My vSphere 6.7 homelab upgrade experience

vSphere 6.7 was released several months ago, and I’ve been meaning to upgrade my homelab for a while now. vSphere 6.5 has been pretty rock-solid, but it’s time for me to keep up with the Joneses. This post covers my upgrade process and experiences.

vCenter Migration

My original vCenter server was built straight on to version 6.5 when that first launched, way back when. In theory there was nothing wrong with it, except for a deployment decision that I was no longer happy with. When I deployed my vCenter previously, I configured it with an external Platform Services Controller (PSC) as I wanted to mess about with load balancing PSCs at the time. The messing around didn’t take long and I moved on to other things. Problem is, you cannot (currently) go from an external PSC to an embedded one and the external PSC was an extra piece of complexity that I just didn’t need anymore.

That pretty much left me with one option: migrate to a new vCenter.

Deploying vCenter is a doddle, and I won’t cover how that works. What I will mention though is how I moved my hosts and VMs across. The first step was to liberate one of my 6.5 ESXi hosts from the original cluster and add it to the new vCenter. At this time, I didn’t upgrade the host itself to 6.7 for reasons that will be apparent in a minute or two.

Secondly, I went through the VMs that I had registered in my original vCenter and weighed up whether or not I still needed them. Things like old distributed vRA deployments to a quick trip to the virtual bin, other things like AD, jumphosts, remote access solutions etc were powered down and removed from the inventory before being re-added to the new vCenter.

Before long, there wasn’t much left and what little is left will probably be left idle for a couple of weeks before I bin it completely.

So far, so good. Continue Reading

Addressing errors when using vRA 7.4 Guest Agent

Having upgraded my vRA instance in my HomeLab to 7.4 not long after it GA’d, I recently decided to create some nice, new templates as well. You know, latest patches, hardware, basic config etc.

I won’t bore you with exactly how I installed Windows, patched it or configured it. The relevant part of the process to this article was the installation of the vRA Guest Agent and subsequent testing of it.

I already had my vRA blueprint configured; just a simple Windows Server 2012 R2 template that has the vRealize LogInsight agent installed and configured on it automatically as part of the provision process:

Installing the vRA Guest Agent

This is a documented process to install the software agent on a Virtual Machine that is then subsequently turned in to a template. For vRA 7.4, the documentation can be found on VMware’s site:

Install the Guest Agent on a Windows Reference Machine

Prepare a Windows Reference Machine to Support Software

This worked without issue. I shutdown the machine, turned it in to a template and update my blueprint.

Testing the new template

This is where I ran in to an issue. Continue Reading

Automated NIC names in Linux on VMware vSphere

A colleague of mine was working with a customer recently on some changes to their automated VM provisioning process (they’re not vRA customers… yet). He got stuck trying to get around a particular challenge with the automatic naming of network interfaces in certain Linux distributions.

The customer in question is using vRealize Orchestrator (vRO) to create (not clone) their Virtual Machines from a JSON structure that is supplied by an external system. In that structure there are definitions for the hardware, OS network identity (name, IP etc) and OS installation sources (ISO file for installation and floppy image for a ks.cfg (KickStart) file).

Once the JSON object is provided to the vRO workflow, the VM is created, booted and automatically starts to install and configure itself.

Customer’s Simple VM

Simple VMs have a number of disks defined (for root, opt, var, swap etc partitions) that are attached to a single ParaVirtual SCSI adapter. The VM is also equipped with a single VMXNET3 network adapter.

In this configuration, there is no problem. The installation of the OS runs through to completion and the VM is handed off to Puppet and eventually goes in to service.

Customer’s Complex VM

For the provision of Linux-based Oracle servers however, the customer wanted to be able to specify not only extra disks and partitions, but extra SCSI controllers too. Continue Reading

VCAP6 exams retiring in September 2018

If you’re looking at taking one of the VMware Advanced Professional exams listed below, you might want to get your skates on as they’re being retired at the end of September:

  • VCAP6 – Data Centre Virtualization Design (VCAP6-DCV Design)
  • VCAP6 – Cloud Management and Automation Design (VCAP6-CMA Design)
  • VCAP6 – Desktop and Mobility Design (VCAP6-DTM Design)

Slots for these exams will start to run out in the next few weeks, so book up now if you want to take them.

All available exams and certifications are detailed on VMware’s certification page. If you want to check the list of retired or retiring exams, the document detailing those can be found here.

0

Extensibility course in vRA / vRO (Feb 2018)

A new vRA / vRO Extensibility course is scheduled to be held in the UK in February 2018. It will provide detailed information on how to leverage the power of vRealize Automation and vRealize Orchestrator.

I should point out that it’s a beta course, so it may not be 100% polished and pristine. However, the course is focussed on version 7.3 of both products (the latest at the time of writing) so it will be bang up-to-date and help you learn the “art of the possible”.

Extensibility course outline and details

The course runs for a full week from Monday 19th February at VMware’s UK office in Staines. If you’re new to vRA and vRO, or you want to take your automation beyond simple virtual machine deployment then this course will likely benefit you. If you don’t manage to get on it, I’m sure there will be further opportunities throughout the year.

