tag:blogger.com,1999:blog-43110673854240682402024-03-28T00:54:29.771+01:00Lorenzo Moglie - NotesLorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.comBlogger132125tag:blogger.com,1999:blog-4311067385424068240.post-46871310461921302722024-02-23T16:27:00.001+01:002024-02-23T16:27:23.875+01:00NSX UI does not load information<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
NSX UI does not load for one manager node holding the VIP
<br />
NSX Version 4.1.2.1.0.22667794
<br />
<br />
Error message:
<br />
<b>Feb 8, 2024, 3:22:39 PM : Error: Failed to fetch System details. Please contact the administrator. Error: 400 : "{<EOL> "details" : "SEARCH_FRAMEWORK_INITIALIZATION_FAILED, params: [manager]",<EOL> "httpStatus" : "BAD_REQUEST",<EO> "error_code" : 60525,<EOL> "module_name" :
"nsx-search",<EOL> "error_message" : "Search framework initialization failed, please restart the service via 'restart service manager'."<EOL>}" (Error code: 513002)
</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4J3kG5WQgqS4DwbzCIWreec16cCwBTzqGTOSl1S8kB_-l2s1i6ybIpid_drLW-o6u12Xf015bnqpqLg9VE9cXwwwAlM2JUDcHa5Bnkc59TStmArBmo-GQvYs3usIRXRwoEWicLW42COrW53cnkXzClEHqCs4BR4w458YNZMsNQ9dXOD3odrdrUdksY4E/s1524/Service1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="616" data-original-width="1524" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh4J3kG5WQgqS4DwbzCIWreec16cCwBTzqGTOSl1S8kB_-l2s1i6ybIpid_drLW-o6u12Xf015bnqpqLg9VE9cXwwwAlM2JUDcHa5Bnkc59TStmArBmo-GQvYs3usIRXRwoEWicLW42COrW53cnkXzClEHqCs4BR4w458YNZMsNQ9dXOD3odrdrUdksY4E/s400/Service1.png"/></a></div>
<br />
<p />
<p>
<b><H2>Solution</H2></b>
<br />
In my case the solution was quite simple. I restarted the service manager on the NSX Manager appliance indicated by the VIP, as per the image below...
<br />
<br />
> <b>restart service manager</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0DaQyG4FvNHVnJOrirJKCafz6j07o9jY2fIMUs1rHwvAh9kHzQepvWJ4Zk5x64r_vfo7M84KT45pT9pDggS_It_BYzX4bJoEVEiDDVNYeSMAtdDGRy8Gy1WlzU1IW3swet17FHg475L2KaXxt-_ZGiWNAZ4g42AThRhYdnoEw0zxc9nGd2RRYtKZ__UQ/s925/Service2a.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="99" data-original-width="925" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0DaQyG4FvNHVnJOrirJKCafz6j07o9jY2fIMUs1rHwvAh9kHzQepvWJ4Zk5x64r_vfo7M84KT45pT9pDggS_It_BYzX4bJoEVEiDDVNYeSMAtdDGRy8Gy1WlzU1IW3swet17FHg475L2KaXxt-_ZGiWNAZ4g42AThRhYdnoEw0zxc9nGd2RRYtKZ__UQ/s400/Service2a.png"/></a></div>
... and it worked
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1EhYhsjsyb9iRvg_4Bjkgc9_efsivxLOAs3SrTAxZaqYei1kmHWKR5jhzd2R4rOzEaIUY0LVK0jOFIIMVcfpCYC0Mru5mbY6En98AeEIYqQGgT1bjawlmwbNLVyv0oq80Mg65BnN9wW92Uj_iuwlLW-MUKP87AELgtSaeaPPYUL6kHsEnz6sSozK7hOM/s1522/Service3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="612" data-original-width="1522" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh1EhYhsjsyb9iRvg_4Bjkgc9_efsivxLOAs3SrTAxZaqYei1kmHWKR5jhzd2R4rOzEaIUY0LVK0jOFIIMVcfpCYC0Mru5mbY6En98AeEIYqQGgT1bjawlmwbNLVyv0oq80Mg65BnN9wW92Uj_iuwlLW-MUKP87AELgtSaeaPPYUL6kHsEnz6sSozK7hOM/s400/Service3.png"/></a></div>
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-19725063891361336012024-02-09T11:01:00.000+01:002024-02-09T11:01:14.599+01:00Adding a Static Route to macOS<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
A quick post just to remind myself how to add a static route to macOS when I need it.
<br />
<br />
<p />
<p>
<b><H2>Solution</H2></b>
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">sudo route -n add -net X.X.X.X/Z Y.Y.Y.Y</pre>
Symbol legend:<br />
<b>X.X.X.X</b> is the network that we want reach out<br />
<b>Z</b> is the subnet mask in CIDR notation<br />
255.0.0.0 = 8<br />
255.255.0.0 = 16<br />
255.255.255.0 = 24<br />
<b>Y.Y.Y.Y</b> it is the IP address where we find the subnet we want to reach<br />
<br /><br />
<b>Examples</b><br />
If we want to reach the subnet 172.16.11.0/24 and we know that is behind the IP 192.168.1.45 (that is not your default gateway); we have to add the route as follows:
<br /><br />
sudo route -n add -net 172.16.11.0/24 192.168.1.45<br />
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-44350347168069521342023-09-07T10:08:00.004+02:002023-09-07T10:08:46.079+02:00[NAPP] Helm pull chart operation failed.<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
Yesterday I was trying to deploy the <a href="https://docs.vmware.com/en/VMware-NSX/4.1/nsx-application-platform/GUID-658D30E1-64B3-40B8-8FD4-ED2AE2A6FF7A.html" target="_blank">NSX Application Platform</a> (NAPP) in automated way. Below my environment: <br />
<br />
<b>• NSX-T version 3.2.3.0.0.21703624 <br />
• NAPP version 4.0.1-0.0-20606727 <br /></b>
<br />
when I received the following error message: <br />
<br />
<b>status Code is 400, body: {"httpStatus" : "BAD REQUEST", "error_code" : 46013, "module_name" : "NAPP", "error_message" : "Helm pull chart operation failed. Error: failed to fetch https://projects.registry.vmware.com/chartrepo/nsx_application_platform/charts/nsxi-platform-standard-4.0.1-0.0-20606727.tgz : 404 Not Found\\n"}</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0sYRpLm5VMGDERe4U5XU0rJ_B_iOLPuLNMJPtbrzN-1xft4EVEhA_giD3VFEslKSVoKZpI-i8s35Dei8QIUR8Mv1NvYBmS2o4974q8v-fiYpRqEGuvsl5bMr9LpWNhvVBhwhN0YPp72L3iyD9eTY23gFCEYy__n-unOQ32Bzul3YG0AII-sXRxeiZCzA/s2552/ErrorCode46013-1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="784" data-original-width="2552" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0sYRpLm5VMGDERe4U5XU0rJ_B_iOLPuLNMJPtbrzN-1xft4EVEhA_giD3VFEslKSVoKZpI-i8s35Dei8QIUR8Mv1NvYBmS2o4974q8v-fiYpRqEGuvsl5bMr9LpWNhvVBhwhN0YPp72L3iyD9eTY23gFCEYy__n-unOQ32Bzul3YG0AII-sXRxeiZCzA/s400/ErrorCode46013-1.png"/></a></div>
<br />
Then I tried to deploy it manually, but I received the following error message (very similar to the previous one):
<br />
<br />
<b>Error: Helm pull chart operation failed. Error: failed to fetch provenance https://projects.registry.vmware.com/chartrepo/nsx_application_platform/charts/nsxi-platform-standard-4.0.1-0.0-20606727.tgz.prov\n (Error code: 46013)</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidDg7LQ7bEf8IDnexARXaMALiBk-zdQnarX3ZzuUF0YG6lkqz8rJUSy5iHVcuFZN5du4H2vnthIyWdaMjLVQzYoZHCAgcrEK5QQKMzIBFoD7pYkAzsTmbFECqAxy-SwOIOORDEe-QZCA-O4y_yvb1BbQIgcUM9C_MOk8YXudWgy5p7pJRNaePRILWGr68/s1864/ErrorCode46013-2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="527" data-original-width="1864" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidDg7LQ7bEf8IDnexARXaMALiBk-zdQnarX3ZzuUF0YG6lkqz8rJUSy5iHVcuFZN5du4H2vnthIyWdaMjLVQzYoZHCAgcrEK5QQKMzIBFoD7pYkAzsTmbFECqAxy-SwOIOORDEe-QZCA-O4y_yvb1BbQIgcUM9C_MOk8YXudWgy5p7pJRNaePRILWGr68/s400/ErrorCode46013-2.png"/></a></div>
<br />
<br />
Before to see the solution a brief introduction to what NAPP is.
<br />
<br />
The NSX Application Platform is a modern microservices platform that hosts the following NSX features that collect, ingest, and correlate network traffic data in your NSX environment.
<br />
<ul>
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<li>
VMware NSX® Intelligence™
<br />
</li>
<li>
VMware NSX® Network Detection and Response™
<br />
</li>
<li>
VMware NSX® Malware Prevention
<br />
</li>
<li>
VMware NSX® Metrics
<br />
</li>
</span>
</ul>
<br />
NAPP is a microservices application platform based on Kubernets and can be installed in two ways:
<br />
<ul>
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<li>
manually
<br />
</li>
<li>
automated
<br />
</li>
</span>
</ul>
<br />
By choosing an automated NAPP installation, the customer does not need to be concerned with the installation and maintenance of the individual NAPP platform components including TKGs (Kubernetes).
<br />
Further information on how to "Getting Started with NSX Application Platform (NAPP)" can be found <a href="https://blogs.vmware.com/security/2022/11/getting-started-with-nsx-application-platform-napp.html" target="_blank">here</a>.
<br />
<br />
<p />
<p>
<b><H2>Solution</H2></b>
<br />
Asking at the VMware GSS for help they told me the following:
<br />
<br />
"Due to an upgrade of the VMware Public Harbor registry to version 2.8.x ChartMuseum support has been deprecated and removed. And OCI is now the only supported access method. This unfortunately impacts NAPP deployment using NSX version 3.2.x which relies on ChartMuseum.
<br />
<br />
<b>Option - 1</b> - Upgrade the environment to 3.2.3.1 and proceed with OCI URLs. Alternatively, any NSX 4.x release will also work.
<br />
<br />
<b>Option - 2</b> - Wait for patches.
<br />
<br />
Once the environment is upgraded use the following URLs
<br />
<br />
Helm Repository - oci://projects.registry.vmware.com/nsx_application_platform/helm-charts
<br />
Docker Registry - projects.registry.vmware.com/nsx_application_platform/clustering"
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-18328526010459199592023-08-14T13:53:00.000+02:002023-08-14T13:53:16.654+02:00[NAPP] Deployment get stuck on "Create Guest Custer "<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
Deployment of NAPP get stucked on "Create Guest Cluster - Waiting for Guest cluster napp-cluster-01 to be available for login ..."
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjo2InCuONDhn6s-KJFgvIkhb2JgNIkht4ZoPlzzv16uzk6AOQjtMklel5w1VFI7RF4sUzXTrTNixDk-43u_9fO6WJNPtXqzoQ9Pfqph34sBXQnLSLX4Jhqa9FF-YhHQxRfNvIaPZBlPHdo4Q9kqumQDTHkL6HCUybgADVns58n_NunB849eLqmxceimhM/s2056/napp1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1094" data-original-width="2056" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjo2InCuONDhn6s-KJFgvIkhb2JgNIkht4ZoPlzzv16uzk6AOQjtMklel5w1VFI7RF4sUzXTrTNixDk-43u_9fO6WJNPtXqzoQ9Pfqph34sBXQnLSLX4Jhqa9FF-YhHQxRfNvIaPZBlPHdo4Q9kqumQDTHkL6HCUybgADVns58n_NunB849eLqmxceimhM/s400/napp1.png"/></a></div>
Looking at the vCenter, we can see that the SupervisorControlPlaneVM(s) has been created correctly, as well as the namespace and napp-cluster-01-control-plane VM.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKWLBagoo3nLQLsnv8mo2DYJxuvFMGTiad1k0y33ecCCBr5aDN53c2O0YA7aUy6aBQaeytA7BVQx4ctwyAtZmPPvYPimCCDK7Yy_H3Gvz2c9SNQ4xf7BL5nYaZYstKOjYw5I4LIPjMs11UNAQr5iYP02JGGhcM4XQN4V-A_nPI35336D1R6oqe6j4SVYQ/s2088/napp2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="702" data-original-width="2088" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKWLBagoo3nLQLsnv8mo2DYJxuvFMGTiad1k0y33ecCCBr5aDN53c2O0YA7aUy6aBQaeytA7BVQx4ctwyAtZmPPvYPimCCDK7Yy_H3Gvz2c9SNQ4xf7BL5nYaZYstKOjYw5I4LIPjMs11UNAQr5iYP02JGGhcM4XQN4V-A_nPI35336D1R6oqe6j4SVYQ/s400/napp2.png"/></a></div>
What we don't see here are the workers VM.
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
To investigate and troubleshoot the the issue we connect via ssh on the SupervisorControlPlaneVM. I will explain in another post how to get the credentials to access the SV CP.
<br />
<br />
Describing the NAPP TKC ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># kubectl describe tkc napp-cluster-01 -n nsx-01</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhN6qY62zmc3fhhqNBN7YmBjaCQsuwzQ9da1bdy3ukVFpdEYeOhxpHg0KtpCvKTH_wAhAxDPR-W44Qi99hIVUVsA_YQgKbJq9BRZYbw8NQwBKJYrdsqOW4ulCmGdlesM6xyXo6MOtXf8a3Z_tVJvpQS7NrBMkWBIwJbebHqB3ZcmISSO_sFxdDZV6F6o28/s1714/napp3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="554" data-original-width="1714" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhN6qY62zmc3fhhqNBN7YmBjaCQsuwzQ9da1bdy3ukVFpdEYeOhxpHg0KtpCvKTH_wAhAxDPR-W44Qi99hIVUVsA_YQgKbJq9BRZYbw8NQwBKJYrdsqOW4ulCmGdlesM6xyXo6MOtXf8a3Z_tVJvpQS7NrBMkWBIwJbebHqB3ZcmISSO_sFxdDZV6F6o28/s400/napp3.png"/></a></div>
we found 2 errors:
<br />
<br />
Message: 2 errors occurred: <br />
* failed to configure DNS for /, Kind= nsx-01/napp-cluster-01: unable to reconcile kubeadm ConfigMap's CoreDNS info: unable to retrieve kubeadm Configmap from the guest cluster: configmaps "kubeadm-config" not found <br />
* failed to configure kube-proxy for /, Kind= nsx-01/napp-cluster-01: unable to retrieve kube-proxy daemonset from the guest cluster: daemonsets.apps "kube-proxy" not found <br />
<br />
<br />
Looking the deployment state of the workers node..
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># kubectl get wcpmachine,machine,kcp,vm -n nsx-01</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxxTgK3c5zjq_bbuk8KIutHLhQ12uH2p0rrnFRHkeFX1aGtX97G17n75Mtw4TTYPMG2BzVltPwLl3iMHNoX5dJ1OIsgjMNSvqCHSK38sz93t_B1zXRJs-mUOqXvDJcwwmTQVKJxz9DfEc4qxbddfQJqKxzJWHGjhcRlLZyLWLO3TBbnEFBOSQiZ41R22Y/s2014/napp5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="756" data-original-width="2014" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhxxTgK3c5zjq_bbuk8KIutHLhQ12uH2p0rrnFRHkeFX1aGtX97G17n75Mtw4TTYPMG2BzVltPwLl3iMHNoX5dJ1OIsgjMNSvqCHSK38sz93t_B1zXRJs-mUOqXvDJcwwmTQVKJxz9DfEc4qxbddfQJqKxzJWHGjhcRlLZyLWLO3TBbnEFBOSQiZ41R22Y/s400/napp5.png"/></a></div>
<br />
.. we saw that the workers node were still in Pending state. We describe the worker node ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># kubectl describe wepmachine.infrastructure.cluster.vmware.com/napp-cluster-01-workers-qlpm6-7h2qr -n nsx-01</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL6Pwjv4C6sZYwcDJM8_NMTTaucUSA3AcwYSlt3DUnpQntRBCDoVC8b4mqUF41E1YK2HJgDyHGIZgP-INORXdwio4FHv04G0OCLFzOiinhJQZZkGGi4K_uow0M76KLFgdji7d6esxj66KmT28WM8nHWiK7RLm_5aCIyk5uvCwW2r9QZHruiKJDRbAOA4Y/s1698/napp6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="68" data-original-width="1698" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgL6Pwjv4C6sZYwcDJM8_NMTTaucUSA3AcwYSlt3DUnpQntRBCDoVC8b4mqUF41E1YK2HJgDyHGIZgP-INORXdwio4FHv04G0OCLFzOiinhJQZZkGGi4K_uow0M76KLFgdji7d6esxj66KmT28WM8nHWiK7RLm_5aCIyk5uvCwW2r9QZHruiKJDRbAOA4Y/s400/napp6.png"/></a></div>
We also debugged Kubernetes with <b>crictl</b> command looking inside the logs
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6gB8swRWfy89KARtupt07rqqWn3PVFmVwebRHTBBsmmtHe_-4-35oPpy_YxACnqbadFa91FEzJ4NvgKMIkgO9QvsfvpA_1wc-mK6TGmj85FmFpc1-ZFFtTWPSKY0hZetCWJswHpo-Ne15XIsQqcdECKGiHCiofRmenGFoFcUb_w9htXWIHUZ7ifJwBHM/s1700/napp4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="144" data-original-width="1700" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6gB8swRWfy89KARtupt07rqqWn3PVFmVwebRHTBBsmmtHe_-4-35oPpy_YxACnqbadFa91FEzJ4NvgKMIkgO9QvsfvpA_1wc-mK6TGmj85FmFpc1-ZFFtTWPSKY0hZetCWJswHpo-Ne15XIsQqcdECKGiHCiofRmenGFoFcUb_w9htXWIHUZ7ifJwBHM/s400/napp4.png"/></a></div>
... and so on.
<br />
<br />
Tried to Ping from Supervisor cluster to the TKC VIP:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># kubectl get svc -A | grep -i napp-cluster-01
nsx-01 napp-cluster-01-control-plane-service LoadBalancer 10.96.1.25 192.168.100.25 6443:32296</pre>
At the end, we discovered that we were unable to :
<ul>
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<li>
ping from SupervisorControlPlane to Tanzu Kubernetes Cluster VIP
<br />
</li>
<li>
ping from TKC CP to Supervisor CP
<br />
</li>
</span>
</ul>
Allowed connection on the firewall from SV CP to TKC VIP & from TKC CP to Supervisor CP, we never saw the error any more, but the state was still in pending.
<br />
<br />
So, we removed the namespace and re-deployed, now control-plane and workers node are UP and running ad we can contiune with NAPP installation.
<br />
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-12532309903733856692023-08-09T13:01:00.003+02:002023-08-09T13:03:10.021+02:00[NSX-T] Stale logical-port(s) still connected in NSX-T 3.x<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
I was cleaning up a customer's NSX-T configuration to bring some changes, when I saw a lot of logical-ports still connected, more than hundred even if VM was no more present on vCenter.
