Tuesday, July 24, 2012

PowerCLI - IP reservation with PowerShell

Sometimes I receive questions which aren´t exactly my skill. In this case I was asked for a "IP management" from a .csv/.txt file to receive an IP address and reserve it. The IP address should be used for a vCloud Director vApp deployment. As a google junkie i searched for a ready-to-use solution but there wasn´t any.

So i decide to build a small script and a text file to play around with. The text file (ip_names.txt) only has three informations, comma separated:

ip address; dns name; state

and looks like this:;cjohannsen001;reserved;cjohannsen002;free;cjohannsen003;reserved;cjohannsen004;free;cjohannsen005;free;cjohannsen006;reserved

The goal was to select an ip address and if the address is chosen it should be reserved by changing the state keyword.

After a few attempts I figure out the following script:

$file = "ip_names.txt"
$Lines = Get-Content -path $file -readcount 0

For($i=0; $i -lt $Lines.Count; $i+=1){

$ip = $Lines[$i].ToString().Split(';')[0].Trim() 
$dns = $Lines[$i].ToString().Split(';')[1].Trim() 
$state = $Lines[$i].ToString().Split(';')[2].Trim() 
    if ($state –eq 'free') {
echo $ip "... is free"
$bool = Read-Host "Use IP?"
if($bool -eq "yes"){
$Lines[$i] = $Lines[$i].Replace("free", "reserved")
$Lines | Set-Content -Path $file
echo "IP address:"
echo "IP wasn´t chosen."

With this small script you will be able to "select" an IP address ;)

Monday, July 9, 2012

chain length consolidation in vCloud Director - multi-tenancy part 2

Based on the last article I think about a solution to enable vCloud Director organization administrators to consolidate their virtual machines (keep in mind this is only available in the SYSTEM organization) without being the SYSTEM administrator.

So if your customers are administrators in their org they aren´t able to consolidate their VMs and this could cause performance issues.

With the "host.login()" method in the vCloud Director plug-in of vCenter Orchestrator you will be able to authorize organization administrators and identify their organizational vApps and VMs. Because the vCenter Orchestrator is connected as a SYSTEM administrator to the vCloud Director you can call methods like "consolidate" directly.

The most valuable step is to identify the chain length of the VM which isn´t viewable as organization admin. So if you know have identified your VMs you can create an scriptable task like this:


System.log("VM name: "+myVm.name);

var doc = new XML(myVm.toXml());
default xml namespace = doc.namespace();
var n8 = new Namespace("http://www.vmware.com/vcloud/extension/v1.5");

System.log("ChainLength: "+doc.VCloudExtension.*::VmVimInfo.*::VirtualDisksMaxChainLength);

var chainLength = doc.VCloudExtension.*::VmVimInfo.*::VirtualDisksMaxChainLength;

if(myVm.vmStatus.value != 8){
throw("VM is not powered off!");

Please keep in mind that the vm.updateInternalState() method is useful cause the state is sometimes not the same as displayed in vCO. This is also useful for the host.login() method in my last article.

The first step identifies the chain length and the second one checks the state of the VM. In my workflow used a "user interaction" with the chain length as external input to ask if the VM should be consolidate. From a external portal you have to use the "answerWorkflow" method.

When the user decides to consolidate (with seeing the chain length in the decision field) the next scriptable task only has a consolidate call:

var task = myVm.consolidate();

The whole workflow looks like this:

You can control the operation in you vCloud Director, there you will see a "consolidating VM" even if you aren´t a SYSTEM administrator :)

Tuesday, July 3, 2012

vCD is multi-tenant, vCO is single-tenant, what now?

This week I had a discussion with one of our VSSP customers about the integration of vCloud Director in vCenter Orchestrator. As you might know there ist a plug-in for the vCD available which allows you to configure the vCD connection and make it available in vCO.

Now there is one thing to know about: If you configure the plug-in you will use the SYSTEM organization to have all other organizations available. If you connect to the vCO with the SOAP interface (with WaveMaker for example) the users will have full access to the vCD and not only to their organization.

Because of the user and role management in vCloud Director you will be limited in some functions. As example: There is no way to "consolidate" a VM even if you can see the chain length in their properties. This is limited to the provider administrator role.

So what´s the solution?

You can insert all organizations as new vCD connections in the vCD plug-in and as a vCO admin you are able to consolidate... but this isn´t really slick. The other was is to "authenticate" users with their organization and limit their access to their vApps/VMs.

After some attempts i designed a workflow like this:


  • org (string)
  • user (string)
  • pass (string)

  • url (string)
which were easy to fill from a web portal. With these parameters you are able to use the VclHost.login() method like this:

VclHostManager.setRuntimeCredentials(user, pass); 
var host = VclHostManager.createHost(); 
host.url = url; 
host.organization = org; 
host.sessionMode = VclHostSessionMode.PER_USER_SESSION; 
host.enabled = true; 

Now you are "logged" in with the user and the matching org. A way to verify this is to check for the organizations:

var Organizations = host.getOrganizations(); 
for (i in Organizations){
    System.log("Organization: "+Organizations[i].name);

As you can see you will only receive the organizations of the logged in user :)

In my test environment it looks like this:

Now you will be able to get the vApps and Vms of the organization and do some magic with them. I will post some further steps (chain length, WaveMaker portal) later... cause I´m a consultant... in a hotel... with some beer... and only a notebook :)