Posts

vSAN HCL Database Partnerweb Port Requirements

TL;DR - the vSAN HCL Database update from vCenter requires port 80 outbound to http://partnerweb.vmware.com/service/vsan/all.json. A little while ago, a customer of mine, in a restricted environment, was having issues getting the vSAN HCL Database updated in vCenter. Following https://kb.vmware.com/s/article/2109870 didn’t address the issue, but allowed them to update the DB manually. Outbound HTTPS traffic to partnerweb.vmware.com was whitelisted on the proxy, and 443 allowed on the firewall. Testing DNS and ports using curl showed that everything should be working, but we still couldn’t update the HCL DB.

How to replace a vCenter password in vRealize Suite Lifecycle Manager 8.1 using the API

Following along the theme of one of my previous posts on vRealize Suite Lifecycle Manager (vRSLCM) and its REST API, here’s another on replacing the password for a vCenter Server in a vRSLCM “Datacenter”. Similar to my previous post, we’ll be doing this in the Swagger UI as the ability to replace the password is not available in the standard vRSLCM UI (v8.1). The APIs used in this post are private and, as such, not supported by VMware.

Download a private GitHub Repo using AWS Lambda

As mentioned in this post I needed to download a private GitHub repo as a ZIP file. The GitHub repo containing this blog is now set to private (mainly to protect my backlog of drafts), which broke my AWS Lambda function (see here and here). Minimal changes were required from the functioning code, but there was a lot of testing. Some key changes were: Setting the GitHub Personal Access Token as a Lambda variable Modify the file download function to use custom headers Consuming the token from within Lambda to access and download the file The new function to download the repo:

How to download a private GitHub repository ZIP via API

As you may know from one of my recent blog posts, the blog you’re reading is a collection of Markdown and Hugo artifacts that, when ‘compiled’ with Hugo, creates a wonderfully lightweight website hosted out of AWS S3. My biggest gripe with my documented deployment from GitHub to S3 was the dependency on the GitHub repo being public. Anyone could see my published and unpublished content. As I’ve been spending quite a bit of time writing new posts, I wanted to protect the repo but still deploy the site automatically as I do now in AWS Lambda.

How to replace the vRealize Suite Lifecycle Manager 8.1 certificate using the API

I don’t like doing things manually. My previous post showing how to replace vRealize Suite Lifecycle Manager certificates using the GUI is straight forward, but it’s far too manual. I’m going to show you how to replace the certificate using the vRSLCM 8.1 API(which you can wrap in a script). You can use any tool to interface with the API. I stick to Postman, curl, or if the application provides it, a Swagger UI.

How to build a per-guest filesystem report in vRealize Operations using the 'Breakdown By' feature

Overview Back in my operational days, my team and I needed ‘pretty’ reports on all VMs in the environment. In almost every case, we needed to include metrics on Guest OS volumes. Back in vRealize Operations 5.x, 6.x and 7.x, I could never find a way report on all instances of a guest volume on many VMs. It always looked like this: Example of a not-so-pretty filesystem report out of vRealize Operations (8.

How to replace vRealize Suite Lifecycle Manager 8.1 self-signed certificate with a certificate from your Microsoft CA

This post covers the process of replacing a self-signed SSL certificate running on a vRealize Suite Lifecycle Manager (vRSLCM) 8.1 appliance. I’ll be using the UI to show you how to do it. Pre-requisites Make sure you have a defined a certificate template as per https://kb.vmware.com/s/article/2112009 Confirm your user account has the correct privileges to request certificates using Microsoft CA Web Server enrollment. At the least, find someone that can submit and approve it for you.

vRA 8.1 Custom Resource error: HTTP 500 when creating AD User custom resource

I’ve been spending some time in my vRealize Automation (vRA) 8.1 lab, specifically the Custom Resource capabilities backed by the embedded vRealize Orchestrator instance. I was following the AD User Custom Resource example from the Docs and kept receiving the following error in vRA: Failed to get request status: 500 Internal Server Error from POST http://tango-vro-gateway.prelude.svc.cluster.local:8080/vro/blueprint/blueprint-provider-request?operation=status 500 Internal Server Error when requesting the Custom Resource I was getting this message in vRA whenever I would try to deploy the Blueprint that contained the newly created Custom Resource.

Reference list of vRealize Automation's public cloud blueprint objects

I had a customer recently ask me what vRealize Automation (vRA) 8.1 was able to manage in the public cloud when using blueprints. While I had a very good idea as I’ve got it running in my homelab, I didn’t have any online reference list that I could direct them to. There just isn’t a simple list of it all for a customer to peruse before they have deployed it.

