Deprecated: Funksjonen jetpack_form_register_pattern er foreldet siden versjon jetpack-13.4! Bruk Automattic\Jetpack\Forms\ContactForm\Util::register_pattern i stedet. in /customers/8/5/b/vedaa.net/httpd.www/wp-includes/functions.php on line 6078
Warning: Cannot modify header information - headers already sent by (output started at /customers/8/5/b/vedaa.net/httpd.www/wp-includes/functions.php:6078) in /customers/8/5/b/vedaa.net/httpd.www/wp-includes/feed-rss2.php on line 8
Innlegget How to deploy vRealize Log Insight with reduced disk size dukket først opp på Vedaa.net.
]]>This blog post is a result of me ranting to a colleague about vRealize Suite Lifecycle Manager (vRSLCM) not supporting deployment of the extra small vRealize Log Insight node. I do not know the official reason for this, but I guess it is because the extra small node is only meant for proof-of-concept and test deployments.
The reason for reducing the storage footprint on Log Insight is because it will eventually fill all its available storage space with log data. And using 500 GB of storage space in a lab environment is probably never desirable.
Use the Extra Small version of the appliance in a proof-of-concept or test environment, but not in a production environment. This configuration supports up to 20 ESXi hosts (~200 events/second or ~3GB/day) .
From the Log Insight documentation Sizing the vRealize Log Insight Virtual Appliance
During this spontaneous brainstorming session where I wanted to deploy Log Insight with a smaller storage footprint than default. We did a few tests and found that it was easy to achieve this as long as we don’t use vRSLCM. Or could we?
RESOURCES | MINIMUM REQUIREMENT |
---|---|
Memory | 4 GB |
vCPU | 2 |
Storage Space | 530 GB |
This table shows default setup for the extra small node. In the next section I have listed the steps on how to choose your own storage size.
Deploying Log Insight appliance with a smaller disk size is supprisingly easy. Just follow these few steps.
As you can see from the Live Storage picture, I don’t get 100 GB of usable storage space so it is probably a good idea to give it more disk space than 30 GB.
This is off course not a supported setup, but it can be a good solution for reducing the size of your vRealize Log Insight deployment in a lab or for other testing purposes.
There is probably not many use cases for this way of doing it, but that doesn’t mean we should test it. So here is a few of the questions we asked ourself and tested before we found a solution.
Question | answer |
---|---|
Can I deploy vRealize Log Insight extra small node with vRSLCM? | No |
Can i deploy small node using vRSLCM and then change storage size later? | No (no option to stop autostart of VM) |
Is the Extra small setup having a smaller disk than the small appliance? | No |
Can I deploy vRealize Log Insight manually using downloaded ova and reconfigure the VM with a smaller disk? | Yes |
Can do a switcheroo? Delete VM deployed by vRSLCM before the process realizes that the VM is available and deploy an extra small node using method described previously? | Yes |
Im not sure of the timeout limit in vRSLCM but it was long enough for me to do the deployment without failing. And if it should stop with a failure, my guess is that you can click retry and it will continue.
Another option that is probably also possible is to deploy Log Insight manually in and then import it into vRSLCM later, but I have not tested this.
Sizing the vRealize Log Insight Virtual Appliance
Minimum Requirements
How To Deploy Log Insight With Less Than 500GB Of Storage
Innlegget How to deploy vRealize Log Insight with reduced disk size dukket først opp på Vedaa.net.
]]>Innlegget How to add Active Directory using vRealize Suite Lifecycle Manager dukket først opp på Vedaa.net.
]]>First you need to login as admin@local and go to Identity and Tenant Management then to Directories and Add Directory. Choose Active directory over LDAP
Insert your details as shown in picture below. when you have added all the details click the Test Connection button. If all is green you are good if not you need to start troubleshooting. Start with verifying that all the details indeed are correct.
On the next screen verify that it has found the correct domain and click Save And Next
On the Attribute page you can choose to go with det defaults shown in this picture or you can make changes if needed. Click Save and Next.
