vSAN - Update vSAN HCL DB Offline using manual process and PowerCLI
Internet Access is overrated
Context
As we know one of the most important recommended practices for VMware vSAN is to keep as close as possible to VSAN HCL.
To make our life easier VMWare vCenter has the functionality of validating if the hardware, drivers and firmware installed are aligned with that HCL, removing the operational pain of checking it manually in a regular basis, since the same way that items are added to the HCL, some items are also removed or stop being supported after ESXi upgrades.
This functionality requires that vCenter has_internet access_ to download the vSAN HCL DB file that is kept in json format @vSAN HCL DB file.
However… sometimes Internet Access is not an option, not even via proxy, so the only option is to download the file using our desktop, as an example, and then upload it to the vCenter.
Can we download vSAN HCL DB file and then update our vCenter vSAN HCL DB offline?
Yes, we can do it
The process is relatively simple and quiet well documented in VMware KB 2145116.
In summary the process has 4 simple steps, as described in the VMware KB article mentioned before.
- Log in to a workstation where you have internet access.
- Open the below link in browser: https://partnerweb.vmware.com/service/vsan/all.json
- Save the file as all.json. If you are unable to save the file, you must copy the entire content and create a new file with extension “*.json”.
- Copy the file to another workstation which connects to the vCenter. Log in to vCenter server from there, and upload the file to the vCenter.
As we can see, is not a difficult process.
If it is an easy process and well documented, why script it then ???
Because we can… ihihihih
When it is a case of one or two vCenters probably it would be a bit overkill to do it.
However, if it is a recurring task, or if we need to upload the vSAN HCL DB file to an hand full of vCenters why not script it instead.
Let’s start building our script from the simple use case of a single vCenter, to a use case where we have multiple vCenters that share the same credentials.
The magic cmdlet - Update-VsanHclDatabase
We can upload a vSAN HCL DB file using a PowerCLI cmdlet.
PS > get-help Update-VsanHclDatabase
NAME
Update-VsanHclDatabase
SYNOPSIS
This cmdlet updates the vSAN hardware compatibility list (HCL)
database.
SYNTAX
Update-VsanHclDatabase [-FilePath <String>] [-RunAsync]
[-Server <VIServer[]>] [-Confirm] [-WhatIf]
[<CommonParameters>]
Simple case - single vCenter
These is an example how we can build a quick Powershell/PowerCLI script to upload vSAN HCL DB file to a single vCenter
- 4 Input parameters:
- $vcenter - vCenter FQDN/IP to connect to
- $username - vCenter username with enough privileges to manage vCenter and vSAN configuration
- $password - vCenter password to be used (password is hidden while being typed and then encrypted inside the script)
- $vsanHCLDBFile - downloaded vSAN HCL DB file complete path
The download of the vSAN HCL DB file could also be scripted, but is not covered in this post assuming the file is download beforehand.
param(
[Parameter(Position=1,
Mandatory = $true, ValueFromPipeline = $true)] `
[string]$vcenter,
[Parameter(Position=2,
Mandatory = $true, ValueFromPipeline = $true)] `
[string]$username,
[Parameter(Position=3,
Mandatory = $true, ValueFromPipeline = $true)] `
[System.Security.SecureString]$password,
[Parameter(Position=4,
Mandatory = $true, ValueFromPipeline = $true)] `
[string]$vsanHCLDBFile
)
Write-Host "-> Connect to vCenter $vcenter" -ForegroundColor Green
$vcenterConnection = Connect-VIServer -Server $vcenter -User $username `
-Password ([System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)))
Write-Host "--> Upload vSAN HCL file $vsanHCLFile" -ForegroundColor Cyan
Update-VsanHclDatabase -FilePath $vsanHCLDBFile
Write-Host "-> Disconnect from vCenter - $vcenter - WLD $wld" -ForegroundColor Green
Disconnect-VIServer -Server $vcenterConnection -Confirm:$false -ErrorAction SilentlyContinue
And if we have more than one vCenter
For this use case and to make it more interesting, let’s use a VMware Cloud Foundation (VCF) deployment as an example of multiple vCenters connected to the same SSO/PSC.
In a VCF deployment, you can have multiple Workload Domains (WLD), and each of these WLD will have their own vCenter.
To simplify the script let’s agree with a naming convention for the vCenters FQDN:
- vc-< dc name >-< wld >-< dc # >.lab.local
- < dc name > - datacenter identifier, in our example: dc01
- < wld > - WLD name, in our example: mgmt, prod, stg, qa, dev
- < dc # > - datacenter # id, in our example: 20
- 4 Input parameters:
- $dcName - _datacenter name to be used
- $username - vCenter username with enough privileges to manage vCenter and vSAN configuration
- $password - vCenter password to be used (password is hidden while being typed and then encrypted inside the script)
- $vsanHCLDBFile - downloaded vSAN HCL DB file complete path
The download of the vSAN HCL DB file could also be scripted, but is not covered in this post assuming the file is download beforehand.
param(
[Parameter(Position=1,
Mandatory = $true, ValueFromPipeline = $true)] [string]$dcName,
[Parameter(Position=2,
Mandatory = $true, ValueFromPipeline = $true)] [string]$username,
[Parameter(Position=3,
Mandatory = $true, ValueFromPipeline = $true)] [System.Security.SecureString]$password,
[Parameter(Position=4,
Mandatory = $true, ValueFromPipeline = $true)] [string]$vsanHCLDBFile
)
# Our workload domain names
$wlds = @("mgmt", "prod", "stg", "qa", "dev")
# Our datacenter ID
$dcID = "20"
# Our vCenter naming convention
$vcenterNameTemplate = "vc-$dcName--$dcID.lab.local"
Write-Host "-> Update vSAN HCL DB list of datacenter $dcName (ID $dcID) vCenters" -ForegroundColor Green
# Cycle through all our WLDs
foreach($wld in $wlds) {
# replace with the WLD name to finish of vCenter FQDN to connect to
$vcenter = $vcenterNameTemplate.Replace("", $wld)
Write-Host "--> Connect to vCenter - $vcenter - WLD $wld" -ForegroundColor Green
$vcenterConnection = Connect-VIServer -Server $vcenter -User $username `
-Password ([System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)))
Write-Host "---> Upload vSAN HCL file $vsanHCLFile" -ForegroundColor Cyan
Update-VsanHclDatabase -FilePath $vsanHCLDBFile
Write-Host "--> Disconnect from vCenter - $vcenter - WLD $wld" -ForegroundColor Green
Disconnect-VIServer -Server $vcenterConnection -Confirm:$false -ErrorAction SilentlyContinue
}
Some of the scripts shown above can be done in one liners, but for the sake of structure and clarity I kept it this way.
Summary
This post gives a quick look in how to keep up-to-date vCenter vSAN HCL DB when internet connectivity is not available.
The post details three options:
