Deploying vRA 8.3 using the Easy Installer

In this guide i will go over the deployment of vRA 8.3 using the Easy Installer. The reason i like the Easy Installer is because it deploys everything that i need. vIDM, Lifecycle Manager as well as vRA.

To get started we need to download the installer from here.

Once downloaded mount the iso as a drive using your favorite tool or extract it as a archive using something like 7-zip

Once mounted go to the CDROM in the mac directory if on mac or win32 if you are on windows. In here run the installer file

We will be presented with the following window:

The migration option allows us to migrate from from vRSLCM 2.1 to 8.3, it can migrate Datacenter and vCenters, all existing environments, DNS, SNMP, NTP, My VMware, proxy details, migration of vIDM installation as well as Blackstone Content endpoints. For the purpose of this guide we will process with the Install option

Once we click Install we will be presented with an Introduction of what components will be included part on the installation. In my case i can see vRealize Automation 8.3, Lifecycle Manager 8.3, Identity Manager 3.3.4.

Click Next, Review, accept the agreement and click next

Provide the vCenter details and click next. In my case i used the administrator account. A detailed list of permissions needed for deployment can be found here

Sections 4, 5, 6 and 7 are straight foward so i will skip them

In section 8 select a password that will be used across all products for the local usernames. ex for LCM root and local admin, vIDM admin, sshuser, root etc

Select a VM name for the Lifecycle Manager appliance and its ip credentials. If you are expecting a large repository in lifecycle manager we can add additional disk under the Increase Disk Size in GB section.

The FIPS Mode compliance option enforces FIPS compliance, however keep in mind that with the FIPS mode enabled there are limitation on what the product can do. This can be disabled later and re enabled as needed.

Complete the fields and click next

The next portion is vIDM. In case there is an existing vIDM appliance in the environment we can also import and existing vIDM appliance. In my case i will deploy a new one.

One important option under vIDM is the Sync Group Members to the Directory When Adding Group. When enabled, members of the groups are synced when groups are added from Active Directory. When this is disabled, group names are synced to the directory, but members of the group are not synced until the group is entitled to an application or the group name is added to an access policy. Note: Post deployment this value cannot be changed from vRealize Suite Lifecycle Manager. To update this field post deployment, navigate to VMware Identity Manager

My configuration page looks like this:

The next section is the vRA Configuration. In here we have a couple of options. We can perform a standard 1 node deployment or a cluster deployment which includes 3 appliances. The FIPS Compliance mode enables FIPS compliance. Unlike LCM this mode cannot be disabled after the deployment. This disables a number of options in vRA from an LCM perspective. Please make sure that its only enabled if required.

The advanced configuration at the bottom of the page includes the option to change the internal Kubernetes cluster and Service ip range. This is useful if the default range is already in use on the internal network. We want to make sure we pick an ip range thats not used somewhere else in order to avoid conflicts. Once complete click next

The next page gives us a summary of our deployment and we can click submit to start the deployment.

Next we are presented with the installation process. We can follow it along, in my environment the full deployment took about 1.5 hrs

After the install is complete we are presented to links for the different services

Next i would recommend LCM certificate management found here

How to forcibly delete an NSX-T 3 Segment

I recently ran in to a problem where i couldnt delete an NSX segment so i went exploring the API. The API guide can be found here

The method used is delete policy/api/v1/infra/segments/{segment-id}?force=true

It would look like this in Postman:

To list the segments we can use a get request towards /policy/api/v1/infra/segments/

Creating a customized Snapshot as a Day 2 Action in vRA 8.2

I wanted to give my users the capability to create a snapshot but limit them to only 1 snapshot and have a predefined description from the snapshot so i can know that it was taken from vRA.

For the purpose of this i will be using a customer workflow in Orchestrator and Resource Actions and in Cloud Assembly.

Since Orchestrator comes with a number of pre defined workflows in always like to jump start by find something thats similar with what im trying to do. For the purpose of this we will be using the Create Snapshot Workflow.

To get started we can go to Orchestrator -> Workflows -> search for Create a snapshot. Once found we can click on Actions -> Duplicate

We can see that a Copy has been created. We will modify this so it can fit the custom specifications required.

Click on Open on the Copy:

Change the name to something more meaningful like VM Snapshot

Click on Variables, select all the variables and click Delete

Click on New, give it a title like errMachineHasSnapshot and a value thatw ill displayed if a VM has an existing snapshot like The virtual machine already has a snaphost. Please delete this snapshot before trying this action again. Click Create

Click on the Schema tab and delete the existing items by clicking on the red x on the top right corner

Drag and drop from the left a Decision, throw exception and a workflow element in to the canvas

I named the first step VM Has Snapshot?. Under inputs i added vm. It would look like the screenshot below

Under the javascript we will be using this code

    var snapshots = System.getModule("com.vmware.library.vc.vm.snapshot").getAllSnapshotsOfVM(vm) ;  
    if (snapshots == null || snapshots.length == 0) {  
      // No snapshots found; proceed with creating a new one  
      return true;  
    } else {  
      // Found at least one snapshot; end the workflow  
      return false;  
    } 

The error handling Exception Handling we will be using the previously created errMachineHasSnapshot

The workflow element should look like this after selecting the Workflow Create a snapshot

The next step is to fix the inputs. We will be removing the Choose the VM tab by clicking on the x

We will be replacing the first item with vm and the display type

It should look like this:

In the end we should have the following:

Next go to Actions and click on New Action

Give it a Name and a Module name

Under Script type in

var allVms = VcPlugin.getAllVirtualMachines();
for (var I in allVms) {
    if (allVms[I].name === name) {
        return allVms[I];
    }
}
return null;