Extensibility Topics Covered

The topics covered by the course include:

  • The basics of vRO workflows
  • Design considerations for vRO workflows
  • Development of vRO workflows
  • Extending vRA using the Event Broker
  • Using vRO workflows with vRA’s Event Broker
  • Using vRO workflows to provide XaaS catalog items and resource actions
  • Working with REST APIs using vRO

You can register for the course via VMware’s myLearn website.

0

Root password expired on vCenter VCSA 6.5

I thought I’d update my homelab’s primary vCenter to the latest and greatest (6.5 update 1d), when I encountered an issue with the root password. The update showed up ok in the appliance’s VAMI interface and I selected to install it but an error quickly showed up:

VCSA 6.5 is not ready to be updated

Not ready, huh? When I clicked on the “Show Details” button, I saw a message informing me that the root password had expired or expiring soon:


VCSA 6.5 update is blocked by expired root password

Well ok, I’ll go and reset it and turn off the expiry I thought. (That process is covered in the vCenter documentation.) But noooo, permission denied! The password couldn’t be set and the expiry settings could not be changed. Continue Reading

0

New Year, New CTOA – Congratulations

CTOA logoVMware’s Office of the CTO (OCTO) runs an annual programme internally to appoint a limited number of outstanding individuals as CTO Ambassadors (CTOA). Broadly, the role of an ambassador is to help ensure a tight collaboration between VMware’s R&D and VMware’s customers.

CTO Ambassadors come from customer facing roles within VMware (such as SEs, PSO, TAMs and GSS). A good number of them are involved with, or are usually present at VMware’s customer focussed events (such as vForum, VMUGs and VMworld). With the new year comes a number of newly minted CTOAs. Whilst I can’t count myself amongst them, I’d just like to say a big, public “congratulations” to everyone that has been selected as a 2018 ambassador.

0

New vRO and PowerCLI Automation Training

A lot of the projects that I work on have an element of automation to them and I’ve been asked a few times by customers if there is a training course available that will help them get started in understanding vRO and VMware’s PowerCLI cmdlets and how they can be used. Whilst there have been courses available in the past, there is a new one that reads a bit like “Doing my job 101”. It goes by the catchy title of “Data Center Automation with vRealize Orchestrator and vSphere PowerCLI“.

Looking at the outline, the important stuff is there.

  • Understanding, using and navigating the vSphere API (useful for both PowerCLI and vRO).
  • PowerCLI basics and more advanced uses.
  • vRO Basics and workflow creation / design.

So, if you’re looking to get started with vRO or PowerCLI and use one or both of them to add some automation to your datacenter, it might be worth trying this course out.

201607196_100738-CapturFiles

0

Howto: Creating a CA template for VMware services

Having setup my lab’s PKI infrastructure previously, one of the next steps I needed to complete was to create a template for certificates for VMware’s products to use as they require certain properties to be present in the certificates used.

There is a KB article that covers this but I wanted to run through it and use some of the specifics for my lab.

Template for VMware SSL Certificates

This template will provide certificates for ESXi hosts, vCenter, vRA, vRO etc. To create it, we first need the Certificate Templates Console. This can be opened by running certtmpl.msc.

Per the KB article, I duplicated the “Web Server” template as a starting point. My first task was to give the template a new name and set the validity to 4 years:

20160256_150269-CapturFiles

On the Extensions tab, although it’s possibly not required for vSphere 6 (it is for earlier versions of vSphere), I added “Client Authentication” under the Application Policies option.

20160256_150243-CapturFiles

Again, it may not be universally required but I’ve added the “Signature is proof of origin” option under Key Usage (also on the Extensions tab.

20160256_150215-CapturFiles

Depending on the use case required, it might be useful to be able to export a certificate’s private key. I haven’t worked on View for some years but this option came in handy then. It’s configured under the Request Handling tab.

20160256_150270-CapturFiles

On the Subject Name tab, ensure that “Supply in the request” is checked.

20160256_150296-CapturFiles

That’s it. Just hit OK to save it.

Template for VMware VMCA

If you want to set up the VMCA as a subordinate certificate authority on a vSphere 6 Platform Services Controller, a slightly different type of certificate is required. I don’t think that I deviated from the KB article here except with the validity period.

20160256_150295-CapturFiles

20160256_150278-CapturFiles

“Publishing” the certificate templates

This is a fairly straightforward process accomplished using the Certification Authority Manager. Templates are added one at a time by right clicking on “Certificate Templates” and selecting New > Certificate Template to Issue.

20160256_160296-CapturFiles

Once published, the templates are available via the CA’s web interface for new requests.

20160256_150246-CapturFiles

0

Open roles in the Northern EMEA PSO team at VMware

vmware-logo

I may only be in my third week working for VMware PSO, but I’m enjoying it. If you have experience of delivering high quality virtualisation and cloud projects then you might be interested in applying for one of the open roles on LinkedIn at present.

In the UK:

In Sweden:

In Netherlands:

In Denmark: