Category Archives: Flings

ESXi Host Client Officially Released

A few days ago ESXi 6.0 Update 2 was released.  Quietly added in was version 1 of the ESXi Embedded Host Client.  I’ve spoken a few times about the Host Client.  It started out as a VMware Fling by VMware engineers Etienne Le Sueur and George Estebe.  Since then it has gained a hugely positive response from the community that it has finally found its way into ESXi.

If you’ve recently upgraded or installed ESXi 6.0 Update 2 you can access the host client via a browser connecting over standard SSL (https:/myesxi-host/ui/).   You can login with the host’s root account.  If you’ve never seen the Embedded Host Client before you’re in for a huge surprise.  You’ll be amazed at how similar it looks to the vSphere Web Client.  Not only that but it’s extremely snappy and fast built upon HTML5.

I recently upgraded my NUC home lab hosts to Update 2 to check out the production build.  It looks and feels just like the Tech Preview.  It’s going to be a great replacement to the C# Client.  If you’re running a previous Tech Preview release of the fling there’s a few things to note before you upgrade to Update 2.  Initially I did an upgrade of a host with an old Tech Preview 5 fling installed.  Update 2 left that version of the fling in place.  So on my subsequent hosts I removed the Tech Preview fling before upgrading the host.  That resolved the issue and installed the v1 production release.

Below are the steps to remove the Tech Preview fling before upgrading a host.  The -f represents a force removal just in case you have any third party vibs that may conflict with the uninstall as I did.

[[email protected]:~] esxcli software vib remove -f -n esx-ui
Removal Result
Message: Operation finished successfully.
Reboot Required: false
VIBs Installed:
VIBs Removed: VMware_bootbank_esx-ui_0.0.2-0.1.3357452
VIBs Skipped:
[[email protected]:~]

If, like me, you upgraded a host before removing the Tech Preview version of the fling. You can download the official Host Client from the VMware download portal.  List with the ESXi 6.0 U2 Zip and ISO images is the Host Client VIB and Offline Bundle.  Then just run through the steps to remove and install the VIB.

There is a newer build also available up on the flings page --Tech Preview v6.   I chose to upgrade to this build as it’s just my home lab.  The process is simple, I outlined the steps to update the Embedded Host Client to a new build in a previous post.

Latest v1 Production Build

host-client_v1

Latest Tech Preview Build

host_client_tp6

References

Embedded Host Client Fling Page

VMware Host Client Release Notes

ESXi Embedded Host Client v4 released

Unless you’ve been hiding under a rock recently you must have heard of the ESXi Embedded Host Client Fling by now.  This is one of the more exciting Flings of recent.  Actually there’s a couple really cool ones atm but this one definitely stands out.  And it’s just undergone another update.  With each iteration the engineers, Etienne Le Sueur and George Estebe keep adding more features and bug fixes.  It’s really progressing along really nicely.

I did a vMug community talk recently on VMware Flings and spoke about the Embedded Host Client.  For my first community talk it’s been really well received.  If you’re not up on what Flings are about or what the ESXi Embedded Host Client can do please check it out.

Installing the Fling is really easy, especially if you’re already running v3 of the Fling as I was.  If you’re currently running v3 you can use the Update method under the Help menu like I did.

Updating ESXi Embedded Host Client from v3

Firstly you need to grab the latest build from VMware Flings.  Download the vib and upload it to a datastore accessible to your host.  I used the Embedded Host Client and used the Datastore Browse feature to upload.

Log into the Embedded Host Client as you normally would and click on Help in the top right and select Update.

embedded_host_client_03

Next enter in the path to where you uploaded the vib file.  This can be a little tricky as you have to manually enter in the path.  It took me about seven tries to get the path and file name correct.  A feature request I’ll be submitting for the next version will be a browse option to paste in the correct path and name.

embedded_host_client_04

Click Update and if you got it path correct you should see a task similar to below.  You’ll know pretty quickly if it didn’t work because the task will end instantly and you won’t see a progress bar in results.

embedded_host_client_05

Once complete reload your browser session and sign back in.  Your build version should show the latest version.

embedded_host_client_06

Of course if you’re not already running the Embedded Host Client or an older version to v3 you can still install/update using the ESXCLI command from the ESXi console.