In the Group Selection section you must add a DNs for the groups you want to synchronize into vIDM. If you for some reason only want to add users you can do that in the next section. When you are satisfied with your selection click Save and Next.
Select any users you want to sync that is not in any of your synced groups and click Save and Next
In this next section a dry run will be performed and you will get a summary of the users and groups that will be synced and a warning if any of the users don’t contain the required attributes and therefor cannot be synchronized. If you are not satisfied you can always click Back button and do changes. When you are happy click Sync and Complete.
You can now use AD users and groups within Identity Manager.
It can be smart to go through the directory settings inside the vIDM appliance after setup to change Sync Frequency and other settings. By default the sync is once pr week.
If you want to go further and enable true SSO for your users take a look at How to enable True SSO for vRealize Suite logins.
Innlegget How to add Active Directory using vRealize Suite Lifecycle Manager dukket først opp på Vedaa.net.
]]>Innlegget Patching with vRealize Suite Lifecycle Manager dukket først opp på Vedaa.net.
]]>VMware just released a security patch for vROps with severity critical. Here is a quick walkthrough on how you can do the patching from vRealize Suite Lifecycle manager.
First you must login to vRSLCM with admin@local account. Then go to Binary Mapping. Click on Patch Binaries and Check Patches Online to update vRSLCM with the latest patches.
When that is done you should have all the latest patches available in the Binary Mapping – > Patch Binaries view. To download the patch you need to click the download icon under Action.
Sadly it is not possible to sort by ReleaseDate or filter by year / month so you need to find it by looking through the pages or filtering by 8.3 in version.
When the patch is downloaded you can head over to the Environments section and find your vROps installations. Choose your deployment and navigate to Install Patch.
Attention: Make sure you have taken your cluster offline and created a snapshot before you proceed.
Select the patch and hit next
Review and click Install
The patch installation will take the cluster offline during the process
vRSLCM will now install the patch for you.
My installation took almost 1 hour but may vary between different setups. Also remember to remove the snapshot when you have verified that everything is working as is should.
When using the vRSLCM appliance to do patching and upgrades it makes your job easier and its less prone to errors or mistake. It is not perfect but its better than the alternative. I have also added my takeaways from the process and where it could improve.
VMware vRealize Operations security patches (83260)
VMSA-2021-0004
Innlegget Patching with vRealize Suite Lifecycle Manager dukket først opp på Vedaa.net.
]]>Innlegget VMware vRealize og vCloud Suite kampanje dukket først opp på Vedaa.net.
]]>vRealize Suite Standard inneholder fire tjenester. vRealize Suite Lifecycle Manager med VMware Identity Manager, vRealize Operations Manager og vRealize Log Insight.
vRealize Suite og vCloud Suite pakkene er helt lik med unntak av at vCloud Suite inneholder vSphere Enterprise plus.
vRealize Suite | vCloud Suite |
vRealize Suite Lifecycle Manager | vRealize Suite Lifecycle Manager |
vRealize Operations Manager | vRealize Operations Manager |
vRealize Log Insight | vRealize Log Insight |
VMware Identity Manager | VMware Identity Manager |
vSphere Enterprise Plus |
vRealize Suite inneholder verktøyene du trenger for å full oversikt og kontroll i datasenteret ditt, on-prem eller i sky. For mer info se VMware sine produktsider. Eller sjekk ut noen av VMware innleggene mine
De fleste kan utnytte denne rabatten da den gjelder på ny kjøp av vRealize Suite og oppgradering for dem med eksisterende vRealize Operations Standard lisenser (pr CPU)
Man kan også benytte rabatten ved oppgradering av vSphere lisenser til vCloud Suite, se listen under for detaljer.
