Fortunately the provider in version 1.3 of the DataONTAP PowerShell toolkit has broken the mold and renewed my faith in providers!

Continue Reading »

I’m currently winding down on a datacenter build that has consumed me for the better part of six months.  Last night our team went through and stood up vSphere on 200+ hosts. I know that’s nothing for you cloud providers, but that’s a lot of servers for the average IT shop.   Being a lights out datacenter we have 3 management paths to every server IP-KVM, ILOM, and serial ports.  Going through and setting all that up would have been a pain in the but, so I did a little searching and found how to configure the SUN ILOM via the serial port.  With that document and little experimentation I quickly had my script, now all that was left was to learn how to script via a COM port.  I turned to BING and found this article which pointed me to a new-to-me .Net Class…  about 4hrs later I had a complete solution, and yet another example of the Admin Development Model.

Continue Reading »

Glenn posited an interesting question this morning…how to change the SSL certificate that VSC uses to one that is signed by your CA so that the warning(s) would no longer appear. Turns out it’s significantly more difficult that it probably should be, but it is possible.

First, let me say that NetApp probably hates me doing this and will not support your VSC install in anyway should you modify the key. Also, keep in mind that any updates to VSC may over write the key, thus undoing any of this work. So, proceed at your own risk…

Continue Reading »

First let me say, I love VCS, it took all of the complexity out of using NetApp storage in a vSphere environment.  I have been tolerating one annoyance for quite some time now, and this morning said annoyance broke VCS at a customer site. What’s wrong with VCS? Well, for some reason it forces you to register the plugin with vCenter using an IP address.  Due to an over-restrictive proxy configuration, which caused only fully qualified domain names(FQDN) worked. Any IP address was redirected to an web page that explained said over-restricted policy, because VCS is mainly a web page the use of an IP address broke everything.  I searched around a little, and found Williams Lams post on removing plug-ins with the MOB. Once I found the pivot point for Plug-ins, I searched the API Reference, and found the ExtensionManager object.   Now that I had the Object in hand, I fired up PowerCLI and in less than 10 min figured out how to manually adjust the URL VSC used. It was so easy that I think I’m going to try and slap together a quick module to manage plug-ins via PowerCLI, but in the meantime if you, like me, have been frustrated by VSCs use of an IP address… try this.

$URL = 'https://VCS.getadmin.local:8143/vSphereExtensionDescriptor.xml'
# Get the Service Instance..
$SI = Get-View serviceinstance
# Get the extension manager
$ExtensionManager = get-view $SI.Content.ExtensionManager
# filter for the NetApp VSC extention
$extention = $ExtensionManager.ExtensionList |
    Where-Object {$_.key -eq 'com.netapp.nvpf'}
# Change the URL to use a FQDN vice an IP address
$extention.Client[0].url = $URL
# Save our updated extention!
$ExtensionManager.UpdateExtension($extention)

~Glenn

Being a primarily NetApp shop I do a fair amount of testing against their simulator before using any of the perl (and slowly PoSH) scripts against production systems. One of the things that I did a while ago was create a simple way of having the simulator(s) start when my virtual machine starts so that I don’t have to worry about logging in to start it.

NetApp’s documentation for the simulator states two ways of having it start when the server does: using screen to start it in the background, and the more “brute force” method of simply backgrounding the process when it’s started (by appending an ampersand to the end of the command). While both of these methods work, I wanted a way that I didn’t have to login to the system first in order to access the console of the simulator.

Continue Reading »

Kickstart and PXE are almost always used in conjunction, however you don’t have to use PXE to kickstart your installs. Fortunately you can provide the location of a kickstart even if you are using bootable media from USB and/or CD-ROM.