<br />
<div class="separator" style="clear: both;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIfVY_0w4nWG_MZWjmpqZSsp6Pnn8LPYWKY1qu6trTB_uHmcq0dSvR7zRCtcjzsDsEj2WjHPO35JKe4-AE-oWBP8aNK1dyL_4mXbJ5Y5E3KZ4trgD4qIX2TiNVydQph60yK7kBEcE9kGp1I7dD6a_Sqh-U-XyGrOJ8vguEZFKDs5p4JiTtJaA3R9btyjw/s2452/ls1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1008" data-original-width="2452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIfVY_0w4nWG_MZWjmpqZSsp6Pnn8LPYWKY1qu6trTB_uHmcq0dSvR7zRCtcjzsDsEj2WjHPO35JKe4-AE-oWBP8aNK1dyL_4mXbJ5Y5E3KZ4trgD4qIX2TiNVydQph60yK7kBEcE9kGp1I7dD6a_Sqh-U-XyGrOJ8vguEZFKDs5p4JiTtJaA3R9btyjw/s400/ls1.png"/>
</a></div>
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
I immediately thought of creating a script with rest APIs calls to remove the logical ports from NSX-T Manager.
It is possible to find all the NSX-T API calls <a href="https://developer.vmware.com/apis/1083/nsx-t" target="_blank">here</a>.
<br />
<br />
For rest APIs calls within the bash script I will be using cURL with the suggestions provided <a href="http://lmoglie.blogspot.com/2023/06/quick-tip-for-curl-users.html" target="_blank">here</a>.
<br />
<br />
First, let's see the rest APIs to use:
<ol left="" style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px;" text-align:="">
<li style="margin: 0px 0px 0.25em; padding: 0px;">
to retrieve the IDs of the Logical Ports
<br />
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
to delete the connection
<br />
</li>
</ol>
<br />
To get the list of Logical-Ports:
<br />
<b>GET /api/v1/logical-ports</b>
<br />
<br />
Below how it looks the command line ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># lorenzo@ubuntu:~$ curl -ksn -X GET https://{NSX-T MANAGER IP}/api/v1/logical-ports </pre>
... combining to the previous line the <b>jq</b> command and <b>sed</b>, we can extract only the ID field of our interst.
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># lorenzo@ubuntu:~$ curl -ksn -X GET https://{NSX-T MANAGER IP}/api/v1/logical-ports | jq '.results[] | .id' | sed 's/"//g' </pre>
Outcome in the image below.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJCnDm5u1qwWhL3cQ2OYvn5N-0QgVWmvRsmv4igCD83sI4bHq1NJFykTqBBXoP7npjR1_fSm-jK-TR3mL2cplxp0NmZP9XtV3DGfQl9_9kCpKTFg6DzHWYDgh3VEAKa6P7_LTcFJjOBsUAFQ3I4Rrp_kZ5hpM7vKBEd4FLHYU_ySJSby6HW3hHve9yBU4/s2658/ls2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1336" data-original-width="2658" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgJCnDm5u1qwWhL3cQ2OYvn5N-0QgVWmvRsmv4igCD83sI4bHq1NJFykTqBBXoP7npjR1_fSm-jK-TR3mL2cplxp0NmZP9XtV3DGfQl9_9kCpKTFg6DzHWYDgh3VEAKa6P7_LTcFJjOBsUAFQ3I4Rrp_kZ5hpM7vKBEd4FLHYU_ySJSby6HW3hHve9yBU4/s400/ls2.png"/></a></div>
<br />
<br />
To get the deletion of the Logical-Port:
<br />
<b>DELETE /api/v1/logical-ports/<LogicalPort-ID>?detach=true </b>
<br />
<br />
We now have all the elements to build the bash script, which looks like the one below...
<br />
<br />
<b>WARNING: It provided witout warranty. Use it at your own risk and only if you are aware of what you are doing</b>
<br />
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">#!/bin/bash
curl -ksn -X GET https://{NSX-T MANAGER IP}/api/v1/logical-ports | jq '.results[] | .id' | sed 's/"//g' | while read -r LP_ID
do
curl -ksn -X DELETE https://{NSX-T MANAGER IP}/api/v1/logical-ports/${LP_ID}?detach=true
echo " -> "${LP_ID}" removed "
done</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjw2fo4LERjPcB64MM2wQZmrvu8c10Si65Kd7vfk0g80nQEL0gO4pdp4z6LqajeIfjKeqKDOYz9GvrtCX1QuVU8DyEbTSv1K1LkccrY4j5KipOPdGshUZy-9eZ7BijfBoI5f3db9azlu8ts8_cKIzEvERsgoWofHgSF9tzer4_w7AVcMnw1-afG2eN9s6g/s1746/ls5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="236" data-original-width="1746" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjw2fo4LERjPcB64MM2wQZmrvu8c10Si65Kd7vfk0g80nQEL0gO4pdp4z6LqajeIfjKeqKDOYz9GvrtCX1QuVU8DyEbTSv1K1LkccrY4j5KipOPdGshUZy-9eZ7BijfBoI5f3db9azlu8ts8_cKIzEvERsgoWofHgSF9tzer4_w7AVcMnw1-afG2eN9s6g/s400/ls5.png"/></a></div>
... launch the script as below ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">lorenzo@ubuntu:~$ bash remove_all_logical_port.sh </pre><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjz_JWOo8qDEooxdmbyeGOj_eMPSgqhDAE9YfuszkhrqvBXK50LidsCYMuy0HcQxyXfrWiiqdL7m27eyICcSoHxiPnu74hapEl8m5ydgjC5lZ3lrhA-nzDN-oYP5i4q6W3TfRhCqBh039reComc9623hwgx3bQJIVDf0STqyVvI5auo3QEW4pA7QtR9Pc/s726/ls4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="510" data-original-width="726" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjz_JWOo8qDEooxdmbyeGOj_eMPSgqhDAE9YfuszkhrqvBXK50LidsCYMuy0HcQxyXfrWiiqdL7m27eyICcSoHxiPnu74hapEl8m5ydgjC5lZ3lrhA-nzDN-oYP5i4q6W3TfRhCqBh039reComc9623hwgx3bQJIVDf0STqyVvI5auo3QEW4pA7QtR9Pc/s400/ls4.png"/></a></div>
... the result is the following. All Logial-Ports have been cancelled.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZf67v6uc7MnWA5RUNw0nFHtSNZTHSaTVOxx31PNgrO_I80naDFyQDA5xJOw66fy5iHpRtZE8JPYzfGPRjwJnqyMYJr9LqPmLLv8qY5OpZXLasth97WTdBZKeNNMOHKnIlA5IDcfjVoaW-aruzRyL1nw42ORzOMjRjnxR09OK6BO1pmsF7SbO3xrm4x5o/s2448/ls6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1016" data-original-width="2448" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiZf67v6uc7MnWA5RUNw0nFHtSNZTHSaTVOxx31PNgrO_I80naDFyQDA5xJOw66fy5iHpRtZE8JPYzfGPRjwJnqyMYJr9LqPmLLv8qY5OpZXLasth97WTdBZKeNNMOHKnIlA5IDcfjVoaW-aruzRyL1nw42ORzOMjRjnxR09OK6BO1pmsF7SbO3xrm4x5o/s400/ls6.png"/></a></div>
<br />
<br />
<p>
<b>That's it.</b>
</p>
<!-- https://kb.vmware.com/s/article/91546 -->
</span>
</div>
Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-90476872208217697412023-07-26T00:49:00.003+02:002023-07-26T09:39:24.398+02:00[NAPP] - Activate TKGs Supervisor Cluster: 500 Internal Server Error<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
Today I was deploying the <a href="https://docs.vmware.com/en/VMware-NSX/4.1/nsx-application-platform/GUID-658D30E1-64B3-40B8-8FD4-ED2AE2A6FF7A.html" target="_blank">NSX Application Platform</a> (NAPP) in automated way, when I received the following error message:
<br />
<br />
<b>[Activate TKGs Supervisor Cluster] POST https://{vCenter}/api/vcenter/namespace-management/clusters/domain-c{ID}?action=enable: 500 Internal Server Error</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGUhbpo5-xdEpD1DPT2DGqu5qbg3gwfHihqTxGwCeJP4P1YsVBmmfmbf_dEfM1lJfqi-1_P2BBg4APu64n2ajA2ExkOJJwSoADuV4ER5iUhOwikC_VkrygcLneHYezzyRSXDzK6fky2PKYHNr2vwaaGiB5iSparF0Equzbq6c27XqykQsn4MxeJ_KZVtQ/s2060/NAPP-1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="952" data-original-width="2060" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGUhbpo5-xdEpD1DPT2DGqu5qbg3gwfHihqTxGwCeJP4P1YsVBmmfmbf_dEfM1lJfqi-1_P2BBg4APu64n2ajA2ExkOJJwSoADuV4ER5iUhOwikC_VkrygcLneHYezzyRSXDzK6fky2PKYHNr2vwaaGiB5iSparF0Equzbq6c27XqykQsn4MxeJ_KZVtQ/s400/NAPP-1.png"/></a></div>
<br />
<br />
Before to see the solution a brief introduction to what NAPP is.
<br />
<br />
The NSX Application Platform is a modern microservices platform that hosts the following NSX features that collect, ingest, and correlate network traffic data in your NSX environment.
<br />
<ul>
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<li>
VMware NSX® Intelligence™
<br />
</li>
<li>
VMware NSX® Network Detection and Response™
<br />
</li>
<li>
VMware NSX® Malware Prevention
<br />
</li>
<li>
VMware NSX® Metrics
<br />
</li>
</span>
</ul>
<br />
NAPP is a microservices application platform based on Kubernets and can be installed in two ways:
<br />
<ul>
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<li>
manually
<br />
</li>
<li>
automated
<br />
</li>
</span>
</ul>
<br />
By choosing an automated NAPP installation, the customer does not need to be concerned with the installation and maintenance of the individual NAPP platform components including TKGs (Kubernetes).
<br />
Further information on how to "Getting Started with NSX Application Platform (NAPP)" can be found <a href="https://blogs.vmware.com/security/2022/11/getting-started-with-nsx-application-platform-napp.html" target="_blank">here</a>.
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
The encountered error "500 internal server error" could be triggered if the vCenter/TKGs license is invalid as indicated <a href="https://developer.vmware.com/apis/vsphere-automation/latest/vcenter/api/vcenter/namespace-management/clusters/clusteractionenable/post/" target="_blank">here</a>.
<br />
<br />
Tanzu licenses expired was exactly my case.
<br />
Looking inside the Workload Management, I discovered multiple incompatibilities.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcs_aae_V-Nd55N6oNvAcLs3vBbDng2hfiZnMCe_YwXtH3JT5scLpKL6ygd3dI_TPYdie4ej_KDu-TpfhaLwymoCrP7JOdtqwofMrLhD1z3BgjsebpBWWck-PGIfZ5oIT77OnKvJqQm7G5zlpip38oYaNhMuY0fHDYrrV4w1dADmTfoROj1zKiBmn2u9Q/s1600/NAPP2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="700" data-original-width="1600" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcs_aae_V-Nd55N6oNvAcLs3vBbDng2hfiZnMCe_YwXtH3JT5scLpKL6ygd3dI_TPYdie4ej_KDu-TpfhaLwymoCrP7JOdtqwofMrLhD1z3BgjsebpBWWck-PGIfZ5oIT77OnKvJqQm7G5zlpip38oYaNhMuY0fHDYrrV4w1dADmTfoROj1zKiBmn2u9Q/s400/NAPP2.png"/></a></div>
<br />
Incompatibility reasons was related to "expired license".
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit7pcX6C-23tPOEYdZS5taeS8tQBARkAmk7FZG57C-id1tX-4Cs6rT9YDHkHFOZXWkAfdZKw8X52qbtkokCy0jUJoG475SyaVJeuZKNoMU7MPjYE9n8WI82RMUBUGvi9amMJxFm27oInWsYBX6_NvVDYfyAzOF4oKsi1oofFvVqnau0Vwz9SlrOXMqc8E/s1076/Tanzu-licenze.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="470" data-original-width="1076" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit7pcX6C-23tPOEYdZS5taeS8tQBARkAmk7FZG57C-id1tX-4Cs6rT9YDHkHFOZXWkAfdZKw8X52qbtkokCy0jUJoG475SyaVJeuZKNoMU7MPjYE9n8WI82RMUBUGvi9amMJxFm27oInWsYBX6_NvVDYfyAzOF4oKsi1oofFvVqnau0Vwz9SlrOXMqc8E/s400/Tanzu-licenze.png"/></a></div>
<br />
Entered the new Tanzu license ... restarted the deployment task ... the process resumed from the previous point and TKGs was successfully deployed.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGTYbWjDBZcxtnqVbjh5KJ99P1CgQ1eo71nV66zRQcqIcJdLnFrPi7-k2QO1lqiXgjAIdLmyB4YhHZcCa1ADI0rV2G8zIGV-E-dHCkotoHVU4RiCazNOXYArBq1FyVZ9lguIU9bE9UIG7EM_Rv5z6ew5fGCmPKLi0QQrwZRlg0TRswL-mKkEGziWvO51g/s2044/NAPP-4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="946" data-original-width="2044" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGTYbWjDBZcxtnqVbjh5KJ99P1CgQ1eo71nV66zRQcqIcJdLnFrPi7-k2QO1lqiXgjAIdLmyB4YhHZcCa1ADI0rV2G8zIGV-E-dHCkotoHVU4RiCazNOXYArBq1FyVZ9lguIU9bE9UIG7EM_Rv5z6ew5fGCmPKLi0QQrwZRlg0TRswL-mKkEGziWvO51g/s400/NAPP-4.png"/></a></div>
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-75874853608978376362023-07-10T18:21:00.001+02:002023-07-10T18:22:12.309+02:00[DELL Server] - Lifecycle Controller in Recovery Mode <div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
Today I was working on a new PowerEdge R650xs, when in a start up face I noticed the message "Lifecycle Controller in Recovery Mode"
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVvYetaTqKRNBVRhsnsAAhwn9F-QUFdHTVUamybYqoV2AwBXuQX0kc3QF9n-6mFDttf64k0m_BkLYzY4LWnDEAnoAPJPyMTXmVKKiEM-Ki-65VtcyhctOGzjRgBX4wL4xt8YclBVggrfSYGw9njzTTKcVPZ1LnCVLUy6lORSDuxKlXK9xddAxh_zANgeU/s1024/rpviewer1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVvYetaTqKRNBVRhsnsAAhwn9F-QUFdHTVUamybYqoV2AwBXuQX0kc3QF9n-6mFDttf64k0m_BkLYzY4LWnDEAnoAPJPyMTXmVKKiEM-Ki-65VtcyhctOGzjRgBX4wL4xt8YclBVggrfSYGw9njzTTKcVPZ1LnCVLUy6lORSDuxKlXK9xddAxh_zANgeU/s400/rpviewer1.png"/></a></div>
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
To solve this issue, press <b>F2</b> to enter in System Setup
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFNqTxvp9PaCkaYUFwYq_1OPlVEN0YaYJVy5xirUyTmQj5Lg6BH0GGETK9k209PhfR08J2UCsf8Nh-PGkLeLwkPanQoh0y_L_dI9fLk0u_iE9E9VZqBFYlCDm3tDaJsLRYf6mywLB-cVumt74szNyQjFgmZfQu0z-JnB2bwhQ3HPT7MTDe8hvepRkJPrs/s1024/rpviewer1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjFNqTxvp9PaCkaYUFwYq_1OPlVEN0YaYJVy5xirUyTmQj5Lg6BH0GGETK9k209PhfR08J2UCsf8Nh-PGkLeLwkPanQoh0y_L_dI9fLk0u_iE9E9VZqBFYlCDm3tDaJsLRYf6mywLB-cVumt74szNyQjFgmZfQu0z-JnB2bwhQ3HPT7MTDe8hvepRkJPrs/s400/rpviewer1.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqbvBraSanAZu2uV8ST0jdBG-k-gv6do89G5HqaOQ-sKzr6qFICzTyU-9p5dtiGYI4eBZbItweYqmAIC72N_NL7ieuc9cUKIVFZYJHJsdtrkMVkAw2GHLJ9hYQCQLuQmXaB_A3MhVs31EKC0vW0XqLHKbq6g8MyKsUHZRi4JOfCAN3qJseztFJ6XrFpbI/s1024/rpviewer2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqbvBraSanAZu2uV8ST0jdBG-k-gv6do89G5HqaOQ-sKzr6qFICzTyU-9p5dtiGYI4eBZbItweYqmAIC72N_NL7ieuc9cUKIVFZYJHJsdtrkMVkAw2GHLJ9hYQCQLuQmXaB_A3MhVs31EKC0vW0XqLHKbq6g8MyKsUHZRi4JOfCAN3qJseztFJ6XrFpbI/s400/rpviewer2.png"/></a></div>
<br />
Enter into <b>iDrac Settings</b> menu ...
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9SAl09lhb1CNQrM6FpqpKYORrPW6M_AE3uopWLNPWi56Mw6nzSSc68qB5SWdmSuZfj6J3CXLJFvXPR9IqD2lD_nYV3nDws_-LHQND3RuCPAsqJ-1ZT5-fXGXOxorjEY2r9iWUiDqukEg7AyMjKaSk8DGJomk90agFLk5fTToGwc2qX6dmnP2rhrZKf6s/s1024/rpviewer3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9SAl09lhb1CNQrM6FpqpKYORrPW6M_AE3uopWLNPWi56Mw6nzSSc68qB5SWdmSuZfj6J3CXLJFvXPR9IqD2lD_nYV3nDws_-LHQND3RuCPAsqJ-1ZT5-fXGXOxorjEY2r9iWUiDqukEg7AyMjKaSk8DGJomk90agFLk5fTToGwc2qX6dmnP2rhrZKf6s/s400/rpviewer3.png"/></a></div>
<br />
... <b>Lifecycle Controller</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdea8IMVEwrCdkE7IqnkTJF6LOyCKKFBiaw_LGllte_Bozkz4Qt8unikd9TssPdLUPRa_RfdDiDGeQjwI6q5fDyFcuKoOKyB4LX7WorIQIEnEt2iZXtCyw5bgYMscSuGENP8-QgUJx4TYl4XuCpSJnStqDI2rf4ONgIsG6f-BVYnWedxG-5HHEBkIAsMw/s1024/rpviewer4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdea8IMVEwrCdkE7IqnkTJF6LOyCKKFBiaw_LGllte_Bozkz4Qt8unikd9TssPdLUPRa_RfdDiDGeQjwI6q5fDyFcuKoOKyB4LX7WorIQIEnEt2iZXtCyw5bgYMscSuGENP8-QgUJx4TYl4XuCpSJnStqDI2rf4ONgIsG6f-BVYnWedxG-5HHEBkIAsMw/s400/rpviewer4.png"/></a></div>
<br />
Select <b>Enabled</b> in Lifecycle Controller and click on <b>Back</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghV9H3--Qx4iJtxTAe9fzJvhZKTgQxko6hmpoWG6UXATOYGcYhXXyt-V5PRws5asoEVQ15_yyFPYVnQ3-G7CeihQFyjtymUjJF02S1noYY53hzKyNRPTeiTw_gDqXl5kEW94_A6_HQ1yO8Tjf2INLQZTy0TLe8V1bZ-JseO8kTCF1T07lCWEWp01cMpgg/s1024/rpviewer5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghV9H3--Qx4iJtxTAe9fzJvhZKTgQxko6hmpoWG6UXATOYGcYhXXyt-V5PRws5asoEVQ15_yyFPYVnQ3-G7CeihQFyjtymUjJF02S1noYY53hzKyNRPTeiTw_gDqXl5kEW94_A6_HQ1yO8Tjf2INLQZTy0TLe8V1bZ-JseO8kTCF1T07lCWEWp01cMpgg/s400/rpviewer5.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ltEJNuqiPHn_NncsdAGJF7fyP452LmzInBGFoqBOgj7vJUwNVUIIRqzriCW9-28NLWhNoOUrcWkOgrKt4Gg2j-xe8RPweLKN8wP704miz7bX9weC3cKIJOD9640diFwLB9134tphEmlaJUuYixA3hqb2H1czcnnifkhXNQFLMmtNkDtVqZFeMhK8ufs/s1024/rpviewer6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj6ltEJNuqiPHn_NncsdAGJF7fyP452LmzInBGFoqBOgj7vJUwNVUIIRqzriCW9-28NLWhNoOUrcWkOgrKt4Gg2j-xe8RPweLKN8wP704miz7bX9weC3cKIJOD9640diFwLB9134tphEmlaJUuYixA3hqb2H1czcnnifkhXNQFLMmtNkDtVqZFeMhK8ufs/s400/rpviewer6.png"/></a></div>
<br />
Hit <b>Finish</b>...
