Kategoriarkiv: VMware

How to configure SSO web links in VMware Identity Manager Catalog for vRealize Suite Lifecycle Manager imported products

When you deploy a product from vRSLCM its single sign-on link is automatically created in the Identity manager catalog. But if you import an existing vRealize product it will not. Bummer! Or that being said I have not tested importing solutions that already had vIDM configured for authentication without the catalog entry.

Anyways if you have imported an existing product into vRSLCM and you are missing the SSO link in your catalog. This is how I fixed it (don’t know if this is the official way)

First you need to enable login with identity manager for the product you want to configure SSO for. When that is done and working do the following for the different products.

vRealize Network Insight

Right click on the login button and copy the URL. You will get something like the url listed under. You just need to fix the URL in the end to be like mine but with your vRNI link.

https://YOUR.IDENTITYMANAGER.FQDN/SAAS/auth/oauth2/authorize?response_type=code&client_id=YOURID_auth_grant&scope=openid+user+email&redirect_uri=http://YOUR.VRNI.FQDN/#home

vRealize Operations Manager

For the vROPS I was not able to use get the correct URL in the same way, here I used F12 in Google Chrome and recorded my login. I found the correct URL on the first line “authorize?response_type=…………..” and It should look something like this.

https:/your.identitymanager.fqdn/SAAS/auth/oauth2/authorize?response_type=code&client_id=yourid&redirect_uri=https://your.vrops.fqdn/ui/vidmClient/vidm

Add SSO weblink to Identity Manager Catalog

When you got the URL go into your Identity managers Administrator Console and under Catalog and Web Apps create a new web link.
In the Configuration menu choose Authentication TypeWeb Application Link” and in Target URL insert the URL you copied from vRealize Network Insight login screen.

How to delete locker password entries in vRealize Suite Lifecycle Manager

In vRealize Lifecycle Manager 8.0 VMware introduced “Locker” this is where you store certificates, licenses and passwords. If you for some reason add a password that is wrong or you want to delete an old on you are in trouble. There is no way to delete enries through GUI or CLI. But you can do It through API!

Here is how

First you might need to install a software to do the API calls. I used Postman and you can download here.

When you have installed or if you already have postman, you need to do the following

Authenticate

First you need to insert your credentials in the Authorization tab inside postman and send this POST command. Remember to insert your vRSLCM FQDN address.

POST 
https://vrslcm.your.fqdn/lcm/authzn/api/login

If login is successful you will get “Login Successfully” in return.

GET the list of all entries
GET 
https://vrslcm.your.fqdn/lcm/locker/api/passwords/

The GET command will give you a list of all the passwords and they’re vmid. Copy the vmid that you want to delete and use it instead of “vmid” below when you send DELETE command.

DELETE the entries
DELETE http://vrslcm.your.fqdn:8080/lcm/locker/api/passwords/vmid

Run the GET command again to see that the password has been removed or refresh the locker page in the GUI of vRSLCM

How to re-establish trust between vRealize Suite Lifecycle Manager and VMware Identity Manager after replacing self-signed certificate

Im currently working on a deployment of vRealize Suite Lifecycle Manager 8.0 It was deployed using Easy Installer method. And it has given me a few headaches to be honest. Here is the recipe on how to solve one of those issues.

Replace self-signed certificate

In vRSLCM you can easily replace the self-signed certificate on the vIDM appliance if you have previously imported it into the locker. Just go through the “Replace Certificate” prosess and do the included precheck.

Replace Certificate precheck
vIDM Replace Certificate precheck
LCMCOMMON30007

You will probably get the same warning as I did. If you click finish it will replace the certificate and everything looks fine until you try “Trigger Inventory Sync” from vRSLCM. It will fail with the following error:

Error message

com.vmware.vrealize.lcm.util.exception.SshAuthenticationFailureException: Cannot execute ssh commands. Please verify the ssh login credentials 
at com.vmware.vrealize.lcm.util.SshUtils.execute(SshUtils.java:393)
at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:307)
at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:290)
at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:333)
at com.vmware.vrealize.lcm.drivers.commonplugin.task.VerifySshConnectionTask.CheckForSshConnection(VerifySshConnectionTask.java:165)               
at com.vmware.vrealize.lcm.drivers.commonplugin.task.VerifySshConnectionTask.execute(VerifySshConnectionTask.java:125)               
at com.vmware.vrealize.lcm.drivers.commonplugin.task.VerifySshConnectionTask.retry(VerifySshConnectionTask.java:282)               
at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:43)           
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)    
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: Cannot create session for ssh://root@xx.xx.xx.xx
at com.vmware.vrealize.lcm.util.SessionHolder.newSession(SessionHolder.java:57)       
at com.vmware.vrealize.lcm.util.SessionHolder.<init>(SessionHolder.java:37)        
at com.vmware.vrealize.lcm.util.SshUtils.execute(SshUtils.java:346)      
… 10 more
Caused by: com.jcraft.jsch.JSchException: Auth fail at com.jcraft.jsch.Session.connect(Session.java:519)    
at com.vmware.vrealize.lcm.util.SessionHolder.newSession(SessionHolder.java:53)       
… 12 more

