Its been a while since I’ve posted something so I thought it was about time! Since joining VMware a year ago I’ve been heads down drinking from the firehose, learning from a phenomenal team and generally keeping very busy. More recently I’ve been playing a lot with VMware Cloud Foundation (VCF). A recent release (3.8) introduced a public API and I started getting field questions on how to leverage it so I started digging. The API has been expanded in 3.9. It is based on the OpenAPI standard (formerly Swagger) and can be accessed through the developer center in the SDDC Manager UI or via code.vmware.com
Now I’m not a developer so I fell back on Postman to do some initial testing. I like Postman as it dumbs it down for us non-devs 🙂 but I wanted something a little easier to consume so i started a little side project called PowerVCF (hat-tip to the far superior PowerNSX, PowerVRA, PowerVRO)
Basically I wanted to provide a simple, efficient, PowerCLI style experience for consuming the VMware Cloud Foundation public API.
I am delighted to unleash the first iteration of PowerVCF on the community! Creating this has been a great learning experience for me. In the process I’ve improved my PowerShell skills, learned Git, Markdown and have started looking into CI/CD workflows. It’s also my first submission to the PowerShell Gallery.
From time to time your root account can get locked from either entering the incorrect password or using some automation that uses the wrong password. Here are some quick steps.
Reboot the Photon Appliance
At the Photon OS logo screen press e to edit the grub menu
At the grub menu append the following to the end of the boot loader line to boot into single user mode
Press F10 or CTRL+X to continue the boot process
At the prompt type the following to mount the root partition
mount -o remount,rw /
To reset the root password type passwd and enter the new password
If the root account was locked due to x number of failed logon attempts type to following to unlock it
/sbin/pam_tally2 -r -u root
Unmount the partition again
Hopefully you should now be able to log in with your root account!
Quick post with the commands required to verify NTP configuration on a VMware Photon OS Appliance
ssh to the appliance as root
To check if the NTP service is up and running you can run this command
systemctl status systemd-timesyncd
If its stopped run this command
systemctl start systemd-timesyncd
To configure NTP servers run the following
Add timeservers under [Time]
A few weeks back I mentioned on twitter that i was working on automating the VMware Validated Design NSX-V Distributed Firewall Configuration in my lab. (I admit it took longer than i had planned!) Currently this is a manual post deployment step once VMware Cloud Builder has completed the deployment. This will likely be picked up by Cloud Builder in a future release but for now its a manual, and somewhat tedious, but required, step!
Full details on the manual steps required for this configuration can be found here. Please take the time to understand what these rules are doing before implementing them.
So in an effort to make this post configuration step a little less painful i set out to automate it. I’ve played with the NSX-V API in the past and found it much easier to interact with by using PowerNSX, rather than leveraging PostMan and the API directly. PowerNSX is the unofficial, official automation tool for NSX. Hats off to VMware engineers Nick Bradford, Dale Coghlan & Anthony Burke for creating and documenting this tool. Anthony also published a FREE book on Automating NSX for vSphere with PowerNSX. More on that here.
Disclaimer: This script is not officially supported by VMware. Use at your own risk & test in a development/lab environment before using in production.
I’ve posted the script to GitHub here as its a bit lengthy! There may be a more efficient way to do some parts of it and if anyone wants to contribute please feel free!
As with a lot of the scripts i create it is menu based and has 2 main options:
- Create DFW exclusions, IP Sets & Security Groups
- Create DFW Rules
The reason i split it into 2 distinct operations is to allow you to inspect the exclusion list, IP Sets & Security Groups before creating the firewall rules. This will ensure that you dont lock yourself out of vCenter by creating an incorrect rule.
- The script will check for PowerCli and if not found will attempt to install the latest version from the PowerShell Gallery
- Currently tested on Windows only
- If you dont have internet access you can manually install PowerCli by opening a PowerShell console as administrator and running:
Find-Module -Name VMware.PowerCLI | Install-Module
- The script will check for PowerNSX and if not found will attempt to install the latest version from the PowerShell Gallery
- Currently tested on Windows only
- If you dont have internet access you can manually install PowerNSX by opening a PowerShell console as administrator and running:
Find-Module -Name PowerNSX | Install-Module
Before you can run the script you need to edit the User Variables to provide the following:
- Target vCenter details
- Required to establish a PowerCli Connection with vCenter Server. This is used when updating the DFW exclusion list
- Target NSX Manager details
- Required to establish a connection with NSX manager to configure the DFW
- IP Addresses for the various SDDC components
Hopefully you will find this useful!
This is part 5 of a series of posts on VMware Cloud Builder.
Hopefully you’re still with me!
In this post I will cover the deployment and initial configuration of the VMware Cloud Builder appliance, ingestion of the deployment parameters file, and environment validation.
Continue reading “VMware Validated Design – Automated Deployment with Cloud Builder – Part 5: Cloud Builder Deployment & Environment Validation”
This is part 4 of a series of posts on VMware Cloud Builder.
In this post I will cover generating the required SSL certificates for deploying this VMware Validated Design with VMware Cloud Builder.
Friendly warning: This is a long post so maybe get a coffee before reading!
Continue reading “VMware Validated Design – Automated Deployment with Cloud Builder – Part 4: Generating SSL Certificates”
This is part 2 of a series of posts on VMware Cloud Builder.
In this post I will cover the initial environment prerequisites required before you can deploy your VMware Validated Design SDDC with Cloud Builder. These fall into 5 key areas:
- Prerequisites for Virtual Infrastructure Layer Implementation in Region A
- Prerequisites for Operations Management Layer Implementation in Region A
- Prerequisites for Cloud Management Layer Implementation in Region A
- Prerequisites for Business Continuity Layer Implementation in Region A
- Generate Certificates for the SDDC Components in Region A
Continue reading “VMware Validated Design – Automated Deployment with Cloud Builder – Part 2: Environment Prerequisites”
This is the first in a series of posts on VMware Cloud Builder – The automated deployment engine for VMware Validated Design – which delivers consistent and repeatable Software-Defined Datacenter (SDDC) deployments across your regions. Hopefully you will find it useful!
Continue reading “VMware Validated Design – Automated Deployment with Cloud Builder – Part 1: Overview”