Category Archives: VMware

Deploying HCX Cloud Manager – Part 1

Posted by on February 5, 2020 No comments

HCX is a magical tool. It allows “Modernization of Mission-Critical Application Infrastructure with a minimal operational overhead, without requiring a retrofit of your legacy infrastructure“. It’s a mouthful right, straight from the HCX product pages. My explaination, in clearer terms, is “it allows you to connect one vCenter in one SSO domain to another vCenter in another SSO domain and migrate VMs“. That’s about as simple as I think I can put it. Yes it can do other stuff but in a nutshell this is its biggest use case.

It’s this exact scenario that I want to try and cover in the next few posts. Deploying and configuring HCX in a datacenter to migrate between two on-prem vCenter servers. Going from a legacy vCenter environment to a new SDDC environment with NSX. I plan on covering just the fundamentals to get HCX up and going as quick and easily as possible.

This guide is going to be long, there’s no way around that. We will initially cover the installation in the destination / target site using the Cloud version of HCX. Along the way I’ll call out anything notable. I recommend going through the pre-installation checklists and covering off the requirements prior to starting.

The first thing we want to do is download the HCX Cloud installer from the My VMware portal and start an OVF deployment. I’m basis the deployment off the R133 release. I recommend using the old Flex Client vs the new H5 client which will no doubt fail to deploy the OVF.

Give the HCX Cloud manager a name and location to deploy.

Select a Datacenter and Cluster.

The OVF Template will validate and present its details.

Scroll down and accept the license agreement.

Select your storage and policy.

Select your network. It’s critical you pick a network that has good connectivity to the rest of your network to save yourself a lot of grief later on. HCX connects to many different services. Ideally it’s on your same management network as vCenter and the rest of your services. There’s a good London Underground PDF map of all the services and ports you will require. If your using firewall rules between your services and network segments this will no doubt be one of the more trickier tasks.

Fill out all the customisations. Passwords, IP addresses, DNS, NTP, etc.

Review your settings and deploy the appliance.

Once the OVF is deployed, power on the VM and browse to its URL on port 9443 to start the configuration wizard (https://hcx-manager:9443). Login with admin and the password you defined during deployment.

Once you login you are given the option to Activate the HCX instance. You can skip this step for now and Activate later. Notice that the type is Cloud. Cloud is what other HCX types (Cloud & Enterprise) connect to.

Define the location of your datacenter. This really doesn’t matter what you select.

Give the manager a system name (hostname).

Select the type of instance to configure. vSphere in this case.

Next we configure vCenter and NSX details that we want to pair up to. This is the vCenter and NSX Manager in the destination / target site we are deploying to. HCX Cloud Manager requires NSX. HCX Enterprise does not. Enterprise can only pair to HCX Cloud but Cloud can pair to other HCX Cloud Managers. This is an important point if you have more than two vCenters and you want to create multi site pair relationships.

Enter in your PSC details. Internal, External, whatever the flavor of the month was when you build vCenter.


Add in the public URL of this HCX Cloud Manager. Most likely this is just the same as your internal DNS name you gave this server.

Finally review your settings and click restart. In a few minutes it will auto login to the management interface.

We’re on the home stretch now. Just a few final pages to check. Click on the Administration Tab and if you’re using a Proxy enter it in. HCX Manager needs to access two external URLs. (connect.hcx.vmware.com and hybridity-depot.vmare.com). I also recommend putting in your internal networks in the Exclusions.

The last thing we need to update on this tab is the Trusted CA Certificates. If you’re using Self-Signed certificates for HCX you need to add them here. You haven’t built a second HCX Manager yet so when you do come back here and add it in. I also like to add in my vCenter servers and NSX servers I’ll be using. I do this really just to sanity check that HCX Manager still has connectivity to this servers after I add a proxy server.

Now head over to the Configuration Tab. You can now enter in your HCX Advanced Key under Licensing. In my case I’m using my NSX key. You may also have an HCX Enterprise key for advanced features but I won’t be discussing any of them so we can ignore it for now.

Finally update the vSphere Role Mapping. This is granting access to log into the User Interface of HCX Manager.

Head over to the Appliance Summary Tab and give the appliance one last reboot and we’re done with the appliance configuration.

Super simple right? Now do it all again for the second HCX Manager in your second (source) datacenter! You have two options at this stage. Use the same HCX Cloud Manager installer or log into the HCX Manager User Interface (drop the 9443 in the URL) and under System Updates download the Enterprise version. Again, the difference being that Enterprise doesn’t ask for or use NSX, at least in the use case I’m covering.