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7yosKMhfnkjnI7Nr6YBV3oszBgkSavxK6hLNNbw9yb4731blpxQW73jPxoEksM3cveJBZJV-T4I0s0dvqiX25OLXAMnVtlY5a8kXESMaTQVHtYbt-7vE4GOCbSGvj9JXnFNRABDVwX1B5SzEUf_n_WHrL6KaCtAYs2R71GAIEnY6Uz_xuZvkMzFOqTa0/s1024/rpviewer7.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7yosKMhfnkjnI7Nr6YBV3oszBgkSavxK6hLNNbw9yb4731blpxQW73jPxoEksM3cveJBZJV-T4I0s0dvqiX25OLXAMnVtlY5a8kXESMaTQVHtYbt-7vE4GOCbSGvj9JXnFNRABDVwX1B5SzEUf_n_WHrL6KaCtAYs2R71GAIEnY6Uz_xuZvkMzFOqTa0/s400/rpviewer7.png"/></a></div>
<br />
... and save changes pressing <b>YES</b>.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHfhRboQPCLclsmnauyFGp7TNssYOT2M70jGl96Bakkr2iXd56ixDYhdezOXqEyXtL3O0fDh2FzpvTuUVf98kQjMxcTOO16O0U8pyKkXMN44sgWkarhFxymaQIlPyI3zh3rwdAfTRlnTHAGSIazyL3qGrVlt5VpU4WvuUyAmSdry74pcpHw7JO6EiZvDw/s1024/rpviewer8.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHfhRboQPCLclsmnauyFGp7TNssYOT2M70jGl96Bakkr2iXd56ixDYhdezOXqEyXtL3O0fDh2FzpvTuUVf98kQjMxcTOO16O0U8pyKkXMN44sgWkarhFxymaQIlPyI3zh3rwdAfTRlnTHAGSIazyL3qGrVlt5VpU4WvuUyAmSdry74pcpHw7JO6EiZvDw/s400/rpviewer8.png"/></a></div>
<br />
If the changes have been saved correctly, press <b>OK</b> and <b>Reboot</b> the system
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoralE5twK7kasA7S2JngemltSxD5WK9JO0tZVxTTKuCxkJCWgorR4ANJa7LquyxM9409XETKGSENWSZmYc1BMzJaHSCK-ktj0K1TBGl9h3EzeIVwLI2ORTSuAzLob2peuRIvlIwPBx2NTzUphEW4D9LhRePr7f0rsuZyz7kAaWtPGKEmpRDCZvsKjvbc/s1024/rpviewer9.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgoralE5twK7kasA7S2JngemltSxD5WK9JO0tZVxTTKuCxkJCWgorR4ANJa7LquyxM9409XETKGSENWSZmYc1BMzJaHSCK-ktj0K1TBGl9h3EzeIVwLI2ORTSuAzLob2peuRIvlIwPBx2NTzUphEW4D9LhRePr7f0rsuZyz7kAaWtPGKEmpRDCZvsKjvbc/s400/rpviewer9.png"/></a></div> <br />
At the next start up the error message is no longer present.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUJgYHZmthbv82ocwkAgkH8oEcGVjN8HEgiP8Y-66UcSqoVVctAdt8iFffK5bCKlZsrY9VuMHM7yNol74wpDo2x-zrRN2KrbqDHj0MMG0yNhlO-l8WAHOUEymPgtQlDaEcwsQkxMG77RaulLUP3x-l1CwwMHo-Sx7LFnzw6_YGOruItR_QhuJ4WTFjwy8/s1024/rpviewer10.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="768" data-original-width="1024" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUJgYHZmthbv82ocwkAgkH8oEcGVjN8HEgiP8Y-66UcSqoVVctAdt8iFffK5bCKlZsrY9VuMHM7yNol74wpDo2x-zrRN2KrbqDHj0MMG0yNhlO-l8WAHOUEymPgtQlDaEcwsQkxMG77RaulLUP3x-l1CwwMHo-Sx7LFnzw6_YGOruItR_QhuJ4WTFjwy8/s400/rpviewer10.png"/></a></div>
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-79491295049807190762023-07-03T09:37:00.000+02:002023-07-03T09:37:25.854+02:00How to quick check NSX DFW rules of a VMs on ESXi host<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
I need to know if a NSX-T firewall rules are deployed on a host and are applied to virtual machines.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu4_LfNGh3V3DLetmPyEUK7OdccYowTzGcz-rVDvgTYlINc-HEZJuUCwu5lsaIo6BDI1mLhkdiP9iNBmOd1iYV9NL9GPGflk1f-gJ_ZlytptTS7Rvget2UysMYnfOO12p4mhUFmVcOl-PhsS5yTnNSnRKrWw4zMYK4XpRWoWdkQn7nTi5Q5Mej1Loa/s1168/cli-0.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="532" data-original-width="1168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhu4_LfNGh3V3DLetmPyEUK7OdccYowTzGcz-rVDvgTYlINc-HEZJuUCwu5lsaIo6BDI1mLhkdiP9iNBmOd1iYV9NL9GPGflk1f-gJ_ZlytptTS7Rvget2UysMYnfOO12p4mhUFmVcOl-PhsS5yTnNSnRKrWw4zMYK4XpRWoWdkQn7nTi5Q5Mej1Loa/s400/cli-0.png"/></a></div>
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
The commands to use to verify that the firewall rules are deployed on a host and are applied to virtual machines are :
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># summarize-dvfilter and vsipioctl</pre>
Let's see how to use them below, I would like to say that those tests were carried out on the HOL (hands on labs) made available by vmware, but nothing change on the real life.
<br />
<br />
In our test, we would like to validate the DFW rule for the VM web-01a.
<br />
Located the VM that we want to validate we get SSH into the ESXi host.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghB3l7tYGitpGZ6ta6Rp1l3oRoa0ad016jJb5f1YyisHHq3VX0BCNonE9WYfopyQXk20KCFlcpEN0rPY3Qtjcdl3D39gcVfs6BcUqATbTSlFpcagGKuXoErFGsq37YTO9H6MWyXF7FDU2D03JC45RX_4BJkS-IOy_qvo8UuT_zaMczOUXS8iYzYfw_/s826/cli-1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="330" data-original-width="826" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghB3l7tYGitpGZ6ta6Rp1l3oRoa0ad016jJb5f1YyisHHq3VX0BCNonE9WYfopyQXk20KCFlcpEN0rPY3Qtjcdl3D39gcVfs6BcUqATbTSlFpcagGKuXoErFGsq37YTO9H6MWyXF7FDU2D03JC45RX_4BJkS-IOy_qvo8UuT_zaMczOUXS8iYzYfw_/s400/cli-1.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg91mPURyS5lKDquO-rDgVIIpMh70GZQelrLeTrW8L4tTSzewzwxEMNrT6zCIoEkqDAdFV-MUzxs0ir2feXbxExfKFO4J1F-9UayzcXah3-07pADdyBnFgnvuWMEUTNMvAVZJARITrHu945_juEM_bCLGaYUEsqabXl45oOFtR7I5-gR4PHdDiCAUTX/s417/cli-2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="397" data-original-width="417" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg91mPURyS5lKDquO-rDgVIIpMh70GZQelrLeTrW8L4tTSzewzwxEMNrT6zCIoEkqDAdFV-MUzxs0ir2feXbxExfKFO4J1F-9UayzcXah3-07pADdyBnFgnvuWMEUTNMvAVZJARITrHu945_juEM_bCLGaYUEsqabXl45oOFtR7I5-gR4PHdDiCAUTX/s400/cli-2.png"/></a></div>
<br />
So, once logged in, we type ... <pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># summarize-dvfilter | grep -A 3 vmm0:web-01a </pre> ... and we look for the name under vNIC slot.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHZ10u61-12ebM3WBXvFDynz22tA9gjsBUcCAED6MensudTDVZZMBT2EwNUs5bPGXSui4wSb0_1tFgiPPh2wqbqFWWsTr2vr_B1Ej18ZvqCwJrnd9576Q-wpkqi6PaDlJw02CsRHPQnyvyCV1c-1Wkd6fFzSDg_XQlDM6XggXlfwyA1-lBSmRJryDE/s981/cli-3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="509" data-original-width="981" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHZ10u61-12ebM3WBXvFDynz22tA9gjsBUcCAED6MensudTDVZZMBT2EwNUs5bPGXSui4wSb0_1tFgiPPh2wqbqFWWsTr2vr_B1Ej18ZvqCwJrnd9576Q-wpkqi6PaDlJw02CsRHPQnyvyCV1c-1Wkd6fFzSDg_XQlDM6XggXlfwyA1-lBSmRJryDE/s400/cli-3.png"/></a></div>
<br />
Then to show the appliade rules, we use the command <i>vsipioctl getrules</i> like below:<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># vsipioctl getrules -f nic-269171-eth0-vmware-sfw.2 </pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnPUkh0AgBLyMQPqUm12D5A9z3hmdQmC8yHVC3qjmN4oxWdg4A5CnOCiVZ0I0FHXFplJLVvJGCKgTYwu0QuDzIAbQeGFnc2W5PCwJpZ1pgVEIA7ZhLnyuhq7q6pm_zOJ5W_n_yyyWM1tBClYWGPRC_4a9XdJgVqwFQtffQIa6FFw1aomzApsOu6lLP/s981/cli-4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="512" data-original-width="981" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhnPUkh0AgBLyMQPqUm12D5A9z3hmdQmC8yHVC3qjmN4oxWdg4A5CnOCiVZ0I0FHXFplJLVvJGCKgTYwu0QuDzIAbQeGFnc2W5PCwJpZ1pgVEIA7ZhLnyuhq7q6pm_zOJ5W_n_yyyWM1tBClYWGPRC_4a9XdJgVqwFQtffQIa6FFw1aomzApsOu6lLP/s400/cli-4.png"/></a></div>
<br />
Alternatively, we can use the combined commands as follows ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># vsipioctl getrules -f `summarize-dvfilter | grep -A 3 vmm0:web-01a | grep name | awk '{print $2}'` </pre> <div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY8yHygwG1i4QBZ91jGUqL8cRMZ2-f8JNyn7vXzrgZQhgz1pk-4lWDHPbnW1Pe-Agoy2RLYJkzXoZrSPFyeV_jGonqR8VDLZIplMhUO5TveIZbVY63YkSzPnf5L-pGGruxh8HtFmrdRWGpN2DwegvW8bZdc7FdjPoLZskg15zCCXLFKyCDjuRss8EV/s981/cli-5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="509" data-original-width="981" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgY8yHygwG1i4QBZ91jGUqL8cRMZ2-f8JNyn7vXzrgZQhgz1pk-4lWDHPbnW1Pe-Agoy2RLYJkzXoZrSPFyeV_jGonqR8VDLZIplMhUO5TveIZbVY63YkSzPnf5L-pGGruxh8HtFmrdRWGpN2DwegvW8bZdc7FdjPoLZskg15zCCXLFKyCDjuRss8EV/s400/cli-5.png"/></a></div>
<br />
<br />
<!-- <b>NOTE:</b> Grepping the output of the <i>summarize-dvfilter</i> with option "-A 3" we get only the first nic -->
<br />
As we can see from the previous picture, the rules ID 2031, 2032, 2033 are not present on the VM. Why??
<br />
Simply, because they are not enabled.
<br />
<br />
Once enabled and published ...
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5KQUEN36wASVIoTMcBbhfaR1tIH5Jag5I4u2gza_FrvYqIYmqHma_B0x1b1RjwYFlKjN_qc0qRibePc8JXfVHesOOyeeXRBF9rVLVdzfnHzT2tN62WOT-IpiNkyxvt3uFj8YbwVYYB1lZ_Tqv_-nqKE-eLW-K6fFCdYN38twJDdQ5Jx3kaDc0T-Pa/s1166/cli-5a.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="533" data-original-width="1166" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5KQUEN36wASVIoTMcBbhfaR1tIH5Jag5I4u2gza_FrvYqIYmqHma_B0x1b1RjwYFlKjN_qc0qRibePc8JXfVHesOOyeeXRBF9rVLVdzfnHzT2tN62WOT-IpiNkyxvt3uFj8YbwVYYB1lZ_Tqv_-nqKE-eLW-K6fFCdYN38twJDdQ5Jx3kaDc0T-Pa/s400/cli-5a.png"/></a></div>
<br />
...if we rerun the command ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># vsipioctl getrules -f `summarize-dvfilter | grep -A 3 vmm0:web-01a | grep name | awk '{print $2}'` </pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdo-NP2y713doWV2DPCcXgIPkguOHmLE4iHRSRDb-lVeFG0sLnHD8JXjT6nF7VRhMcfEYqKOxpbyon1j1alTecRfUefGAslqqlzD3ZFnHwqg4jLNaFC8SjOF6IGXI0pJMazX48TwwzjIdhZlz-cmYnWCUDiH9YVgTngMsl8p-8ON6-tEECFjbAxO3t/s1167/cli-6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="630" data-original-width="1167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhdo-NP2y713doWV2DPCcXgIPkguOHmLE4iHRSRDb-lVeFG0sLnHD8JXjT6nF7VRhMcfEYqKOxpbyon1j1alTecRfUefGAslqqlzD3ZFnHwqg4jLNaFC8SjOF6IGXI0pJMazX48TwwzjIdhZlz-cmYnWCUDiH9YVgTngMsl8p-8ON6-tEECFjbAxO3t/s400/cli-6.png"/></a></div>
... we can see now, them applied to the VM.
<br />
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-73510256230939771852023-06-16T18:25:00.001+02:002023-06-16T18:30:01.327+02:00Quick tip for cURL users <div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
I often use Rest API calls with the cURL command to interact with NSX manager, and every time I have to enter the login credentials.
<br />
It would be useful to have a place somewhere to store them so that you don't have to enter them every time (especially when you are on a call with customer, and you cannot write in clear text the password with the -u option ..... and you are therefore forced to type and/or copy password several times).
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
Looking around in "<a href="https://everything.curl.dev/" target="_blank">Using curl</a>" site I discovered <a href="https://everything.curl.dev/usingcurl/netrc" target="_blank">.netrc </a>.
<br />
In short, it is possible to store username, password and IP/FQDN of the machine to connect to, in file ~/.netrc so that you do not need to type username and password in every API call you invoke.
<br />
The ~/.netrc file format is simple: you specify lines with a machine name and follow that with the login and password that are associated with that machine, and looks like the below:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">% cat .netrc
machine <IP/FQDN_1> login <username_here> password <password_1_here>
machine <IP/FQDN_2> login <username_here> password <password_2_here>
% </pre> Below an example
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">lorenzo@moglielL0KPF ~ % cat .netrc
machine 172.25.251.31 login admt1lm@dominio.local password VMware1!VMware1!
machine nsxtmgr01.customer2.local login admin password VMware!123VMware!123
lorenzo@moglielL0KPF ~ % </pre>
It is now possible to invoke the Rest API call with the <b>-n</b> switch to cURL to use netrc file.
<br />
We can check NSX Manager FQDNs using NSX-T Data Center API with -n option as below:
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">curl -k -n -X GET https://172.25.251.31/api/v1/configs/management</pre> <div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheGT0vYeJFPCLhiaJboYMa47muNIKC2b-MR4RclM5wq_MAhyxBiJTFurLc-gClr9vV-5CmwV6XelcAKth3fO_mT4vmtCOhAytcjdLs0tv0590tGd8vHp3xF1wFWw3k-vkJu5-yNe4u9kZaP36IK9zBMHsv0Fjuywx_Bt6e8Yf2esXd_fhC8V0qztfI/s647/netrc.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="92" data-original-width="647" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEheGT0vYeJFPCLhiaJboYMa47muNIKC2b-MR4RclM5wq_MAhyxBiJTFurLc-gClr9vV-5CmwV6XelcAKth3fO_mT4vmtCOhAytcjdLs0tv0590tGd8vHp3xF1wFWw3k-vkJu5-yNe4u9kZaP36IK9zBMHsv0Fjuywx_Bt6e8Yf2esXd_fhC8V0qztfI/s600/netrc.png"/></a></div>
Further information about the parameters you can use in file .netrc or how to use it in Windows can be found on this <a href="https://everything.curl.dev/usingcurl/netrc" target="_blank">site</a>.
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-49586484834624397902023-06-12T10:01:00.000+02:002023-06-12T10:01:17.422+02:00NSX-T host preparation - Upgrade VIB(s) "loadesx" is required<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
I was trying to perform NSX-T host preparation on a cluster (based on HPe Simplivity) composed of two Esxi hosts, when I received the following error message:
<br />
<br />
<b>Failed to install software on host. Failed to install software on host. Simplivity.host.local : java.rmi.RemoteException: [InstallationError] Upgrade VIB(s) "loadesx" is required for the transaction. Please use a depot with a complete set of ESXi VIBs. Please refer to the log file for more details.</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyzA46sb8buKtrAdRp-kxxS0-jkO5VHCvbE0PABJujaCsKXAcfvGA7XcJD085S4Ve7H0GHJpJBHzMN1dqITzkpyXMbbWWKNhCyUXVYKkmqxRu9rteilxM9_-S0H2_ljwsqA5SbxPXWmRC2uvNNv-7uj1T9QR7H4fcGu27_UTBDe5PElTSQth8k8VXa/s1344/ld1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="908" data-original-width="1344" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyzA46sb8buKtrAdRp-kxxS0-jkO5VHCvbE0PABJujaCsKXAcfvGA7XcJD085S4Ve7H0GHJpJBHzMN1dqITzkpyXMbbWWKNhCyUXVYKkmqxRu9rteilxM9_-S0H2_ljwsqA5SbxPXWmRC2uvNNv-7uj1T9QR7H4fcGu27_UTBDe5PElTSQth8k8VXa/s400/ld1.png"/></a></div>
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
After investigating, I don't actually find the installed VIB...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># esxcli software vib list | grep load</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwSO_rL6zMVNXuaF4UiY-CST31VqkgYMdj4apcRes4LOHNZd12cBoEa69MBBiDMVppEhxzeFJmOzpNiT8wEjGFg94ExJfneUNsgelhIUG7ef60PRojDhqiWJTedjXStDwKjD3FHAf-jsR83gbqzaHm1VnGOnO7nGn-1baob7I6ukJmNjGEWwckrL3d/s1144/ld2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="76" data-original-width="1144" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwSO_rL6zMVNXuaF4UiY-CST31VqkgYMdj4apcRes4LOHNZd12cBoEa69MBBiDMVppEhxzeFJmOzpNiT8wEjGFg94ExJfneUNsgelhIUG7ef60PRojDhqiWJTedjXStDwKjD3FHAf-jsR83gbqzaHm1VnGOnO7nGn-1baob7I6ukJmNjGEWwckrL3d/s400/ld2.png"/></a></div>
<br />
I check the profile on the ESXi host ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># esxcli software profile get</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMA-jRXNQi-Vlq3PoZp_BYKl3-7uGa-YyJi7v7exFDZqfAAE7gXhpGF1CjjEE1KKiEzlbnxmsRgkOvu11YurZUQHNgPnxRcPmYgowNURvsY3vI1rVLsmZZV5UV-5hQUzpTRUsWA7Qpllimx3e4qfhOynTIiDRwHwJWXiK-36nSgDJlMxLnj9Gv7xjf/s2070/ld3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1292" data-original-width="2070" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiMA-jRXNQi-Vlq3PoZp_BYKl3-7uGa-YyJi7v7exFDZqfAAE7gXhpGF1CjjEE1KKiEzlbnxmsRgkOvu11YurZUQHNgPnxRcPmYgowNURvsY3vI1rVLsmZZV5UV-5hQUzpTRUsWA7Qpllimx3e4qfhOynTIiDRwHwJWXiK-36nSgDJlMxLnj9Gv7xjf/s400/ld3.png"/></a></div>
The current update was done with custom bundles,
<br />
<br />
The customer confirms that during the update phase, he skipped the installation because otherwise he would not have been able to update the drivers.
