Part 2: Working With the SRM VAMI API : Replacing the Appliance Certificate

In Part 1 of this series we saw how to retrieve a sessionId from the Site Recovery Manager VAMI interface using Postman & Powershell. In this post we will use that sessionId to replace the appliance SSL certificate using the API. To start we again use the VAMI UI to inspect the endpoint URL being used for certificate replacement by doing a manual replacement. In this case the URL is:

https://sfo-m01-srm01.sfo.rainpole.io:5480/configure/requestHandlers/installPkcs12Certificate

Site Recovery Manager expects the certificate in P12 format so I used CertGen to create the cert format needed. When using the UI you browse to the cert file and it uploads in the browser along with the certificate passphrase. Behind the scenes it is then base64 encoded, so you need to do this before using the API.

# Base64 encoded the p12 file

$certFile = ".\sfo-m01-srm01.4.p12"

$base64string = [Convert]::ToBase64String([IO.File]::ReadAllBytes($certFile))

$body = '{ "certificateContent": "'+$base64string+'", "certificatePassword": "'+$certPassword+'" }'

#Create the required headers using the sessionId

$headers = @{"Content-Type" = "application/json"}
$headers.Add("dr.config.service.sessionid", "$sessionId")

$uri = "https://sfo-m01-srm01.sfo.rainpole.io:5480/configure/requestHandlers/installPkcs12Certificate"

Invoke-RestMethod -Method POST -Uri $uri -Headers $headers -body $body

And there you have it..your appliance cert replaced via the API.

PowerVCF 2.1.1 Now Available with Support for VMware Cloud Foundation 4.1

PowerVCF 2.1.1 is now available on the PowerShell Gallery here or from GitHub here. This release includes support for VMware Cloud Foundation 4.1 with some new and updated cmdlets. Highlights below

Category	cmdlet Name	Description	Comment
Users and Groups	Get-VCFCredential	Retrieves a list of credentials.	UPDATE: Added support for the vRealize Suite credentials
Bundles	Start-VCFBundleUpload	Starts upload of bundle to SDDC Manager	UPDATE: Allows the import of a bundle based on offline download.
Federation	New-VCFFederationInvite	Invite new member to VCF Federation	UPDATE: Added support to specify if the new system is a MEMBER or CONTROLLER.
SDDC	Start-CloudBuilderSDDCValidation	Starts validation on VMware Cloud Builder	UPDATE: Added support for individual validation tasks.
Workspace ONE Access	Get-VCFWSA	Get details of the existing Workspace ONE Access	NEW
vRealize Automation	Get-VCFvRA	Get details of the the existing vRealize Automation	NEW
vRealize Operations	Get-VCFvROPs	Get details of the existing vRealize Operations Manager	NEW
vRealize Operations	Set-VCFvROPs	Connect or disconnect Workload Domains to vRealize Operations Manager	NEW
vRealize Log Insight	Get-VCFvRLI	Get details of the existing vRealize Log Insight	NEW
vRealize Log Insight	Set-VCFvRLI	Connect or disconnect Workload Domains to vRealize Log Insight	NEW
vRealize Suite Lifecycle	Get-VCFvRSLCM	Get details of the existing vRealize Suite Lifecycle Manager	UPDATE: Fixed an issue with the API URI and addressed response output

Where Are My VMware Cloud Foundation Logs?

From time to time we all need to look at logs, whether its a failed operation or to trace who did what when. In VMware Cloud Foundation there are many different logs, each one serving a different purpose. Its not always clear which log you should look at for each operation so here is a useful reference table.

