VMware vSphere Express Scan
Overview Copied
AutoMonitor allows users to quickly and effortlessly discover and import hosts into their Opsview Monitor environment. The new wizard-based functionality simplifies and automates the scanning and configuration steps providing a fast and reliable way of maintaining continuous monitoring of your changing Enterprise landscape.
VMware vSphere Express Scan provides a configuration wizard to guide you through and quickly discover VMware objects (ESXi Hosts, VMs, Datastores, Resources Pools) within a given vCenter or ESXi Host and automatically import them into Opsview Monitor.
VMware vSphere Express Scan Copied
ESXi hosts discovered by the VMware Scan will be imported into the following Host group Structure:
Opsview > AutoMonitor > VMware vSphere Express Scan > {VMware server} - ESXi > {ESXi Hostname}
Virtual Machine guests discovered by the VMware Scan will be imported into the following Host group Structure:
Opsview > AutoMonitor > VMware vSphere Express Scan > {VMware server} - VMs > {Virtual Machine Hostname}
This scan will inspect discovered Hosts to allocate relevant Host Templates from the following list:
- OS - VMware vSphere ESXi Host
- OS - VMware vSphere ESXi Guest
- OS - VMware vSphere ESXi Datastore
- OS - VMware vSphere ESXi Resource Pool
- OS - VMware vSphere vCenter
See more information about Host Templates within the OS - VMware vSphere Opspack.
Prerequisites Copied
In order to access the AutoMonitor Application and run a VMware Express Scan, the following permissions are required:
VMware vSphere Credentials Copied
Credentials for | Privilege Name | Description |
---|---|---|
vCenter | Global > Act as vCenter Server | - Allows Automonitor Scan to discovery ESXi Hosts, VMs, Datastores, Resource Pools and other VMware elements through vCenter - Allows Opspacks to be informed of vMotion send and receive operations |
ESXi | Root > - Alarm - Datacenter - Datastore - HealthUpdateProvider - Performance - System - VirtualMachine |
- Allows Automonitor Scan to discovery ESXi Hosts, VMs, Datastores, Resource Pools and other VMware elements through ESXi - Allows relevant Host Templates to be allocated and Service Checks to retrieve metrics for the discovered resources |
Warning
If the ESXi user to be used for monitoring is part of a role with lower privileges than root (e.g. read-only), it needs to be added to the SystemConfiguration.Administrators group. If the VMware server account DOES NOT have the right permissions, VMware Scan will fail.
Note
Depending on your organisation structure, you may prefer to NOT give user permissions to CONFIGUREHOSTGROUPS and/or have access to the Opsview Host Groups. In this case, you need to create the Host Group Structure in advance (Opsview > Automonitor > VMware Express Scan > Server - ESXi and Opsview > Automonitor > VMware Express Scan > Server - VMs) and provide access only to the Server - ESXi and Server - VMs Host Groups to the user(s) running a VMware AutoMonitor Scan.
Run a Scan Copied
AutoMonitor VMware Express Scan feature is accessible from the Configuration > AutoMonitor menu. When selecting this option you will be presented with the following screen:
Select VMware to start with the AutoMonitor VMware Express configuration wizard
In the configuration wizard (VMware > Input your vCenter or ESXi credentials), as per the screen shown below, you need to enter the following information.
-
Your vCenter or ESXi Server: Hostname or IP address of your VMware vSphere Server. If you are using vCenter then this should be the name or address of the vCenter, otherwise, it should be the ESXi host.
-
Account name and Password: Admin credentials
When running a VMware Express Scan using vCenter credentials, the discovered and imported ESXi Hosts will use those credentials to run relevant Service checks. If your ESXi Hosts have different credentials, you will have to manually re-configure the default variable VSPHERE_ESXI_CREDENTIALS
value (in Configuration > Variables
) so the Service Checks can connect and retrieve metrics for ESXi Hosts, VMs, Datastores and Resource Pools.
When running a VMware Express Scan against either vCenter or ESXi host, AutoMonitor will try to ensure the correct global variables are set, to ensure Host checks and Service checks are green once Apply Changes has been completed after scanning. There may be occasions, like a specific case above, where checking the following Global Variable values after the scan has run would ensure Service checks are green:
- VSPHERE_CERTIFICATES (more information below on host certificates)
- VSPHERE_ESXI_CREDENTIALS
- VSPHERE_VC_CREDENTIALS.
Once you have entered the relevant information for the required fields, the “Start Scan” button will be enabled for you to proceed when you are ready to start the scan.
If the credentials are invalid or fail to be authorised, the following error message will be displayed:
If the following Connection timed out - service did not respond
message appears this indicates that something in the back-end failed to respond in a timely fashion. This may indicate that the back-end is overloaded or that there is a network outage. Alternatively, a Connection has timed out
error indicates some other operational error has occurred during the authentication process.
Upon successful authorisation, the Scan starts by interrogating the server for a list of Virtual Machines (VMware guests) to scan. The Virtual Machines will only be scanned if they are running VMware Tools. Once the scan has started the progress bar will be displayed which indicates how many of the discovered Virtual Machines have been scanned:
As the scan is being carried out, it can be aborted by hovering over the ‘Abort’ button which displays a panel to confirm the aborting of the scan. Once the ‘Yes’ button is clicked, the form from the previous page is displayed and the scan is aborted. Note that if the scan is close to finishing then it may be completed before it can be aborted.