In the next part I will cover creating Site Pairs and Interconnects between these two HCX Managers. This will all be performed from the source site HCX Manager.

VMware HCX Error: Failed to enable replication while exchanging thumbprints

Posted by on January 29, 2020 No comments

I was recently helping a customer configure VMware HCX to migrate from their legacy vSphere environment to a new VxRail SDDC running VMware VCF. We had carefully followed all the prerequisites in configuring firewall rules, proxies, and routing. We were able to successfully initiate vMotions and Cold Migrations but could not achieve a successful Bulk Migration.

Numerous days of testing ports, connectivity between HCX Interconnects, ESXi hosts, and Replication networks showed nothing unusual. Successful vMotions and Cold Migrations but consistent failures with Bulk Migrations.

Migration failed
Failed to enable replication while exchanging thumbprints. Exchange thumbprint failed for serviceMeshIds [“servicemesh-xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx”]

The issue came down to the configuration on VMkernel adaptor vmk0. VxRail configures vmk0 as a host discovery network using only IPv6 addressing. VxRail enables the ESXi Management network on this VMKernel but also provisions vmk2 as the main Management network where you will most likely be configuring an IPv4 address and connecting to your ESXi hosts.

HCX currently does not support IPv6 (as of R133). Despite vmk2 having an IPv4 address and having the Management and Replication networks enabled. HCX was still looking at vmk0, seeing only an IPv6 address, and failing Bulk Migrations.

The resolution turns out to be a relatively easy hack. Placing a dummy IPv4 address in addition to the IPv6 host discovery address on vmk0 is enough to convince HCX to perform a Bulk Migration.

With vmk0 now showing an IPv4 address as the default address instead of the IPv6 Discovery address Bulk Migrations can now be successfully performed.

This is no doubt an edge case using VxRail and HCX. Most customers will be using IPv4 addressing on vmk0. But in rare situations your using a different VMKernel interface other than vmk0 for Management or only using IPv6 on vmk0 this will hopefully resolve the issue, at least temporary for HCX migrations.

Windows Server 2019 support on ESXi and vCenter

Posted by on November 5, 2019 2 comments

I’ve been asked by a few customers recently if Windows Server 2019 is supported on ESXi as they can’t seem to find it in the list of Guest OS in vCenter. Considering that Windows Server 2019 was released back in October 2018. It is quite surprising that on the latest version of ESXi and vCenter (currently 6.7 U3) that Windows Server 2019 is still not listed under Guest OS.

VMware does have a KB article on this, 59222. While it is lacking on detailed information why, it does state that you can select Windows Server 2016 instead.

There is also a link to the VMware Compatibility Guide. Here you will be able to select Windows Server 2019 and list all supported ESXi releases.

You see that all releases of ESXi 6.0, 6.5, and 6.7 are listed under Supported Releases on the Compatibility Guide.

It is worth noting the VMware blog Guest OS Install Guide from the Guest OS Team. This blog lists OS’s as they become supported. Also pay attention to support level. VMware has different levels of support from Tech Preview to Full Support. In the case of Windows Server 2019 it reached Full Support back in November 2018.

So as far installing Windows Server 2019 and selecting a Guest OS of Windows Server 2016 you should be fine and fully supported.

vRealize Easy Installer Walk-through Guide

Posted by on October 22, 2019 No comments

With the recent release of VMware vRealize Suite Lifecycle Manager 8.0 and vRealize Automation, also comes a new deployment tool called vRealize Easy Installer.  The Easy Installer is a tool that streamlines and helps you install vRealize Suite Lifecycle Manager, VMware Identity Manager, and optionally, vRealize Automation via a simple and clean UI.  

The three packages are contained within a single ISO file call VMware vRealize Suite Lifecycle Manager 8.0.0 Easy Installer.  The ISO can be found within the vRealize Suite Download page in the My VMware portal.   Selecting either vRealize Suite Lifecycle Manager or vRealize Automation will take you to the same 9GB ISO download. vIDM still has it’s own individual download if you want/need it.

The Easy Installer is compatible with Linux, Windows, and Mac, which should make it very accessible to a large audience.  I decided to give it a try out and detail the process below.  It’s a rather simple process to follow as long as a few prerequisites specific to the Installer are met first.