Log Type	VM Location	log Location
BringUp	Cloud Builder	JSON Generator – /opt/vmware/sddc-support/cloud_admin_tools/logs/JsonGenerator.log Platform Audit – /opt/vmware/sddc-support/cloud_admin_tools/logs/PlatformAudit.log
Bringup	SDDC Manager	/var/log/vmware/vcf/bringup/vcf-bringup-debug.log
Licensing	SDDC Manager	/var/log/vmware/vcf/operationsmanager/operationsmanager.log
Network Pool	SDDC Manager	/var/log/vmware/vcf/commonsvcs/vcf-commonsvcs.log
Host Commission/Decommission	SDDC Manager	/var/log/vmware/vcf/operationsmanager/operationsmanager.log
VI (WLD domain)	SDDC Manager	/var/log/vmware/vcf/domainmanager/domainmanager.log
vRLI	SDDC Manager	/var/log/vmware/vcf/domainmanager/domainmanager.log
vROPS	SDDC Manager	/var/log/vmware/vcf/domainmanager/domainmanager.log
vRA	SDDC Manager	/var/log/vmware/vcf/domainmanager/domainmanager.log
vRSLCM Deployment	SDDC Manager	/var/log/vmware/vcf/domainmanager/domainmanager.log
vRSLCM Operations	vRSLCM	/var/log/vrlcm/vmware_vrlcm.log
LCM	SDDC Manager	/var/log/vmware/vcf/lcm/lcm.log
API Login	SDDC Manager	/var/log/vmware/vcf/commonsvcs/vcf-commonsvcs.log
SoS	SDDC Manager	/var/log/vmware/vcf/sddc-support/vcf-sos-svcs.log
Certificate Operations	SDDC Manager	/var/log/vmware/vcf/operationsmanager/operationsmanager.log

VMware Validated Design – Automated Deployment with Cloud Builder – Part 1: Overview

This is the first in a series of posts on VMware Cloud Builder – The automated deployment engine for VMware Validated Design – which delivers consistent and repeatable Software-Defined Datacenter (SDDC) deployments across your regions. Hopefully you will find it useful!

Continue reading “VMware Validated Design – Automated Deployment with Cloud Builder – Part 1: Overview” →

Adding a simple Menu to a PowerShell script

When sharing scripts that can do multiple operations with other teams I find that adding a simple operator menu that presents a list of choices makes it easier for folks to use the scripts. Here is the simple menu that i add to a lot of my scripts and a quick explanation of how it works.

The menu is created using a PowerShell Function called Menu (This can be anything really but i like to keep it simple!). Within the function we start with a Clear-Host – this will ensure that the menu starts on a clean PowerShell session screen.

In between lines 6 and 17 below you can edit any of the text in the quotes to change the menus item or heading text

Within each menu item you need to callout the PowerShell functions that you want to run as part of the menu option. You can list them one per line as in my example below or on one line with a ; between them (e.g. CreateVMSnapshot; anyKey)

To have the menu launch when the PowerShell script is executed just put the name of the menu function at the bottom of the script outside of any function, see line 53

For more information on the anyKey function go here

EDIT: Modified the exit option to be Q for Quit to keep all menus consistent. Thanks to SiliconBrian for the suggestion!


Function Menu 
{
    Clear-Host         
    Do
    {
        Clear-Host                                                                        
        Write-Host -Object 'Please choose an option'
        Write-Host     -Object '**********************'	
        Write-Host -Object 'Snapshot VM Options' -ForegroundColor Yellow
        Write-Host     -Object '**********************'
        Write-Host -Object '1.  Snapshot VMs '
	Write-Host -Object ''
        Write-Host -Object '2.  Revert to Last Snapshot '
	Write-Host -Object ''
	Write-Host -Object '3.  Revert To Specific Snapshot '
	Write-Host -Object ''
        Write-Host -Object 'Q.  Quit'
        Write-Host -Object $errout
        $Menu = Read-Host -Prompt '(0-3 or Q to Quit)'

        switch ($Menu) 
        {
           1 
            {
                CreateVMSnapshot 			
                anyKey
            }
            2 
            {
                RevertLastVMSnapshot
                anyKey
            }
			3 
            {
                RevertSpecificVMSnapshot
                anyKey
            }
            Q 
            {
                Exit
			}	
            default 
            {
                $errout = 'Invalid option please try again........Try 0-3 or Q only'
            }

        }
    }
    until ($Menu -eq 'q')
}   

# Launch The Menu
Menu

Error restoring SRM placeholder VM

I’ve been doing some lab work this week staging a vSphere 6.0U1b with SRM 6.0 environment for some upgrade scenario testing and i hit an issue with SRM 6.0 that i had not seen before. When trying to restore the SRM placeholder VM for a protected VM I was getting the following error

No hosts with hardware version ‘7’ and datastore(s) “NFS02” which are powered on and not in maintenance mode are available

Seemed like a pretty odd error given that my target host is 6.0 and it has the NFS02 datastore mounted. I checked all the obvious to ensure there were no host issues and then went on the KB hunt. Tried the solution outlined here to no avail https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2079084

Also tried this, again no joy. http://pubs.vmware.com/srm-55/index.jsp?topic=%2Fcom.vmware.srm.admin.doc%2FGUID-FE6A85EC-B44E-415A-9C5F-1E17BC846119.html

As a last ditch effort i tried rebooting the target ESXi host and that fixed the issue and I was then able to restore the placeholder VM and continue testing. Not sure on the root cause. This is a fully nested environment, using vSphere Replication & a VNX File appliance so it may just be environmental. Will update this post if i figure it out!

