Deploy VCSA 6.0 firstboot error

I was doing some tests in my lab and while deploying a new VCSA 6.0 I received an error that firstboot was unsuccessful. Not really a great error message if you ask me but okay. I had already validated DNS twice before I got started, but I checked it again just in case… DNS was all good, what else could it be? Figured NTP could be another problem and my friend William Lam confirmed that. I checked the host if NTP was configured and it was not for some reason. So I configured NTP on my ESXi hosts which was straight forward, but what about the VCSA I had deployed? Also not too complicated, I logged in via SSH and did the following:

  • ntp.get
    Will show “Status: Down”
  • ntp.server.add –servers 10.17.0.1
    This configures VCSA to fetch the time from ntp server to 10.17.0.1
  • timesync.set –mode NTP
    Make sure that the time sync is set to ntp
  • ntp.get
    Should show “Status: Up”

That should do it… By the way, you can simply check “resolv.conf” for DNS to see how it is configured today, also look at “hosts” for the host name etc.

Migrate from Windows vCenter to the vCenter Appliance

I thought that most people would have seen this awesome fling by now, but I received a couple of questions if it was already possible to migrate from the Windows vCenter Server to the vCenter Server Appliance. Surprisingly enough as William Lam wrote an excellent blog post on this subject. Anyway, this blog is just a simple short pointer to the Windows vCenter to vCenter Appliance migration tool and to William blog post. Read it, and go for it!

vCenter Server Appliance watchdog

I was reviewing a paper on vCenter availability for 6.0 and it listed a watchdog service which monitors “VPXD” (the vCenter Server service) on the vCenter Server Appliance. I had seen the service before but never really looked in to it. With 5.5 the watchdog service (/usr/bin/vmware-watchdog) was only used to monitor vpxd and tomcat but in 6.0 the watchdog service seems to monitor some more services. I did a “grep” of vmware-watchdog within the 6.0 appliance and the below is the outcome, it shows the services which are being watched:

ps -ef | grep vmware-watchdog
 root 7398 1 0 Mar27 ? 00:00:00 /bin/sh /usr/bin/vmware-watchdog -s rhttpproxy -u 30 -q 5 /usr/sbin/rhttpproxy -r /etc/vmware-rhttpproxy/config.xml -d /etc/vmware-rhttpproxy
 root 11187 1 0 Mar27 ? 00:00:00 /bin/sh /usr/bin/vmware-watchdog -s vws -u 30 -q 5 /usr/lib/vmware-vws/bin/vws.sh
 root 12041 1 0 Mar27 ? 00:09:58 /bin/sh /usr/bin/vmware-watchdog -s syslog -u 30 -q 5 -b /var/run/rsyslogd.pid /sbin/rsyslogd -c 5 -f /etc/vmware-rsyslog.conf
 root 12520 1 0 Mar27 ? 00:09:56 /bin/sh /usr/bin/vmware-watchdog -b /storage/db/vpostgres/postmaster.pid -u 300 -q 2 -s vmware-vpostgres su -s /bin/bash vpostgres
 root 29201 1 0 Mar27 ? 00:00:00 /bin/sh /usr/bin/vmware-watchdog -a -s vpxd -u 3600 -q 2 /usr/sbin/vpxd

As you can see vmware-watchdog is ran with a couple of parameters, which seem to different for some services. As it is the most important service, lets have a look at VPXD. It shows the following parameters:

-a
-s vpxd
-u 3600
-q 2

What the above parameters result in is the following: the service, named vpxd (-s vpxd), is monitored for failures and will be restarted twice (-q 2) at most. If it fails for a third time within 3600 seconds/one hour (-u 3600) the guest OS will be restarted (-a).

Note that the guest OS will only be restarted when vpxd has failed multiple times. With other services this is not the case as the “grep” above shows. There are some more watchdog related processes, but I am not going to discuss those at this point as the white paper which is being worked on by Technical Marketing will discuss these in a bit more depth and should be the authoritative resource.

** Please do not make changes to ANY of the above parameters as this is totally unsupported, I am mere showing the details for educational purposes and to provide a better insight around vCenter availability when it comes to the VCSA. **

Get your download engines running, vSphere 6.0 is here!

Yes the day is finally there, vSphere 6.0 / SRM / VSAN (and more) finally available. So where do you find it? Well that is simple… here:

Have fun!

vCenter 5.5 Update 1b with OpenSSL and SPBM fix!

For those not monitoring the VMware website like a hawk… VMware just released vCenter 5.5 Update 1b. This update contains a couple of fixes which are critical in my opinion. So make sure to upgrade vCenter as quickly as possible:

  • Update to OpenSSL library addresses security issues
    OpenSSL libraries have been updated to versions openssl-0.9.8za, openssl-1.0.0m, and openssl-1.0.1h to address CVE-2014-0224.
  • Under certain conditions, Virtual SAN storage providers might not be created automatically after you enable Virtual SAN on a cluster
    When you enable Virtual SAN on a cluster, Virtual SAN might fail to automatically configure and register storage providers for the hosts in the cluster, even after you perform a resynchronization operation. This issue is resolved in this release. You can view the Virtual SAN storage providers after resynchronization. To resynchronize, click the synchronize icon in the Storage Providers tab.

You can download the bits here.