All posts by bsier

Install VCF, Workload Management and Tanzu Kubernetes Cluster in an afternoon

Yes! It’s possible, I’ve done it.. twice, just to make sure :). At the risk of being redundant @Kyle Gleed was instrumental in driving K8’s in VCF consolidate and has a blog post and paper here, @Tom Stephens posted a great blog on Minimalistic VCF 4.0 deployments with Kubernetes, but I’m lazy and like to make things even easier. That is what I am to cover here, There are a lot of steps, and tons of screenshots making this blog post quite lengthy, my apologies.. I’ll learn to split these up!

Continue reading Install VCF, Workload Management and Tanzu Kubernetes Cluster in an afternoon

Multi-NIC, Multi-VDS, vSphere Cluster in VCF 4.0

It seems like a good time to have an update post on Multi-NIC “stuff” in VCF 4.0. Before we get to the creation of the cluster, I think it’s important to go over one of the biggest networking changes in VCF 4.0/vSphere 7.0. With vSphere 7.0 came the introduction of the vSphere Distributed Switch 7.0 and with that, some welcome changes that I haven’t really seen mentioned anywhere.

Continue reading Multi-NIC, Multi-VDS, vSphere Cluster in VCF 4.0

VLC- Expansion Pack – VCF 3.9.1

The expansion pack feature in VLC can be used for a few things;
1) Building nested hosts
2) Expanding your nested VCF implementation!
3) Testing the limits of your hardware <- You know you want to!

In this post we’re going to talk about Building Nested Hosts and I’m sure you’ll be able to figure out how to do the other two things on your own, or I’ll write a blog article on it! Make sure you follow the implementation guide for VLC with regards to PowerCLI and OVFtool versions and settings.

Continue reading VLC- Expansion Pack – VCF 3.9.1

Getting vSphere 6.7U3b up and running on a non-UEFI server

Hi all, I thought I share since I went through this yesterday on my HP DL360p G8 in the lab. It started out with the cheap-o USB stick I had installed ESXi on flaking out.. and for those that have had it happen it can be unnerving to say the least. I couldn’t power down VM’s, make changes to the config, etc… I knew what had likely happened and on a reboot.. well, it never came back.

Continue reading Getting vSphere 6.7U3b up and running on a non-UEFI server

VLC-Build it for me, vRealize Operations deployment – VCF 3.9.1

If you’ve been following the VLC-Build it for me posts you should have VRSLCM up and running. As promised this exercise will be quite a bit shorter due to the work we put in getting VRSLCM built. vRealize Operations gives a view into operations management of both applications and infrastructure and, in the context of VCF, as you grow your solution help you plan, scale, and easily connect new Workload domains and their resources to be included in vROps pervue.

Continue reading VLC-Build it for me, vRealize Operations deployment – VCF 3.9.1

VLC-Build it for me, VRSLCM deployment– VCF 3.9.1

After getting your external access up and running, I’m sure your ready to start deploying some additional solutions! Let’s start with the vRealize suite and that all begins with downloading and deploying VRSLCM – (vRealize Suite Lifecycle Manager). Go ahead and get that queued up and downloading, it’s about 3GB in size and it should be available under the Repository -> Bundles page, click the Download Now button next to the vRealize Suite Lifecycle Manager bundle.

Continue reading VLC-Build it for me, VRSLCM deployment– VCF 3.9.1

VLC – Build it for me, External Access

So you got through all the BGP fun and have a fully deployed VCF instance, congrats! Of course now, you want do add some functionality and get your FULL SDDC on. Thankfully, there are only a few more steps to go and you’re already an expert at this.

The long and short of it is that SDDC manager will need access to https://depot.vmware.com. That means you’ll need outbound network connectivity and DNS resolution. Let’s talk about the outbound network connectivity first.

Continue reading VLC – Build it for me, External Access

Resizing the LCM Volume group on SDDC Manager

One of the users of the VLC (VCF Lab Constructor) had an issue with drive space when attempting to upgrade from VCF 3.9 -> 3.9.1. This has been a problem in previous releases at times as well, so I thought it’d be a good opportunity to post about it. That and I don’t post nearly as often as I want to!

SDDC Manager uses LVM for several of it’s critical mount points. Coupled with the EXT4 filesystem this allows those mounts to be very flexible and non-disruptive when increasing their size.