I’ve covered in previous posts how to install a vib from the console using ESXCLI.  Examples are also given on the Instructions tab of the Fling’s page.  Basically, upload the vib to a datastore on the host.  Then use the command below substituting the path for where you placed the vib.  No reboot or Maintenance Mode is required, which is really nice.

esxcli software vib install -v /vmfs/volumes/datastore1/esxui-signed.vib

That’s all that’s required and hopefully the installation goes well.  You should now be able to access the host via https://esxi_host/ui/

I can’t wait to see this become an official product.  No doubt there’s a long and tedious process to get the ESXi Embedded Host Client certified and ready as a VMware supported product.  Hopefully we see it sometime in 2016.

References

ESXi Embedded Host Client Flings page.

My talk on VMware Flings and the ESXi Embedded Host Client

 

Let’s have a Fling

After years of procrastinating, last week I gave my first vMug community talk in Melbourne.  After years of saying I can do that and constantly nodding my head to the Melbourne vMug committee to get more involved, I finally decided to step up.  Now that it’s over I can finally say that it was well worth it!

The decision to finally give a talk came at the end of vBeers in Melbourne a few months back.  After a few beers and some great conversations.  I left with the determination to get up and give that community talk.  There was just one issue though, I had no idea for a topic.  So I spent the next few weeks thinking of an idea and asking friends for suggestions.

In some ways the hardest part of the talk was just coming up with an interesting idea.  Something that not only other people would find interesting but me too.  I finally settled on VMware Flings.  I’ve been interested in VMware Flings for a few years now and this year they’ve really taken off with some really great Flings.  I put together a presentation abstract then reached out to the Melbourne vMug committee with my idea.  The @mvmug committee liked the idea and slotted me in as one of two committee presentations for Melbourne’s final vMug of the year.

Over the next month I put together my talk.  I’m not a big fan of the ‘Death by PowerPoint’.  So I worked on a talk where after I introduced myself I would pull up a web browser using the VMware Flings website as my slide deck.  Then lead into some demos in my home lab.  A format I think worked out really well.  Staring at slide decks can be hard after a long vMug.  So being able to interact with something on the screen keeps the audience engaged.  The biggest curve ball I got thrown was coming down with a virus two weeks prior to the talk.  Over that period I had blocked sinuses, constant coughing, and even a loss of voice for a day.  Disappointingly I was in no position to rehearse my talk over that period.  What was becoming a very exciting time became an extremely frustrating period 🙁

The day before the talk was nothing short of miraculous (either that or the upping of medication).  I woke up feeling like my old self.  It meant that I one good college cram session in the night before to rehearse my talk.  Not ideal but I’d take it 🙂

I felt that the talk went well.  I managed to use the full 45 minutes allocated to my session.  I tried to keep the talk moving along without dwelling on any one area for too long.  A had a short introduction, a brief overview of what VMware Fling are with some examples.  Then moved onto three demos in my home lab.  The ESXi Embedded Host Client, followed by PowerActions for the vSphere Web Client, and finishing up on a slightly less popular and more obscure Fling, the ESXi Google Authenticator.

I learnt quite a lot from the experience with a number of key take aways for the future.  Firstly, don’t rely on the facilities, not even as backups.  If you require Internet access, bring your own, then bring your own backup.  Bring all your own cables and dongles to connect to projectors.  I naively expect HDMI or DVI connectors.  Imagine my surprise when I got VGA.  Fortunately a VEEAM presenter from an earlier session leant me his VGA dongle.  Finally stay relaxed.  If you can interact with the audience, even just a little, it goes a long way in creating a positive atmosphere to present in.

The @mvmug committee have done a fantastic job in recording all of November’s sessions.  My session can be found here!

