Tag Archives: vMA

vMA 6: Recover vi-admin Password and Remove Password Complexity

When you've installed the vSphere Management Assistant 6.0 (vMA) you very like came across its very strict password policy. With this requirements, the password recovery for vMAs is a common tasks. This post explains how to recover forgotten vMA passwords and how to use insecure, simple passwords for lab uses.vma-bad-password

Please provide a password for the vi-admin user.
BAD PASSWORD: to short
BAD PASSWORD: it is based on a dictionary word
BAD PASSWORD: is too simple
...Have exhausted maximum number of retries for service

Read more »

How to Create a Cron Job on vMA

The vMA (vSphere Management Assistant) is a virtual appliance provided by VMware that allows to manage vCenter Server or ESX Hosts and run scripts. You can also use it to run script periodically with cron. It is a small linux appliance delivered with all necessary tools out of the box. I usually deploy a vMA on each platform. This post describes how to prepare scripts to be used with cron and how to create cronjobs. The process is very similar on all vMA versions from vSphere 4.0 to vSphere 5.5.

Read more »

Howto install Ruby vSphere Console (RVC) on vMA 5.x

With the release of vSphere 5.5, VMware supports a new command line utility: Ruby vSphere Console (RVC). RVC is a Ruby based interactive object oriented command line utility. It was initially released as a Fling some years ago. RVC has support for both, the Windows version of vCenter Server and the vCenter Server Appliance (VCSA). It is similar to other command line tools like PowerCLI or ESXCLI and can be used to manage and troubleshoot vSphere environments. In this post I am going to show how to install RVC on the vSphere Management Assistant (vMA).

rvc

Read more »

Howto Check Network Port Availability from vMA

VMwares vSphere Management Assistant does not have much tools available. When you vMA is behind a firewall you might want to check if ports are reachable for troubleshooting purposes. As the vMA does not come with telnet or netcat you can use the built in bash feature:

Read more »

ESXi 5.1 - ESXCLI Command Mindmap

With vSphere 5.1 the command line interface esxcli has introduced many new features. The esxcli is a complete set of commands that you can use to automate you environment or to perform advanced tasks like lun masking. I have created and printed a mindmap to navigate through the namespaces more quickly

ESXCLI has 10 namespaces whose names are self-explaining: Read more »

Using SSH Public Key Authentication with vMA

If you are using the vSphere Management Assistant (vMA) on a daily bases you might want to simplify the login process. Public Key authentication is an authentication method that relies on a generated public/private keypair and enables the login without entering a password.

What do you need?

  • PuTTY (The well known SSH Client)
  • PuTTYgen (To genereate your SSH Key)
  • Pagent (The SSH authenticatien Agent, required for key authentication)

Read more »

Free Active Directory for your VMware Lab using Samba 4 (UCS 3.1)

Are you looking for a free alternative for a Windows based Active Directory controller? The recently published version 4 allows Samba to be an Active Directory domain controller, participating fully in a Windows Active Directory Domain. This is a great replacement for a Windows based AD Controller if you want to use Active Directory features in your Lab.

With the new release of the Univention Corporate Server 3.1 (UCS) you can deploy your Samba 4 Controller in a few minutes. The quickest way is to use the preinstalled VMware Images. Read more »

Getting started with vMA 5

Since PowerCLI has gotten so powerful, the vSphere Management Assistant (vMA) seems to be obsolete. But it is still a great management tool and indispensable for some monitoring tasks, so it is really worth to keep the opportunities in mind. In this post i want to give a brief introduction about the installation and basic configuration of the new vMA 5.0 delivered with vSphere 5.

First of all for those of you who know nothing about the vMA, it is a virtual appliance provided by VMware that allows to manage the vCenter or ESX Hosts and run scripts without having to authenticate each time. It is a small linux appliance delivered with all necessary tools out of the box.

Download VMA:
http://www.vmware.com/support/developer/vima/

Installation Guide

  • Unzip vMA
  • Connect to a vCenter Server using vSphere Client
  • Select File > Deploy OVF Template
  • Click Browse and select the vMA-5.0.0.0-472630_OVF10.ovf
  • Accept the license agreement
  • Specify name, cluster and datastore
  • Select the network mapping (ignore the IP pool warning)
  • Use the fixed IP Address Allocation
  • Do not enter a IP address at the next step

The vMA should now be deployed to your vSphere cluster and you will end up with a new VM in you inventory. But at this point you can not power on the VM since there is no IP pool configured. If you try to boot the VM will you get an error message like this:

Cannot initialize property 'vami.DNS0.vSphere_Management_Assistant_(vMA)', since network 'VM Network' has no associated IP pool configuration.

To get the vMA started you have to disable the vApp Option:

  • Rightclick your vMA in your inventory an select "Edit Settings..."
  • Click the Options Tab
  • Click vApp Options
  • Select "Disable" and confirm the warning
  • Click OK to close the window

The vMA is now ready to get powered on. If you are using DNS you should create an appropiate A-Record at this point. I have created an Forward- and Reverse-Lookup Record. Now you can open the console and power on the vMA. After the fsck has finished the vMA asks for the network configuration:

  • Select [n] at the IPv6 SLAAC question
  • Select [n] at the IPv4 DHCP question
  • Enter IP-Address, Netmask, Gateway, DNS Server, Hostname and Proxy (if required)


The next step is to select a password for the vi-admin user. You have to enter a really secure password containing at lease eight characters, one upper case character, one lower case character, one numeral character and a symbol such as %&#. It took me a few trys to find one the system doesn't complain about. After the password has been set the vMA is ready to use. You do not need to login through the Web-Client as this does only support changing the IP-Address configuration. Close the console window and open up a ssh session with putty for example. Login with the vi-admin user and your password.

The vMA is now ready to use.

Configure Active Directory

To manage your vCenter without entering the password everytime or storing the password in vMAs credential store you can join the actice directory domain. In this example i am using the following configuration:

AD IP address: 192.168.222.1
vCenter IP address: 192.168.222.2
vMA IP address: 192.168.222.3
Domain name: lab.virten.net
vMa hostname: vma.lab.virten.net

Prior to join the domain i make sure that forward and revers DNS works:

vi-admin@vma:~> nslookup 192.168.222.3
 Server:         192.168.222.1
 Address:        192.168.222.1#53

3.222.168.192.in-addr.arpa      name = vma.lab.virten.net.

vi-admin@vma:~> nslookup vma.lab.virten.net
 Server:         192.168.222.1
 Address:        192.168.222.1#53

Name:   vma.lab.virten.net
 Address: 192.168.222.3

To join the domain you have to sudo and use the domainjoin-cli script:

vi-admin@vma:~> sudo domainjoin-cli join lab.virten.net administrator
  • The first password you have to enter is the vi-admin password that has been set during the first boot of the vMA.
  • The second password is the password of the domain administrator.
  • Restart the vMA after successful domain join:
vi-admin@vma:~> sudo reboot

After the vMA has restarted, login as vi-admin again and run the following command to register the vCenter as target:

vi-admin@vma:~> vifp addserver vc.lab.virten.net --authpolicy adauth --username lab.virten.net\\administrator

Verify settings:

vi-admin@vma:~> vifp listservers --long
vc.lab.virten.net vCenter adauth
vi-admin@vma:~>

Set the vCenter as default target:

vi-admin@vma:~> vifptarget --set vc.lab.virten.net
vi-admin@vma:~[vc.lab.virten.net]>

Now you can run commands against your esx hosts, esxtop for example:

vi-admin@vma:~[vc.lab.virten.net]> resxtop  --vihost esx01.lab.virten.net