Onwards with testing!

Script to create vCenter clusters, switches, portgroups & VLANs

When setting up a new environment it is always good practice to plan out and document everything to avoid errors. From hostnames, cluster names, vDS names, portgroup names & VLANs etc. I was recently asked to help script the creation of the above from a csv to avoid fat fingers and to save time through automation. Enter PowerCli! Here is the script i created. Disclaimer: Its version 1…no error checking and can be made more efficient but it works and may be helpful to others! I’ve also posted it to GitHub with an example csv here https://github.com/LifeOfBrianOC/vmware_scripts


# Script to create vCenter Clusters, Distributed Switches & portgroups from CSV
# Edit the CSV location variable and the vCenter FQDN and run the script
# Tested with PowerCli 6.3.0
# This is version 1.0 There is no error checking in place so if an item
# already exists or cannot be found the script will error but should continue

#
$CSVPath = "C:\Scripts\Example.csv"
$vCenter = "vc01.domain.local"

#####################################
# DO NOT EDIT ANYTHING BELOW THIS LINE
#####################################

# Load VMware PowerCli Snapins
add-psSnapin VMWare* | out-null

# Connect to vCenter
Connect-VIserver $vCenter

# Get vCenter Datacenter Name
$datacenter = Get-Datacenter

@"
====================================
Creating Clusters
====================================
"@

# Import CSV and only read lines that have an entry in clusterName column
$csv = @()
$csv = Import-Csv -Path $CSVPath |
Where-Object -FilterScript {
$_.clusterName
}

# Loop through all _s in the CSV
ForEach ($_ in $csv)
{
New-Cluster -Location $datacenter -Name $_.clusterName -HAEnabled | out-null
}

@"
====================================
Creating Distributed Switches
====================================
"@

# Import CSV and only read lines that have an entry in switchName column
$csv = @()
$csv = Import-Csv -Path $CSVPath |
Where-Object -FilterScript {
$_.switchName
}

# Loop through all _s in the CSV
ForEach ($_ in $csv)
{
Import-Module VMware.VimAutomation.Vds
New-VDSwitch -Location $datacenter -Name $_.switchName -Mtu 1600 | out-null
}

@"
==========================================
Creating Distributed Switch Portgroups & Assigning VLANs
==========================================
"@

# Import CSV and only read lines that have an entry in portgroupName column
$csv = @()
$csv = Import-Csv -Path $CSVPath |
Where-Object -FilterScript {
$_.portgroupName
}

# Loop through all _s in the CSV
ForEach ($_ in $csv)
{
Import-Module VMware.VimAutomation.Vds
New-VDPortgroup -Name $_.portgroupName -VDSwitch $_.addToSwitch -VlanId $_.vlan | out-null
}
@"
==========================================
Setting Trunk Ports
==========================================
"@

# Import CSV and only read lines that have an entry in trunkPortgroup column
$csv = @()
$csv = Import-Csv -Path $CSVPath |
Where-Object -FilterScript {
$_.trunkPortgroup
}

# Loop through all _s in the CSV
ForEach ($_ in $csv)
{
Import-Module VMware.VimAutomation.Vds
Set-VDPortgroup $_.trunkPortgroup -VlanTrunkRange $_.trunkRange | out-null
}

@"
============================================
Disconnecting from vCenter....Done!
============================================
"@
# Disconnect vCenter
Disconnect-VIServer $vCenter

New Domain!

I’ve decided to make an honest blog of my wordpress site and upgraded to a registered domain. By the power vested in me by the DNS servers of the internet I now pronounce it http://LifeOfBrianOC.com

You may read the blog posts 🙂

vRA 6.2 Distributed IaaS deployment

I needed to deploy a distributed vRA 6.2 IaaS in the lab and didn’t find too many resources on the web so here are some of my notes! I hope to revisit this soon to do a full distributed HA deployment including NSX load balancers. For now here is a standard distributed deployment

Pre-Reqs/Assumptions

AD installed & available
vCenter/SSO installed & available
SQL Server installed and available and IaaS SQL pre reqs run for MSDTC
vRA 6.2 appliance deployed and integrated with SSO
AD CA configured (Will try to cover this in another post)
5 Windows 2012 R2 VMs. 1 for each of the following roles – Web Server, Manager Server, DEM Orchestrator, DEM Worker, IaaS Agent
All windows VMs joined the AD domain
Run Brian Graf’s IaaS pre req script on all VMs (Pretty sure its only required on the Web & manager server but didnt take any chances!)