On the Memory front, LCM and vIDM both require 2 vCPUs and 6 GB of memory. vRealize Automation on the other hand will require, for a Standard install, 8 vCPUs and 32 GB Memory. You can times that by three for a Clustered install. If you enable Thin Disk provisioning, 75 GB min storage will be required. Finally DNS records for LCM, vIDM, and optionally vRA if being installed, need to be created first.

In the below process I use Windows 10 as the client source I install from.   

To access the installer we need to right click the ISO file and select mount.  This will mount the ISO as a drive in Windows.  We can then navigate to \vrlcm-ui-installer\win32 (If you were on Linux or Mac this path would be different). Then select installer.exe to start the Installer UI.

Step 1. Select Install
Step 2. Introduction -- Click Next
Step 3. EULA -- Accept terms and CEIP then click Next
Step 4. Appliance Deployment Target -- Enter in vCenter details and click Next
Step 5. Certificate Validation — Accept any warnings and click Next
Step 6. Select a Location -- Select a Datacenter and click Next
Step 7. Select a Compute Resource -- Select a Cluster and click Next
Step 8. Select a Storage Location -- Select a Datastore and optionally Enable Thin Disk Mode and click Next
A warning will display if you click Next and there is insufficient disk space. You will need a minimum of 75 GB for a Thin Disk install
Step 9. Network Configuration -- Enter in global networking details for the install of all products. Optionally enter in NTP settings. Only static IP assignment is possible.
Step 10. Password Configuration -- Enter in a default root/admin password to be assigned to all products
Step 11. Lifecycle Manager Configuration -- Enter in LCM details and click Next
If a VM with the same name is found in vCenter when you click Next you will receive a warning
Step 12. Identity Manager Configuration -- Enter in the vIDM details. Optionally enable the Sync Group Member to the Directory
Do not use admin/sshuser/root when selecting a Default Configuration Admin account name.
Step 13. vRealize Automation Configuration -- Choose to install vRA 8. Standard Deployment will deploy one vRA 8 server. Cluster Deployment will deploy three. The License Key will not be validated at this stage so confirm it is correct.
Step 14. Summary -- Verify all installation parameters and click Submit
If there are any issues during installation the install will fail and you will have the option to download the logs to troubleshoot the issue. Make sure all your DNS settings are correct and the client you are installing from can validate those DNS settings.
A successful install will look similar to this

vExpert 2019 is here and it’s huge!

Posted by on March 14, 2019 1 comment

Well after a long wait it’s that time of year again when the first half of year announcements are made for vExperts. A big congratulations to all the new and returning vExperts this year, in particularly all my fellow Australian vExperts. And yeah why not, a congratulations to even those just across the pond over in New Zealand. It’s just another state of Australia right 😛

This is my fifth year as a vExpert and as of late last year my first as a vExpert Pro. It’s this new sub program that I’m most proud and honoured to be part of. But more on this program later.

This year we have 1739 vExperts being honoured from 74 countries. That’s approximately 250 more than the same time last year and on par with vExpert numbers after the second half intake of 2018.

The United States are most represented with 639, followed by United Kingdom at 157. My home country, Australia, ninth most represented with 45 this year. 18 of those countries are represented by only 1 vExpert.

The recently updated public vExpert directory can be found at https://vexpert.vmware.com/directory/ . It contains all of this years vExperts with their public profile.

Coming back to the vExpert Pro sub program. I first heard about this program being created from Valdecir Carvalho (@homelaber) at VMworld Vegas in 2018. I thought it was a really great idea when Val described it to me. I won’t go into too much detail on this sub program as there’s a number of blogs that cover it very well. Basically though, one of its goals is to create vExperts that can champion the vExpert program in specific countries and regions around the world. In English speaking countries that might be a little hard to understand but in countries that don’t speak English, which it might be surprising to know, covers most of the world. As a result of the language barrier it can be hard to recruit and communicate to vExperts in non English speaking countries. That’s where bilingual vExpert Pros can help translate any vExpert communication back into their native language to fellow vExperts and potential candidates.

Coming a little closer to home I had a few potential first time vExperts in Australia approach and ask to sit down with me and help them work through the vExpert application process. Something that I felt quite humbled to help out with. I also had a number of people ask if I could be used as a reference if further information was required of them. Again, something I was more than happy to help with. If I can take a little of my personal time to help someone join this great program it’s well worth it.