Produktnummer | Produkt Beskrivelse |
VR19-STD-PRO | VMware vRealize Suite 2019 Standard (Per PLU) Promo |
CL19-STD-PRO | VMware vCloud Suite 2019 Standard Promo |
CL19-STD7-STD-UG-PRO | Upgrade: VMware vSphere 7 Standard to vCloud Suite 2019 Standard Promo |
CL19-ENT7-STD-UG-PRO | Upgrade: VMware vSphere 7 Enterprise to vCloud Suite 2019 Standard Promo |
CL19-EPL7-STD-UG-PRO | Upgrade: VMware vSphere 7 Enterprise Plus to vCloud Suite 2019 Standard Promo |
VR19-OSTC-STD-UG-PRO | Upgrade: VMware vRealize Operations 8 Standard (Per CPU) to VMware vRealize Suite 2019 Standard (Per PLU) Promo |
https://www.vmware.com/se/promotions/2020-vrealize-suite.html
https://blogs.vmware.com/management/2020/08/vrealize-vcloud-suite-promo.html
https://www.vmware.com/products/vrealize-suite.html
Innlegget VMware vRealize og vCloud Suite kampanje dukket først opp på Vedaa.net.
]]>Innlegget Backup your vRealize Operations dashboards with vRealize Suite Lifecycle Manager dukket først opp på Vedaa.net.
]]>vRealize Suite Lifecycle manager contains a feature called Content Management, this can among others be used to backup the content of your vRealize Operations Management Appliance. Like dashboards, views, alerts, super metrics, reports and other customizable content.
First you need to go to content management in your Lifecycle Manager Dashboard and add a «New Endpoint» Choose vRealize Operations from the «Choose endpoint type» menu.
As you can see it is also possible to add other endpoints as well.
You would then need to add the following details (Name, FQDN, admin and root passwords for your vROps Appliance. Click next and configure policy settings.
In the policy setting you can configure some details about your endpoint. For capturing dashboard we only need «Allow content to be captured from this endpoint»
When that is done go to the content menu and click add content, choose your newly added vRealize Operations endpoint. Capture is selected as action by default. click proceed.
On the capture details page, click the dropdown «select capture endpoint» and select your newly added vROps endpoint. Select what content you want to capture and click done. You must also add a comment before you can hit and hit next and submit.
Now you can watch the progress under content pipelines and under content you will see a list of all the content captured.
If you click on the content, you’ll get to see more details and the option to deploy the content to your endpoints.
Once you have captured your content you can from the content menu deploy it back to the same vROps instance or to another one if you have multiple environments.
Backup of your customized content is nice if something should happen to it or your vROps environment. This is just one small part of what the content management feature in vRSLCM can be used for.
During my testing of this feature I got some issues when I tried to capture dashboards owned by other users than the admin user. I’m not sure why this is but I was not able to get it to work.
20.04.2020 I have now tested this with a new clean installation on 8.1 and the issue is the same. It leads me to believe it is a «feature»
Error message was: "Dashboard <dashboardname> not found for user admin"
VMware Docs, Content Management
Innlegget Backup your vRealize Operations dashboards with vRealize Suite Lifecycle Manager dukket først opp på Vedaa.net.
]]>Innlegget Broken connection between vRSLCM and vRops dukket først opp på Vedaa.net.
]]>Not long ago the connection between vRealize Lifecycle Manager and vRealize Operations Manager «failed» or to be more specific when I trigger an inventory sync of vRops from vRSLCM. It failed with the error LCMVROPSYSTEM25000
First access your vRops master node https://IPaddressOFvrops/casa/node/config
Login with the same credentials used by vRSLCM (admin user) You should get an error message like this:
{«error_message_key»:»general.failure»,»error_arguments»:[«1″,»Note: Forwarding request to ‘systemctl is-enabled’.\n»],»error_message»:»»}
Log into your vRops nodes with root user and run the following command
systemctl list-unit-files
You should se that sshd.service is listed as disabled. Then run the following command
systemctl enable sshd.service
Do this on all vRops nodes, then go back to vRSLCM and try trigger inventory sync. You should now see that the request goes through.
Innlegget Broken connection between vRSLCM and vRops dukket først opp på Vedaa.net.
]]>Innlegget Limitations when using Workspace One Access for «free» with vRSLCM? dukket først opp på Vedaa.net.
]]>When you install vRealize Suite Lifecycle manager It comes with the Workspace One Access (VMware Identity Manager) And in this appliance you get a lot of options and no limitations in any way. So it is up to you to avoid using any features that you are not allowed to use. If you do then you might be in breach of the EULA.
