In the vSphere 7.0 Update 1 release VMware introduced a new service called the VMware vSphere Cluster Services (vCLS). vCLS provides a mechanism that allows VMware to decouple both vSphere DRS and vSphere HA from vCenter Server. Niels Hagoort wrote a lengthy article on this topic here. You may wonder why VMware introduces this, well as Niels states. by decoupling the clustering services (DRS and HA) from vCenter Server via vCLS we ensure the availability of critical services even when vCenter Server is impacted by a failure.
vCLS is a collection of multiple VMs which, over time, will be the backbone for all clustering services. In the 7.0 U1 release a subset of DRS functionality is enabled through vCLS. Over the past week(s) I have seen many questions coming in and I wanted to create a blog with answers to these questions. When new questions or considerations come up, I will add these to the list below.
- Do I need to maintain/update/manage the vCLS VMs?
No, the VMs are managed by the ESX Agent Manager, you as an administrator should not need to manage these! - How many vCLS VMs will there be running?
At most, there will be 3 VMs running. If you have 1 host you will have 1 VM, with 2 hosts 2 VMs and with 3 or more hosts you will have 3 VMs. - Why do I see vCLS VMs with a number higher than 3? (for example “vCLS (5)” or “vCLS (28)”)
During maintenance ESX Agent Manager (EAM) can delete and re-provision the VMs when deemed needed. When a new VM is provisioned the counter will go up. - What is the resource overhead of the vCLS VMs?
Each VM has 1 vCPU, 128MB memory, 2GB thin disk, no NIC - If the vCLS has no NIC how does it communicate?
vCLS leverages a VMCI/vSOCKET interface to communicate with the hypervisor. - On which datastore will the vCLS VMs be provisioned?
It will be provisioned on shared storage, if available during provisioning, otherwise, it will go to local VMFS. - Can I specify which datastores should be considered for vCLS VMs?
No, unfortunately today it is not possible to specify which datastores should be used for provisioning the vCLS VMs to. - If one, or more, vCLS VMs are provisioned on the wrong datastore, can I SvMotion it?
Yes, you are allowed to SvMotion the vCLS VMs to a datastore of choice, this should preferably be a datastore which is presented to all hosts in the cluster! - Can I use Storage DRS (SDRS) to place datastore into maintenance mode which holds vCLS VMs?
SDRS does not consider vCLS VMs for migration, vCLS VMs right now need to be manually migrated, even when using SDRS. - Why do I have multiple vCLS VMs running on the same host, and can I vMotion them?
After maintenance mode you can end up in a situation where multiple (or all) vCLS VMs are running on the same host, you will need to manually vMotion the vCLS VMs to different hosts in your cluster. The development team is aware of this issue, and is aiming to fix this in an upcoming release. - Why aren’t the vCLS VMs deleted when I disable DRS?
The vCLS VMs are linked to the “cluster object” and not directly to the DRS functionality. Disabling DRS doesn’t impact the vCLS VMs. - Can I disable the provisioning of the vCLS VMs?
Yes you can, but keep in mind that vCLS is required for DRS to function. Meaning that if you disable the provisioning of the VMs DRS will not work any longer, which also means that HA can’t leverage DRS for failover placement and will need to resort to the simple placement mechanism. - I can’t find the advanced setting mentioned in the documentation, what is the setting for disabling vCLS?
Go to your vCenter Server object, go to the configure tab, then go to “Advanced Settings”, add the key “config.vcls.clusters.domain-c<identifier>.enabled” and set it to false. The domain “c-number” for your cluster can be found in the URL when you click on the cluster in the HTML-5 interface. It should look something like the following, where the bold part is the important bit: https://vcsa-06.rainpole.com/ui/app/cluster;nav=h/urn:vmomi:ClusterComputeResource:domain-c22:4df0badc-1655-40de-9181-3422d6c36a3e/summary. - When I enable “retreat” mode and the vCLS VMs are deleted, will that also delete my resource pools?
No, resource pools are not deleted when vCLS is disabled. Only DRS load balancing is impacted! - Should I create anti-affinity rules for the vCLS VMs?
Right now DRS doesn’t take vCLS VMs into consideration, so an anti-affinity rule would not be considered. After maintenance simply manually move the vCLS VMs to the hosts you want them located. - Can I create a custom naming scheme for the vCLS VMs?
Today it is not possible to create a custom naming scheme vCLS VM, this has been filed as a feature request and is considered for a future release. We also discourage renaming the VMs at this point in time. - Can I rename the folder in which the vCLS VMs are stored in the VMs & Templated view?
No, we discourage changing the name of the folder as this could lead to issues when EAM needs to delete VMs. - Can I login to the vCLS VMs?