The process I’m going to describe here involves putting the kickstart(s) in a place accessible on the CD/USB media. This is particularly useful if you have an isolated network, a network that has limited resources or if you simply want to eliminate any questions during a manual install process. For example, I use kickstart to do the basic network configuration and the like, however there are very few things that can not bet set via the command line, so, you could, if desired, use kickstart as a method of configuration management. Or, you could simply have it do the install exactly the same as if you answered the questions when the default media is booted, but without actually answering the questions for each host.

You can also provide kickstart files from a web or NFS server even if you are using media. This can prove especially beneficial if you have frequently updated kickstarts (or a large number of them) and you don’t want to have to update the media when kickstarts are changed and/or added. VMware’s documentation describes how to provide the location if you are using web (http) or NFS as the method for providing the configuration.

The example I have here was done from a linux host (RHEL5 to be exact). All of this is reproducible in Windows, however I am not providing any documentation on how to do that.

Continue Reading »

First off, Happy VMworld everyone! It’s finally here, so let the socialization, learning and exhaustion begin.

I had a bit of free time this morning so I decided to do a lab. I didn’t arrive early enough to get in on the preview like some others, however even after seeing their posts about it the labs floor is quite impressive. From the seats arranged so that everyone can see the projectors, to the apparent “control center” in the middle, it’s an impressive setup.

I chose lab 20…logging in was painless and provisioning of the virtual machines was extremely quick. Access was also very good, initially anyway…more on that in a bit. Progress through the lab was quick, directions were good, screen shots were accurate and quickly identified the key fields that needed to have data entry done.

Overall, I really enjoyed the lab. In the last couple of years I haven’t done very many of them simply because most of the inability to get in. This year I had zero wait, and there were a few free seats around me. The dual monitor thin clients work well and PCoIP is amazing…

On that not so subtle transition, apparently the section I was in was running off the DC cloud. For the first 75% of the lab, I couldn’t tell…in fact, if the WAN (I assume it was the WAN) hadn’t of had some issues, I would have never known. Even when things started to go south and I could tell that latency was through the roof, the session was still usable, slow, but usable. At one point the client lost connectivity, however it quickly regained and started the session exactly where I left off.

I’m incredibly impressed with the labs…it’s my first real work done on a thin client, over PCoIP using a “cloud” infrastructure. If the provisioning of virtual machines works in the private cloud like it did for me today on VMware’s lab cloud, then we have a lot to look forward to in the future!

Outstanding work as always Labs Team, thank you!

This morning while standing up a new vScan A/V server I wanted to look up our McAfee service account.  I knew the account would be a domain account, and I knew it would be a member of the backup operators group on the filer.  With that in mind I ran the following.

[0:4]> Get-NaDomainUser -Group "Backup Operators"

SID
---
S-1-5-21-XXXXXXXX-XXXXXXXXX-XXXXXXXXX-112477
S-1-5-21-XXXXXXXX-XXXXXXXXX-XXXXXXXXX-111419
S-1-5-21-XXXXXXXX-XXXXXXXXX-XXXXXXXXX-146727

Well that’s rather useless… Unfortunately, the OnTAP API doesn’t provide a means to convert a SID to a NTAccount.  This is normally accomplished via the “cifs lookup” command on the Ontap CLI, but that doesn’t help us much from the toolkit.  Fortunately .Net provides a native means to perform this conversion.  This isn’t new to anyone who has been following PowerShell for a while (/\/\o\/\/ first posted these function way back in the Monad days), but that doesn’t make them any less useful!

Function ConvertTo-NTAccount
{
    Param(
        [Parameter(Mandatory=$true,
            HelpMessage="Enter the Sid to translate",
            ValueFromPipeLine=$true,
            ValueFromPipelineByPropertyName=$true
        )]
        [string]
        $SID
    )
    Process {
        $SIDObject = New-Object system.security.principal.securityidentifier($SID)
        write-output $SIDObject.translate([system.security.principal.ntaccount])
    }
}
Function ConvertTo-SID
{
    Param(
        [Parameter(Mandatory=$true,
            HelpMessage="Enter the NTAccount to translate in the form of domain\account",
            ValueFromPipeLine=$true,
            ValueFromPipelineByPropertyName=$true
        )]
        [string]
        $NTAccount
    )
    Process {
        $NTAccountObject = New-Object system.security.principal.NtAccount($NTaccount)
        write-output $NTAccountObject.translate([system.security.principal.securityidentifier])
    }
}

Armed with my trusty functions Let's try this again!