A little bit of insight into how the voting and approval process worked this year. With a huge amount of applicants now applying for vExpert you can understand what a mammoth job it is to go through and screen each person for vExpert recognition and award. This is where the vExpert Pros were able to help out in a voting process. We had the opportunity to go through and help the core VMware vExpert team curate and vote for vExpert approval. I can comfortable say we all took this process very serious. Of course we were just voting and providing feedback with ultimate say and oversight coming from people like
Valdecir Carvalho and Corey Romero in making final decision. I feel the process worked quite well and should lead to a higher level of standard for vExpert approval but also future applications.

In conclusion, with the increased scrutiny and review of applicants. Everyone that made vExpert for 2019 should be extremely proud of themselves. We’re part of a great community and we have a high standard to live up to. The days of providing vague and misleading information on your applications are going away.

Again, congratulations to all the 2019 vExperts! Well Done and keep up the good work.

VMware Cloud on AWS Management Exam 2019

Posted by on January 22, 2019 2 comments


It’s been a busy few weeks for me. Earlier on this month I wrote about sitting the VMware Cloud Provider Specialist Exam and continuing on from that I decided to pursue the VMware Cloud on AWS Management Exam.

As I previously discussed with the Cloud Provider exam it falls into a new collections of exams from VMware that are aimed at providing skills and achievements rather than certifications. Now if you’re a little confused let me clarify it a little more. Unlike the Cloud Provider which would require you to hold a VCP and provides you a badge denoting you as a Specialist. The VMware Cloud on AWS exam has no prerequisites and gives you a Skill VMware / Acclaim badge. All straight-forward right?!?! If you’re still confused, don’t worry about it for now, many people are.

Covering off some of the fundamentals of this exam. It’s a non-proctored web based exam. Meaning you can sit it whenever and where ever you like. You have 30 questions with 45 minutes which to complete it in. So while not many questions, you have only a minute and a half on average to answer each question.

Being honest, it’s a fairly basic exam comparative to other VMware exams available. You’re not going to be overly challenged over the 45 minutes. We do have to put this exam into context a little here though. As I mentioned above this exam is classed as a Skill. It’s not a certification so the question count and difficulty of those questions are kind of reflected here. I would rate this Skill exam a little below the level of a Specialist exam like that of the Cloud Provider I took recently.

If you look at what it’s trying to achieve as an exam it does hit the mark. Prior to studying and sitting this exam I really knew little about VMware Cloud on AWS. I had been to many sessions and presentations on VMC over the last year or so. In all the sessions I’ve seen they did a great job of explaining what it is but I still really didn’t know how to use it or all the little intricate things it was capable of. Having now studied and taken the exam, I have a much more thorough understand not just of the product but how it’s actually used and managed.

The types of questions you will see in the exam can be broken up into two basic categories. Simple high level questions of what VMware Cloud on AWS can do and what those services are. Then the slight more technical, but still relatively simple, questions on how to actually perform a task.

My study consisted of the VMware Cloud on AWS: Deploy and Manage three day course. It’s a paid course which you can do in the classroom or on-demand, the latter which I did. This was the bulk of my study which I crammed over three nights after work. The course covers 95% if not 100% of what is in the exam. I supplemented this with a very short demo of the VMware Cloud on AWS -- Getting Started Hands-on Lab and briefly looked at the VMware Cloud on AWS Sizer and TCO site and the VMware Cloud on AWS | FAQs.

Final Thoughts:
While far from being a deep technical exam. It does a decent job on testing your knowledge of the product and validating those skills. Certainly from my view point it encouraged me to actually spent some time studying VMware Cloud on AWS which I had been otherwise avoiding until now. Don’t expect to become a guru on the product afterwards but take the exam for what it is a learn something new if you haven’t delved into it until now.

VMware {code} Hackathon – VMworld Vegas 2018

Posted by on September 8, 2018 No comments

It was a tough decision.  Hit up the Cohesity party and watch Snoop Dogg perform or participate in the VMware Code Hackathon.  No, the decision was easy, I was always going to take part in the Hackathon.  I had regretted not taking part last year and I was super keen for this year’s hackathon, I wasn’t going to miss it.  I think it’s safe to assume I chose wisely.  With my team, Team vMafia, coming away with the winning project and an impromptu segment on Virtually Speaking!

Left to right: Anthony Spiteri, Matt Allllford, Mark Ukotic, and Tim Carman

This year’s Hackathon broke from the format from previous years.  Whereas in previous year you showed up, attempted to form a team and an idea, then execute all within a handful of hours.  This year the Hackathon chose to leverage HackerEarth and give participates three weeks to create a team and build out a hackathon idea.  Without a doubt this was the single biggest improvement to the format of this years event.  Leading to some great projects being built.