How to fix the issue

1. SSH to vIDM and log in as sshuser. Run the following command to become the root user.
su root
2. Edit the file /etc/ssh/sshd_config and change the value of PermitRootLogin to yes
PermitRootLogin yes
3. Run the following command to restart the sshd service.
service sshd restart

“Trigger Inventory Sync” and it will complete successfully

Kom i gang med VMware Skyline

Innlegget finner du også på Atea bloggen

Som konsulent jobber jeg med forskjellige kunder og måter å drifte et VMware miljø på. Mye er likt, men ingen er like. Jeg opplever at mange er flinke til å holde miljøet oppdatert og vedlikeholdt, andre mindre flinke. Dersom du ikke jobber med VMware sine løsninger til daglig blir det fort en utfordring å holde oversikt over nye versjoner, beste praksis og sårbarheter. For å hjelpe på dette har VMware lansert Skyline. I slutten av 2018 ble det sluppet en oppdatert versjon som samtidig ble gjort tilgjengelig for norske kunder.

Hva er Skyline?

VMware Skyline ™ er en proaktiv støttetjeneste tilpasset VMware Global Support Services. VMware Skyline samler, aggregerer og analyserer produktdata, som proaktivt identifiserer potensielle problemer, og hjelper VMware Technical Support Engineers til å forbedre løsningstiden.

Hvilke verdi gir Skyline?

Selv om Skyline ikke nødvendigvis gir alle like mye verdi i dag vil jeg likevel anbefale å sette det opp. VMware planlegger nemlig å legge inn støtte for alle sine systemer i fremtiden. Og tiden det tar å sette opp og vedlikeholde er liten. Om den ikke skulle finne noe får man i hvert fall verifisert at “alt” er i orden. Se informasjonsvideo fra VMware under.

Hva trenger du for å sette opp Skyline?

  • Du trenger en aktiv VMware lisens med Production Support.
  • Installere Collector VM, en OVF med følgende spesifikasjoner: 2vCPU, 8GB Minne og 87.1GB Disk.
  • vCenter Server 6.0 eller nyere.
  • ESXi 6.0 eller nyere.
  • Tilgang ut på port 443 til vcsa.vmware.com og app-updates.vmware.com
Fra TilProtokollPort
Collector VMvcsa.vmware.com
app-updates.vmware.com
TCP/IP443

Hvilke VMware produkter er i dag støttet?

Skyline Advisor er en sky tjeneste og oppdateres fortløpende med nye features. Den har idag støtte for å vise proaktive funn for følgende produkter.

  • VMware vSphere
  • VMware NSX for vSphere
  • VMware vSAN
  • Horizon
  • vRealize Operations

Installasjon

Gå til https://skyline.vmware.com og logg inn med din VMware konto OBS! du må benytte kontoen som er knyttet til VMware lisensen. Om ditt firma ikke er registrert i VMware Cloud Services fra før får du beskjed om å opprette en organisasjon.

Når organisasjonen er opprettet blir du automatisk tatt videre til Skyline installasjonsveiledningen. Det første du må gjøre er å klikke på “Associate Support Entitlement” Om den feiler er du enten logget inn med feil konto eller mangler en aktiv production support avtale.

Følg instruksjonene gjennom steg 1 til 6. Du vil bli guidet gjennom installasjonen av Collector VM i ditt miljø og kobling mot Skyline Advisor.

Skyline Advisor Dashboard

Det tar ca 48timer fra Collector VM er ferdig konfigurert til Skyline Advisor har kvernet igjennom dataene og er klar til å presentere funnene for ditt miljø.

Skyline Dashboard

I denne videoen vises dashbordet som du får tilgang til når Skyline er satt opp og konfigurert.

vRealize Operations Management Pack for Skyline

Om du har vRealize Operations kan det være en ide å se på management pakken for Skyline

Linker til VMware sin dokumentasjon