VMware vSphere PowerCLI Reference. Graf Brian
Чтение книги онлайн.
Читать онлайн книгу VMware vSphere PowerCLI Reference - Graf Brian страница 8
Bringing In Users
Now that you have defined your roles, you can start using them. Until now, you have only been working with roles and privileges. Once you define what you want your user to be able to do, you need to add users and grant them access to the roles. You can then enable them to start using the features of the vSphere Web Client.
A role or privilege can be assigned to any of the objects within a vCenter Server. Each of the objects can be defined by different roles or privileges. Together, objects, roles, and privileges make up a permission set. Permission sets can be inherited; inheritance ensures that each object underneath a datacenter, cluster, resource pool, or folder gives the users the correct access privileges.
So it comes as no great surprise that, when adding a permission through PowerCLI, you must consider three areas:
Role The role that you will assign to the user
Principal The user or group to which you wish to assign permissions
Entity The object, folder, cluster, datacenter, or resource pool for which you would like to grant permissions to the user
In the code that follows, we grant a user (VSPHERE.local\User01) access to New Custom Role at the datacenter level:
After you’ve set up and tested individual permissions, you can export them to a readable, importable format. This eases multiple installations and the transfer of permissions to further vCenter Servers, and ensures consistency as well. We’ll show you how next.
Exporting Permissions
The script in Listing 1-9 exports all relevant information into a CSV file, which can later be used to import them back into the same or a different vCenter Server. Exporting the permissions can be a great way to satisfy a security audit or ensure the relevant departments or users have the correct permissions.
Listing 1-9: Exporting permissions
Importing Permissions
It is equally important to be able to import the permissions back into your vCenter Server. To do so, you can use the script in Listing 1-10. Understand that because of the way that permissions are created and stored in vCenter, you can only import back into the vCenter from which you exported the permissions.
Listing 1-10: Importing permissions
Configure Datacenters and Clusters
vCenter Server has a hierarchical management structure similar to that of Microsoft Active Directory. Three main containers can be added to vCenter Server:
• Datacenters
• Clusters
• Folders
Datacenters A datacenter is a logical container within vCenter Server used to store clusters, folders, and VMs; they are often named for the physical location where the hosts reside, such as “Boston” or “South West Datacenter.”
Clusters A cluster is defined as a group of like-configured computers that act in a fully redundant setup to ensure availability of applications and operating systems. A vCenter Server cluster is no different. Clusters are used in vCenter Server for three main functions: high availability, load balancing, and high-performance computing. A cluster is made up of two or more physical servers that provide resources for the hosts that are assigned to that cluster.
Folders A folder is a logical way to define how VMs or other vCenter Server objects are organized. Folders are often used to organize VMs into department owners or server functions.
Creating Datacenters
Datacenters are generally created as part of the initial setup process. The setup can be automated by using the following code, which will create a datacenter called Boston and store it in a variable. The Datacenter object held within the variable can then be referred to later in the code as you create clusters or folders:
Creating Clusters
Clusters are more complex than datacenters; there are many configurable items available for a new cluster. Consider the options the vSphere Web Client gives us: the normal cluster options as well as configuration options for VMware High Availability (HA), VMware Distributed Resource Scheduler (DRS), VMware Enhanced VMotion Compatibility (EVC), and VMware Distributed Power Management (DPM).
To create a new cluster in the Boston datacenter you created earlier, you can use the following code:
This code line gives you the basic settings. The sections that follow discuss the additional cluster settings available to you.
Configuring High Availability
When configured in a cluster, VMware HA gives you many advantages, including the following:
• Proactive monitoring of all vSphere hosts and VMs
• Automatic detection of vSphere host failure
• Rapid restart of VMs affected by host failure
• Optimal placement of VMs after server failure
Much like the configuration of a cluster through the vSphere Web Client, you can configure HA within a cluster either as part of the initial cluster setup or you can alter an existing cluster object. For example, to configure a new cluster named Production with HA enabled and an HA failover level of 1 physical host failure and the HA Restart Priority as Medium, you would use the code in Listing 1-11.
Listing 1-11: Enabling HA with a failover host level and restart priority on a new cluster
To complete this same action on an existing cluster, you first need to retrieve the cluster as an object and then push it down the pipeline into the Set-Cluster cmdlet, as shown in Listing 1-12.
Listing 1-12: Enabling HA with a failover host level and restart priority on an existing cluster
Configuring Distributed Resource Scheduler
VMware DRS is a configuration made at the cluster level of the vCenter Server environment that balances VM workloads with available host resources. With VMware DRS, you are able to define the rules for allocation of physical resources among the VMs. DRS can be configured for manual or automatic control. If the workload on one or more VMs drastically changes, DRS redistributes the VMs among the physical servers to