Rewind a month, In the week leading up the Hackathon I started thinking about an idea I could submit.  Struggling to think of something I started playing a bit of buzzword bingo.  PowerShell and PowerCLI were big passions of mine.  Docker was an area I wanted to explore more into and I had wanted to learn more about what the vSphere SDK could do.  At that point an idea just naturally presented itself.  Could you run a PowerShell console with PowerCLI modules inside the new HTML5 vSphere Client?

At this point I didn’t know I had a good idea, let alone just an idea.  I ran it past some friends within a local Aussie Slack group I’m part of.  It went down extremely well but I still had my doubts.  So I did what anyone would do and went to ‘other’ friends who also thought it was a great idea.  So OK I thought, I have an idea.

Having recently quit my job I was able to focus 100% of my attention to the project.  Great for me and the Hackathon, I guess bad for everyone else with jobs 😛  I formed a team and without any persuasion a number of the Aussie Slack team jumped on-board including Anthony Spiteri, Matt Alffford, and Tim Carman.  We were going to need a lot of help so I reached out to a few friends for assistance.

First up was my ex-manager John Imison for some assistance around Docker.  Installing Docker and running a container is one thing.  But building a container image was something new.  John provided some great advice and ideas around building the docker image.  Actually far too many for a Proof of Concept hackathon idea that I could implement in a practical timeframe.  If this project continues to develop past hackathon expect to see some more of his ideas integrated in.

Next I hit up my Developer brother-in-law Simon Mackinnon.  After spending a couple days crying in front of my computer attempting to build and configure my vSphere SDK environment.  I went to Simon for help in decipher the vSphere Plugins.  Simon helped put us on the right track with finding the easiest solution to embed a console into the vSphere Client.

After a solid week of learning Docker and the vSphere SDK it was time to actually build something and put it all together.  Believe it or not this was actually the easiest part of the whole project.  Once I knew how to build a Docker image it was just a matter of customising it for my purpose.  The same went for the vSphere Plugin.  Take a sample plugin and modify it for purpose.

The night of the Hackathon at VMworld was fairly cruisey for Team vMafia 2.0.  Our project was built.  We performed some final testing to prove it all worked.  We gave some of the judges a walk-through of what we built.  I should point out that the night was extremely well run.  Previous years had some controversy around the event.  None of that existed this year.  Two rounds of hot food was served with lots of drinks and candy lollies to be had.  With WiFi and Internet stable and strong.  The event was pushed back from an original start time of 6:30 to 7:30.  This was due to some of the judges holding training sessions / presentations on some of the hackathon themes.  At 10 PM all the teams were given two minutes to present their ideas and projects in front of a projector.  A completed project was not a requirement to present.  The judges had a number of criteria they were working off for judging, such as how well you kept to your 2 minutes and how well you conveyed your idea.

Team vMafia were one of the last to present.  I was certainly not confident as there was some great ideas before us.  I spoke for our team.  I’m not sure how long I presented for but it was definitely less than the 2 minutes.  During the entire presentation i had Anthony Spiteri whispering in my hear, ‘hurry up, don’t waste time, go go go’.  Distracting, yes, but he did keep me on point.  The judges then left the room to vote.  They came back pretty quickly with it being a unanimous decision that Team vMafia had the winning idea of an integrated PowerShell console inside the H5 vSphere Client.  It was not until they called our name that I thought, ‘Hey, maybe we do have a good idea’.

Screen of vSphere PowerCLI being used within the vSphere Client

The night didn’t quite end there for Team vMafia.  After the event we passed by Eye Candy in Mandalay Bay where we ran into the Virtually Speaking guys, Pete Flecha and Glenn Sizemore.  While Anthony denies it , I think this was his master plan for us to bump into them.  We had some great conversations with the guys and they were super excited for our Hackathon project and win that they invited us onto the podcast the following day.

The episode of Virtually Speaking with Team vMafia can be found here.   While I find it hard to listen to myself I’m assured that the segment was really good and funny.  Our segment also managed to make the cut in the same episode as Micheal Dell and Pat Gelsinger which I have to say is pretty cool.  I huge thank you to Pete and Glenn for allow us to come into the show!