<br />
<br />
I then asked the customer to retrieve the Offline Bundle package used for the update.
<br />
<br />
I copied the same Offline Bundle used for the upgrade into a shared folder by the cluster hosts.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUa9UF6CWyKQ7A6rksg5pVhKd5LifsJSVDpgdFUpYupTM1zS7Xk9xMZDWb_iv-apOt17B0Ybu4B9LuRx-HbigUVprxIMKSJ29G3fkQ334_E87lgv8dkvIUNT5OGpavANsXtTwnfhaekhb_i6tWy42pf3ezqei7dJFWIQm1rlOqZjEj-VZKDy1dYMUo/s2356/ld4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="140" data-original-width="2356" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUa9UF6CWyKQ7A6rksg5pVhKd5LifsJSVDpgdFUpYupTM1zS7Xk9xMZDWb_iv-apOt17B0Ybu4B9LuRx-HbigUVprxIMKSJ29G3fkQ334_E87lgv8dkvIUNT5OGpavANsXtTwnfhaekhb_i6tWy42pf3ezqei7dJFWIQm1rlOqZjEj-VZKDy1dYMUo/s400/ld4.png"/></a></div>
I checked the Offline Bundle profile ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># esxcli software sources profile list -d /vmfs/volumes/SVT-VDI/Temp/HPe/Q8A57-11137_hpe-esxi7.0u3c-19193900-703.0.0.10.8.1-3-offline-bundle.zip</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVY_LvK59IPbpk8KetU8JMHvrLY4DxpE72_WavVURgiLhUhUo8UXAuQtI0_9fvxWAX1bizbhTIbIDyZN6LmQ7Og8C-w-arwE4w7OckkwYdta0ZKQ3F_umvDKsbHRehg0739S0I3NmUzVD3xVqlcQCe7XapubsOhpOjOisr5NwwzwNeurMSICcEmu8r/s2580/ld5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="378" data-original-width="2580" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiVY_LvK59IPbpk8KetU8JMHvrLY4DxpE72_WavVURgiLhUhUo8UXAuQtI0_9fvxWAX1bizbhTIbIDyZN6LmQ7Og8C-w-arwE4w7OckkwYdta0ZKQ3F_umvDKsbHRehg0739S0I3NmUzVD3xVqlcQCe7XapubsOhpOjOisr5NwwzwNeurMSICcEmu8r/s400/ld5.png"/></a></div>
... and then the contents of the VIBs, to verify that was present "loadesx" ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># esxcli software sources profile get -d /vmfs/volumes/SVT-VDI/Temp/HPe/Q8A57-11137_hpe-esxi7.0u3c-19193900-703.0.0.10.8.1-3-offline-bundle.zip -p HPE-ESXi-7.0-Update3c-19193900-customized</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV56DYX_yAQUZVArZ-d-ae6xnBs5n6WgbNRYPC0pI3XgvPvNKJgrN-RYE4YQMpKMyxkzbGxgP7Hzwb0wOcqcz8oGOqTfQLTIiNtEDfwEDlFH_XmzwhsxYayjWXCsmhkNS25msnH9RoTwaZtyP0X345cYbATxp-oAi5zr_qFUkQCQf7vrG1dIj_Lg2M/s2214/ld6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1158" data-original-width="2214" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiV56DYX_yAQUZVArZ-d-ae6xnBs5n6WgbNRYPC0pI3XgvPvNKJgrN-RYE4YQMpKMyxkzbGxgP7Hzwb0wOcqcz8oGOqTfQLTIiNtEDfwEDlFH_XmzwhsxYayjWXCsmhkNS25msnH9RoTwaZtyP0X345cYbATxp-oAi5zr_qFUkQCQf7vrG1dIj_Lg2M/s400/ld6.png"/></a></div>
Verified the presence, I proceed with the update of the profile in this way:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># esxcli software profile update -d /vmfs/volumes/SVT-VDI/Temp/HPe/Q8A57-11137_hpe-esxi7.0u3c-19193900-703.0.0.10.8.1-3-offline-bundle.zip -p HPE-ESXi-7.0-Update3c-19193900-customized</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRhXHOl147v_6ypYPi_VNa9cTgSTAvH8Md1Pku0oo3T7mEnR98O_Yt9EC-vzUBlAR28y1H7Xyd25GC4T5M-rljYkI1CFw-R8MTzoQmSDYiyDjxGJN4dpfQlFpgMQGMmBjusIqHrVqzNAzElQTz6MpEBPCUC4rgBmpQRQ6dEweKdsV37SdviITElGE2/s2040/ld7.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1272" data-original-width="2040" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRhXHOl147v_6ypYPi_VNa9cTgSTAvH8Md1Pku0oo3T7mEnR98O_Yt9EC-vzUBlAR28y1H7Xyd25GC4T5M-rljYkI1CFw-R8MTzoQmSDYiyDjxGJN4dpfQlFpgMQGMmBjusIqHrVqzNAzElQTz6MpEBPCUC4rgBmpQRQ6dEweKdsV37SdviITElGE2/s400/ld7.png"/></a></div>
As we can see above, there are a number of packages that have been installed/updated including “loadesx”.
<br />
<br />
Since a reboot is required, let's proceed with rebooting the ESXi host.
<br />
<br />
Post Reboot we verify that the module has been properly loaded ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># esxcli software vib list | grep load</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDH6VQ1JGvfhOv4D8JnCZchNCOQgxd-_TVGAL1W2G_pS-WGIBGs3i8_zaQ5owdY7ak6GggT1jnvEibQ0WAOh77wIVRHXsAV41KiKb5fOkEKuNjPqS76PkoIy4d1Fq_mjv7Tf-auHZnsb_HsYENuefBYVZp9tTjlRekgywdBqV_vVrWQ1I_T7G7QLDa/s1708/ld8.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="108" data-original-width="1708" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDH6VQ1JGvfhOv4D8JnCZchNCOQgxd-_TVGAL1W2G_pS-WGIBGs3i8_zaQ5owdY7ak6GggT1jnvEibQ0WAOh77wIVRHXsAV41KiKb5fOkEKuNjPqS76PkoIy4d1Fq_mjv7Tf-auHZnsb_HsYENuefBYVZp9tTjlRekgywdBqV_vVrWQ1I_T7G7QLDa/s400/ld8.png"/></a></div>
<br />
<br />
Back to NSX-T UI
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjw-IeyUpuRRTro8NkpaRy3n7bvYI7q48f_PSqALYJSdVUC1b-ZK9kY6T1TA9SWdCXCDCoqsDpxx89ZIv9SbZsowccsw4a40gACrIZk2Vi3dJPQcNQuJp9hUkzKDBbptHkaAmNr6_UhE5cVx-TDr9bB0bMGrGZ--wjZGcMGqIhyVpOdBC8wdDk4L1R/s2404/ld19.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="940" data-original-width="2404" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgjw-IeyUpuRRTro8NkpaRy3n7bvYI7q48f_PSqALYJSdVUC1b-ZK9kY6T1TA9SWdCXCDCoqsDpxx89ZIv9SbZsowccsw4a40gACrIZk2Vi3dJPQcNQuJp9hUkzKDBbptHkaAmNr6_UhE5cVx-TDr9bB0bMGrGZ--wjZGcMGqIhyVpOdBC8wdDk4L1R/s400/ld19.png"/></a></div>
Click on <b>Install Failed</b> of the host we just updated, then <b>VIEW ERRORS</b>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrhYIs76S-RE7Rtk48aYPKkzIsMzUoxYN2vIci3gnT3mwgaqLV3bIoAJUF_ECu7WSldABlnUU-6P5yVO9PFYerlocGEk_NQtPybgZdtTwJaHu_Lpfpbp4wQXIyAL1yTvjgExe4WMWNVHgRX1hcNW2saOONfnStt2ODWHQ-tDYR94_KdEWzMOQ6qKs-/s1178/ld10.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="822" data-original-width="1178" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhrhYIs76S-RE7Rtk48aYPKkzIsMzUoxYN2vIci3gnT3mwgaqLV3bIoAJUF_ECu7WSldABlnUU-6P5yVO9PFYerlocGEk_NQtPybgZdtTwJaHu_Lpfpbp4wQXIyAL1yTvjgExe4WMWNVHgRX1hcNW2saOONfnStt2ODWHQ-tDYR94_KdEWzMOQ6qKs-/s400/ld10.png"/></a></div>
Select the error message and click <b>RESOLVE</b>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg_G8-Bcnlr8dU9e9Rgg6bYvlPABrJruAsA3lxAbyM3IuXA0DMbnJ3B3mgWG4zh-15uYNX1vF7e-7w8Ou3tetWTNhDSq5TN92GxLzq6Ca2wGRwR0AZvkhAJHNjFEyDo7qmbl1x7eKUxeLOWmS1E1BWDUvBC89p94pAvCp3tZlGSpyugLoI53_1W-ZN/s1516/ld11.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1028" data-original-width="1516" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhg_G8-Bcnlr8dU9e9Rgg6bYvlPABrJruAsA3lxAbyM3IuXA0DMbnJ3B3mgWG4zh-15uYNX1vF7e-7w8Ou3tetWTNhDSq5TN92GxLzq6Ca2wGRwR0AZvkhAJHNjFEyDo7qmbl1x7eKUxeLOWmS1E1BWDUvBC89p94pAvCp3tZlGSpyugLoI53_1W-ZN/s400/ld11.png"/></a></div>
Click <b>RESOLVE</b> again.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDuBdB35fCXHvSik5Gz2krCEWuBqamPsn6xXnHc-29jLJKdavtaO4jqEH2L7D_6YSFGBt16l2Jho5POgiyh24S5BelzY-FmW6Vn6Xniurk-WyjSH18Okj2Au98GDHgPhFEoFn5fgppzHXxod_yN1hOIBO7Rj0TWhTKkRGa2ml0OyzKyXXLbyD7gPH8/s2084/ld12.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="654" data-original-width="2084" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDuBdB35fCXHvSik5Gz2krCEWuBqamPsn6xXnHc-29jLJKdavtaO4jqEH2L7D_6YSFGBt16l2Jho5POgiyh24S5BelzY-FmW6Vn6Xniurk-WyjSH18Okj2Au98GDHgPhFEoFn5fgppzHXxod_yN1hOIBO7Rj0TWhTKkRGa2ml0OyzKyXXLbyD7gPH8/s400/ld12.png"/></a></div>
I check the progress of the installation process ...
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjk6IgRHDrum9VOE_7CHK8zWm8YWHl_pKbTwx2lpXJo6mldDth1zvn8oX7DXEL5XXToWeCZc2xAnF0wiQdet-SWw5H5fPNYvOyBWxbz5_Bi71QC_U_-zXmapit836m1WVZA3k2MXseoeE0jTlsYRIauGwjtC06Bh4kVtrQGUCmXOf6L_Su_eG80cprN/s2454/ld13.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="924" data-original-width="2454" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjk6IgRHDrum9VOE_7CHK8zWm8YWHl_pKbTwx2lpXJo6mldDth1zvn8oX7DXEL5XXToWeCZc2xAnF0wiQdet-SWw5H5fPNYvOyBWxbz5_Bi71QC_U_-zXmapit836m1WVZA3k2MXseoeE0jTlsYRIauGwjtC06Bh4kVtrQGUCmXOf6L_Su_eG80cprN/s400/ld13.png"/></a></div>
I also check via command line ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># esxcli software vib list | grep -i nsx</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT7rqnlT-VXcFWeR7pHbi9NVmtr_2iXQ_msP0U08d0qeckk3xwfLvxUedbhhy9215RkSfUS9ddBuCKI0T1HUocsYp4rbyDrmhPz8Cxay2lrVOiryDxWl8b0FqosfYXW7T_H1AHjZJC7yxDOgwfi6d8-rsPHxwZqWReYR0Gq_96h8RRnLDVYiP2fon5/s1916/ld14.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1036" data-original-width="1916" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhT7rqnlT-VXcFWeR7pHbi9NVmtr_2iXQ_msP0U08d0qeckk3xwfLvxUedbhhy9215RkSfUS9ddBuCKI0T1HUocsYp4rbyDrmhPz8Cxay2lrVOiryDxWl8b0FqosfYXW7T_H1AHjZJC7yxDOgwfi6d8-rsPHxwZqWReYR0Gq_96h8RRnLDVYiP2fon5/s400/ld14.png"/></a></div>
Verified that the NSX-T packages have been correctly installed on the ESXi host (NSX Configuration: Success), and the status of the host in NSX-T is UP... I proceed to perform the same tasks with the next host.
<br />
<br />
Now, all hosts are UP and running.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7R9LrF_foyG8BDTngr8DqeidXnMm2zaYnnbo5Ittmmt57gXu_gYvdZQLOnh1MK0lszFfb6x9m2zdiE2Ffa6F42zWaZMNUZLdkSy3-ijyoK4VPcL0Ax0AhVu1J3sUyrCPo5zvi2fa9jG8kDl933W7vpp0EAxDVBgVWW5JX499ouTwXGAApGeF83bJ5/s1459/ld20.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="551" data-original-width="1459" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7R9LrF_foyG8BDTngr8DqeidXnMm2zaYnnbo5Ittmmt57gXu_gYvdZQLOnh1MK0lszFfb6x9m2zdiE2Ffa6F42zWaZMNUZLdkSy3-ijyoK4VPcL0Ax0AhVu1J3sUyrCPo5zvi2fa9jG8kDl933W7vpp0EAxDVBgVWW5JX499ouTwXGAApGeF83bJ5/s400/ld20.png"/></a></div>
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-23515646323289289592023-06-05T16:46:00.000+02:002023-06-05T16:46:55.772+02:00vRA 8.5.1 REST Api calls - API Authentication <div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
I need a quick guide (step-by-step) on how to authenticate to vRA 8.5.1 via REST API calls.
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
To do that, I found a VMware well documented guide "<a href="https://developer.vmware.com/docs/14025/vrealize-automation-8-5-api-programming-guide/GUID-AC1E4407-6139-412A-B4AA-1F102942EA94.html" target="_blank">vRealize Automation 8.5 API Programming Guide</a>"
<br />
<br />
First of all, we need to know that the process to obtain the access token is different depending upon the vRealize Automation version.
<br />
In our case, we need to get the token used to authenticate our session, we use the Identity Service API to get an API token. Then we use the API token as input to the IaaS API to get an access token.
<br />
<br />
Let's see below the steps on how to do it, using Postman and Curl:
<ol left="" style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px;" text-align:="">
<li style="margin: 0px 0px 0.25em; padding: 0px;">
<b>Open</b> Postman.
<br /> <br />
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
<b>Execute</b> the following REST API call: <br />
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"><strong>URL</strong>: https://<vRA-FQDN>/csp/gateway/am/api/login?access_token
<strong>Method</strong>: POST
<strong>Headers</strong>: 'Content-Type: application/json'
<strong>Body</strong>: {
"username": "username",
"password": "password"
}</pre>
<b>NOTE</b>: If you don't need to authenticate locally (as in our case) replace the above username with your own username in the form <b>username@domain</b>.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCdr9ebQu7wFU7Lu4fJsi_cTblJyj2s64XJGbnLZmkLT-PXfAMx2SRJSF86TGhCdbQXzFDpDZiSAMea2R9sRTjz617iGO5V90xBkUuguoLStRfqIZXk1lfFP9fo7qDVXo1yimTTOTA9AtpoB2treDi4Fyv_yBq5BcXixMp2guCEp5ZPYMS3LCGH4f_/s635/vra1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="297" data-original-width="635" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCdr9ebQu7wFU7Lu4fJsi_cTblJyj2s64XJGbnLZmkLT-PXfAMx2SRJSF86TGhCdbQXzFDpDZiSAMea2R9sRTjz617iGO5V90xBkUuguoLStRfqIZXk1lfFP9fo7qDVXo1yimTTOTA9AtpoB2treDi4Fyv_yBq5BcXixMp2guCEp5ZPYMS3LCGH4f_/s400/vra1.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
<b>Take</b> note of the <b>refresh_token</b>.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6_4kxna6FCdoaKKEoiyFzDayxXPgCrpZxujLN6spGOPoyx64jLW9AOFckGvBEcoQdsaBKmBemVxtfIE2ckRQb8EM7OudTSSseQe7CNAfP-7a4yttmwxQHVKSWgmDAKPSuMeO0UQ_i6uRnDL5J_KC4muV5DxIfG4d564jGk0oJ0nrw4R8mZbwr_CEM/s1010/vra2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="456" data-original-width="1010" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi6_4kxna6FCdoaKKEoiyFzDayxXPgCrpZxujLN6spGOPoyx64jLW9AOFckGvBEcoQdsaBKmBemVxtfIE2ckRQb8EM7OudTSSseQe7CNAfP-7a4yttmwxQHVKSWgmDAKPSuMeO0UQ_i6uRnDL5J_KC4muV5DxIfG4d564jGk0oJ0nrw4R8mZbwr_CEM/s400/vra2.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
<b>Execute</b> the following REST API call: <br />
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"><strong>URL</strong>: https://<vRA-FQDN>/iaas/api/login
<strong>Method</strong>: POST
<strong>Headers</strong>: 'Content-Type: application/json'
<strong>Body</strong>: {
"refreshToken": "api_token"
}</pre>
... and as output you will receive the <b>token</b> to be used for subsequent vRA queries.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxsrN90OG-5PxIjZZIsI6hltdol6PVSq7a54XG-wklCC2xFspEGuueTnSGl6_j0BS8Jqp1DI8Hpy13VwfcdHVbua4EXQxrQ2rQ7SckihS7hH8MDT1EcEa-pDbsiXUoPjh_a_ZMAxx7xBx8z8lhnMfCeaydYpWtVsbWcEO8_xte3Cxo5U_rR74uT1Xz/s1039/vra3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="586" data-original-width="1039" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgxsrN90OG-5PxIjZZIsI6hltdol6PVSq7a54XG-wklCC2xFspEGuueTnSGl6_j0BS8Jqp1DI8Hpy13VwfcdHVbua4EXQxrQ2rQ7SckihS7hH8MDT1EcEa-pDbsiXUoPjh_a_ZMAxx7xBx8z8lhnMfCeaydYpWtVsbWcEO8_xte3Cxo5U_rR74uT1Xz/s400/vra3.png"/></a></div>
</li>
</ol>
<br />
<br />
Let's see the same procedure, this time using Curl:
<ol left="" style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px;" text-align:="">
<li style="margin: 0px 0px 0.25em; padding: 0px;">
<b>Open</b> a session <b>Terminal</b> with both command, <i>curl</i> and <i>jq</i> already installed.