Continue reading Resizing the LCM Volume group on SDDC Manager

NSX 6.1.3/6.1.4 API Changes and Other Fun Registration Knowledge

regnow

While working on a project I discovered that previous powershell/curl and various rest client REST requests that would register the NSX manager with vCenter and SSO server were no longer working.

For example, against NSX 6.1.2 the following code worked fine Returning a 200:

curl -k -u admin:VMware1! -H 'Accept:application/xml' \
-H 'Content-Type:application/xml' \
-X PUT https://10.0.0.80/api/2.0/services/vcconfig \
-d '<vcInfo> \
     <ipAddress>10.0.0.30</ipAddress> \
     <userName>administrator@sierlab.local</userName> \
     <password>VMware1!</password> \
     <assignRoleToUser>true</assignRoleToUser> \
    </vcInfo>'

With 6.1.3 and 6.1.4 it would return a 403 error with a cryptic error:

<?xml version="1.0" encoding="UTF-8"?>
<error>
  <details>92:4D:D6:A4:C2:C2:39:EE:81:11:AA:A9:8D:0D:1F:17:D0:33:C2:C1</details>
  <errorCode>226</errorCode>
</error>

With help from @voltmer we were able to figure out that the returned error was the certificate thumbprint of the vCenter server.  Turns out you need to pass the thumbprint along with the rest of the payload starting with version 6.1.3.  With the above example, it would look like this:

curl -k -u admin:VMware1! -H 'Accept:application/xml' \
-H 'Content-Type:application/xml' \
-X PUT https://10.0.0.80/api/2.0/services/vcconfig \
-d '<vcInfo> \
     <ipAddress>10.0.0.30</ipAddress> \
     <userName>administrator@sierlab.local</userName> \
     <password>VMware1!</password> \
     <assignRoleToUser>true</assignRoleToUser> \
     <certificateThumbprint>92:4D:D6:A4:C2:C2:39:EE:81:11:AA:A9:8D:0D:1F:17:D0:33:C2:C1</certificateThumbprint> \
    </vcInfo>'

Looking at the API doc’s for NSX this requirement is not noted but this is being addressed.

While I’m at it, there was a additional step required to fully integrate NSX into the WebClient that I didn’t have to do before.  This would be the step of adding a SSO domain user or group and setting a role in NSX.  In vCenter 6.0 if you’ve installed you know that logging in as root the first time get’s you nowhere special.  The administrator@<the sso domain you created on install> has all the power nowadays.   When you register the NSX manager with the vCenter it does not give the user used to register and kind of role within NSX.  When you login to vCenter after registering with the API you can see the Networking and Security Icon, but are unable to see any NSX managers.  Thankfully this is easily rectified by using an additional NSX API call after SSO and vSphere registration:

curl -k -u admin:VMware1! -H 'Accept:application/xml' \
-H 'Content-Type:application/xml' \
-X POST https://10.0.0.80/api/2.0/services/usermgmt/role/administrator@sierlab.local??isGroup:false \
-d '<accessControlEntry> \
     <role>super_user</role> \
    </accessControlEntry>'<br>

Make sure you logout of the webclient and back in to be able to see the NSX manager inside of the Networking and Security -> NSX Managers menu.

FYI, the curl in this article will most likely need some modifying.. I “adjusted” it so it would read better, but don’t know if it will run as is.  If you need the original drop me a line.

Hope this helps!

Links of thanks:

@voltmer (fyi, he hasn’t been active on twitter for some time)

Remove/Reset NSX configuration in a vRA vCenter Endpoint

A couple months ago I was working with a customer that was in the midst of deploying vRA 6.1 integrated with NSX.  Once they had everything up and running there were having problems with the NSX data collection.  There was an error in the vRA logs stating something about the security groups not being able to be enumerated.. my apologies for not having the exact error handy.

cyanide_and_happiness_any_IT_job_google_troubleshooting

After some additional troubleshooting it was found that the NSX 1.0.1 plugin had been installed on the external vCO server.  Unfortunately, this plugin only supports vRA 6.2 and above:

VMware vCenter Orchestrator Plugin 1.0.1 for NSX
This plug-in can be utilized by vRA 6.2.0, vRO 5.5.2, vRO 6.0.0, vCNS 5.5.2, vCNS 5.5.3.x, vCNS 5.5.4, NSX-vSphere 6.1.0, NSX-vSphere 6.1.1, NSX-vSphere 6.1.2, NSX-vSphere 6.1.3.