So I went on a google search for answers to this question and boy I can tell you that it is not straight forward. I have also tried to get VMware to give me a statement or point me to the correct documentation where they say what I can and can’t do.
As I said you are not limited in any way and you could use all its functionality. But if you do you would then be in breach og the EULA according to an VMware Product Manager. So a problem arises, you could easily be in a breach without knowingly doing so.
After some investigation I was pointed to the VMware Product Guide where the following is stated.
Workspace ONE Access feature. A license to use VMware NSX Data Center (any edition) or NSX Cloud (any edition) includes an entitlement to use the Workspace ONE Access feature, but only for the following functionalities:
A license to use VMware vRealize Log Insight includes an entitlement to use the Workspace ONE Access feature, but only for the following functionalities:
The quick answer is NO, when you look at the text I would interpret it to only apply if I have NSX and or Log insight license. Not for vRA, vRops, vRNI, vRB and vRSLCM. I would also argue that there is a problem with the wording. If you look at point 4 and 5 and the inclusion of , and at the end, does it imply that point 5 is also not allowed?
And what about when they first say «but only for the following functionalities« and then inside a point they say «may not be used« What may not be used?
That I may not use single sign on with anything else than NSX and vRLI?
«single-sign-on functionality to access VMware products that support single-sign-on capabilities»
I honestly don’t know that to get out of this other than it doesn’t apply to this use case and that it is a shoehorn attempt to make a text fit something it is not meant to fit.
When you look at the VMware download page for Identity Manger 3.3.1 it clearly stated what it can be used for. But it doesn’t go into details.
«Download VMware Identity Manager 3.3.1 (for vRA, vRops, vRLI, vRB, vRNI, NSX only)«
If any of you have any insight on this please give me an update.
Innlegget Limitations when using Workspace One Access for «free» with vRSLCM? dukket først opp på Vedaa.net.
]]>Innlegget How to configure SSO web links in VMware Identity Manager Catalog for vRealize Suite Lifecycle Manager imported products dukket først opp på Vedaa.net.
]]>Anyways if you have imported an existing product into vRSLCM and you are missing the SSO link in your catalog. This is how I fixed it (don’t know if this is the official way)
First you need to enable login with identity manager for the product you want to configure SSO for. When that is done and working do the following for the different products.
Right click on the login button and copy the URL. You will get something like the url listed under. You just need to fix the URL in the end to be like mine but with your vRNI link.
https://YOUR.IDENTITYMANAGER.FQDN/SAAS/auth/oauth2/authorize?response_type=code&client_id=YOURID_auth_grant&scope=openid+user+email&redirect_uri=http://YOUR.VRNI.FQDN/#home
For the vROPS I was not able to use get the correct URL in the same way, here I used F12 in Google Chrome and recorded my login. I found the correct URL on the first line «authorize?response_type=…………..» and It should look something like this.
https:/your.identitymanager.fqdn/SAAS/auth/oauth2/authorize?response_type=code&client_id=yourid&redirect_uri=https://your.vrops.fqdn/ui/vidmClient/vidm
When you got the URL go into your Identity managers Administrator Console and under Catalog and Web Apps create a new web link.
In the Configuration menu choose Authentication Type «Web Application Link» and in Target URL insert the URL you copied from vRealize Network Insight login screen.
Innlegget How to configure SSO web links in VMware Identity Manager Catalog for vRealize Suite Lifecycle Manager imported products dukket først opp på Vedaa.net.
]]>Innlegget How to delete locker password entries in vRealize Suite Lifecycle Manager dukket først opp på Vedaa.net.
]]>Update 10.2020: In version 8.2 you can finally manage and delete passwords from the GUI
In vRealize Lifecycle Manager 8.0 VMware introduced «Locker» this is where you store certificates, licenses and passwords. If you for some reason add a password that is wrong or you want to delete an old one you are in trouble. There is no way to delete entries through GUI or CLI. But you can do it through the API!
First you might need to install a software to do the API calls. I used Postman and you can download it here.