<br />
<br />
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Assign values to the variables for the hostname of our vRealize Automation appliance, our user name, and password.
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">url='https://<vRA-FQDN>'
username='username'
password='password'</pre>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
<b>Execute</b> the following curl command to retrive the <i>API token</i>: <br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">api_token=`curl -k -X POST \
"$url/csp/gateway/am/api/login?access_token" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"username": "'$username'",
"password": "'$password'"
}' | jq -r .refresh_token`</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJort-JgB_5vxRXYJiURZPa68LsCgUU2jfLZ5oNSuMOx-zN_jWNILpzG1NLGElZsArhlvmtQLXJgqHEdhsabIkwvBl6isu6h4tb2L6DkmyDOeAHZbf3F5vpjuto9EL2BL4vIwlE8FybJFF-zmR8UZq7UcTWPCWJjUapCRIt3gLlE8DGUX1Uj3kbP-F/s672/vra4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="420" data-original-width="672" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJort-JgB_5vxRXYJiURZPa68LsCgUU2jfLZ5oNSuMOx-zN_jWNILpzG1NLGElZsArhlvmtQLXJgqHEdhsabIkwvBl6isu6h4tb2L6DkmyDOeAHZbf3F5vpjuto9EL2BL4vIwlE8FybJFF-zmR8UZq7UcTWPCWJjUapCRIt3gLlE8DGUX1Uj3kbP-F/s400/vra4.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
With the API token assigned, <b>execute</b> the following curl command to retrieve the <i>Access token</i>: <br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">access_token=`curl -k -X POST \
"$url/iaas/api/login" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d '{
"refreshToken": "'$api_token'"
}' | jq -r .token`</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjyPGyEyNahnrY0AZ8JITXPa8YzMbR5S-0b_qp0121USU6yOq0gG1FpeFfGrbJrcdBpaRRPPAfXHt6O04p7UzUfVRB2XNRj4SOUtNqdP02TNLgcaRRY0TGlMNJMAGL-CZzDwziA4akzmiT82QqNemwa_8xSljkUu8wGFGqfjP_akjasTBJuqzwVhev/s670/vra5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="595" data-original-width="670" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjyPGyEyNahnrY0AZ8JITXPa8YzMbR5S-0b_qp0121USU6yOq0gG1FpeFfGrbJrcdBpaRRPPAfXHt6O04p7UzUfVRB2XNRj4SOUtNqdP02TNLgcaRRY0TGlMNJMAGL-CZzDwziA4akzmiT82QqNemwa_8xSljkUu8wGFGqfjP_akjasTBJuqzwVhev/s400/vra5.png"/></a></div>
<b>Note</b>: After 25 minutes of inactivity, the access token times out and we must request it again.
<br />
<br />
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
We can now try to obtain more information such as the Organization ID, using the Access Token, by executing the command ...
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">curl -k -X GET "$url/csp/gateway/am/api/loggedin/user/orgs" -H "csp-auth-token: $access_token"</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCnjbBmBYxObwk-isfiD_S8YWmqab65ZLL2uOsUfvEEgsmEv14ggRiimpNr41ZSFkCqdLKSs1EQTtQSCdu30fspjEZ3Zi7fjjhBepL74TXYOCl0RuFoRhTmOERhuduGtp23wZF7-XWRKptMcGO3N-Sd-kCeUK7Hw8aENU2L1LL8w9yCwlXOHU2btpG/s670/vra6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="96" data-original-width="670" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgCnjbBmBYxObwk-isfiD_S8YWmqab65ZLL2uOsUfvEEgsmEv14ggRiimpNr41ZSFkCqdLKSs1EQTtQSCdu30fspjEZ3Zi7fjjhBepL74TXYOCl0RuFoRhTmOERhuduGtp23wZF7-XWRKptMcGO3N-Sd-kCeUK7Hw8aENU2L1LL8w9yCwlXOHU2btpG/s400/vra6.png"/></a></div>
</li>
</ol>
<!--
<br />
<br />
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmdvr6M1VxLS8RW5B2wWapMBt_xUWp7C1ghsrpvBEpEquxr9mecy0esWdp8s907rWwLQvq91kpDH6v3zWllHu3CancT6r2SyDrBtJL4THSVv6zYxkBBaf0ppS-Jcq7o2aj5tCdU4SPvwZlLp_Cs2SLfIzOhzBkEwsaga5MLHu4v18zo-NN4QPzX3Ye/s676/vra7.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="329" data-original-width="676" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjmdvr6M1VxLS8RW5B2wWapMBt_xUWp7C1ghsrpvBEpEquxr9mecy0esWdp8s907rWwLQvq91kpDH6v3zWllHu3CancT6r2SyDrBtJL4THSVv6zYxkBBaf0ppS-Jcq7o2aj5tCdU4SPvwZlLp_Cs2SLfIzOhzBkEwsaga5MLHu4v18zo-NN4QPzX3Ye/s400/vra7.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKAJA4U_f5zRNP_RXTwS2cdvzjGeCvBZA0VdRjbbpW4xL9hGMR5PV3tiaRc-eRkpGUaVdPkrFszp9d88rAplyCTNvLGmgc-fccJkNdesGqbShPz6HD2ZIbNqUMJ9IYQmxGxSQBSpxDXMx0JbLZiQwDMgYHX0o9avK_nYHhdNbcjibUSaLkyTP1PZmE/s671/vra8.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="400" data-original-height="671" data-original-width="669" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiKAJA4U_f5zRNP_RXTwS2cdvzjGeCvBZA0VdRjbbpW4xL9hGMR5PV3tiaRc-eRkpGUaVdPkrFszp9d88rAplyCTNvLGmgc-fccJkNdesGqbShPz6HD2ZIbNqUMJ9IYQmxGxSQBSpxDXMx0JbLZiQwDMgYHX0o9avK_nYHhdNbcjibUSaLkyTP1PZmE/s400/vra8.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidITWVESX0UcLvx53n7zh2lmQdmamADY3aAlAGfq3YVRURNIB4TytiMttlz4I625W2hnoIZuOmxhZDzXPL-0CHtER7i2VJew9y2RgiCBW7RTGsQ_wmGGC37uy2yjRkvCQnzBW0YyKgiuWwSp7uHqZcBl55A92KO5bOSrsTc1xYlPVaHqvlwF7bRN2j/s670/vra9.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="670" data-original-width="670" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidITWVESX0UcLvx53n7zh2lmQdmamADY3aAlAGfq3YVRURNIB4TytiMttlz4I625W2hnoIZuOmxhZDzXPL-0CHtER7i2VJew9y2RgiCBW7RTGsQ_wmGGC37uy2yjRkvCQnzBW0YyKgiuWwSp7uHqZcBl55A92KO5bOSrsTc1xYlPVaHqvlwF7bRN2j/s400/vra9.png"/></a></div>
https://developer.vmware.com/docs/14025/vrealize-automation-8-5-api-programming-guide/GUID-3782F203-E275-472B-97D4-6D45556EFBD0.html
https://mysticmarvin.eu/use-vro-8-x-to-connect-to-vidm-3-3-via-rest-api/
https://vra4u.com/2020/06/26/vra-8-1-quick-tip-api-authentication/
https://automationpro.co.uk/vra-8-3-rest-api-calls-with-code-stream
-->
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-91748409480356790952023-05-19T16:47:00.003+02:002023-05-23T10:03:47.066+02:00"log disk exhaustion" warning on vCenter due to vmafdd.log file not compressed<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
Everything start with "<b>log disk exhaustion</b>" warning on vCenter. This warning comes out when the <b>/storage/log</b> partition reach out 80% ot its space.
<br />
<br />
Log in vCenter via SSH and checking the disk space with following command:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># df -h</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc5eiEKZ0tc25IZbLjl8PoZKM56OG3zI-DoTGlVgUFk7_Dc_6ATW2Otvzw0zfw4QRlCGfMp_i017wI1u__v4jkR65QpyWthu-LELMmwtWDwJGQTKs4LTRfnfExAwLUSree0_TIuaXgrYHWNUHhh9-NOy_zLsGe7btMwxhiFNZA-SDEJ9FB7EgsSNdu/s1065/vmafdd-0.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="668" data-original-width="1065" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjc5eiEKZ0tc25IZbLjl8PoZKM56OG3zI-DoTGlVgUFk7_Dc_6ATW2Otvzw0zfw4QRlCGfMp_i017wI1u__v4jkR65QpyWthu-LELMmwtWDwJGQTKs4LTRfnfExAwLUSree0_TIuaXgrYHWNUHhh9-NOy_zLsGe7btMwxhiFNZA-SDEJ9FB7EgsSNdu/s400/vmafdd-0.png"/></a></div>
I remove some logs following the "<a href="https://kb.vmware.com/s/article/83070" target="_blank"> KB83070 - How to clear space on VCSA /storage/log partition</a>"
<br />
Then, checking storage logs for disk utilization performing the following command:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># du -a /storage/log | sort -n -r | head -n 20</pre>
... you find that the vmafdd.log is extremely large.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6323_4rtFjuQFXdZKGwIJjjX3eGOx1aVU2lVnIrOKGoMRK6NSVgqM4yyPpPOKb0OSD0wsX3RjBdWe46saQQxKIAvUohPgos_pTg0MNGxZOyV4qqy1h3a4g_fuloicCX2UOyEInF3SIPelwSu8jEXusZSIEiBtjkSC99g2uAP_fcFu-V4AabzoHVGQ/s579/vmafdd-1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="314" data-original-width="579" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh6323_4rtFjuQFXdZKGwIJjjX3eGOx1aVU2lVnIrOKGoMRK6NSVgqM4yyPpPOKb0OSD0wsX3RjBdWe46saQQxKIAvUohPgos_pTg0MNGxZOyV4qqy1h3a4g_fuloicCX2UOyEInF3SIPelwSu8jEXusZSIEiBtjkSC99g2uAP_fcFu-V4AabzoHVGQ/s400/vmafdd-1.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB-rtp9qGwoKo4wLT07-k4HrJlVB19wfHOVu_gO6UYOCllBg_rVaZ7z8sbgd31wLhaXsooaRX7dLH1XDI_hALTTwIixgpgxNBco-r7c-sp-nBjC_703heZbfX6gsT0t4Tpm9Tv-sKnPbplYiFsDgtYXd9RCQKRYQXSLwNrpm-dmZtIWfGx_bQZ_2w1/s470/vmafdd-2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="60" data-original-width="470" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhB-rtp9qGwoKo4wLT07-k4HrJlVB19wfHOVu_gO6UYOCllBg_rVaZ7z8sbgd31wLhaXsooaRX7dLH1XDI_hALTTwIixgpgxNBco-r7c-sp-nBjC_703heZbfX6gsT0t4Tpm9Tv-sKnPbplYiFsDgtYXd9RCQKRYQXSLwNrpm-dmZtIWfGx_bQZ_2w1/s400/vmafdd-2.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIr7gfqqx8kJbBXXvr4MxhpKRXTfLhnmduqmdbXZXzlVs0kWrI7TMKvjIQJIfTlZdnxytkaKZW8G9MRIo7xR4a0QF6DzMwXAeaHJXZFeMnCMEXO9QkJvz_s5BUPyCXvHzpkVVBtuXb9b_C2fsJ3czJe2qvg7NTQxZU9v4HIQ_Kj8_-jC0NeynMfs5v/s912/vmafdd-4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="264" data-original-width="912" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgIr7gfqqx8kJbBXXvr4MxhpKRXTfLhnmduqmdbXZXzlVs0kWrI7TMKvjIQJIfTlZdnxytkaKZW8G9MRIo7xR4a0QF6DzMwXAeaHJXZFeMnCMEXO9QkJvz_s5BUPyCXvHzpkVVBtuXb9b_C2fsJ3czJe2qvg7NTQxZU9v4HIQ_Kj8_-jC0NeynMfs5v/s400/vmafdd-4.png"/></a></div>
</p>
<p>
<b><H2>Solution</H2></b>
<br />
This happens, as the <a href="https://kb.vmware.com/s/article/83238?lang=en_US&queryTerm=vmafdd.log" target="_blank">KB83238</a> says, because the logrotate.d configuration for the vmafd service expects the logs to be located in the following path "/var/log/vmware/vmafdd/vmafdd.log" instead of the current path "/var/log/vmware/vmafd/vmafdd.log".
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># cat /etc/logrotate.d/vmware-vmafd.lr</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-CE7A9ljurY7qOy6hBDG7yJAVYy0QrgXjlMj11Ewhaa6h63O_JhD53QkTmeVf0XUPvSCoS70gX4YJH2-nNvWslQi5nrtHz4yWA5zP7NFoz7j2YrxvJWOm-S7BleB1bIFF1KcRY9tvMn9uL82Eq9AcoWE7JgpmijoJZvq4Jt7BfCzXSnTxBwJCUDFk/s550/vmafdd-3%20copia.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="218" data-original-width="550" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-CE7A9ljurY7qOy6hBDG7yJAVYy0QrgXjlMj11Ewhaa6h63O_JhD53QkTmeVf0XUPvSCoS70gX4YJH2-nNvWslQi5nrtHz4yWA5zP7NFoz7j2YrxvJWOm-S7BleB1bIFF1KcRY9tvMn9uL82Eq9AcoWE7JgpmijoJZvq4Jt7BfCzXSnTxBwJCUDFk/s400/vmafdd-3%20copia.png"/></a></div>
Checking the vmafdd registry we can see the incorrect path:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># /opt/likewise/bin/lwregshell list_values "[HKEY_THIS_MACHINE\Services\vmafd\Parameters]"</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIqa3ppyGlY3kJLqQkgjQ4O1dYxsR8rq4_dFcwyAejAbuNmEZG5GZ8NfmOwTimL_hbO-avOGvgbWGsayq5aU7UW8uVL1ozoiq2pdoWjMDpkKqRVSRnUabXDyiZGbmbC5KnXkW-uPCZvxz3eZu6Q9h_jKGvu2ubiJ2IMFiyz3SZ_-ukzNXQtCUmC9uk/s920/vmafdd-5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="348" data-original-width="920" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIqa3ppyGlY3kJLqQkgjQ4O1dYxsR8rq4_dFcwyAejAbuNmEZG5GZ8NfmOwTimL_hbO-avOGvgbWGsayq5aU7UW8uVL1ozoiq2pdoWjMDpkKqRVSRnUabXDyiZGbmbC5KnXkW-uPCZvxz3eZu6Q9h_jKGvu2ubiJ2IMFiyz3SZ_-ukzNXQtCUmC9uk/s400/vmafdd-5.png"/></a></div>
Before to do any changes is a good practice to take a snapshot.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRYV6V1asMdapmLe0_mrPLxzuDUZIKo62MxXNyIJQCagH34vR-mTrPpQO7XvsDgm892iG3x9sNMQIzckTi13EeQQbwW1st4mOjd71S1ExDJ8_ngWxVpuVAA5Xk1EqoTAQOwhjdm9GCQoMCLta-yqHR9YVd-zYmDyFmMBZncqhc_6qtKsk12fUkGzpl/s829/vmafdd-snap.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="230" data-original-width="829" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRYV6V1asMdapmLe0_mrPLxzuDUZIKo62MxXNyIJQCagH34vR-mTrPpQO7XvsDgm892iG3x9sNMQIzckTi13EeQQbwW1st4mOjd71S1ExDJ8_ngWxVpuVAA5Xk1EqoTAQOwhjdm9GCQoMCLta-yqHR9YVd-zYmDyFmMBZncqhc_6qtKsk12fUkGzpl/s400/vmafdd-snap.png"/></a></div>
Taken the snapshot, access the vCenter in SSH again ... and is now possible to update the registry to match the log rotate configuration path, using the following command:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># /opt/likewise/bin/lwregshell set_value "[HKEY_THIS_MACHINE\Services\vmafd\Parameters]" "LogFile" "/var/log/vmware/vmafdd/vmafdd.log"</pre>
... then perform the following command to verify that the change as been applied:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># /opt/likewise/bin/lwregshell list_values "[HKEY_THIS_MACHINE\Services\vmafd\Parameters]"</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQjCX555grCDLlHzB7xV3BDObSP6Cs0opR1cO8Ipx0BbWCWKiep73rxVuXLqkWD0CQ9Gz1-pzo0a8JaRuAKKEshL4XHEOIDqWujK2P67rVn50WC24gobU6yD52O5VKsY9R5nzt8uIR90bokcsXlyuoC1Pz6tEGdl17qKPV-Ry7b0zEJPJL7XfSICDL/s942/vmafdd-6%20copia.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="353" data-original-width="942" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgQjCX555grCDLlHzB7xV3BDObSP6Cs0opR1cO8Ipx0BbWCWKiep73rxVuXLqkWD0CQ9Gz1-pzo0a8JaRuAKKEshL4XHEOIDqWujK2P67rVn50WC24gobU6yD52O5VKsY9R5nzt8uIR90bokcsXlyuoC1Pz6tEGdl17qKPV-Ry7b0zEJPJL7XfSICDL/s400/vmafdd-6%20copia.png"/></a></div>
Restart all services:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># service-control --stop --all && service-control --start --all</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjg1CoSr6kt7o5nxPn20JBJfwQtyyi5x1LoRCdjO3dJeDb-uM3vYg4W0hkvT5oG4S8iRennh9C2q70v2luIm-iPmcyjx8zxoHimBiNAYpCyeJGiw48-3nFNpgu9zuzMQ5gUWnZ5C2fENDBfTo72kJH2P0Egj-XHIka3iVh1sWYuRASoYO5LeCWCNoB4/s561/vmafdd-7.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="142" data-original-width="561" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjg1CoSr6kt7o5nxPn20JBJfwQtyyi5x1LoRCdjO3dJeDb-uM3vYg4W0hkvT5oG4S8iRennh9C2q70v2luIm-iPmcyjx8zxoHimBiNAYpCyeJGiw48-3nFNpgu9zuzMQ5gUWnZ5C2fENDBfTo72kJH2P0Egj-XHIka3iVh1sWYuRASoYO5LeCWCNoB4/s400/vmafdd-7.png"/></a></div>
If we look now inside the folder "/var/log/vmware/vmafdd/" we can see the file "vmafdd.log" ...
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcdEqqvHJGuj4uWFaCAleLqSgeK31ICy-rrgX8lWISoFvtUUO7trFSE9WV49fcuRu-dppczoAz1yiBubPQDpHlErW7KpnMGhqfB5dWYjTGZQml-xnz46h1QX7KG-kC9CqSOz3Gm6DgAXe4AKUoauTOhHdIhZ97pB43lOcjdBU6iRAQLbW8aZpnEPqp/s475/vmfadd-8.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="79" data-original-width="475" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgcdEqqvHJGuj4uWFaCAleLqSgeK31ICy-rrgX8lWISoFvtUUO7trFSE9WV49fcuRu-dppczoAz1yiBubPQDpHlErW7KpnMGhqfB5dWYjTGZQml-xnz46h1QX7KG-kC9CqSOz3Gm6DgAXe4AKUoauTOhHdIhZ97pB43lOcjdBU6iRAQLbW8aZpnEPqp/s400/vmfadd-8.png"/></a></div>
... than we can remove the previous huge "vmafdd.log" file ...
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7eFu3OooQoHgk0s5Z3H_zviBTlXu77Wo99PcJJcEAXVjaxfnNwqB-S9P-TXld3SOUoLWnGoYzRTmR7fPrfMAj46oLlxfiqwDL2MDmbiADnyQt-_ytFO4c-qpU6Oz5SLenbpXaafhfi4DtkR5s77lUSNnEI5evgJHRyNUgO20sfiooOJ5DUjX-OyFA/s397/vmafdd-9.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="74" data-original-width="397" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7eFu3OooQoHgk0s5Z3H_zviBTlXu77Wo99PcJJcEAXVjaxfnNwqB-S9P-TXld3SOUoLWnGoYzRTmR7fPrfMAj46oLlxfiqwDL2MDmbiADnyQt-_ytFO4c-qpU6Oz5SLenbpXaafhfi4DtkR5s77lUSNnEI5evgJHRyNUgO20sfiooOJ5DUjX-OyFA/s400/vmafdd-9.png"/></a></div>
checking again the /storage/log space, we don't see anymore the huge "vmafdd.log" file.
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># du -a /storage/log | sort -n -r | head -n 20</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_P_hYZzyPvajVY13fnJWK30DwPfnHhHtyZZaIkQVNi_T6fFTR24mKKBy3fT1jj8Ua4cCTEuAlswGhoetYMWpKOgUU28x0opGVGyVYt3TtNGxq5F4wPQWSDctv-3XjdTTz5jzBu4bATrs4pS6mK9traQ0aw_SY94wkMNNZIjhe_hIodVVbV8WvBVFw/s586/vmafdd-10.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="315" data-original-width="586" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_P_hYZzyPvajVY13fnJWK30DwPfnHhHtyZZaIkQVNi_T6fFTR24mKKBy3fT1jj8Ua4cCTEuAlswGhoetYMWpKOgUU28x0opGVGyVYt3TtNGxq5F4wPQWSDctv-3XjdTTz5jzBu4bATrs4pS6mK9traQ0aw_SY94wkMNNZIjhe_hIodVVbV8WvBVFw/s400/vmafdd-10.png"/></a></div>
Seeing the occupation of the entire disk, we can see that we have freed up enough space.
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># df -h</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUPEsqjggxE36YvEQQ0AD2ty6lOFjjoqIscOEekkopjSlwLPWXsGvuGK9U6SeF_W1RCqU7OfaxiHJ8DfynrPL27-iW7Fq2kxJTnMrwyPezuqZLTjz1uxxxyQFq8wgWcPv54cp9728GeNWDyQ2SX7K6t2Wdtlzram9ORLCaL7h_kMRWZFYexkgxr8Ey/s616/vmafdd-11.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="330" data-original-width="616" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgUPEsqjggxE36YvEQQ0AD2ty6lOFjjoqIscOEekkopjSlwLPWXsGvuGK9U6SeF_W1RCqU7OfaxiHJ8DfynrPL27-iW7Fq2kxJTnMrwyPezuqZLTjz1uxxxyQFq8wgWcPv54cp9728GeNWDyQ2SX7K6t2Wdtlzram9ORLCaL7h_kMRWZFYexkgxr8Ey/s400/vmafdd-11.png"/></a></div>
<br />
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-15260216970245915642023-05-18T18:52:00.000+02:002023-05-18T18:52:56.631+02:00How to change the root password of ESXi hosts managed by VMware Cloud Foundation (VCF)<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
I need to change manually the root password of the ESXi hosts managed by VMware Cloud Foundation.
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
It is possible to manually change the password for the ESXi host root account (unlike password rotation, which generates a randomized password) managed by the VMware Cloud Foundation infrastructure, by logging in directly from the SDDC manager.
<br />
<br />
Log in to the SDDC Manager UI as a user with the ADMIN role.<br />
From the navigation pane, select <b>Administration</b> (1) > <b>Security</b> (2) > <b>Password Management</b> (3), and be sure that <b>ESXi</b> (4) is selected.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAMYZfLQyVzWG7qAMkOeH6iOjNmunHb4nMdpthvoBLiTK4ohVONAedEyB2OSTkoycRM-MG0aqDyubpCDEvKounVLoRLx3PPqU0uydGyCuAsJ1pnf7GpEdF6q3EpBEHhXRsqa6kPSsa9mKwyfBl8JWPqavpkqmAp3wmLARSW4XJt-lYJu4PGoUo-6sx/s1440/vcf-1%20copia.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="727" data-original-width="1440" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAMYZfLQyVzWG7qAMkOeH6iOjNmunHb4nMdpthvoBLiTK4ohVONAedEyB2OSTkoycRM-MG0aqDyubpCDEvKounVLoRLx3PPqU0uydGyCuAsJ1pnf7GpEdF6q3EpBEHhXRsqa6kPSsa9mKwyfBl8JWPqavpkqmAp3wmLARSW4XJt-lYJu4PGoUo-6sx/s400/vcf-1%20copia.png"/></a></div>
Click on the <b>⋮</b> (5) > <b>UPDATE</b> (6)
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAgHzIksqvIx2X_pyWc-50Wmha89qzVAMK_aG9pDrKjWdJAefaSKz_PbM0beVkW3PIzvi85cK1UmBGUepqMkxC-MIp0ljf0ylN_2ZKyGlPZN65b__xPLkBnxy1teDm3Gb229s85WadmrptEujx8GLjfODpdGKwTFoF-pkKRTX5Qt3rhfVrZ4RKhHzS/s891/vcf-2a%20copia.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="256" data-original-width="891" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjAgHzIksqvIx2X_pyWc-50Wmha89qzVAMK_aG9pDrKjWdJAefaSKz_PbM0beVkW3PIzvi85cK1UmBGUepqMkxC-MIp0ljf0ylN_2ZKyGlPZN65b__xPLkBnxy1teDm3Gb229s85WadmrptEujx8GLjfODpdGKwTFoF-pkKRTX5Qt3rhfVrZ4RKhHzS/s400/vcf-2a%20copia.png"/></a></div>
Provide new <b>password</b> ...
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijPvyloQdj30pIssQWmTFt8H1QeBjAnTjItYP3kqvMJj3fmYu9WFHpwHYX9-T56rV7DoxmO7iLQV5odWb_WH2Fr6-6Jnw6uGPol38bLCf1kb7g_CjBf-nfnOJiU0HuKnxHerlNCK-GUObeQVcoGVQa72c0JwIZjnEzc6qpj1FlnXzU_FLiMapNI9Pj/s674/vcf-3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="470" data-original-width="674" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijPvyloQdj30pIssQWmTFt8H1QeBjAnTjItYP3kqvMJj3fmYu9WFHpwHYX9-T56rV7DoxmO7iLQV5odWb_WH2Fr6-6Jnw6uGPol38bLCf1kb7g_CjBf-nfnOJiU0HuKnxHerlNCK-GUObeQVcoGVQa72c0JwIZjnEzc6qpj1FlnXzU_FLiMapNI9Pj/s400/vcf-3.png"/></a></div>
... then Click <b>UPDATE</b>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI-NaI5mf4qOqxZ7P9cswyFI_ZDQJmOzi5GQZXrldJaQ4bngyzSXg2ywEUnTI49vUxgiC_kLN21a5Nm3RY2nxrCuTHYG4P9C3zu3Dx2NhqHmueYUvTW1ZvRFcD5k0kljFc4aJjBy-0sf84__91pmh9VC2wjSmchAguvqJwSS8Uf9PYWID6kuzOFJgV/s677/vcf-4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="474" data-original-width="677" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiI-NaI5mf4qOqxZ7P9cswyFI_ZDQJmOzi5GQZXrldJaQ4bngyzSXg2ywEUnTI49vUxgiC_kLN21a5Nm3RY2nxrCuTHYG4P9C3zu3Dx2NhqHmueYUvTW1ZvRFcD5k0kljFc4aJjBy-0sf84__91pmh9VC2wjSmchAguvqJwSS8Uf9PYWID6kuzOFJgV/s400/vcf-4.png"/></a></div>
Wait untill the credentioal are properly update on the host ...
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfdMGvteXsCLFErkV4ose8qfjjZ5qVaqa760idVoFcpxfriplIkeQL78YszpTOBJX7FgmjhbAlUgMCATya6_SOjrsE0ncsUw7hKbn1bBc72SnYITd-dkqGl1mbUW2ZzRNwtHImnKpbQmsibDXa6bYVWUJYMkj7ySpDIUlWT06Ob-9Jgp5nw4fNhVdm/s996/vcf-5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="309" data-original-width="996" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfdMGvteXsCLFErkV4ose8qfjjZ5qVaqa760idVoFcpxfriplIkeQL78YszpTOBJX7FgmjhbAlUgMCATya6_SOjrsE0ncsUw7hKbn1bBc72SnYITd-dkqGl1mbUW2ZzRNwtHImnKpbQmsibDXa6bYVWUJYMkj7ySpDIUlWT06Ob-9Jgp5nw4fNhVdm/s400/vcf-5.png"/></a></div>
... verify the Date in Last Modified field if properly reflect the changes
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggFJaeFcO6YWMXlapOEelwwefiN05didKgg5ampxX_MD9nmAlpPR80o1Qj7fmGQIwi0-LpnNJqfCHBZ97Io6VnwAMnvgC9SefAvUk1HiInqHHnjVKDCIQTBiOc9AE0WUZxCoxWs7zUjgy6OHz0NHqRYTyd2nitSfxkU4Cfs-S7qGXGwg-1SpRwtPoz/s1004/vcf-6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="318" data-original-width="1004" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEggFJaeFcO6YWMXlapOEelwwefiN05didKgg5ampxX_MD9nmAlpPR80o1Qj7fmGQIwi0-LpnNJqfCHBZ97Io6VnwAMnvgC9SefAvUk1HiInqHHnjVKDCIQTBiOc9AE0WUZxCoxWs7zUjgy6OHz0NHqRYTyd2nitSfxkU4Cfs-S7qGXGwg-1SpRwtPoz/s400/vcf-6.png"/></a></div>
Repeat same procedure describe above for each host ESXi you want change the password.
<br />
<br />
Try logging into the host to verify the change.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyEn4vb13U6car74FDQuJWRMbDITLjIG8PqME9DrxXxsbEvNcGe_-4lrgNOa56udyrCq4GWW383PFdBEXrjYbbenUUuDXttm2nHqO_WxYZS43V7hfP3XksdQK_9D6zTecARfFIw3igQeR35bcJEFjZf9_PXW0UkbaoORIXh7-2uo6IANzQlPXee1A9/s529/vcf-7.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="516" data-original-width="529" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyEn4vb13U6car74FDQuJWRMbDITLjIG8PqME9DrxXxsbEvNcGe_-4lrgNOa56udyrCq4GWW383PFdBEXrjYbbenUUuDXttm2nHqO_WxYZS43V7hfP3XksdQK_9D6zTecARfFIw3igQeR35bcJEFjZf9_PXW0UkbaoORIXh7-2uo6IANzQlPXee1A9/s400/vcf-7.png"/></a></div>
Insert the new password.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcCYMrAnbVSnfPqfyN7YiJJJS1gV640Jdu_ZcHYCpUwEbHhyujV9SoMrF_1e84f4p6bjdB0AciY5pEzTGSqX0fKN6f5LoofuHvIRtt23XmJXnq56kJY8LB4YbS4KyYlQj7KKt1tvnJpqM9b9iUuCX8yOHaj0nPzlcQ0Zuusj3aIPLhAOnLN_o-3Mql/s772/vcf-8.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="488" data-original-width="772" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcCYMrAnbVSnfPqfyN7YiJJJS1gV640Jdu_ZcHYCpUwEbHhyujV9SoMrF_1e84f4p6bjdB0AciY5pEzTGSqX0fKN6f5LoofuHvIRtt23XmJXnq56kJY8LB4YbS4KyYlQj7KKt1tvnJpqM9b9iUuCX8yOHaj0nPzlcQ0Zuusj3aIPLhAOnLN_o-3Mql/s400/vcf-8.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5i_1C54IZf9qyKpKpIi57omcjt2CMpnieO8_Ldd3IwkmkB4Bhiw_ftfGchKd9B5iJ2M3E6SxtR9HHqskSRwdbR7srJzVW_zW18nXrK5p45BJ4HYlh1BS1xhM1baTMeF3MixAzTy6s_k-ssvq61yrljzM-i_Q_L8EZIBqbQ6iXtjeL4ymOuuXX7cZS/s775/vcf-9.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="488" data-original-width="775" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj5i_1C54IZf9qyKpKpIi57omcjt2CMpnieO8_Ldd3IwkmkB4Bhiw_ftfGchKd9B5iJ2M3E6SxtR9HHqskSRwdbR7srJzVW_zW18nXrK5p45BJ4HYlh1BS1xhM1baTMeF3MixAzTy6s_k-ssvq61yrljzM-i_Q_L8EZIBqbQ6iXtjeL4ymOuuXX7cZS/s400/vcf-9.png"/></a></div>
<br />
<br />
Official documentation on how <b>Manually Update Passwords</b> on VCF is available at this <a href="https://docs.vmware.com/en/VMware-Cloud-Foundation/4.3/vcf-admin/GUID-815B1682-BF65-4AFA-80FA-A4AB9DFE0853.html" target="_blank">link</a>.
<br />
<br />
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-6387009152835400972023-05-17T00:35:00.003+02:002023-05-18T09:26:45.378+02:00OpenVPN Access Server on Photon OS (with docker)<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
How to build a fast and easy VPN solution for a secure connection to the own infrastructure.
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
As a solution I opted for VMware Photon OS, docker and took advantage of this "<a href="https://hub.docker.com/r/linuxserver/openvpn-as" target="_blank">linuxserver/openvpn-as</a>" project based on <a href="https://openvpn.net/vpn-server/" target="_blank">OpenVPN</a>.
<br />
<br />
In this quick guide I assume that Photon OS (minimal) is already installed and properly configured (such as IP address, DNS, NTP server and so on). In my case Photon OS i configured with 1 vCPU, 2 GB of RAM and 16GB of Disk (even if for the purpose of this scope 8 GB are enough).
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX8df5F4ZEua59_695uvlSTjyZntV79mfIpvGWPqSGC0XybQfUPmtCsZeWdFXQlPYfInsV7v0sxUx57P06Gy6p8fFc7uPC0jTny0khDtmcTqd8-tRN3mbWUZxDmasMltEZfklqCQVywpChVBw-ts09xCY1SgU87OI6qS-d_LVcxMMshIvFncdTSG-1/s471/OpenVPN1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="151" data-original-width="471" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjX8df5F4ZEua59_695uvlSTjyZntV79mfIpvGWPqSGC0XybQfUPmtCsZeWdFXQlPYfInsV7v0sxUx57P06Gy6p8fFc7uPC0jTny0khDtmcTqd8-tRN3mbWUZxDmasMltEZfklqCQVywpChVBw-ts09xCY1SgU87OI6qS-d_LVcxMMshIvFncdTSG-1/s400/OpenVPN1.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUupo0LiM_rKr5Do6ExIWAz3udxjWp0YNmyhZ4g832daXysyz69SPCMgnKlQReAzLU-YtpTieNdSPCfwlH0jDfWAf48hETnsjY5t1hZpTwygYQNuhq-9WE_McUhu1hhx2QRPSDuIlkzd2VB8eefGEO8CHwuIqkVZw1-dNJEMajFw-qnw5G5YGjp5vf/s518/OpenVPN2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="355" data-original-width="518" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUupo0LiM_rKr5Do6ExIWAz3udxjWp0YNmyhZ4g832daXysyz69SPCMgnKlQReAzLU-YtpTieNdSPCfwlH0jDfWAf48hETnsjY5t1hZpTwygYQNuhq-9WE_McUhu1hhx2QRPSDuIlkzd2VB8eefGEO8CHwuIqkVZw1-dNJEMajFw-qnw5G5YGjp5vf/s400/OpenVPN2.png"/></a></div>
First thing to do, we check if docker is installed, if not we install it or start the service and enable it to start when the VM starts.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiare0WFqPm4RgAe5mlROz1_9jHluGtDBcUZBQ_HmLyLwv85PoT2JJ_zTqH_pe1n5l3DqrZkox81geW6W1t9orKjmSp8Q4ZOSHXg6nYY2rkusAwmNngvgMTSfbtRIE-mE8kTqe3AUQAhWUr3WHQBilnI88JZNC__5sIbNLkiJlro3foz6vVMxG_OJZN/s657/OpenVPN3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="102" data-original-width="657" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiare0WFqPm4RgAe5mlROz1_9jHluGtDBcUZBQ_HmLyLwv85PoT2JJ_zTqH_pe1n5l3DqrZkox81geW6W1t9orKjmSp8Q4ZOSHXg6nYY2rkusAwmNngvgMTSfbtRIE-mE8kTqe3AUQAhWUr3WHQBilnI88JZNC__5sIbNLkiJlro3foz6vVMxG_OJZN/s400/OpenVPN3.png"/></a></div>
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># systemctl status docker</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFFukF92mzkQ0aICe9i5bENB4Hyli_LuU73Ua8TtYKB--YDnETwza49veTY9uFyEOGqIVY3BbOGEQAc6jNxPjCWI5rs6JfVr_9doF1dkS-nRIXS8b8w1P9IpNgrUpDZ7oijLiH6DerFzocIc8ZqpVZYKoslafvecTqxPfedNX3gFMXE4a2cH-ufGxp/s1021/OpenVPN4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="152" data-original-width="1021" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgFFukF92mzkQ0aICe9i5bENB4Hyli_LuU73Ua8TtYKB--YDnETwza49veTY9uFyEOGqIVY3BbOGEQAc6jNxPjCWI5rs6JfVr_9doF1dkS-nRIXS8b8w1P9IpNgrUpDZ7oijLiH6DerFzocIc8ZqpVZYKoslafvecTqxPfedNX3gFMXE4a2cH-ufGxp/s400/OpenVPN4.png"/></a></div>
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># systemctl start docker</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7JQvD694Zfe5T0PaBzt5CCTpcHVUcaBxow-_WiD76wkSSRKPJ8shFP5MZQrRPaSs6gNaYREv9HZj8zFq9Hzs9zDW9frpfTfwTxDZORWUNe3YvSQx1PrO2Mw6JGixjK_rewTQPpztnzvF5w4M_g5dOXgS4rHfXyWb5R51JwzLae302pb0GgXmcM326/s1086/OpenVPN5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="679" data-original-width="1086" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7JQvD694Zfe5T0PaBzt5CCTpcHVUcaBxow-_WiD76wkSSRKPJ8shFP5MZQrRPaSs6gNaYREv9HZj8zFq9Hzs9zDW9frpfTfwTxDZORWUNe3YvSQx1PrO2Mw6JGixjK_rewTQPpztnzvF5w4M_g5dOXgS4rHfXyWb5R51JwzLae302pb0GgXmcM326/s400/OpenVPN5.png"/></a></div>
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># systemctl enable docker</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgV5TJV1KfUyd4lpbKicWumk_pF5DD-9ymy_wgm8fOAdhObf14oIdM656Ee2zrdrvPEZBO_Xkq3B05boFFmtq8fdm-6HOSFqbGRRmUtGS0loMfsXI_SiYuoQGeC_hFH2IgmylvF2qPGeTJHjpWqOu-5a5stKifFRtP1CzsfzB0wgJDGS398DAHFcBCK/s1077/OpenVPN6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="90" data-original-width="1077" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgV5TJV1KfUyd4lpbKicWumk_pF5DD-9ymy_wgm8fOAdhObf14oIdM656Ee2zrdrvPEZBO_Xkq3B05boFFmtq8fdm-6HOSFqbGRRmUtGS0loMfsXI_SiYuoQGeC_hFH2IgmylvF2qPGeTJHjpWqOu-5a5stKifFRtP1CzsfzB0wgJDGS398DAHFcBCK/s400/OpenVPN6.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKwBIJbzO-Uf3v9i2NLX12FCZ3mcv-xnSBZH2DSIVj47nePZk2dlfEOWCUEm-e8Z-PioVziLL7-cdFtmV85lDHL3JJtpPVm8o2GEgNQSJtxbcwC_HuMOPTZOvauOjyNQ7dJWjH1nu1-5Q7dqJiDZbSfu_uvCZISrVCpCwSiGMlx3nK6n4JoQpDHDwg/s957/OpenVPN7.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="180" data-original-width="957" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgKwBIJbzO-Uf3v9i2NLX12FCZ3mcv-xnSBZH2DSIVj47nePZk2dlfEOWCUEm-e8Z-PioVziLL7-cdFtmV85lDHL3JJtpPVm8o2GEgNQSJtxbcwC_HuMOPTZOvauOjyNQ7dJWjH1nu1-5Q7dqJiDZbSfu_uvCZISrVCpCwSiGMlx3nK6n4JoQpDHDwg/s400/OpenVPN7.png"/></a></div>
I then, created a script to automate the installation and running of the container. <br /><br />
The outcome of the script is the execution of the container, and we will be asked to enter a new password for the default admin account.
