Ansible

How to Use Ansible to Manage VMware Infrastructure

In this article I will show how to install and configure Ansible to manage VMware infrastructure. I will then demonstrate how you can use Ansible to get information about vSphere nodes using two different methods (REST API and Community.VMware Ansible collection).

For my demonstration I used CentOS Stream 9 as my base OS.

You can download all the code and commands used in this article from my GitHub repository.

Install and Configure Ansible

First we need to install Python3 and then we can proceed to install Ansible:

sudo dnf install python3 python3-devel
pip install ansible
pip install ansible
Read More
2022 - a year review in a page

2022 – A Year Review in a Page

A little late to this review party, but better late than sorry 🙂

If I would need to say in one word how was my 2022, I would probably say “Unexpected”.

VMUG Romania

Together with my colleagues Razvan and Mihai, we hosted three VMware User Group Romania meetings in 2022. We started early in the year, with an online meeting in February, sponsored by Pure Storage. Cristian Stan and Cristian Radu talked to us about VMware on FlashArray, Portworx as CSI orchestrator, and using Velero to backup a Tanzu cluster.

At the beginning of July 2022, we checked in at PointHub in Bucharest for a new meeting. Tanzu was the main speaking point, starting with the keynote speaker, Oren Penso, Field CISO at VMware Tanzu, and continuing with Kobi Shamama, Sales Director at VMware Tanzu, and Yaniv Norman, Senior Solution Engineer at VMware Tanzu. Cristian Radu And Adrian Lazar (both from VMware Romania) had a powerful conversation about journey to multi-cloud. I had my slot as well, talking about community power and about my journey from VMUG spectator to VMware Explore speaker.

Middle of October had us meet for the last time in 2022, in a special location, VMAX Karting track in Bucharest. Unfortunately Cormac Hogan, our keynote speaker, was not able to attend the event in person, so we had to stream him to the huge screen from the track. Cristian Radu told us about the news coming with vSphere 8, and then Razvan Ionescu, VMUG leader, told us a story from the beginning of the IT industry.

Read More
Cannot Contact Host in vCenter 8

Cannot Contact Host in vCenter 8

Recently I was doing some jobs in the home lab and at some point I was trying to add a new vSphere host called nuc01.cloudhat.local into a vCenter 8 cluster, but I immediately received an error:

Cannot contact host nuc01.cloudhat.local

This was a new vCenter 8 environment and a new vSphere host. I started to debug the issue using my Windows jump VM. The new vSphere host was responding to ping using the IP address, but DNS resolution was not working. I switched to my DNS server and of course, DNS records were missing for the new host. I added the missing DNS records and then I switched back to my Windows VM to check DNS resolution:

C:\>nslookup nuc01.cloudhat.local
Server:  dns.cloudhat.local
Address:  192.168.0.222

Name:    nuc01.cloudhat.local
Address:  192.168.0.111

This time it was looking good, so I went back to vCenter to retry the “Add Hosts” to cluster operation, just to receive same error: “Cannot contact host”.

Read More
VMware vCenter Server 8 build 20519528

How to Install VMware vCenter Server 8

Middle of October 2022, VMware released the new version 8 of the vCenter Server. Finally I got some time to update my home lab. In this article I will demonstrate how to install VMware vCenter Server 8.

To start, you need an installation kit of vCenter Server 8. For this article, I will use the GA version of vCenter Server 8.0.0 – VMware-VCSA-all-8.0.0-20519528.iso.

Same as in the previous versions of vCenter Server, the installation process consists in two separate stages. At the end of the first stage you will have the appliance installed, then in the second stage you will configure it.

Install vCenter Server 8 – Stage 1 – Install the VM

To launch the installer I will use a Windows virtual machine (you can also use a Mac or a Linux system). Unzip the ISO archive and navigate to VMware-VCSA-all-8.0.0-20519528\vcsa-ui-installer\win32 folder. Launch installer.exe and begin to install vCenter Server 8.