Yes, but this is only intended for troubleshooting. This should not be needed during normal operations as these VMs are managed by EAM. You need to SSH into vCenter Server and then run the following command to retrieve the password. This will then allow you to login with “root” into the vCLS VMs, although I personally have not found a reason to do so.
/usr/lib/vmware-wcp/decrypt_clustervm_pw.py - Does vCLS require Kubernetes for vSphere to be configured?
No, it does not. - Do I need to back up or replicate the vCLS VMs?
No, there’s no need to create a backup or replicate the VMs. If the VMs are impacted by an outage than HA will restart them or EAM will recreate them automatically. - Does vCLS work with ESXi on ARM?
No, in the current release vCLS VMs cannot be provisioned to a cluster using ESXi on ARM. You can disable the creation of the VMs following this article. - If I need to power off my cluster, what do I do with these VMs?
These VMs are migrated by DRS to the next host until the last host needs to go into maintenance mode and then they are automatically powered off by EAM. - Which data evacuation option should I use when going into maintenance mode cluster-wide?
I use the “no data migration” option after I have powered off all normal VMs. - Is vCLS compatible with Site Recovery Manager (SRM)?
SRM is supported with vCLS starting vCenter Server 7.0 U1a. - Can my vCenter Server instance be 7.0 U1 while my hosts are vSphere 6.5 or 6.7?
Yes, this is fully supported. Just check the vCenter/ESXi compatibility matrix. Everything which is listed is also supported for DRS/vCLS - Do I need to do anything for a stretched cluster?
No that is not required, we would recommend however to ensure there’s at least 1 VM in each location from a compute perspective. - Can I identify these VMs as “special VMs” when automating certain tasks or creating reports through my automation tools?
Yes, you can easily identify them, Niels has listed the properties in this blog article at the bottom. - If one of the VMs fails, is there a warning?
Yes, you will see a warning triggered on the cluster level. This is the result of a new Skyline Health Check that was also introduced as part of 7.0 U1. I created a demo that shows that you can watch the demo here. - I have upgraded my vCenter Server and the vCLS VMs are not getting provisioned, what can I do?
We have seen some situations where an error is logged (eam.log) which states “Can’t provision VM for ClusterAgent” and “due to lack of suitable datastore” and “Couldn’t acquire token due to: Signature validation failed”. In this case, the customer had two linked vCenter Server instances.
If you see this error, reset the STS certificate and restart the vCenter STS service and see if the VMs are now being provisioned (Thanks to Mina Botros(GSS) for providing this tip!). More details on how to stop/start a service can be found here. - I am getting an error stating “insufficient resources” on the vCLS VM power on event, how can I fix this problem?
We are not sure what is causing this problem right now, but it can be fixed by changing the per-VM EVC to disabled. This blog describes how to do this. - I am getting an error stating the following “Feature ‘MWAIT’ was absent but must be present” when the vCLS VM is powered on.
Please enable the MONITOR/MWAIT flag in the bios of the hosts in the cluster, as documented here.
“Can I customize the name of the vCLS VMs?
Today it is not possible to customize the name of the vCLS VM, this has been filed as a feature request and is considered for a future release”
In a lab environment, I was able to rename the vCLS VMs and DRS remained functional. Functionality also persisted after SvMotioning all vCLS VMs to another Datastore and after a complete shutdown/startup of the cluster.
Original vCLS VM names were vCLS (4), vCLS (5), vCLS (6).
New vCLs VM names are now vCLS (1), vCLS (2), vCLS (3).
Does this question, pertain to customizing the names of newly generated vCLS VMs, existing vCLS VMs, or both? Functionality “seems” to be working even though I’ve renamed the generated vCLS VMs in my lab.
Yes you can rename the vCenter entity, but if this VM is for whatever reason deleted by EAM a new VM with a new name with the “vCLS” naming scheme will be created again. Also, you are not supposed to do any ops on the VMs, so renaming is also discouraged. In other words, that it works doesn’t mean VMware will support it 🙂
but it is a valid point, I just updated my post and clarified that section
Also, any impact to rename the vCLS folder?
Yes there could be an impact, I just asked the engineering team and they (right now) advise against renaming the folder!
Another question. Does vCLS currently manage vSAN functions when VC is unavailable?
No
Hope it is in the roadmap
This sounds like steps towards a cluster vCenter, with real cluster FT like availability. Would not be surprised if Corfu was down there 🙂
Nice to have DRS, HA was already distributed, but given the number of solutions that use vCenter as an endpoint, I hope to see full vCenter cluster soon.
Hi Ducan,
how to put all hosts in maintenance mode in a vSAN cluster running vCLS VMs (without having a secondary storage)? The question is about my lab env (but can be interesting also for a prod env).
I’ve 4 hosts with vSAN enabled and sometime i shutdown all the environment.
Before the upgrade to 7U1, to shutdown my env, I turn off all the VMs, put all hosts in maintenance (without data migration) and finally power off the ESXi. Now i’ve some problems to perform a clean shutdown because the vCLS are running on vSAN (seems a chicken egg problem or i missing something)…
In my lab (3 clusters) I simply place all hosts in maintenance mode (one by one) and power them all off, I use the “no data migration” option after I power off all my VMs. It takes a bit of time for the last host to go into maintenance mode, but so far it just works. You are saying that this doesn’t work for you?
Hi Duncan, I just force shutdown the vCLS VM’s and then jump into Maintenance Mode. Quick and dirty. When I bring my lab back up the vCLS VM’s start automatically. What is the impact of doing this, even though the direction from VMware is to never interact with the vCLS VM’s.
I have just tested it 3 times, I do “maintenance mode” from the vCenter UI using “No Data Migration” and it just powers off the VMs running on the vSAN Datastore when I get to the last host.
Hi Duncan, well my vCenter Appliance is on that vSAN Cluster, so I have to shut it down. Trying to enter Maintenance Mode on the ESXi Host interface doesn’t allow you to stop the vCLS VM’s, as it might through the vCenter GUI. Kind of caught be-twixt & between perhaps.
In that situation you should use the “retreat” mode I discussed in this post. It will disable/delete the vCLS VMs, which will allow you to place it in maintenance mode.
Hi Duncan,
yes this doesn’t work for me. Today i changed some configuration on vSAN to have a clean shutdown….
My vSAN is configured with a default storage policy as Erasure Coding with FTT=1, all the VMs and vCLS VMs was configured to using it and with this configuration I’m not able to put the third host in maintenance (i wait about 45 minutes to put the host in maintenance without success). Due to unavailability of some vCLS VMs vSAN storage objects when the second host is put in maintenance, I’m able to power off the vCLS VMs without they can be restarted automatically and then i’m able to put in maintenance the 3rd and 4th Hosts.
Now i changed the vCLS VMs vSAN storage policy with a “simple” FTT=1 (2 mirrors & a witness component), whit this change i can have a clean ESXi maintenance/shutdown. The 3rd host is very slow to reach the maintenance (about 19 Minutes), but the 4th work as expected.
I don’t know if the problem can be related to my env but if not, can be useful have a “maintenance mode” for the vCLS VMs to be able to shutdown it.
One more question, the 3 vCLS VMs are deployed for every vSphere Cluster?
Benja
Are you doing the maintenance mode from the vCenter Server or from the command line? Which “data evac” option did you select?
Via vCenter (deployed on another ESXi outside the cluster) and “data evac” = “No Data Migration”
Is this a shift towards moving to microservices for vCenter or all vmware apps?
Mainly for clustering services right now, but I would expect decoupling to continue!
Why do I have four vCLS machines in my test lab instead of the max of 3 you state?
(vCLS (1), vCLS (2), vCLS (3), vCLS (4))
How many clusters do you have?
There’s two clusters, one management of one host, and one of compute with four hosts.
So you’re implying I’m picking up the forth for the single host management cluster? If I left the single management host out of a cluster, I’d drop to three?
Correct, drop the cluster and that 4th vcls VM will disappear.
We have several two nodes clusters (FC SAN, not VSAN). Some of them have two vCLS VMs, some others three vCLS. Some reason? (vCenter 7.0 u1, ESX still 6.7)
Single host cluster gets 1 VCLS VM. Two node gets two, three node or more gets 3.
I can post an image of a two nodes cluster with three vCLS VMs on Twitter if you think this is interesting.
I’ve seen it in my lab as well, it is usually an issue with a clean up. Just enable “retreat mode” (False) and disable it again (True). This should clean up the environment.
Bit of a nitpick but why does skyline health require CEIP? Are the health services of clusters sent back to vmare?
This is used for the “Skyline” part of the Healthcheck, which helps the support team during troubleshooting when you file a support request.
Thank you for this article. Had missing vCLS VMs after upgrade to vCenter 7.0.1. Tried Vmware support, and they basically told me to either restore vCenter from backup / snapshot or wait for a patch with no current ETA… Those solutions turned out to be unacceptable, as DRS was out of action and losing current vCenter was not an option. Resetting the STS certificate + restart all services absolutely did the trick and now the VMs were deployed – DRS working. This saved me a lot of trouble as a VI admin and I really appreciate it. 😀 😀
Thanks for the feedback, great to hear it solved your problem!
Hi Duncan,
I have a 2 host cluster and as expected 2 vCLS VMs. I started rebooting my hosts to check my HA setup (which worked fine) however more vCLS VMs are appearing and the old ones aren’t being deleted.
Should the oldest VMs be automatically deleted?
Thanks
Is this a lab environment or production? If you enable “retreat mode” and disable it again, all VMs should be cleaned up and new VMs should be created. However, if this is production, it may be useful to create a support request and upload the logs so it can be debugged.