<br /> Below the script:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">#/bin/bash
#
# Initial setup script (all-in-one) to access OpenVPN Web UI
# Install the package called OpenVPN access server
# Download and install
docker pull linuxserver/openvpn-as:latest
# Let's create a new docker container called openvpn-as with the following:
# -v /home/docker/openvpn-as/config: /config - Sets the directory to store tehconfig files.
# --restart=always - Ensures the container always starts on system boot. You can opt not to add this agument if you don't want to container to restart
# -e PGID=1001 -e PUID=1001 - Sets the user ID to eliminate permission issues between the host server and the container.
# -e TZ=Europe/Rome - Set Time Zone
# --net=host --privileged - Dictates how OpenVPN Access Server runs in the container.
docker create --name=openvpn-as --restart=always -v /home/docker/openvon-as/config:/config -e INTERFACE=eth0 -e PGID=1001 -e PUID=1001 -e TZ=Europe/Rome --net=host --privileged linuxserver/openvpn-as
# Start the container
docker start openvpn-as
# Get access to docker and change the default admin password
docker exec -it $(docker ps | grep openvpn-as | awk '{print $1}') /usr/bin/passwd admin
</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFjpWJAkhByjAd9X2MlzKHZM-HLnMNV9ABPHPzrYWOW7puyt-7k_moTvxSRKCKNSZDxKIE6XO2BOuRJ4DC-BORWTca7ejPqcPqYE7TLwW1Q9q3PQCIyoVz9EAd8oLqmHLwSiHxbJsmXdX25HmSU9XMncv-TCn-L2AVtNoTWTvk4eNe0-Rx_I3WQygM/s1073/OpenVPN8.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="327" data-original-width="1073" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhFjpWJAkhByjAd9X2MlzKHZM-HLnMNV9ABPHPzrYWOW7puyt-7k_moTvxSRKCKNSZDxKIE6XO2BOuRJ4DC-BORWTca7ejPqcPqYE7TLwW1Q9q3PQCIyoVz9EAd8oLqmHLwSiHxbJsmXdX25HmSU9XMncv-TCn-L2AVtNoTWTvk4eNe0-Rx_I3WQygM/s400/OpenVPN8.png"/></a></div>
We give execute permissions to the script.
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># chmod +x OpenVPN_initial_setup.sh</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSwUPT9TY96z2SPmO-hNS-yTGGPdXfY163p_RWK-B7h4q6FpOPi-chznCiJatGuOkc7xx1bkV7O4goXKFIEuYLgn1vlPvzV7mYWSPZCI06QV39t_wBJa6ZrFsfRFxrNVhqLHbDvigoMaZVlh4WkdQrmwB74qBCQZu1pwN5DQPEVAxUd9OKF7GDd2DD/s482/OpenVPN9.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="122" data-original-width="482" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgSwUPT9TY96z2SPmO-hNS-yTGGPdXfY163p_RWK-B7h4q6FpOPi-chznCiJatGuOkc7xx1bkV7O4goXKFIEuYLgn1vlPvzV7mYWSPZCI06QV39t_wBJa6ZrFsfRFxrNVhqLHbDvigoMaZVlh4WkdQrmwB74qBCQZu1pwN5DQPEVAxUd9OKF7GDd2DD/s400/OpenVPN9.png"/></a></div>
Let's execute it ...
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># ./OpenVPN_initial_setup.sh</pre>
... and at the prompt enter the new password
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5-HDPNLavEp5tWFQfp7vdWC6he3jM-Ea6Ey3FKqNb6dXRJyYEWf-sSpub7umF2dW8Tc4P6SuMgMXMVMn77oBsQlEPap_5uQONOJqZbniPqcwwC2W5g8DuJFXcKEoyzm_SQDnL46wtB4NAtCynpuF-SddnAsbRhJr_HiVqNdPKoi5uh8NuS14bKB_T/s578/OpenVPN10.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="293" data-original-width="578" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5-HDPNLavEp5tWFQfp7vdWC6he3jM-Ea6Ey3FKqNb6dXRJyYEWf-sSpub7umF2dW8Tc4P6SuMgMXMVMn77oBsQlEPap_5uQONOJqZbniPqcwwC2W5g8DuJFXcKEoyzm_SQDnL46wtB4NAtCynpuF-SddnAsbRhJr_HiVqNdPKoi5uh8NuS14bKB_T/s400/OpenVPN10.png"/></a></div>
Let's verify that the container is running correctly
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># docker ps</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUFye1KIDatOsBzsX6R2V4BKy7SbpTYORsoPhGCActMP3rTCKVqVmvK631s-NAK91V4qElgts9cQ6x2CT4hVqq31pLPuOPpexf3eAo9kRH5mYvTagtxeEKRdE6IrXsEKJcceQjpOPvBiIFyQf5LKDoWYwphQTOaBTMLZFmGAzf90uTtOsRbaxjoQbH/s982/OpenVPN11.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="63" data-original-width="982" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiUFye1KIDatOsBzsX6R2V4BKy7SbpTYORsoPhGCActMP3rTCKVqVmvK631s-NAK91V4qElgts9cQ6x2CT4hVqq31pLPuOPpexf3eAo9kRH5mYvTagtxeEKRdE6IrXsEKJcceQjpOPvBiIFyQf5LKDoWYwphQTOaBTMLZFmGAzf90uTtOsRbaxjoQbH/s400/OpenVPN11.png"/></a></div>
Let's connect to the local IP address (<b>https://local-IP:943/admin/</b>) for a first configuration ... providing the username <b>admin</b> and the previous setted <b>password</b>.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPt8E1JIMKPLLeRhVNzLoo_-x1_Kf-_kLYPnGicHzEGKaS56lOsn1b5ED37UJMOCQQE5YfCo_jvGalbvwpmQJyuf-BjQTk8ODCkU6E1SNF4On4GPdXoT-qnqOkTaMxyLh25Z__iQozd_QAcpTsa5sy0tLkXi6IlY1qnzdmKbRAVgOEpaNG1TWUmRYR/s483/OpenVPN12.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="437" data-original-width="483" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgPt8E1JIMKPLLeRhVNzLoo_-x1_Kf-_kLYPnGicHzEGKaS56lOsn1b5ED37UJMOCQQE5YfCo_jvGalbvwpmQJyuf-BjQTk8ODCkU6E1SNF4On4GPdXoT-qnqOkTaMxyLh25Z__iQozd_QAcpTsa5sy0tLkXi6IlY1qnzdmKbRAVgOEpaNG1TWUmRYR/s400/OpenVPN12.png"/></a></div>
We accept the terms of use
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe8NEku87ntqvVMPoibqr08PFTE9AnYZvqVH81RSUqMrGiLrQXtyzS53Pf9-kZFdFtzhybCY2r0BuKUDFCp3Lp-S0HEYzZPZ6NxIEWjcTibdUduQor6kHhlM31yKbDzB2lwYyXucUgqPqifUKiPS3FMgbaAQ1RZP92B6JTOxgkyz2hmQTsqvhrJxq4/s826/OpenVPN13.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="635" data-original-width="826" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhe8NEku87ntqvVMPoibqr08PFTE9AnYZvqVH81RSUqMrGiLrQXtyzS53Pf9-kZFdFtzhybCY2r0BuKUDFCp3Lp-S0HEYzZPZ6NxIEWjcTibdUduQor6kHhlM31yKbDzB2lwYyXucUgqPqifUKiPS3FMgbaAQ1RZP92B6JTOxgkyz2hmQTsqvhrJxq4/s400/OpenVPN13.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUq9x_M39m0bH7N4Sn7zZlvI8sBojoxWDAEXyf3iEzW1Lw2CLmWmeus5XYmaPR1RNjQvrLRbOlrK7g17PLQHrF5g9mTGva21oM777M88cgu7Qq8vDsBUKz07e-_a93MdYBjziFdBybvXxKOEEVpnTZGtF-0I_Knwkt15F4Dy7nXPg2aIi4_31J-cfo/s1450/OpenVPN14.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="932" data-original-width="1450" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhUq9x_M39m0bH7N4Sn7zZlvI8sBojoxWDAEXyf3iEzW1Lw2CLmWmeus5XYmaPR1RNjQvrLRbOlrK7g17PLQHrF5g9mTGva21oM777M88cgu7Qq8vDsBUKz07e-_a93MdYBjziFdBybvXxKOEEVpnTZGtF-0I_Knwkt15F4Dy7nXPg2aIi4_31J-cfo/s400/OpenVPN14.png"/></a></div>
Once logged in, first of all let's set up in <b>Configuration</b> > <b>Network Settings</b> > <b>Hostname or IP Address</b> ... insert the public IP or the FQDN. Then, we click on Save Settings to save the configuration.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0sEqw8cZdcT92eH_2EVb-z82zrcha9A0Sj1UM7VmHENbMnuZ9dMnzf7ejkZ48I6jJ9Gwey_5d3-pk-SUY8AQecGG38x1niBB9vln9dH58hvbI6t4ihCUQM0NbIFLpfkTGqOQPTjZrVIEJgAqInrfLtsgC9vb4aCUnCgWiZM-EITMoQKZEyHB6MB3T/s1635/OpenVPN15.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="936" data-original-width="1635" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh0sEqw8cZdcT92eH_2EVb-z82zrcha9A0Sj1UM7VmHENbMnuZ9dMnzf7ejkZ48I6jJ9Gwey_5d3-pk-SUY8AQecGG38x1niBB9vln9dH58hvbI6t4ihCUQM0NbIFLpfkTGqOQPTjZrVIEJgAqInrfLtsgC9vb4aCUnCgWiZM-EITMoQKZEyHB6MB3T/s400/OpenVPN15.png"/></a></div>
We enable Google Authenticator Multi-Factor Authentication in the menu <b>Authentication</b> > <b>General</b> ... and saving the settings.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_QvNxswwConge3Nepfjb94QKjeMTjRB_cHyNnKCO08g-W3RMZpyzOVCKOarPIDOSLDTPGsrobBN_dABAg_qBf2vFViv9QhaW5sHpPWzd8zhG9KTxMZnDNNtFEwltqgp_BnZIIm6fzZ0iUISV6g3tmFG-SNft73CIuGZya0ev0O7wCXcK7fYFneyBi/s1632/OpenVPN16.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="851" data-original-width="1632" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj_QvNxswwConge3Nepfjb94QKjeMTjRB_cHyNnKCO08g-W3RMZpyzOVCKOarPIDOSLDTPGsrobBN_dABAg_qBf2vFViv9QhaW5sHpPWzd8zhG9KTxMZnDNNtFEwltqgp_BnZIIm6fzZ0iUISV6g3tmFG-SNft73CIuGZya0ev0O7wCXcK7fYFneyBi/s400/OpenVPN16.png"/></a></div>
We then enabling and saving the "<b>Require user permissions record for VPN access</b>" in <b>User Management</b> > <b>User Permissions</b>.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihSCBJEYrnO_E6jbhFEkoKxZ6PJnXgsVQW3pA5EEVsP7xs427EZUd-pVBThol_lC8l8XvuT4wpjFnjojl-8ZloCNif5M5asjf_8QCJuB_hvn06EwmRyFrpC0FkB0O1XP2b8pvZA5TBwuvdnU68MkU2LYhf0PbfjLcCIWefwgS5y8K4bwC_s6Bys7yn/s1644/OpenVPN16a.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="630" data-original-width="1644" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihSCBJEYrnO_E6jbhFEkoKxZ6PJnXgsVQW3pA5EEVsP7xs427EZUd-pVBThol_lC8l8XvuT4wpjFnjojl-8ZloCNif5M5asjf_8QCJuB_hvn06EwmRyFrpC0FkB0O1XP2b8pvZA5TBwuvdnU68MkU2LYhf0PbfjLcCIWefwgS5y8K4bwC_s6Bys7yn/s400/OpenVPN16a.png"/></a></div>
We create a new Profile in <b>User Profiles</b> and the we click on <b>New Profile</b>.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAywp46-O8lN_NgBkptBLIfBFXOFF3WFq5S6PKeFWW49ADnqJ98bWUhLUsv0TNvEtDCUrflas5AXFKLq9vaPwSOsAkhSLXYaIEJ1thRn4YSThGLyVGBvxJsD-2XfaB-S4_9xGEqGqK-HiRJD0kQ0DsDqQLeAaZbQtPn1lab5ZsZJVAo1_2cl76B57S/s1628/OpenVPN17.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="776" data-original-width="1628" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAywp46-O8lN_NgBkptBLIfBFXOFF3WFq5S6PKeFWW49ADnqJ98bWUhLUsv0TNvEtDCUrflas5AXFKLq9vaPwSOsAkhSLXYaIEJ1thRn4YSThGLyVGBvxJsD-2XfaB-S4_9xGEqGqK-HiRJD0kQ0DsDqQLeAaZbQtPn1lab5ZsZJVAo1_2cl76B57S/s400/OpenVPN17.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLeLPnNqzY659qjq1u4B-xc1p8CAFBJ0jXORpTbpkRo2zxfiMOFdUTrHRcDdx4xi5uh5QgIv0_xwOapU7iARB8sqmqJpP3uBvJzfjZ_xd2sibke_JGR_R3wBZhe_Kw6kpv13Cp6zsaF6MYiG2jLY9zbEOuQjgKObnHpkVgHUQLGo5nxfRTq4a14Bjr/s610/OpenVPN18.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="324" data-original-width="610" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiLeLPnNqzY659qjq1u4B-xc1p8CAFBJ0jXORpTbpkRo2zxfiMOFdUTrHRcDdx4xi5uh5QgIv0_xwOapU7iARB8sqmqJpP3uBvJzfjZ_xd2sibke_JGR_R3wBZhe_Kw6kpv13Cp6zsaF6MYiG2jLY9zbEOuQjgKObnHpkVgHUQLGo5nxfRTq4a14Bjr/s400/OpenVPN18.png"/></a></div>
We download and save locally on its own computer the .ovpn file, that will be used later for the VPN connection.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip_ftR1XeLyBs9DxxogP6tnL3QeF2x5mkBeI2S02uvaYA_3i9FxPmCjmy84zhEncW_s4mZ_1GW_wLV0BgKiiVdmlfcogFVKoxUtAnCrS2Uyy7Js7f9r_tzBf6B4pjwObUoHtzNIks8ep2fk0wvW_aMUw5bLANX-ezDQ86xHhGiTJbkt6gCu1h2zT46/s1283/OpenVPN19.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="548" data-original-width="1283" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip_ftR1XeLyBs9DxxogP6tnL3QeF2x5mkBeI2S02uvaYA_3i9FxPmCjmy84zhEncW_s4mZ_1GW_wLV0BgKiiVdmlfcogFVKoxUtAnCrS2Uyy7Js7f9r_tzBf6B4pjwObUoHtzNIks8ep2fk0wvW_aMUw5bLANX-ezDQ86xHhGiTJbkt6gCu1h2zT46/s400/OpenVPN19.png"/></a></div>
<br /><br />
<b>Client configuration part</b>
<br /><br />
Configure one of the following Apps on your mobile device, Google Authenticator, Microsoft Authenticator, FortiToken. I have verified that the 2FA system works with all of the above authenticator apps.
<br /><br />
Open the web client at the VPN endpoint address (https://Public-IP:9443/) and, once logged in with the admin account, scan the QR Code with the newly installed App.
<br /><br />
Insert the 6-digit code and download the right VPN client for its own OS/device.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWZKkOz2UktW__FeHstV3UHLk3Lk8-qoVkCYOkG3ob_ZAbCpB2V9o_u-CuSOX7rOHR9n0vN3LpyBZUopCYWzPL53N2qLc07vIoInFZn33eDEgKufSChWs1WpYbUbGgZcrCTWvvuEfKRbDH7gxXqhx8Sn1cUb6WTLhfO8Bmq7OejXvMrd3IVUTK_ghf/s699/OpenVPN19b.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="400" data-original-height="699" data-original-width="397" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiWZKkOz2UktW__FeHstV3UHLk3Lk8-qoVkCYOkG3ob_ZAbCpB2V9o_u-CuSOX7rOHR9n0vN3LpyBZUopCYWzPL53N2qLc07vIoInFZn33eDEgKufSChWs1WpYbUbGgZcrCTWvvuEfKRbDH7gxXqhx8Sn1cUb6WTLhfO8Bmq7OejXvMrd3IVUTK_ghf/s400/OpenVPN19b.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGLaHNhzJuBsbM1ny1u71dQk_pGmpCZErJIiT6xN3OkjepG0kUzxsVd6eR-NEYyg_xaHQ2t_uixgfsSN9Qm-13sSP167B4UNdxEjsxaMy6vjnunshtf_zFr_ahY_iGdjRdoibc18BduTvdICYpuftTvEGqwEkR_xSsJnLvl90dD1O-pP7IMfpKJJFp/s776/OpenVPN20.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="400" data-original-height="776" data-original-width="393" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGLaHNhzJuBsbM1ny1u71dQk_pGmpCZErJIiT6xN3OkjepG0kUzxsVd6eR-NEYyg_xaHQ2t_uixgfsSN9Qm-13sSP167B4UNdxEjsxaMy6vjnunshtf_zFr_ahY_iGdjRdoibc18BduTvdICYpuftTvEGqwEkR_xSsJnLvl90dD1O-pP7IMfpKJJFp/s400/OpenVPN20.png"/></a></div>
Once installed, double click on the previous .ovpn file downloaded to import the VPN configuration.
<br /><br />
Click on Connect ...