Read More
ThinkAgile VX Deployer

Lenovo ThinkAgile VX Deployer

When you do work that feels good, time flies. LinkedIn reminded me that I joined Lenovo 2 years ago, but I still have a vivid memory of my first day at Lenovo, in the middle of the pandemic: get in the office, spend 20 minutes to get the IT equipment, and then rush home. I realized I wrote nothing on my blog about my work at Lenovo, so I’ll correct this quickly.

In the middle of the COVID-19 crisis priorities changed, for me like for a lot of other people. I decided that 20 years spent in IT operations are enough. During my search for other opportunities, I met the people from Lenovo and I liked their involvement in the community, given my implication in the VMUG community I felt we are sharing similar vision. So here I am jumping in a different boat, software development. I was lucky enough to join a new initiative in Lenovo and help developing a product from scratch, a tool to automate installation and configuration of a vSAN cluster.

What is ThinkAgile VX Deployer?

ThinkAgile VX Deployer is a GUI-based wizard that guides a VMware administrator through the deployment of vSAN clusters on top of Lenovo ThinkAgile VX Integrated Systems. We designed the Deployer to be as simple to use as possible. You just install the VX servers in rack, and then fire the VX Deployer. You don’t need to configure out-of-band interfaces, you don’t need to power on the servers, you just need the right amount of network connections.

Read More
VMware Explore US 2022

VMware Explore – Confessions of a First-Time Speaker

2022 felt like a rollercoaster to me, in part due to an unexpected event. On August 30, in a big room from Moscone West, San Francisco, I presented my first session in a VMware Explore / VMworld conference: “Accelerate Time to Business Value and Achieve Faster Deployment with Lenovo ThinkAgile VX Deployer”, #MCLB1601US.This was an intense experience, so I feel that telling the story of a first-time presenter at Explore will be something interesting to my readers.

Wow! VMware Explore US

Close to the end of April 2022, answering an internal Lenovo call, I got the opportunity to submit a proposal for a VMware Explore session. Beginning of May, I submitted my proposal: a title no longer then 75 characters and a description no longer than 850 characters. I knew getting a session accepted is hard, so I got close to no hope of moving on to the next phase.

The morning of June 23 came with a big surprise:

Dear Constantin,
Congratulations! We are happy to announce that your session(s) has/have been accepted for VMware Explore 2022 US taking place at Moscone Convention Center in San Francisco, CA from August 29 – September 1st, 2022.

Read More
VMware vCenter 7.0.3d CLI

VMware vCenter Server 7.0 Update 3d – How to Install Using the CLI

In this article I will demonstrate an unattended installation of vCenter Server 7.0 Update 3d.

To follow along you will need:

  • installation ISO for vCenter Server 7.0 Update 3d, which you can download from your My.VMware account: VMware-VCSA-all-7.0.3-19480866.iso
  • a text editor. I used Microsoft Visual Studio Code, but you can really use any text editor.
  • the ability to run CLI commands. I used a Windows server to launch the command, but VMware also provides binaries for Linux and Mac.

Prepare the JSON Configuration File

VMware provides a number of JSON template files, so we don’t have to start from scratch. Inside the ISO file, we can navigate to vcsa-cli-installer\templates\install to see the available templates. There are 5 templates, among them:

  • embedded_vCSA_on_ESXi.json – minimum configuration required for the deployment of vCSA on an ESXi host.
  • embedded_vCSA_on_VC.json – minimum configuration required for the deployment of vCSA on a vCenter Server instance.
Read More
VMware Cloud Foundation 4.4

VMware Cloud Foundation 4.4

VMware recently announced general availability of VMware Cloud Foundation 4.4.