 

Onyx For the Web Client now supports vSphere 6.0 U1

It’s been a while since I’ve used the Onyx VMware Fling.  The last time I used it was way back in 2013 running the Project Onyx version that sat as a proxy between the C# vSphere Client and vCenter.  It was a great little Fling back then.  I had a good laugh when I looked at one of my old blog posts about Project Onyx and how I felt its lifespan was limited due to the C# client being phased out for the Web Client.  Two years later and the C# vSphere Client is still going strong.  Com’on VMware, do it already 😛

Well, Onyx is now back in an all new way and it now supports the vSphere Web Client.  In fact it was released back in July 2015 but has just undergone another update for vSphere 6.0 U1.  If you’re not sure what Onyx is.  It’s a tool that allows you to record your vSphere Client actions and display them back as PowerCLI API method calls.  I found Onyx useful in years past when the PowerCLI cmdlets weren’t as mature as they are today.  Thought, today there’s still a lot of things you can’t do with the standard PowerCLI cmdlets and recently I’ve been finding I’ve been delving into the API methods more and more.  So it’s great to see support for the Web Client in Onyx now.

There are two versions of Onyx For the Web Client.  The 6.0 release and the 6.0 U1 release.  It’s important that you use the version matching your vSphere.  I learnt the hard way recently how dangerous VMware Flings can be.  I installed the 6.0 release onto vSphere 6.0 U1 and broke my vCenter good and proper.  With the latest release of Onyx only a few weeks back it now once again supports the latest vSphere Web Client.

Installation is quite simple.  In my case I’m installing to the vCenter Server Appliance (VCSA).  You download the Onyx Fling from here.  Then extract its contents to a local folder.

I then console into my VCSA and enable and change my shell to BASH

shell.set --enabled True
shell
chsh -s /bin/bash

I can now use SCP to copy the files from my local computer to the VCSA using WinSCP.  It’s just a matter of dragging the onyx-setup-60u1 folder from my computer the to the /root directory on the VCSA.

onyx_winscp-000248

Now back on the VCSA I run

cd /root/onyx-setup-60u1
chmod +x ./install.sh
./install.sh

When the install script completes it will restart your vCenter web services.  It will take a few minutes to fully restart so don’t panic if you start receiving errors when trying to browse to the Web Client.  Once the services completely restart make sure you have closed you web browser tab and reopen it to the Web Client.

It’s also ideal to change the shell back to the Appliance Shell

chsh -s /bin/appliancesh

onyx-000249

Using Onyx is super simple.  It can be found under the Inventories in the Web Client.  Also pinned to the top right corner you have to two buttons.  A Red Record icon and a PowerCLI button.  Pressing the Red Record button starts recording your web session interactions.

onyx-000251

When you’ve completed with you actions we click the same record button which has turned to a Stop button.  Pressing the PowerCLI button now shows us the PowerCLI API calls that took place to perform our actions.  All cleanly laid out with syntax highlighting.  There’s also the ability to save the output as a PowerCLI script.

That’s it really.  There’s not a great deal to this Fling.  If you don’t do much PowerCLI you might not find this Fling overly special.  If on the other hand you are using PowerCLI on a regular basis I’m sure you’ll find it interesting.

Word of warning; Onyx For the Web Client is a VMware Fling and as such does not come with official VMware support.  Onyx is best suited to a Dev and Test environment and is not really recommended for Production environments.

References:
Onyx For The Web Client

Onyx 101

It’s been a week now since I’ve been playing with Onyx.  I stand by my initial impressions that it’s a great little app.  If you’re into automation, and lets face it, who isn’t these days.  You should really give Onyx a looking into.  Now it’s not going to write any scripts for you.  But what it’s going to do is give you the core code of your actions in the vSphere Client.

I’ve had Onyx running in the background behind my vSphere Client for the past week.  What I found interesting, or depressing, was looking at the same code pop up in the background as I did the same repetitious tasks in the vSphere Client.  A lot of my repetitious actions could be condensed into a handful of lines of PowerCLI code.  All that was stopping me was a copy and paste from Onyx into a PowerCLI script.

As I start focusing more on PowerCLI I can myself referring to Onyx to help cut some of the guess work out of what commands I need to be running to achieve my objectives.  As i said, it’s not going to write a script for you, but it’s going to give you a  good head start.

Below are the steps to get started with Onyx.

Once you download the ZIP file uncompress it to a folder.  Locate Onyx.exe in the root of that folder and execute it.  No installation is required.

A small window will open. You can click on the blue cog and change the default settings (which are fine to initially start with) and then click on the orange asterisk in the top left corner.

onyx01

This will open a connection window.  Type in the vCenter URL.  You can leave off the HTTPS if you wish and Onyx will insert it for you.

To simplify the process of connecting to the Onyx proxy with the vSphere Client click the checkbox to ‘Launch a client after connected‘.

Select VMware VI Client from the dropdown menu.  Then enter in your standard login credentials to vCenter and click Start.

onyx02

The vSphere Client will start up and make a connection to the Onyx Service on your PC using the credentials you entered on the previous screen.  A warning will pop up stating that your connection is not encrypted and if you want to proceed.  Click Yes to continue.

It’s worth noting that the connection between Onyx and vCenter is still encrypted.  What’s not encrypted is your local proxied connection from the Sphere Client to Onyx.  For Onyx to see you actions from the vSphere Client it needs an unencrypted session.

onyx03

If all successful up to this point your vSphere Client will connect to vCenter.  You’ll also see that the Onyx window will show a black screen and will say it’s connect to your vCenter on port 443 and running at your PC.

onyx04

Now all we have to do is select our Output Mode, in this case, PowerCLI.  Then click the green play button on the top left.

As we perform actions in the vSphere Client they will be translated to code.  Below is the PowerCLI output from creating a new Resource Pool.

onyx05

Below is the equivalent code but for VMware Orchestrator in JavaScript.

onyx06

And that’s it.  You can copy and past code out by right click on the code.  You can also use the save button to save all the output to a file.

Reference Links

Project Onyx Fling

Project Onyx

In keeping with my recent VMware Flings interest, Onyx, has been another one of those Flings that’s caught my eye.  The name probably accounts for 50% of my interesting—Onyx—just sounds so cool.  It sounds like it stands for something important.  The geek I am I actually looked it up.  It’s Greek, meaning claw or fingernail.  eh, ok so not that cool now.

Onyx is an application that can generate output code based on your actions in the vSphere C# client.  It can generate four different types of output --Raw Soap Messages, C#, PowerShell, and vCO JavaScript.  It achieves this by setting itself up as a proxy between you and the vCenter Server.  So Onyx initiates a secure connection to the vCenter server and then you initiate a connection using the C# vSphere Client to Onyx.  From that point on everything becomes transparent to you.  You can continue to use the vSphere Client to manage vCenter as normal.  But now you have the ability to create scriptable code from your actions.

Onyx is designed to work only with the C# Client.  It does not work with the Web Client.  With the push to  the Web Client and no more C# clients in development.  This may mean that Onyx now has a finite lifespan to it.

In any case I plan on playing around with Onyx over the coming days.  To goal is to see if I can extract meaningful PowerCli and vCO output code to use.  As I spend more time with these products on a day to day basis I can see Onyx helping, or at least guiding me into the right direction, when stuck creating workflows and scripts.

Onyx can be found on the VMware Fling page.  There is also a VMTN community which has been created for Project Onyx.  Both of which can be found in the links below.

 

Reference Links

Project Onyx Fling
Project Onyx Community

ESXi Google Authenticator Fling -Install & Configure

I remember downloading the Google Authenticator app from the Google Play store the day it came out.  Since that time I never once even ran the app.  I just couldn’t be bothered setting it up with any websites, that was until now.