[0:15]> Get-NaDomainUser -Group "Backup Operators" | ConvertTo-NTAccount

Value
-----
GetAdmin\svcAV
GetAdmin\svcBackup
GetAdmin\svcMNV

Now that’s more like it!  This is what I Love about powershell.  In the past I would have had to push back on my sales rep, who would have inturn pushed back on the development team.  fast forward a year, and maybe I would have a workaround.  Or I would have had to try and glue a couple third party exe together (yuck). With PowerShell if I don’t like something I simply extend it in script.  No development, nothing complicated, just a couple line of PowerShell.  Best of all I can then provide this to the vendor as a concreate example of what I want in the next release (hint hint NetApp cifs lookup needs to be in the SDK!)

It really is just great stuff.
~Glenn

Update 2011-07-10:  Due to a template export error with Cacti, the import was failing for a lot of people. I apologize for taking so long to fix the templates, however they should be fixed now. Thank you to everyone who pointed out the errors and the fix in the comments.

I have made no secret that I use two applications daily to monitor my infrastructure: Nagios and Cacti. I have created a fair number of scripts (and hopefully publishing more soon) to help Nagios monitor the different parts of the infrastructure, however I haven’t published many of my Cacti scripts previously.

One of the most useful is the config that I use to monitor the different protocol stats for volumes. I created an indexed query so that the single script, and accompanying XML file, are capable of monitoring all the volumes, and I can select which graphs to create for each volume. The polling script is loosely based off of the multi-protocol realtime volume statistics script that I created some time ago.

Download the updated template and script(s) here.

Some examples…

Total Operations, Latency
  

CIFS Operations, Latency
  

NFS Operations, Latency
  

iSCSI Operations, Latency
  

My philosophy with Nagios checks, especially with the NetApp, is that unless there are extenuating circumstances then I want all volumes (or whatever may be being checked) to be checked equally and at the same time. This means I don’t want to have to constantly add and remove checks from Nagios as volumes are added, deleted and modified. I would much rather have one check that checks all of the volumes and reports on them en masse. This means I don’t have to think about the check itself, but rather, only what it’s checking.

One of the many things that I regularly monitor on our multitude of NetApp systems is snapshots. We have had issues, especially with LUNs, where the snapshots have gotten out of control.

In order to prevent this, or at least hope that someone is watching the screen…, I wrote a quick script that checks to see if the total size of snapshots on a volume exceed the snap reserve. Since not all of our volumes have a snap reserve, I also put in the ability to check the size of the snaps against the percentage of free space left in the volume.

This last measure is a little strange, but I think it works fairly well. Take, for example, a 100GB volume. If it is 50% full (50GB), there is no snap reserve and the alert percentage is left at the default of 40% free space, then the alert will happen when snapshots exceed about 15GB. “But that’s not 40% of the free space”, I hear you saying. Ahhh, but it is…you see as the snapshot(s) grow, there is less free space, which means that it takes a larger percentage as the free space shrinks. So at 15GB of snapshots, there would be 35GB of free space, and 40% of 35GB is 14GB.

This causes the alerts to happen earlier than you may expect at first. You can adjust this number to be a percentage of the total space in the volume if you like…however, why not just set a snap reserve at that point? I chose to make the script this way in order to attempt to keep a little more free space in the volume, while not making a snap reserve mandatory.

One last word…please keep in mind this script does not check for a volume being filled, you should have other checks for that. This merely checks to see if snapshots have exceeded a threshold of space in the volume to prevent them from taking up too much space.

Bring on the Perl…

Continue Reading »