VMware Cloud Foundation 4.4 Bill of Materials

The Bill of Materials for VMware Cloud Foundation 4.4 includes the following products:

  • Cloud Builder 4.4
  • SDDC Manager 4.4
  • vCenter Server 7.0 Update 3c
  • vSphere 7.0 Update 3c with Tanzu
  • vSAN 7.0 Update 3c
  • NSX-T Data Center 3.1.3.5
  • vRealize Suite Lifecycle Manager 8.6.2
    • vRealize Log Insight 8.6.2
    • vRealize Operations 8.6.2
    • vRealize Automation 8.6.2
    • Workspace ONE Access 3.3.6
Read More
Automation

vRealize Automation 8.5

VMware recently announced general availability of vRealize Automation 8.5. I will dive in what’s new in vRA 8.5, what they fixed and what’s still pending there.

Generally speaking, vRealize Automation 8.5 adds capabilities focusing on the areas of multi-cloud support with Azure, extensibility with vRealize Orchestrator and ABX as well as expansion of network automation capabilities with vSphere and NSX.

What’s new in vRealize Automation 8.5

  • Project Administrator can act as Approver for all approval requests – When creating an approval policy, administrators can select a Project Administrator (for the project in which the approval was triggered) as the approver.
  • Configure when IP address from IPAM is released – You can configure how long it takes for an IP address to be released from allocation once it is no longer used. This allows for faster provisioning of new workloads where IP addresses are scarce.
  • Limit the number of namespaces for a project on a Kubernetes zone – The maximum number of supervisor namespaces that can be deployed for the project on a given K8s zone now has a configurable limit.
  • VMware vRealize Orchestrator plug-in for vRealize Automation 8.5 – The updated vRealize Automation plug-in supports scripting objects generation such as cloud accounts, cloud zones, projects, tags, and CRUD operations to build your own content.
  • Enable resources across Azure regions to be added to the same resource group – An Azure resource group is created in an Azure region. However, resources from any Azure region can be added into it. This feature enables admins to add resources from other regions into the Azure RG.
  • Snapshot management for Azure disks – You can now pass the resource group name, encryption set, and network policy while creating the disk snapshot.
  • Ability to enable/disable boot diagnostics for Azure VMs – Day 2 – You can enable/disable boot diagnostics for Azure VMs as a day 2 action.
  • Support for NSX-V to NSX-T migration with vSphere 6.7 – vRealize Automation NSX-V to NSX-T migration now supports migrating deployments that are running on vSphere 6.7.
  • Support for existing global security group as part of NSX-T Federation – vRealize Automation can now discover global security groups configured under NSX-T global manager. These groups can be leveraged in network profiles and VMware Cloud Templates to build deployments.
  • Custom Roles API – The APIs for Custom Roles (RBAC) are now available (Create, Read, List, Update, Delete).
  • Notifications – The Service Broker administrator can view the list of available email notification scenarios and enable or disable them for all users in their organization.
  • Terraform runtime environment authentication – This release introduces authentication for adding Terraform service runtime version to vRA for more secure environments.
Read More
Security Advisory

VMSA-2021-0014 – VMware ESXi Vulnerabilities

VMware has released a new security advisory VMSA-2021-0014: VMware ESXi updates address authentication and denial of service vulnerabilities (CVE-2021-21994, CVE-2021-21995).

Multiple vulnerabilities in VMware ESXi were privately reported to VMware. Updates and workarounds are available to remediate these vulnerabilities in affected VMware products. This advisory documents the remediation of one important issue (CVSSv3 score 7) and one moderate issue (CVSSv3 score 5.3).

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2021-21994 to the ESXi SFCB improper authentication vulnerability and CVE-2021-21995 to the ESXi OpenSLP denial-of-service vulnerability.

VMSA-2021-0014 – Description and Workarounds

A malicious actor with network access to port 5989 on ESXi may exploit the SFCB improper authentication vulnerability to bypass SFCB authentication by sending a specially crafted request. SFCB service is disabled by default. The service starts when you install a third-party CIM VIB, for example, when you run the esxcli software vib install -n VIBname command. You can check status and disable SFCB service using:

Read More