Update - Deploy a Hugo website from GitHub to S3 using GitHub Webhooks, API Gateway and Lambda

Avid readers, I bring to you a nice little update to one of my more popular posts on how to deploy a Hugo website from GitHub to S3 using GitHub Webhooks, API Gateway and Lambda. Since that post, AWS has stated that they will deprecate support for Python 2.7 starting 31st December 2020. Not only that, the requests module has been removed from the AWS SDK for Python so the file downloads that happen in my Lambda function stopped working.

vRealize Log Insight Content Pack for PFSense Firewall Logs

It’s been a while since my last post! I’ve been spending some time in my homelab with the latest vRealize Suite products. One of those fantastic tools is vRealize Log Insight. I won’t get into the details of the product, but one of the use cases I wanted to tackle for my homelab was ingesting any and all syslog messages I could find. A key piece of my homelab is a PFSense VM that I use for routing and firewall separation between my home network and the components nested snuggly in my HP Z800 Workstation.

Bulk delete Canceled Alerts in vRealize Operations using the REST API and Postman

Hello again! Today a customer was working with the vRealize Operations 8.0 REST API in Postman and trying to bulk delete “Canceled Alerts”. The documentation in the API states that you need to request a DELETE against the https://{vra-fqdn}/suite-api/api/alerts/bulk API and you should be OK. Well, not exactly. I’ll start this post by assuming that you’ve seen the excellent Postman collection on VMware {code}. This will get you up and running quickly and allow you to login and get an authentication token.

Automate common VM changes after converting a VM to vSphere

I recently had the need to ‘prep’ a VM after converting it to vSphere. By ‘prep’ I mean (after you’ve installed VMware tools) do the usual grind of updating the virtual hardware to the latest supported by ESXi, update the vNIC to VMXNET3, and change the SCSI controllers to ParaVirtual. I thought about the times when I was in customer land and we would have to convert VMs from some other platform or in some cases, correct a VM that had been built incorrectly.

Identifying Uncommitted Space culprits with PowerCLI

Note: A bit more testing on my end has found this script is only valuable if your VMDKs are on separate datastores. I am working to find a better metric to pull the data per VMDK. Background Have you ever heard of “Uncommitted Space” in vSphere? It’s one of those things we all seem to ‘know’ without really knowing. It’s a pretty standard metric most commonly found against vSphere Datastores. It’s effectively calculated based on the provisioned and used storage of a datastore and its contents.

Unable to push CA certificates and CRLs to host

Note: This post addresses and (hopefully) fixes the cause of the issue found here: vVols Endpoint - Failed to establish connection on ESXi host Recently, one of my customers was trying to refresh the CA store on newly built ESXi 6.7 U3 hosts under a freshly upgraded vCenter Server 6.7 U3 instance. When the admin tried refresh the CA store, they were getting this error message in the vSphere Client:

vVols Endpoint - Failed to establish connection on ESXi host

My customer has successfully rolled out VMware vSphere Virtual Volumes (or “vVols”) in their environment. They’re loving the simplicity of storage management in vSphere, but were a little stuck when they added a pair of newly installed ESXi hosts to their environment. The hosts were not mounting the vVols datastore as expected meaning hosts could not run VMs backed by vVols. All existing hosts were OK. To start, they dug in to the logs at /var/log/vvold.

Install Firely III on FreeNAS

During my time at iseek, a great colleague Angus Kelsey introduced me to a self-hosted budget management application Firefly III. I was impressed with the finish on the product and was happily surprised to find it was open source and could be self-hosted. I’ve got a FreeNAS server running at home for private workloads and wanted to install Firefly III on this server. Can’t be that hard, I thought. A quick search online didn’t find a straight forward article on installing exactly what I needed to get up and running.

Using Regex in vRealize Orchestrator - extracting useful information from a VM name

Recently I had a customer wanting to identify if a VM of theirs was in Production, Test, or Development based on the VM’s name. Luckily, all of their VMs are named using a naming standard of “{customer}{P|T|D}{application}{server-role}”, giving a generic VM name like “custpdc1” or “cust-t-sql2”. They’re just getting started on their journey with vRealize Orchestrator, and wanted to use it to perform this function. Easy enough, what do we need?

Unable to authenticate against LDAPS in vCloud Director 9.5

I had a customer upgrade their vCloud Director environment from v8.20 to v9.5. The upgrade itself went fine, however some tenants were now unable to login. Interestingly, the affected tenants were authenticating against their own LDAP server over LDAPS. All other tenants were authenticating against the Service Provider managed LDAP server. For this particular service provider customer and their tenant, the LDAP server was specified using an IP address instead of a FQDN.

vExpert 2019!

Thanks to all 5 of my avid readers, I’ve been awarded vExpert for 2019! What is vExpert? Taken from VMTN The VMware vExpert program is VMware's global evangelist and advocacy program. The program is designed to put VMware's marketing resources towards your advocacy efforts. Promotion of your articles, exposure at our global events, co-op advertising, traffic analysis, and early access to beta programs and VMware's roadmap. The awards are for individuals, not companies, and last for one year.