If an unrecoverable error occurs during the scan, the following error page will be displayed:
A connection timed out
message indicates that something in the back-end failed to respond in a timely fashion. This may indicate that the back-end is overloaded or that there is a network outage. Alternatively, a Sorry there was an error that we can't identify
message indicates that some other error occurred during scanning. This may indicate a system outage or configuration problem. Scans will recover from short Datastore (i.e. CouchDB) outages. However, if an outage lasts longer than one hour the scan will time out with and show this error message.
If such errors occur, you can click Try again to restart the scan. You can also view the log to understand what the problem could be, for example, you might see access denied when creating Host Group or importing Host, in which case, check you have sufficient permissions to either create or write to the desired Host Group.
When the scan completes the following screen will be displayed:
At this point, you can click on Apply Changes to trigger a system reload and start monitoring the scanned hosts. Clicking on New will allow you to start another scan. Hosts that have already been imported will be disregarded and will NOT be re-imported by later scans:
Clicking View log will display a detailed list of the steps completed by the scan:
If the scan fails for some reason, View log is a good way to help diagnose the problem.
Once the scan has finished, you can see the pending hosts by clicking the Host Settings link. It is worth noting at this point you may wish to check the host configurations to ensure the details are correct, as although AutoMonitor tries its best to fill them in correctly, you may have a case where the credentials used for scanning are NOT the same credentials that are required by the service check.
Host Certificates Copied
The AutoMonitor scan does not use certificates for host checking. However several of the service checks do use certificates for host identification checks. You have two options:
-
If you have already uploaded certificates, you can configure the
VSPHERE_CERTIFICATES
variable with the location and names of uploaded certificates. The service checks will then pick up the value of this variable. These certificates should be owned by user root, group opsview, and mode 0440. (Running a VMware vSphere scan will not override this variable if it has already been set.) -
Secondly, you could upload your certificates to the location below, because if the scan used SSL for authentication (highly likely) the AutoMonitor configures the
VSPHERE_CERTIFICATES
host variable to use the following filename for the Certificate Authority PEM file:/opt/opsview/monitoringscripts/etc/certs/<VMware server>
-
To install files in the above directory, it is recommended that you use the
orchestratorimportscripts
helper tool. This command line tool will place the certs in the correct directory and signal that you need to execute the Apply Changes action in the Opsview Monitor user interface. For example, after giving your certificate file a filename matching your VMware server name:sudo -u opsview /opt/opsview/orchestrator/bin/orchestratorimportscripts etc-certs /path/to/cert/source/<VMware server>
Note
In a clustered environment (multiple clusters and collectors) these certificates should be uploaded to the Master Monitoring Server and ALL collectors. To do this, follow the steps above, and then run Apply Changes.
If you want to manage certificates in a sub-folder of
/opt/opsview/monitoringscripts/etc/certs
, theorchestratorimportscripts
tool can also be pointed at a directory structure to replicate that in the right location with the right permissions. Then update theVSPHERE_CERTIFICATES
host variable paths and run Apply Changes.
Variables Copied
- When running a VMware Express Scan using vCenter credentials, the discovered and imported hosts will use those credentials to run relevant Service checks. All vCenter service checks will run using these credentials. For ESXi (non-vCenter) service checks to work correctly, populate the
VSPHERE_ESXI_CREDENTIALS
global variable manually (in Configuration > Variables), before or after running the scan. If some hosts require a different set of credentials, theVSPHERE_ESXI_CREDENTIALS
variable can be set at the host level where needed to override the global variable, after the hosts have been imported. - When running a VMware Express Scan using ESXi credentials, the global
VSPHERE_ESXI_CREDENTIALS
variable does not need to be set, as each discovered and imported host will be populated with the relevant credentials variable.
Considerations Copied
- We recommend running a scan against VMware vCenter if you have one, it’s the quickest and easiest way to import your VMware estate and get monitoring up and running.
- AutoMonitor VMware Express Scan now supports running on Master Monitoring Server or one of the Clusters. The cluster on which the scan is run is selected by an algorithm that probes the connectivity to the vCenter or ESXi server being scanned and selects the Cluster that has the best connection. Once selected, the imported hosts are then monitored by the cluster that discovered them.
- If you have run a vCenter scan, the imported VMware vCenter server host and ESXi hosts will have “TCP port 443 (HTTP/SSL)” host check set by default. If you have disabled this on your specific VMware vSphere instance then you will need to manually modify the Host Check to a relevant one.
- If you have run an ESXi scan, the ESXi hosts will have “TCP port 443 (HTTP/SSL)” host check set by default. If you have disabled this on your specific VMware vSphere instance then you will need to manually modify the Host Check to a relevant one. If the scan has discovered a vCenter VM on that ESXi host, that VM will be treated as a guest VM, and default host check will be “ping”.
Troubleshooting Copied
-
After importing Hosts from a VMware Express Scan using vCenter credentials, some service checks may report UNKNOWN state due to a missing password variable. To resolve this issue, the
VSPHERE_ESXI_CREDENTIALS
variable must be populated correctly at either the global variable level (Configuration > Variables), or on the specific host with the UNKNOWN check. -
To successfully run a VMware vSphere Express Scan, the DNS must be configured correctly. If the master or collector performing the scan cannot resolve a hostname or IP address using DNS or the
/etc/hosts
file, the following error will occur:Unable to locate Host 'host.ad.domain.com': Authentication may also fail
.