Finally I can’t end without linking to the actually project.  During the development I used my own private repos but have now moved it over to my GitHub page.  The project has the very original name of vSphere PowerCLI.  As far a disclaimers go the project is free to download and use at will.  I’m not really holding any restriction on it.  It was always just a Proof of Concept idea I had.  The instructions are hopefully fairly easy to follow.  Most people have been taking a snapshot of their VCSA and using the option to run Docker on their VCSA.  If the support is there I’ll be considering developing the project past hackathon idea.

Thanks for everyone’s support and kind words and let me know if you’d like to see the project developed further.

 

Run, Don’t Walk. VMworld 2018

Posted by on September 3, 2018 No comments

I think the worst part of VMworld has to be the end of VMworld.  There’s nothing like the reality check of a 14 hour flight back home to Melbourne.  As I sit here looking out the window at a cold and dreary Melbourne winter’s day it’s a great opportunity to reflect on another great VMworld.

As with last year I turned VMworld into another working holiday.  If I’m going to sit on a plane for 14 hours I’m sure as hell going to experience as much of the US as I can.  Last year involved a road trip post VMworld driving from Chicago to Toronto lugging all my VMworld swag around with me (very inconvenient let me say).  This year I moved the holiday portion of my trip to the start and drove from New Orleans through Louisiana and around Texas, hitting the major cities along the way to Dallas before flying into Vegas for VMworld.  I absolutely love the States and will take any opportunity to experience new parts of the country.

Love or hate Las Vegas, it’s an amazing place to hold VMworld.  I jokingly titled this post ‘Run, Don’t Walk’.  You see there’s just so much to experience at VMworld you won’t be able to absorb it all in over the 4 to 5 days of the event.  Whether you’re running between sessions.  Visiting vendor booths.  Or hunting down friends.  You’ll inevitably find there’s not enough time.  We love to try to categorise the different types of people who attend VMworld and how they spend their time but I don’t think that’s fair.  Every single person has a different objective.  Ultimately for me, from my point of view, just have fun.  Enjoy the event!  Try to walk away from the event happy and in a positive state of mind.  If you can do that everything else will just fall into place.

For me there was a lot of high points of the event.  The vExpert party at the Pinball Museum.  The Veeam party at Omnia Nightclub.  The VMUG Leader Lunch Q and A with Pat Gelsinger and Ray O’Farrell.  The list kind of goes on…  but the biggest highlight has to be the VMware Code Hackathon.

I entered team vMafia into the Hackathon supported by a number of fellow aussies, Tim Carman, Anthony Spiteri, and Matt Allford.  I have another blog post coming specifically on this event.  But to summarise, the Hackathon ran in lead up to the night’s event over a 3 week period.  The idea I had was to create a PowerShell / PowerCLI console built into the new HTML5 vSphere Client.  To my absolute surprise… we won!  Stay on the lookout for my next post on the Hackathon.

It doesn’t end there.  All the people that you run into and friends you make you will lose track of.  The amount of random Texans I met at VMworld after my road trip through Texas was crazy.  Those guys and gals are everywhere.  An awesome bunch of people from an awesome place.  Not to mention the huge Aussie contingent I met throughout the event.

I finally can’t end without thanking all the vendors who specifically went out of their way to support the vExpert program with some special swag, Cohesity, Datrium, Western Digital, and Uila.  Not to mention Mr vExpert himself Corey Romero.

Thanks VMware for another awesome VMworld!

Getting Started With Ansible And VMware

Posted by on July 1, 2018 2 comments

For a little while now I’ve been playing around with Ansible and exploring its VMware modules.  While using Ansible with the VMware modules is not overly complex.  I quickly realised there were very little examples out on the web for the VMware administrator.   So I thought I would put together a very simple crash course on getting starting with Ansible and VMware.

The intention here is not to explain how Ansible works.  There’s a lot of information out on the web around that, plus I’m still learn too.  Instead I just wanted to put together something relatively simple.  Show how to quick and dirty get Ansible installed on a Linux box with the required VMware SDK.  Then create an Ansible playbook to build a basic environment in vCenter.  This will involve a new Datacenter, a Cluster, and a Resource Pool.

So let’s get started.

Installing Ansible

Firstly let’s install Ansible.  Ubuntu and CentOS are common distros so I cover them both below.  With Ubuntu I also add the Ansible repository.  While I don’t believe it’s really required it seems to be what most people do.