When I heard about a VMware Fling to bring Google Authenticator two-factor authentication to ESXi last week I wanted to try it out as fast as I could.  So today I played around with it and it works great!  So I noted down what I did and uploaded it all below.  There’s really only one requirement and that’s ESXi 5.0 or above.  True the instructions are on the Flings site but I thought I’d put them into my own words.

The first thing I did before I even started was make sure my host was using a good NTP time source and the time was correct.

Download the ESXi Google Authenticator zip file and extract the VIB file from it. (link below)

Upload the VIB to the ESX host.  I just used the vSphere Web Client and clicked on Storage under Inventories on the Home page.

google_auth01a

I then located a Datastore that my host had access to. I created a folder called vib.  I then clicked the Upload a file to the Datastore icon.  Selected the VIB and clicked Open.  (I also tried using the zip file without extracting the VIB but couldn’t get it to work so give that a miss)

google_auth01b

Next I installed the VIB on the host using the ESXCLI.  Normally I would use the Management Assistant for this but because I’m playing around with authentication I was on the console of the host.  Replace the path of where you uploaded the VIB.

esxcli software vib install -v /vmfs/volumes/datastore2/vib/esx_google-authenticator_1.0.0-0.vib -f

If successful you should receive output similar to below.

google_auth01c

Next you need to execute the command ‘google-authenticator’

google_auth02

A short wizard will run with a series of questions on how you would like to setup the authenticator.  Each environment may influence how it is set-up.  Record down the secret key and also the URL for when the Mobile App is set-up later on.

The Two Factor authentication works with SSH and Shell access.  The config process currently is all manual.

First you have to edit /etc/ssh/sshd_config.  I used vi from the ESXCLI.  Went into Insert mode made the below change and write & quit.

ChallengeResponseAuthentication yes

Next you have to edit /etc/pam.d/sshd for ssh and/or /etc/pam.d/login for console with the first line.

auth required pam_google_authenticator.so

Initially I tried to use vi but couldn’t save so I used sed as shown in the Fling instructions.

sed -i -e ‘3iauth required pam_google_authenticator.so’ /etc/pam.d/sshd
sed -i -e ‘3iauth required pam_google_authenticator.so’ /etc/pam.d/login

For the change to take effect immediately run ‘/etc/init.d/SSH restart’

The change is not persistent after a reboot so for this to happen the above two lines will need to be added to /etc/rc.local.d/local.sh

Finally you have to set up the Google Authenticator app.  I used the Android version which I originally downloaded the day after it was released and never used.  The Google Authenticator link below has links to iOS and Blackberry apps as well.  There’s two ways to add the ESXi host to the app.  You can manually add in the ESXi using the Secret Key provided above.  Or the easier approach I found was to use the URL that generated above and put that into a web browser.  That will load a QR code on the screen.  Using a QR reader on the phone scan it and it will automagically load Google Authenticator and add in the ESXi host.

References

Google Authenticator
ESXi Google Authenticator Fling
Android App

ESXi Google Authenticator Fling

I love that even as large as VMware is they can still have a little fun with their product and development names.  VMware Octopus was one of my favourites.  I think we were all disappointed when they changed the name to fall into the Horizon Suite.  Flings are another great name I love.

A few days back I saw a tweet from the Fling team of a new Fling.  The name caught my eye immediately –ESXi Google Authenticator.    It sounds like a pretty cool idea.  Two factor authentication to ESXi.  I haven’t tried it out yet but I’ll be looking to over the coming days.

The source link to the Fling is below.  Designed by a couple VMware engineers in the R&D team.  There doesn’t appear to be much to the installation and configuration process.  You will need a fast connection, though, to download the 26kb zip file 🙂

It’s supported on ESXi 5.0 and 5.1.  Single admin support on ESXi 5.0 and multiple admin support on ESXi 5.1.  You have 30-second TOTP codes and support for emergency scratch codes, which I presume are for emergencies 😉

Source Link

ESXi Google Authenticator Fling