vCloud Director not reporting CPU Utilization

I came across a customer site recently where their vCloud Director (vCD) 5.1 implementation was not reporting CPU utilization for Organisation Virtual Datacenters (Org VDCs). RAM and storage allocation was fine, just CPU was not showing a usage bar, and the mouse over tip reported 0% allocated.

Turns out this is a known issue with vCloud Director 5.1, and VMware have released KB 2054043 relating to this issue. Their advice (via the KB) is to:

  1. Upgrade vCloud Director to version 5.1.2 or later.
  2. Enable Elastic Allocation Pool mode for vCloud Director. To do this:
    1. Login to vCD as a System Administrator user.
    2. Navigate to Home > Administration > General.
    3. Unter the Miscellaneous section, check the box next to ‘Make Allocation pool Org VDCs elastic’.
    4. Click Apply to confirm the setting.

It may take a few minutes for the Org VDCs to update their utilisation settings for vCD, but soon after application of this settings, the CPU should report in the Org VDC > Monitor view along with RAM and storage allocation.

Note: Although the KB from VMware specifically mentions this for vCloud Director 5.1.x, this also affects vCD v5.5.x as well – so those using newer vCD versions may still need to apply the elastic setting for CPU to be reported.

vCAC 6.0.1, Inaccessible Tenants, and Missing Identity Stores

With vCAC 6.0.x, there is a bug in the SSO appliance where several symptoms present all at the same time:

  • Authentication to AD or LDAP identity stores fails, returning the user to the blank authentication screen.
  • When logged-in to the default tenant as administrator (usually ‘administrator@vsphere.local’), accessing tenant identity stores results in a ‘System Exception’ error.
  • Tenant Admins cannot add or edit identity stores.

This is a documented bug, as listed in VMware KB Article 2075011, and at the time of writing there is a workaround.

The issue as documented is the administrator account in the default tenant expires 90 days after implementation of the appliance. I came across this issue, and was for a while not understanding the syntax of the commands required to complete the workaround. So, here are the steps in minutia that should work for others implementing this same fix.

Note: Whatever is in highlighted code needs to be typed as single entry lines, with a return at the end to complete the command entry.

1. SSH to the SSO server IP address. Authenticate as the SSO Root User.

2. Reset the account control flag by issuing the following commands:

/opt/likewise/bin/ldapmodify -H ldap://localhost:389 -x -D “cn=administrator,cn=users,dc=vsphere,dc=local” -W <<EOF

When typing this command, you are not returned to the usual root prompt, but rather to a simple ‘>’ prompt. This is what stumped me for a bit….. At that prompt, enter the following commands. (Note: replace tenant_name instances in the commands below with the name of your own tenant).

dn: cn=tenantadmin,cn=users,dc=tenant_name

At the > prompt, enter:

changetype: modify

At the > prompt, enter:

replace: userAccountControl

At the > prompt, enter:

userAccountControl: 0

At the > prompt, enter:

EOF

You will be prompted for LDAP password. Enter the password for the default tenant administrator (usually ‘administrator@vsphere.local’).

Once authenticated, the message ‘Response: modifying entry “cn=administrator,cn=users,dc=tenant_name.”‘ is displayed, and the command prompt returns to the usual prompt.

3. Disable password expiration

by issuing the following commands:

/opt/likewise/bin/ldapmodify -H ldap://localhost:389 -x -D “cn=administrator,cn=users,dc=vsphere,dc=local” -W <<EOF

When typing this command, you are not returned to the usual root prompt, but rather to a simple ‘>’ prompt. This is what stumped me for a bit….. At that prompt, enter the following commands:

dn: cn=DCAdmins,cn=builtin,dc=vsphere,dc=local

At the > prompt, enter:

changetype: modify

At the > prompt, enter:

add: member

At the > prompt, enter:

member: cn=administrator,cn=users,dc=tenant_name

At the > prompt, enter:

EOF

You will be prompted for LDAP password. Enter the password for the default tenant administrator (usually ‘administrator@vsphere.local’).

Once authenticated, the message ‘Response: modifying entry “cn=DCAdmins,cn=builtin,dc=vsphere,dc=local”‘ is displayed, and the command prompt returns to the usual prompt.

4. Retry vCAC login to either the default or user tenants – the problem should be resolved and the login should work as normal.

Public Catalog Access for vApp Authors fails post-v5.5.1 Upgrade

vAppAuthorThis one stumped me for a little bit.

The private cloud in my lab is fairly simple in layout – 2 RHEL cells with a vCNS load balancer, shared NFS server and DB server. The Organisations are provisioned such that of the 3 tenants, one is a master tenant that is only used for creating and maintaining vApp templates, via a Public Catalog for sharing the templates for cloud provisioning and vCAC blueprint testing.

Running this configuration in with no changes to the default vCloud Director (vCD) roles worked fine – delegated LDAP users in the 2 user organisations were able to select vApp templates from the Public Catalog and deploy them locally. All good.

The issue came when the cells for vCD were upgraded to the latest v5.5.1 build. All of a sudden – vApp Author users out of the box could not see the public catalog despite having the role description ‘Rights given to a user who uses catalogs and creates vApps’.