Ubuntu

sudo apt-add-repository ppa:ansible/ansible

sudo apt-get install ansible

CentOS

sudo yum install ansible

Once installed we can run a simple verification check to see if the install was successful.

ansible -m ping localhost

localhost | SUCCESS => {
"changed": false,
"failed": false,
"ping": "pong"
}

Installing pyVmomi

Now we install pyVmomi.  This is VMware’s Python SDK for managing vCenter and ESXi and is required to use the VMware modules that come with Ansible.

sudo pip install pyvmomi

And that’s all that we really need to install to build our first playbook and run it against vCenter.  To run our playbook we’re going to need to create a few folders and files.  The structure will look something similar to below.

├── ansible-vmware
│   ├── group_vars
│   │   └── all.yml
│   └── vmware_create_infra.yml

Let’s create a folder called ansible-vmware and a varibles folder called group_vars below that

mkdir ansible-vmware
mkdir ansible-vmware/group_vars

Now even though this is a crash course to running our first VMware playbook I want to at least do things half right and not have any plaintext passwords.  So before I go too far into creating the yaml files I want to create an encrypted string of our vCenter’s administrator SSO password.  I do that with the following line.

ansible-vault encrypt_string {admin_sso_password} --ask-vault-pass

You’ll be asked for an Ansible vault password and then receive back an encrypted string.  The vault password will be used when we run our play (don’t forget it).  Copy and paste the output and put it aside for a minute.  We’re going to pasta it in our group_vars file that we’re about to now create.

Let’s now create that variables file inside the group_vars folder and call it all.yml

touch ansible-vmware/group_vars/all.yml

Using vi or nano or whatever you prefer to edit the file.  Let’s edit the all.yml file and add in all the variables we will use in our playbook.  Again, crash course, so don’t worry too much about what each one does right this minute.  Just know that we have to reference these values multiple times in our playbook and having a variables yaml file really helps with that.

For the vcenter_password variable use the encrypted string we created in the step above and paste it in so it looks similar to below.  Obviously feel free to change any of the values, datacenter, cluster, etc.

---
datacenter: ansible_dc1
cluster: ansible_cluster1
resource_pool: ansible_resource1
datastore: datastore01
vcenter_ip: 192.168.0.100
vcenter_username: administrator
vcenter_password: !vault |
          $ANSIBLE_VAULT;1.1;AES256
          24242245545455516332373965613662616531653266326362643533613932356530663263326663
          65363339653337333478977865425424245245824524824858666463373838323330666633363763
          65323436643563333334527873245674247868727672789689787867867878643130616261336262
          3462323161633933320a653030333478567825725727855427887878787886666624313862663462
          8775

Now we create our main playbook.  This is going to contain all our plays and reference all our variables we just created in global_vars/all.yml

touch ansible-vmware/vmware_create_infra.yml

Like we did with the variables file lets edit this file. Again, vi, nano, whatever.  Copy and past the information below.  Things to note.  Yaml files don’t like tabs.  So spaces only and position is very important.

- hosts: localhost
  connection: local
  tasks:
    - name: include vars
      include_vars:
        dir: group_vars

    - name: Create Datacenter in vCenter
      local_action:
        module: vmware_datacenter
        datacenter_name: "{{ datacenter }}"
        hostname: "{{ vcenter_ip}}"
        username: "{{ vcenter_username}}"
        password: "{{ vcenter_password}}"
        validate_certs: False
        state: present

    - name: Create Cluster in datacenter
      local_action:
        module: vmware_cluster
        hostname: "{{ vcenter_ip}}"
        username: "{{ vcenter_username}}"
        password: "{{ vcenter_password}}"
        validate_certs: False
        state: present
        datacenter_name: "{{ datacenter }}"
        cluster_name: "{{ cluster }}"
        enable_ha: yes
        enable_drs: yes

    - name: Create Resource pool in cluster
      vmware_resource_pool:
        hostname: "{{ vcenter_ip }}"
        username: "{{ vcenter_username}}"
        password: "{{ vcenter_password}}"
        validate_certs: False
        state: present
        datacenter: "{{ datacenter }}"
        cluster: "{{ cluster }}"
        resource_pool: "{{ resource_pool }}"

Assuming you created the files correctly and have the right password we are ready to run our first Ansible playbook against vCenter.

ansible-playbook ansible-vmware/vmware_create_infra.yml --ask-vault-pass

This should produce something similar to below

PLAY [localhost] ***************************************************************************************************************************

TASK [Gathering Facts] *********************************************************************************************************************
ok: [localhost]

TASK [include vars] ************************************************************************************************************************
ok: [localhost]

TASK [Create Datacenter in vCenter] ********************************************************************************************************
changed: [localhost -> localhost]

TASK [Create Cluster in datacenter] ********************************************************************************************************
changed: [localhost -> localhost]

TASK [Create Resource pool in cluster] *****************************************************************************************************
changed: [localhost]

PLAY RECAP *********************************************************************************************************************************
localhost : ok=5 changed=3 unreachable=0 failed=0

The resulting output in the vSphere Client should look similar to below.

