Since PowerCLI has gotten so powerful, the vSphere Management Assistant (vMA) seems to be obsolete. But it is still a great management tool and indispensable for some monitoring tasks, so it is really worth to keep the opportunities in mind. In this post i want to give a brief introduction about the installation and basic configuration of the new vMA 5.0 delivered with vSphere 5.
First of all for those of you who know nothing about the vMA, it is a virtual appliance provided by VMware that allows to manage the vCenter or ESX Hosts and run scripts without having to authenticate each time. It is a small linux appliance delivered with all necessary tools out of the box.
- Unzip vMA
- Connect to a vCenter Server using vSphere Client
- Select File > Deploy OVF Template
- Click Browse and select the vMA-126.96.36.199-472630_OVF10.ovf
- Accept the license agreement
- Specify name, cluster and datastore
- Select the network mapping (ignore the IP pool warning)
- Use the fixed IP Address Allocation
- Do not enter a IP address at the next step
The vMA should now be deployed to your vSphere cluster and you will end up with a new VM in you inventory. But at this point you can not power on the VM since there is no IP pool configured. If you try to boot the VM will you get an error message like this:
Cannot initialize property 'vami.DNS0.vSphere_Management_Assistant_(vMA)', since network 'VM Network' has no associated IP pool configuration.
To get the vMA started you have to disable the vApp Option:
- Rightclick your vMA in your inventory an select "Edit Settings..."
- Click the Options Tab
- Click vApp Options
- Select "Disable" and confirm the warning
- Click OK to close the window
The vMA is now ready to get powered on. If you are using DNS you should create an appropiate A-Record at this point. I have created an Forward- and Reverse-Lookup Record. Now you can open the console and power on the vMA. After the fsck has finished the vMA asks for the network configuration:
- Select [n] at the IPv6 SLAAC question
- Select [n] at the IPv4 DHCP question
- Enter IP-Address, Netmask, Gateway, DNS Server, Hostname and Proxy (if required)
The next step is to select a password for the vi-admin user. You have to enter a really secure password containing at lease eight characters, one upper case character, one lower case character, one numeral character and a symbol such as %&#. It took me a few trys to find one the system doesn't complain about. After the password has been set the vMA is ready to use. You do not need to login through the Web-Client as this does only support changing the IP-Address configuration. Close the console window and open up a ssh session with putty for example. Login with the vi-admin user and your password.
The vMA is now ready to use.
Configure Active Directory
To manage your vCenter without entering the password everytime or storing the password in vMAs credential store you can join the actice directory domain. In this example i am using the following configuration:
AD IP address: 192.168.222.1
vCenter IP address: 192.168.222.2
vMA IP address: 192.168.222.3
Domain name: lab.virten.net
vMa hostname: vma.lab.virten.net
Prior to join the domain i make sure that forward and revers DNS works:
vi-admin@vma:~> nslookup 192.168.222.3 Server: 192.168.222.1 Address: 192.168.222.1#53 188.8.131.52.in-addr.arpa name = vma.lab.virten.net. vi-admin@vma:~> nslookup vma.lab.virten.net Server: 192.168.222.1 Address: 192.168.222.1#53 Name: vma.lab.virten.net Address: 192.168.222.3
To join the domain you have to sudo and use the domainjoin-cli script:
vi-admin@vma:~> sudo domainjoin-cli join lab.virten.net administrator
- The first password you have to enter is the vi-admin password that has been set during the first boot of the vMA.
- The second password is the password of the domain administrator.
- Restart the vMA after successful domain join:
vi-admin@vma:~> sudo reboot
After the vMA has restarted, login as vi-admin again and run the following command to register the vCenter as target:
vi-admin@vma:~> vifp addserver vc.lab.virten.net --authpolicy adauth --username lab.virten.net\\administrator
vi-admin@vma:~> vifp listservers --long vc.lab.virten.net vCenter adauth vi-admin@vma:~>
Set the vCenter as default target:
vi-admin@vma:~> vifptarget --set vc.lab.virten.net vi-admin@vma:~[vc.lab.virten.net]>
Now you can run commands against your esx hosts, esxtop for example:
vi-admin@vma:~[vc.lab.virten.net]> resxtop --vihost esx01.lab.virten.net
Pingback: VCAP5-DCA Objective 8.2 – Administer vSphere using the vSphere Management Assistant « Adventures in a Virtual World
Great Post, very helpful to me while setting up my lab environment for VCP-5 Exam. Many thanks!
Not sure if I missed an article but after setting up vMA I entered "resxtop --vihost esx01.lab.virten.net" for my host but was prompted for the administrators password which did not work. Should I have the ESX host configured for AD authentication?
Your ESXi host does not need to be configured with AD authentication. If you are connected to your vCenter using fastpass you should not be prompted for any credentials.
Is your ESXi host added to the vCenter you are using?
Another issue could be if you are using vSphere 5.1 and get an errormessage like "Login failed, reason: HTTPS_CA_FILE or HTTPS_CA_DIR not set." You can find a comment on this topic here: http://blogs.vmware.com/vsphere/2012/11/resxtop-fails-to-connect-to-a-vsphere-5-1-host.html
Pingback: Nagios Check: VMware Virtual Machine Snapshot Age | Virten.net
But here writed:
vi-admin@vma:~> vifp listservers --long
vc.lab.virten.net vCenter adauth
adauth - means tah tactive directory authentification is used.
So vcenter must be added with fastpast (fpauth) authentification ar AD (adauth)?
The vCenter was previously added with:
vifp addserver vc.lab.virten.net --authpolicy adauth --username lab.virten.net\\administrator
"Your ESXi host does not need to be configured with AD authentication. If you are connected to your vCenter using fastpass you should not be prompted for any credentials." ----->
So if you are connected to your vCenter using adauth (not a fastpass), you should be promted credentials? Am I right? If Yes why-->
"The vCenter was previously added with:
vifp addserver vc.lab.virten.net –authpolicy adauth –username lab.virten.net\\administrator"