Once that was found, the path to rectify went like this:

  • ​Remove the NSX 1.0.1 plugin from vCO
  • Reset the Plugin versions in vCO, this step might not be necessary but just to be safe…
    1. Log in to the vRealize Orchestrator configuration interface as vmware.
    2. Click the Troubleshooting tab.
    3. Click Reset current version.
  • Restart vCO Server/Config services
    1. Log in to the vRealize Orchestrator configuration interface as vmware.
    2. Click the Startup Options tab.
    3. Restart both the Server and the configuration server services.
  • Install NSX 1.0.0 plugin
    1. Log in to the vRealize Orchestrator configuration interface as vmware.
    2. Click on the Plugins tab.
    3. Locate the plugin file and click Upload and Install.
  • Restart vCO Server service
    1. Log in to the vRealize Orchestrator configuration interface as vmware.
    2. Click the Startup Options tab.
    3. Restart the Server service.
  • Remove/Reset the NSX config info for the vCenter Endpoint
    • This was the most time consuming annoying pieces of this fix…  I loathe form elements that are greyed out when it’s something I need to modify.  With the help of a seasoned colleague we arrived at this task:
        • Clear out all vRA tables of DynamicOps.VCNS.*  So, basically we needed to remove all the data that was collected and then, and only then could we actually remove the endpoint.  This all took short of 40 minutes but was tedious enough that I build a SQL script to tackle the job, *Please read the comments in the script!*:
      /****BE CAREFUL WITH THIS*** 
      To see what tables are populated in the DynamicOps.VCNSModel schema simply change the database name and execute.
      To also clean out all the DynamicOps.VCNSModel tables except VCNSEndpoints, uncomment the last line at the end of the script 
      By: Ben Sier bsier@vmware.com
      Date: 2/20/2014
      Tested against vRA 6.2 / SQL 2012 R2 SP2
      */ 
      
      use vcac;  --May need to change DB name.
      declare c1 cursor for 
      select QUOTENAME(SCHEMA_NAME(schema_id)) + '.' + QUOTENAME(name) from sys.tables where SCHEMA_NAME(schema_id) LIKE 'DynamicOps.VCNSModel' AND name NOT LIKE 'VCNSEndpoints';
      
      declare @ITABLE as nvarchar(500)
      declare @FTABLE as nvarchar(500)
      declare @SQL as nvarchar(200)
      declare @SQL2 as nvarchar(200)
      declare @DelSQL as nvarchar(200)
      declare @EPDelSQL as nvarchar(200)
      set @EPDelSQL = 'delete from [DynamicOps.VCNSModel].[VCNSEndpoints]'
      
      open c1 
      fetch next from c1 into @FTABLE; 
      while (@@FETCH_STATUS =0)
      
      	begin 
              set @SQL = 'declare allVCNSTables cursor for '
              set @SQL2 = 'Select COUNT(*) from ' + @FTABLE
              set @SQL = @SQL + @SQL2
              
              exec sp_executesql @SQL
                      
              open allVCNSTables
              fetch next from allVCNSTables into @ITABLE
              while (@@FETCH_STATUS =0)
      			
      			begin
      				IF @ITABLE > 0 
      				begin
      					PRINT @FTABLE + ' has ' + @ITABLE + ' entries.'
      					PRINT 'Clearing table - ' + @FTABLE
      					set @DelSQL = 'delete from ' + @FTABLE
      					PRINT @DelSQL
      /**** Uncomment the line below to clear out all tables except [DynamicOps.VCNSModel].[VCNSEndpoints] ****/
      					--exec sp_executesql @DelSQL
      				end				
      				fetch next from allVCNSTables into @ITABLE
      			end
              
              close allVCNSTables
              deallocate allVCNSTables   
      	fetch next from c1 into @FTABLE 
      	end 
      close c1 
      deallocate c1
      
      /**** Uncomment the line below to clear out the [DynamicOps.VCNSModel].[VCNSEndpoints] table ****/
      --exec sp_executesql @EPDelSQL
      
      
  • Add the Networking and Security manager to the vCenter endpoint and run a data collection… since we just removed this, obviously you know how to add one 🙂  If not head over to http://dailyhypervisor.com/vmware-nsx-6-1-vcac-6-1-connecting-nsx-to-vcac/ to see how.

Hope this helps someone!

Links of thanks:

http://dailyhypervisor.com