The cool part is we can run the same command again and again and nothing will change as long as our environment is consistent with our defined yaml files.  They in essence become our working as-built doco.

So the goal from what we’ve just done above was not to actually build an environment but rather to show you how quick and simple we can get Ansible up and running and configuring a vSphere environment.  I’ve avoided a lot of the technical stuff so instead you can think about how this might help you in your environment.

In future posts I might go into more details on specific modules and how to use them but for now I think I might just focus on what’s possible with Ansible and VMware.

References

Ansible VMware Getting Started

pyVmomi GitHub Page

 

vForum Australia 2017 Recap

Posted by on November 6, 2017 No comments

Another year and another vForum has come and gone.  This has really become a stand out event for me on the local calendar.  For the Australia region this is the closest we can get to VMworld without actually going to VMworld.  This year vForum had returned back to the Sydney Convention Centre which has recently been rebuilt.  Unlike previous years the event had moved from a two day event to one.

My frame of reference for vForum is fairly small as this was only my second vForum Australia (Actually there was a vForum Roadshow in Melbourne a few years back too).  Without a doubt the biggest improvement made was the location.  Bring vForum to the centre of Sydney on Darling Harbour was a big win.  Hotels are plentiful and the views are amazing.

I arrived in Sydney from Melbourne the day before vForum.  My manager from Brisbane was down in Sydney on unrelated work so this was a good opportunity to catch up in person for a few drinks on George St (I can’t believe construction on the light rail is still happening on George St which I also recall from last years vForum).

While I had every intention on going, unfortunately I didn’t make VMDownUnderground this year, an event organised and run by the Sydney VMUG crew the night before vForum.  Last year’s VMDownUnderground was a  great event but I had used the opportunity to have dinner with fellow work colleagues on Darling Harbour.  Being Melbourne based and having most of my team in Sydney I don’t get this opportunity often.

This year I was not only representing myself and my organisation but also VMUG as the Melbourne Leader.  With the help of VMUG HQ and the vForum event planners the local VMUG Australia chapters pooled our time and resources to run a booth.  There were ~40 vendors on the showroom floor this year.  VMware and the event planners did a great job with vendor layout with all locations being great.  We, VMUG, were lucky enough to secure a prime location across from VMware in the centre of the showroom right next to the VMware charity water challenge.

While my day started off at 7 AM helping to setup and prepare the VMUG booth.  The official start of vForum Australia was the keynote at 9 AM with VMware COO Sanjay Poonen opening.  The attendance for the keynote was huge.  The entire keynote hall was almost completely full, a real great buzz to it.  The keynote sessions ran till just after 11 AM.  At which point a large proportion of attendees to the keynote left the event (or possibly went to the side events).  Though that didn’t deter from the atmosphere during the remainder of vForum.

Foot traffic around and to the VMUG booth was nothing short of amazing this year.  Having a Claw Machine full of plush toys at our booth I’m sure didn’t hurt either.  This was a huge success in drawing attendees to our booth.  Not only attendees but vendors and VMware staff were lining up for a game.  One of our original goals, as VMUG Australia, was to promote the upcoming Sydney and Melbourne UserCons but we quickly switched to brand awareness for VMUG.  I was amazed to find out so many people still hadn’t heard of VMUG!

vForum Australia ended with the after party at Hard Rock Cafe right next to the convention centre.  A great opportunity to wind down with friends and finally grab some food and drinks.  Compared to last year’s vForum party with Rouge Traders playing (whom I’m a big fan of).  Hard Rock was a slightly more subdue affair.  It did lead to a more intimate setting where you could have more meaningful conversations with people, so in that regards a success.

I still had a little bit left in me after Hard Rock.  So before calling it a night I headed back to my hotel to drop off my swag and have a shower before heading out for a few drinks and cocktails with some vForum friends at Palmer and Co.  A small underground bar set in a 1920s speakeasy style.

While I would have like to see vForum as a two day event, particularly with the addition of Transform Security and Empower Digital Workspace events running at the same time.  Whatever the format VMware and vForum always put on a great event for attendees.  I’m already looking forward to next year with catching up and meeting new people in the community.