When you have installed or if you already have postman, you need to do the following
First you need to insert your credentials in the Authorization tab inside postman and send this POST command. Remember to insert your vRSLCM FQDN address.
POST https://vrslcm.your.fqdn/lcm/authzn/api/login
If login is successful you will get «Login Successfully» in return.
In versjon 8.0.1 of vrslcm and you also need to copy the Authorization Key Value found under Headers and Temporary Headers in postman.
Example: YWRtaW5AbG9jYWw6Vk13YXJlMTIzIQ
GET https://vrslcm.your.fqdn/lcm/locker/api/passwords/
The GET command will give you a list of all the passwords and they’re vmid. Copy the vmid that you want to delete and use it instead of «vmid» below when you send DELETE command.
Update:
It appears that in version 8.0.1 this command is no longer possible.
DELETE http://vrslcm.your.fqdn:8080/lcm/locker/api/passwords/vmid
Run the GET command again to see that the password has been removed or refresh the locker page in the GUI of vRSLCM.
Login with root user to your vRSLCM appliance through SSH. and run the following command.
Remember to replace the IDs in bold with your own. First ID with the vmid from the GET passwords command. And the last ID with the Authorization KEY Value.
curl -X DELETE 'http://localhost:8080/lcm/locker/api/passwords/5581b687-a26c-4495-a8ed-11486c79fd81' -H 'Accept: application/json' -H 'Content-Type: application/json' -H 'Authorization: Basic YWRtaW5AbG9jYWw6Vk13YXJlMTIzIQ ' -k
Innlegget How to delete locker password entries in vRealize Suite Lifecycle Manager dukket først opp på Vedaa.net.
]]>Innlegget How to re-establish trust between vRealize Suite Lifecycle Manager and VMware Identity Manager after replacing self-signed certificate dukket først opp på Vedaa.net.
]]>In vRSLCM you can easily replace the self-signed certificate on the vIDM appliance if you have previously imported it into the locker. Just go through the «Replace Certificate» prosess and do the included precheck.
You will probably get the same warning as I did. If you click finish it will replace the certificate and everything looks fine until you try «Trigger Inventory Sync» from vRSLCM. It will fail with the following error:
com.vmware.vrealize.lcm.util.exception.SshAuthenticationFailureException: Cannot execute ssh commands. Please verify the ssh login credentials
at com.vmware.vrealize.lcm.util.SshUtils.execute(SshUtils.java:393)
at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:307)
at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:290)
at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:333)
at com.vmware.vrealize.lcm.drivers.commonplugin.task.VerifySshConnectionTask.CheckForSshConnection(VerifySshConnectionTask.java:165)
at com.vmware.vrealize.lcm.drivers.commonplugin.task.VerifySshConnectionTask.execute(VerifySshConnectionTask.java:125)
at com.vmware.vrealize.lcm.drivers.commonplugin.task.VerifySshConnectionTask.retry(VerifySshConnectionTask.java:282)
at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:43)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.RuntimeException: Cannot create session for ssh://root@xx.xx.xx.xx
at com.vmware.vrealize.lcm.util.SessionHolder.newSession(SessionHolder.java:57)
at com.vmware.vrealize.lcm.util.SessionHolder.<init>(SessionHolder.java:37)
at com.vmware.vrealize.lcm.util.SshUtils.execute(SshUtils.java:346)
… 10 more
Caused by: com.jcraft.jsch.JSchException: Auth fail at com.jcraft.jsch.Session.connect(Session.java:519)
at com.vmware.vrealize.lcm.util.SessionHolder.newSession(SessionHolder.java:53)
… 12 more
1. SSH to vIDM and log in as sshuser. Run the following command to become the root user. su root
2. Edit the file /etc/ssh/sshd_config and change the value of PermitRootLogin to yesPermitRootLogin yes
3. Run the following command to restart the sshd service.service sshd restart
«Trigger Inventory Sync» and it will complete successfully
Innlegget How to re-establish trust between vRealize Suite Lifecycle Manager and VMware Identity Manager after replacing self-signed certificate dukket først opp på Vedaa.net.
]]>