Under the Return type enter VC:VirtualMachine. Under the Inputs type in name and click Create on the bottom left

Once were done we can save it and move on to Cloud assembly to create the resource action

Go to Cloud Assembly -> Design -> Resource Actions click on new resource action

In the name field type something like CustomSnapshot, Display name VM Snapshot, give a description and toggle the activate switch to on

Under Resource type click on add pick Cloud.vSphere.Machine

Under Workflow click Add and pick VM Snapshot

In the Property Binding pick getVmByName action and under string enter ${properties.resourceName}

On the bottom click on edit request parameters

click on vm and change the Label to Reason and Display type to DropDown

Under Values Type in the options that you want to have shown Separated by , ex: Patching,New Release

Under Constraints make it as required by Picking Yes in the required field

The other fields and options can be modified as needed

Once everything is saved we can test out the Day 2 action by going to an existing deployment and trying to create a snapshot. We can see in the menu an additional option all the way to the bottom:

When choosing the option we can see the custom form that we filled in earlier

Adding events from vCenter to Operations Manager

I recently ran in to a situation where one of the events in vCenter wasn’t showing up in Operations Manager

Doing some research and i found this kb article: 65106

Basically theres a file called eventlist.txt under /usr/lib/vmware-vcops/user/plugins/inbound/vmwarevi_adapter3/conf/ on the master node so i logged on to master node via ssh and did

vi /usr/lib/vmware-vcops/user/plugins/inbound/vmwarevi_adapter3/conf/eventlist.txt

Comment out the event that we want to get alerts for and restart the service by running

service vmware-vcops restart collector

Removing NSX stale packages from ESXi host

I recently ran in to a problem where i wanted to perform a clean configuration of one of my ESXi hosts from an NSX perspective, however i ran in to a problem where NSX was reporting that the packages are already installed. To fix the issue i had to run the following to list the packages installed:

esxcli software vib list | grep -i nsx

Once i had the list all i had to do is uninstall them using:

esxcli software vib remove -n packagename1 -n packagename2 ...

Once the uninstall was complete i was able to redeploy NSX from the NSX Manager

Doing a full restore of the Mac mini M1

I would try the restore options first. You can find instructions for the restore menu here

If the recovery menu doesn’t work put the Mac mini in DFU mode by following the instructions I have here

One the device is in DFU open Apple Configurator 2 (Mac Only sorry Windows folks). Make sure you are at least at version Version 2.13.2

Connect the USB-C cable to the Mac and the Mac mini to the port closest to the ethernet port

If you are presented with the DFU screen below in Apple Configurator 2 the procedure was done correctly

Right click -> Advanced -> Revive device

This will download the operating system and perform a reinstall of the OS preserving the user data

If you would like to erase everything pick the restore option

Apple Configurator 2 will go through downloading the firmware and perform a restore of the system

Booting Mac mini M1 in DFU mode

  1. Disconnect the power cord from the Mac Mini.
  2. Plug USB-C/Thunderbolt cable into the USB-C port next to the ethernet port.
  3. Plug the other end into the Host Mac.
  4. While holding down the power button, connect the Mac Mini to power and continue to hold the power button for about 3-5 seconds
  5. You should now see the DFU logo on the Host Mac.

How to restart the new Mac mini M1 in recovery mode?

I recently purchased one of the newer Mac mini devices with the new M1 chipset. Unfortunately I went with the lower edition that had 256 GB and I wanted to send it back to purchase the bigger 512 GB edition, but I wanted to clean my installation.

In order to to boot in the recovery mode to reinstall the os I had to perform the following steps:

  1. Make sure the Mac mini is off, if its not off just shut it off
  2. Hold the power button until the options appear, it might seem like a long time but keep holding it. It took about 15 seconds for me.
  3. A menu should appear that shows the hard drive and Options. Select options and continue
  4. You will see the apple logo and then a new menu should appear with additional options. It would look like this:

5. If you want to perform a clean install go to Disk Utility first and erase the current partitions, after that step is complete come back to the options screen and Select Reinstall macOS Big Sur and click on continue

Patching\Upgrading ESXi 7 to ESXi7U1 via esxcli

With the latest release of ESXi7U1 i wanted to get my lab up to date. I dont have enough resources in my lab to migrate the vCenter to another ESXi server so i want to perform the upgrade via cli. More details about the release can found here

The first step was to open the firewall for outgoing traffic for http

esxcli network firewall ruleset set -e true -r httpClient

Second step was to list the updates by executing

esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-7

This returned a list of updates that were available:

I reviewed the downloads website here to double check the version. Based on the information i found the ESXi-7.0.1-16850804-standard is the latest release

The next step was to run the update by executing

esxcli software profile update -p ESXi-7.0.1-16850804-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

If you run in to the below error follow my other post here:

Once the upgrade was complete i was presented with this output:

The installation reports that a reboot is not required however the new version wasnt reflected in my vcenter so i went ahead and rebooted the server

After the server was back up, checking in vCenter, the server reports build 16850804

ESXi No space left on device error when upgrading

While i was trying to perform an upgrade to my ESXi installation i ran in to the below error:

The fix was pretty simple. The hypervisor doesnt have enough space to download and install the package so we need to enable one of the available datastores for the function.

For vCenter go to the host in question to Configure -> System -> System Swap

While reviewing the configuration i noticed that i had 2 options enabled

Clicking on the edit button on the right corner i noticed that i can add one of the datastores

After i Clicked ok i was able to continue with my upgrade