After much digging and testing, I found that during the upgrade, the default permissions for the pre-defined roles in vCD had changed. Prior to the 5.5.1 update, the specific permission ‘View Shared Catalogs from Other Organisations’ was checked by default, so users with this role had this permission by default. Post-5.5.1 upgrade, this had been removed.

Solution. Simple enough – log in to the vCD instance as a System Administrator user, select ‘Administration > Roles’. Edit the vApp Author role, and open ‘All Rights > Catalog’. Check the box next to: ‘View Shared Catalogs from Other Organisations’. Click OK and return to vCD.

All the assigned users who have this permission will be updated in global fashion, but those already logged-in to the vCD portal may need to re-authenticate to obtain the new permission settings.

5 Reasons to Attend South West UK VMUG

vmug-sw-logoAs many people will be aware, there are many reasons to go to local VMUG meetings. Many people may not be aware that there is a new VMware User Group being started in the South West. Based in Bristol, the South West UK VMUG aims to bring the best of virtualization, technology, chat, networking opportunities and general cool stuff to the whole of the bottom left side of the UK. We aim to hold 3 free events in the city each year, with the first scheduled for 18th February 2014.

But why come along? Amongst many others, here are the top 5 reasons for coming to the South West UK VMUG meeting:

1. Rockstar Speakers

joe-200x301We are super lucky to be kicking off our meetings with a keynote speech by Joe Baguley, Chief Technology Officer of EMEA for VMware. Aside from running a huge company like VMware, Joe is a very ardent supported of local VMUGs, and we’ve been very lucky to secure some of his time. Joining Joe in the speaking slots are storage technology firm and platinum event sponsors Nutanix, Nathan Prisk from Falmouth University and VMware staffers Peter von Oven and Arash Ghazanfari.

2. Getting Involved in the Community

VMUG events are hugely popular and are often a gateway for people to get involved in the virtualization community. VMUGs are all about networking, communicating with other like minded individuals to form new business and technology relationships, and to expand networks to new area’s – both from a technology and a geographical perspective. VMUG events attract a cross section of the business and technology world, from those just starting out to seasoned professionals who have been in the business for years, from boardroom members to junior technical staff. Everyone is invited, everyone is welcome, and nobody pays a dime!

3. Free Training / VCDX Practice

In addition to the usual community sessions run as part of the VMUG agenda, we are also planning a coupke of extra sessions for registered attendees in the morning:

  • FREE TRAINING – delivered by another VMware Community Rockstar: Mike Laverick. A former VMware Certified Instructor, Mike is a VMware and technology evangelist, and will be delivering some free training for VMware beginners on 18th February. If you are interested, please leave a comment or get in touch!
  • VCDX Practice – organised by the community, those planning to do the top-flight VMware Certified Design Expert exam are invited to an informal study group, to practice defence sessions as we help each other to achieve VCDX status.

4. vBeers

For a little post-VMUG networking, there is also a Bristol vBeers event, starting at 5pm in a local Bristol bar (the Piano & Pitcher). Sponsored by 10zig, vBeers is an opportunity to enjoy a beverage or 2 and do some more networking. Couldn’t attend the afternoon sessions? Catch-up with the sponsors and find out all the latest information.

5. Free Stuff!

vmug-prizesEveryone likes to get something for nothing – right? There are lots of freebies on offer at South West UK VMUG:

  • Free Registration. Pay nothing to get in, and all the sessions are available to attend gratis.
  • Free lunch. Join us from 12pm to get signed-in and enjoy a bite in the process.
  • Free Training. New to VMware? Register for the morning sessions. (See above).
  • Free Beers. Join us at vBeers afterwards, sponsored by 10zig.
  • Free Stuff. We have many prize draws, including VMworld 2013 bags filled with goodies, t-shirts, mugs, pens, notebooks and other techie goodies!

So, what’s not to like about the up-coming South West VMUG meeting on 18th February? See the full agenda here, or register to attend for FREE on our VMUG.com Community website.

Follow us on Twitter for news and updates: @SWUKVMUG

South West UK VMUG: Agenda

The official agenda has been released for the up-coming first South West UK VMUG. Registration is open now via our VMUG Community page. So, what’s on?

Time Agenda
 9.45am – 10.00am  Registration for Free VMware Training Session and VCDX Practice Session delegates
 10.00am – 12.00pm  Free VMware Training Session by Mike Laverick (@Mike_Laverick), and VCDX Practice Session by Craig Kilbourn (@Craig_Kilbourn)
 12.00pm – 1.15pm  Main delegate registration, plus buffet lunch
1.15pm – 1.30pm  Welcome from the VMUG Leaders
1.30pm – 2.15pm  VMware Session – End User Computing by Peter von Oven (@pvo71) and Arash Ghazanfari
 2.15pm – 3.00pm  Platinum Sponsor Vendor Session: Nutanix
 3.00pm – 3.30pm  Breakout (Tea / Coffee)
 3.30pm – 4.15pm  Community Session: Falmouth University deployment of 10zig solution
 4.15pm – 4.30pm  Delegate Feedback and Prize Draws
4.30pm – 5.00pm Closing Keynote: Joe Baguley, VMware CTO, EMEA (@joebaguley)
5.00pm onwards Bristol vBeers @ Piano & Pitcher, Bristol (approx. 200m from the VMUG venue)

We look forward to meeting you on the 18th February at Bristol mShed!