Here are the steps

Download the IaaS installer from the vRA appliance @ https://vra-FQDN:5480/i
First we need to install the database component. From any VM run the IaaS installer
Accept the ELUA and click Next
Enter the root credentials for the vRA appliance and select Accept Certificate and click Next
Choose Custom Install > IaaS Server

Select Database from the features list and enter the database instance and database name and click Next (I’m using SQL Express in the lab)

If you have run the required pre req scripts you should get all green on the pre req checker. Click Next (My firewall is disabled hence the warning. Click Bypass if you see this)

Click Install on the Ready to Install Screen and Next and Finish once the Database install completes
Next you need to install the Website feature
Before installing the website component it is recommended to generate a CA signed cert for the server FQDN.
To do this open IIS on the Web server, select your server name and select Server Certificates
In the right hand pane select Create Domain Certificate

Enter the certificate distinguished name for the web server and click Next

Click Select to choose your CA and assign a friendly name (user the web server FQDN)
Once complete run the IaaS installer and again choose Custom install > IaaS Server
This time choose Website from the feature list.
Choose the Default Web Site and the default port of 443
Under Available certificates choose the CA signed certificate you created earlier and enter the web server FQDN for the IaaS Server

Because the IaaS Model Manager Data is required for the Website component to run you must also select the ModelManagerData feature
Enter the vCAC/vRA appliance FQDN & SSO details and also the IaaS Web Server FQDN and click Next

If you have run the required pre req scripts you should get all green on the pre req checker. Click Next (My firewall is disabled hence the warning. Click Bypass if you see this)

On the Server and Account Settings screen enter the password for the service account being used and a passphrase for the database and click Next and click Finish once the install completes

Next up is the Manager Service
On the VM you designated for the Manager Service follow the steps outlined earlier to generate a CA signed certificate
Once complete run the IaaS installer and again choose Custom install > IaaS Server
This time choose Manager Service from the feature list.
Enter the FQDN of the Web Server and select the certificate you created in the previous steps and click Next and click Finish

Next up is the DEM Orchestrator
On the VM you designated for the DEMO Orchestrator run the IaaS installer, choose custom > Distributed Execution Managers and click Next
If you have run the required pre req scripts you should get all green on the pre req checker. Click Next
Enter the password for the service account that you are installing under and click Next
On the Install Distributed Execution Manager Screen do the following
- From the DEM role drop down choose Orchestrator
- Enter a name
- Enter a description
- Enter the FQDN of the Manager Server and click Test
- Enter the FQDN of the web server and click Test
- Click Add and click Next and click Install and then click Finish

Repeat the above steps on the DEM Worker VM choosing the DEM Worker Role
Finally we will install a Proxy Agent that will be used to communicate with vRA endpoints
On the VM you designated for the IaaS Agent run the IaaS installer, choose custom > Proxy Agents and click Next
Enter the password for the service account that you are installing under and click Next
On the Install Proxy Agent Screen do the following
- From the Agent Type drop down choose vSphere
- Enter a name
- Enter the FQDN of the Manager Server and click Test
- Enter the FQDN of the web server and click Test
- Enter the vCenter Endpoint FQDN
- Click Add and click Next and click Install and then click Finish

If everything went according to plan you should now be able to log into vRA and configure tenants and resources and start using your distributed IaaS installation.

Hopefully if you’ve read this far you found this useful. I hope to post the distributed HA procedure soon once i get some free lab time!

Importing VCSA 5.5 into vCD catalog fails

Importing VCSA 5.5 into vCD catalog fails with error Duplicate element ‘AnnotationSection’

To get around this error you need to edit the OVF file.

Disclaimer: I’m pretty sure that manually editing the OVF is not supported by VMware!

I had a VCSA ova so i first extracted the OVF using 7zip. Once extracted open the .ovf file in a text editor and look for the AnnotationSection

Highlight the section and delete it. Save the file. Because the manifest file is a checksum validation will fail so the quickest solution is to delete the .mf manifest file.

The OVF should then import to vCD successfully!