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpcRyLfG88POvkrNJeEiK-N5ttTgAyS5370EgJvM3_cALvowcPnDbtSvErSgdJkf0B9574T0x3aijcTFZSlhk_kz6hX9Osd8SJkDG3ay_A3iYEFa5ye8RfpRgwSHyZJjPbp_Y5lBP1YGYBjh2dFc-6afWtaV_qB5U9DjQ7Y3eLXlrn2O5CcAL2gdEq/s223/OpenVPN21.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="209" data-original-width="223" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpcRyLfG88POvkrNJeEiK-N5ttTgAyS5370EgJvM3_cALvowcPnDbtSvErSgdJkf0B9574T0x3aijcTFZSlhk_kz6hX9Osd8SJkDG3ay_A3iYEFa5ye8RfpRgwSHyZJjPbp_Y5lBP1YGYBjh2dFc-6afWtaV_qB5U9DjQ7Y3eLXlrn2O5CcAL2gdEq/s400/OpenVPN21.png"/></a></div>
Provide username and password ...
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioXoXeTrYV2Wi6s8TO2w8CyiVt1-cwu7W3UfWjWcVeXRlgcHOOpf7w3TpxPg7QMySfcqWh6lths3yZuqZLit2vLJgwpXyDra5xjLnl6albYKfk3yHrS_FPAitoWjpKMrkLU6c_ffbzrD0H3KAXcFVfCpPRlgEp1Vsklig-J6M1aPmt_HU4Aw7KCcw2/s630/OpenVPN21a.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="383" data-original-width="630" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioXoXeTrYV2Wi6s8TO2w8CyiVt1-cwu7W3UfWjWcVeXRlgcHOOpf7w3TpxPg7QMySfcqWh6lths3yZuqZLit2vLJgwpXyDra5xjLnl6albYKfk3yHrS_FPAitoWjpKMrkLU6c_ffbzrD0H3KAXcFVfCpPRlgEp1Vsklig-J6M1aPmt_HU4Aw7KCcw2/s400/OpenVPN21a.png"/></a></div>
... insert the 6-digits of the 2FA ...
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhV9x4QXYKZTsn3Uvd992-Hxb-dU716mQyhsMtA2Hjx_ozux_5KqXj_SweryJaoxno6oZifxHXkl6K37ZuyCJisePEKvU9N5qbg2cf16SEUhdeHAmCJ_Wj6GSloeK4wKEwPnYl6OqbfnSjHdElBmlWcdRNcFIku2c-llvaOW9hiXO0-l5RWmiNV9WhO/s298/OpenVPn22.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="277" data-original-width="298" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhV9x4QXYKZTsn3Uvd992-Hxb-dU716mQyhsMtA2Hjx_ozux_5KqXj_SweryJaoxno6oZifxHXkl6K37ZuyCJisePEKvU9N5qbg2cf16SEUhdeHAmCJ_Wj6GSloeK4wKEwPnYl6OqbfnSjHdElBmlWcdRNcFIku2c-llvaOW9hiXO0-l5RWmiNV9WhO/s400/OpenVPn22.png"/></a></div>
We can now able to reach the remote site in a safe mode.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBB7fdnYGVIkN2OQk-3vZwtS_d2wM8SW3h0CLyTlzzC0qVSPIRVW6N8a8sElPlQ1rISFWjULX5A5Cwhh05ZT7JZ3hsJCbJDj7hJ9AC3l-e-J4WS1kZSIWYKXISH3Nz2jCdCaopTS2LVOcjNKIETIl5apWkgU2qL-4Llm4MdPdM4IgMc-gxnZSJxq_3/s262/OpenVPN23.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="180" data-original-width="262" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjBB7fdnYGVIkN2OQk-3vZwtS_d2wM8SW3h0CLyTlzzC0qVSPIRVW6N8a8sElPlQ1rISFWjULX5A5Cwhh05ZT7JZ3hsJCbJDj7hJ9AC3l-e-J4WS1kZSIWYKXISH3Nz2jCdCaopTS2LVOcjNKIETIl5apWkgU2qL-4Llm4MdPdM4IgMc-gxnZSJxq_3/s400/OpenVPN23.png"/></a></div>
<br /><br />
<b>Conclusion</b>
<br /><br />
OpenVPN Access server is very simple to install and configure. However, there are some limitations due to the free license (only two connections available), the "linuxserver/openvpn-as" project is deprecated and no longer maintained, consequently the latest available version of OpenVPN is version 2.9.0 (currently version available for download is 2.11.3). <br /><br />
I saw that there are also other interesting project like <a href="https://www.wireguard.com/" target="_blank">Wireguard</a>, not yet available as a container for docker but available as a native package for Photon OS.
<br />
Must try as soon as possible.
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-34820979277405168722023-04-21T01:17:00.005+02:002023-04-21T01:52:37.035+02:00vRealize Log Insight Internal Certificate issue <div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
A <a href="https://kb.vmware.com/s/article/91441" target="_blank">KB91441</a> was recently published that affects vRLI internal certificate that will expire on April 30th. The expiration on the certificate will leading to a comunication failures in internode comunication in a vRLI cluster. However, this problem affects both cluster and single instance installation of a vRLI, so I invite you to read carefully the KB and act as soon as possible.
<br />
<br />
Before to act on the customer's production cluster environment I prefer to do some tests on the safe VMware HOL environment, using this LAB "Getting Started with Aria Operations for Logs (HOL-2201-03-CMP)".
<br />
<br />
Let's see below the tasks, following the KB "<a href="https://kb.vmware.com/s/article/91441" target="_blank">Updating the vRealize Log Insight Internal Certificate (91441)</a>" step by step.
</p>
<p>
<b><H2>Solution</H2></b>
<br />
As the KB says:
<br />
<br />
<i> This is a known issue affecting vRealize Log Insight 8.x.
<br />
The official resolution will be in the next vRealize Log Insight due out before April 30th 2023.
</i>
<br />
<br />
In my case the vRLI is a single instance version 8.4.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSvbQkyJkNYyZXmERBdIljCIC6RUAbqr05AUZ2GW0IAHOvzPhcN6cR3evxcNOVN8lABwR9_NMKU4ZoQC1gB2Cay0xXjZTBD49iiKLEPtswS1DJgpviFL-qGoNVIGHt53S8DKbFBzE0mrl85xML7F-s4T6KU9j2FbCN8_qOBhQxjsB5bATIti9X0kAO/s486/KB-5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="344" data-original-width="486" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiSvbQkyJkNYyZXmERBdIljCIC6RUAbqr05AUZ2GW0IAHOvzPhcN6cR3evxcNOVN8lABwR9_NMKU4ZoQC1gB2Cay0xXjZTBD49iiKLEPtswS1DJgpviFL-qGoNVIGHt53S8DKbFBzE0mrl85xML7F-s4T6KU9j2FbCN8_qOBhQxjsB5bATIti9X0kAO/s400/KB-5.png"/></a></div>
<br />
<br />
Below the verification steps before the fix:
<br />
<ol left="" style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px;" text-align:="">
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Let's check the external certificates, also because the problem may not arise with the expiration of the external certificate, but it is actually the internal certificate that expires:
<br /> <br />
Open a web browser and open the vRLI URL and verify the certificate
<br /> <br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO6ClsaZqlqPZqFLogunYuo7LAkSgfgBPIIgUE6J59UiAhvyyHSjtbZdh1a85GA2V-ivzLYse-0pbXJtXO66HnMyqOdrFo3xNsMjdZtZeqfMdl9vz8w9sVnS1A1tYkAT4o48aTkLvEifjZI2zsut27ZFDT7yvi3ZcgmXe-VrcjvuWex3C-aT3y7G9f/s582/KB-1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="455" data-original-width="582" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjO6ClsaZqlqPZqFLogunYuo7LAkSgfgBPIIgUE6J59UiAhvyyHSjtbZdh1a85GA2V-ivzLYse-0pbXJtXO66HnMyqOdrFo3xNsMjdZtZeqfMdl9vz8w9sVnS1A1tYkAT4o48aTkLvEifjZI2zsut27ZFDT7yvi3ZcgmXe-VrcjvuWex3C-aT3y7G9f/s400/KB-1.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiD-VNKo6sdaUcYEp44zHrIShUchxydZZyeukAhx_y8-FJv2rgt1AfWtS6pbMAgIy992MEj4VMojdornJMHFqc3rTMDQjWSPEOLYbS8TDSZmzBFZE4l8zXsWlCvlNuBekZ4XCULhJSUgALWLTF5eFp2Dh31puIlPOKToPGKP7H2R8FavCbSERQjMaVM/s664/KB-2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="400" data-original-height="664" data-original-width="534" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiD-VNKo6sdaUcYEp44zHrIShUchxydZZyeukAhx_y8-FJv2rgt1AfWtS6pbMAgIy992MEj4VMojdornJMHFqc3rTMDQjWSPEOLYbS8TDSZmzBFZE4l8zXsWlCvlNuBekZ4XCULhJSUgALWLTF5eFp2Dh31puIlPOKToPGKP7H2R8FavCbSERQjMaVM/s400/KB-2.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Get access to the vRealize Log Insight with user admin (Default built-in) > <b>Administration</b> > <b>SSL</b>.
<br /> <br />
Click on “<b>VIEW DETAILS…</b>” of Existing Certificate
<br /> <br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO7osl1CYRd3vtEoWl1yWNOijrksBM8ZZRAmVs9XmvQDwFoVyHxctUHCiRdAU12JuSkhOCeMJ7JxbwEoX8sJRTXJeQNj9igd4WEq4R-QYFgongfbxHqs8vo6vUeTM7H_w0sm1pI4XKJ6T8zSnS9bp1Z48H10xRH_ZZJK-SHSLvRoLkMxEI1saAMnlY/s486/KB-3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="400" data-original-height="486" data-original-width="470" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiO7osl1CYRd3vtEoWl1yWNOijrksBM8ZZRAmVs9XmvQDwFoVyHxctUHCiRdAU12JuSkhOCeMJ7JxbwEoX8sJRTXJeQNj9igd4WEq4R-QYFgongfbxHqs8vo6vUeTM7H_w0sm1pI4XKJ6T8zSnS9bp1Z48H10xRH_ZZJK-SHSLvRoLkMxEI1saAMnlY/s400/KB-3.png"/></a></div>
As you can see here, the external certificates don't seems to expire imminently
<br /> <br />
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Connect via SSH to the vRealize Log Insight appliance with root user and run the following command:
<br /> <br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># openssl x509 -in /storage/core/loginsight/cidata/cassandra/config/cacert.pem -enddate -noout</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOojOezodQY2DH3FwMuLXGB-k8pF6lgEzGPec_pt82oaKVadDU7gdVU1lxR500FlwJhgnd4bHefP_Q2njeDXQh3e-9mPH3OGaIN7bz2Az_qHfX0RltuvR4D_hymPfWDy9RBWLnBG3vzHJNLdhYf83dMYmCgyOo1yYhlYkPYKPheQZGCs8ENPbiagLh/s870/KB-4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="132" data-original-width="870" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOojOezodQY2DH3FwMuLXGB-k8pF6lgEzGPec_pt82oaKVadDU7gdVU1lxR500FlwJhgnd4bHefP_Q2njeDXQh3e-9mPH3OGaIN7bz2Az_qHfX0RltuvR4D_hymPfWDy9RBWLnBG3vzHJNLdhYf83dMYmCgyOo1yYhlYkPYKPheQZGCs8ENPbiagLh/s400/KB-4.png"/></a></div>
If the result is as indicated in the figure above, it must be updated, even if in points 1. and 2. the certificate is not expired.
If the result is different and expires beyond April 30, 2023, no certificate reconfiguration activities are required.
<br /> <br />
</li>
</ol>
<br />
<br />
Below the workaround:
<br />
<ol left="" style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px;" text-align:="">
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Take a cold snapshot of the vRealize Log Insight VM
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh4lAVzgdtzxeu7H55jI9A_TVIWN9zlqMNu_NMSpczQrjgaeaP-G8YzTDCji_BNUgcs8WEuWPJ7TS6xmjhOVrdy-ewGo0lPMR-ADMX_-K_m3I5eFX2Lqq1tEuAWrEblFgMGWdR2FcikXkjLvCnOwrWFlPquIJRGYlwao3cgBaqMqO-c8aJ_xXf6TA9/s1104/KB-6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="847" data-original-width="1104" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhh4lAVzgdtzxeu7H55jI9A_TVIWN9zlqMNu_NMSpczQrjgaeaP-G8YzTDCji_BNUgcs8WEuWPJ7TS6xmjhOVrdy-ewGo0lPMR-ADMX_-K_m3I5eFX2Lqq1tEuAWrEblFgMGWdR2FcikXkjLvCnOwrWFlPquIJRGYlwao3cgBaqMqO-c8aJ_xXf6TA9/s400/KB-6.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZv49Z9efTszPoXs2uzUbuY-UIX-7_gjChsvum71XphV0NP-JuuC23lqiKTE0wbFELt8Z6iszLS3hc97W2s1opWaGG_gnUS7TZPczIIZ1oK7f8oCF-tZ2QL-csqsNF-MqSiXhpeIYr-xA-URnOc8q_sqZzluncDoQANa4toT2T0Ec3Q9AsSrF_xzG3/s1238/KB-7.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="909" data-original-width="1238" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZv49Z9efTszPoXs2uzUbuY-UIX-7_gjChsvum71XphV0NP-JuuC23lqiKTE0wbFELt8Z6iszLS3hc97W2s1opWaGG_gnUS7TZPczIIZ1oK7f8oCF-tZ2QL-csqsNF-MqSiXhpeIYr-xA-URnOc8q_sqZzluncDoQANa4toT2T0Ec3Q9AsSrF_xzG3/s400/KB-7.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Generating the new self-signed certificate:
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">openssl req -newkey rsa:2048 -keyout domain.key -x509 -days 3650 -out domain.crt -nodes </pre>
When prompted by openssl, provide the required values for your company.
<br /> <br />
Then run the following command to concatenate the key and cert into a pem file
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">cat domain.key domain.crt > /tmp/cert.pem</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgheSFZt7KxWZDz6nG_xx-MoIZs6uVlQ1jpwGAS6F6wFCmp2r8pMln3SrDpPXHFhZBBRAGWYOCJpDC7q0EREAxsO6-EBkeWDEr3HpuqWvdIMYNA6ZV7vWYIVbPJTMMzypjORLuqEVm1YFy8Doib4_QbdT357A5EQk1PGaahxI0sP0jrfLuIqLqXQZp_/s1177/KB-8a.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="596" data-original-width="1177" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgheSFZt7KxWZDz6nG_xx-MoIZs6uVlQ1jpwGAS6F6wFCmp2r8pMln3SrDpPXHFhZBBRAGWYOCJpDC7q0EREAxsO6-EBkeWDEr3HpuqWvdIMYNA6ZV7vWYIVbPJTMMzypjORLuqEVm1YFy8Doib4_QbdT357A5EQk1PGaahxI0sP0jrfLuIqLqXQZp_/s400/KB-8a.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Download the cert.pem file and upload it to vRealize Log Insight:
<br />
Navigate to <b>Configuration</b> > <b>SSL</b>, click <b>Choose File</b>, browse to the cert.pem file previusly downloaded and click <b>Open</b>. <br />
Click <b>Save</b>. This will automatically distribute the new cert across all nodes in the vRealize Log Insight cluster. Wait for the SSL certificate to be updated.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs30wqGqfNtPcfVBe5oWABeMUNZrh4Ezi618TpvI3L7cdKLpk2Oi9FROG6FaILBc2jDoGZrIZPEixFXHAJHWoudEyzJ0uHI-lGWO5z9CBrpG1F7iy4PyR6Q6fZYoDUTGTssRFLE7N0_hKlHb2EOX9BhSo6sA7dsSfmysfn-gCIrg3CkUCXjmfz-p4O/s816/KB-9.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="656" data-original-width="816" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhs30wqGqfNtPcfVBe5oWABeMUNZrh4Ezi618TpvI3L7cdKLpk2Oi9FROG6FaILBc2jDoGZrIZPEixFXHAJHWoudEyzJ0uHI-lGWO5z9CBrpG1F7iy4PyR6Q6fZYoDUTGTssRFLE7N0_hKlHb2EOX9BhSo6sA7dsSfmysfn-gCIrg3CkUCXjmfz-p4O/s400/KB-9.png"/></a></div>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsueW18GcWNZ5UjL-18CRV6kziLsgqaudvqwrLHVzSwo-BADGBSWnclpv2JKBV6hYYOKWok_IAhH683ixueyN9IxUpAg_bebHjny-s-y2uLXyZHoALesfNDFBd4M80hf7jxxS2pnZX2M8p55zHOrC1cH8aGjiVNsNq5mYrV_qfUQCToPKG170UAuzC/s1072/KB-10.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="684" data-original-width="1072" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsueW18GcWNZ5UjL-18CRV6kziLsgqaudvqwrLHVzSwo-BADGBSWnclpv2JKBV6hYYOKWok_IAhH683ixueyN9IxUpAg_bebHjny-s-y2uLXyZHoALesfNDFBd4M80hf7jxxS2pnZX2M8p55zHOrC1cH8aGjiVNsNq5mYrV_qfUQCToPKG170UAuzC/s400/KB-10.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Run the "<i>update_default_cert.sh</i>" script downloaded from VMware KB:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># ./update_default_cert.sh --all</pre>
Once completed, stop the <i>loginsight</i> service on the node by running the following command:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># systemctl stop loginsight</pre>
Start the <i>loginsight</i> service by running the following command:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># systemctl start loginsight</pre>
Execute the script with the verify option:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># ./update_default_cert.sh --verify</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgaZMeSY34ywsdgZGZC-IbephCZlaHBfoMZUI8oFDZSj8PXKLl0V3f1trBjFeJMvoacFqHx2IwJbSGmptOmugxitprWDxcCFhPy7SdhXoSPy2d2vQb_XmR_GMFSks1TitB99WlP9FmTCB4VJNyYMeuvH5yNieAD4-HxAL2mE_LOominEOjxt6mlLnE/s1224/KB-11.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="616" data-original-width="1224" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjgaZMeSY34ywsdgZGZC-IbephCZlaHBfoMZUI8oFDZSj8PXKLl0V3f1trBjFeJMvoacFqHx2IwJbSGmptOmugxitprWDxcCFhPy7SdhXoSPy2d2vQb_XmR_GMFSks1TitB99WlP9FmTCB4VJNyYMeuvH5yNieAD4-HxAL2mE_LOominEOjxt6mlLnE/s400/KB-11.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Run the following command to validate that the new certificate is in place:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># openssl x509 -in /storage/core/loginsight/cidata/cassandra/config/cacert.pem -enddate -noout</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHhZFHe4DOtoWwXpKDYtr1CMuJefLCgVHUHEASJUERgJnvyHEdMWFWgnLvNmfd8aEhX8jITspuPptRYE6dgPUknqRqKlqQ5ksYvzb670OgkFsj9ZmkKoduHhNGiT41YnqhVDMyUbBrQeOGWsGANlSFJleSG3G3RhNpYM0FgTI39z9Xp0ByofxPof6O/s959/KB-12.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="34" data-original-width="959" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiHhZFHe4DOtoWwXpKDYtr1CMuJefLCgVHUHEASJUERgJnvyHEdMWFWgnLvNmfd8aEhX8jITspuPptRYE6dgPUknqRqKlqQ5ksYvzb670OgkFsj9ZmkKoduHhNGiT41YnqhVDMyUbBrQeOGWsGANlSFJleSG3G3RhNpYM0FgTI39z9Xp0ByofxPof6O/s400/KB-12.png"/></a></div>
Verify the certificate by UI as well:
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3QrAejDJGnNp2yftJyyyAuhDNnAZgEVzLKmZw5K9GtXBv4RMTl9ekNwH29SXxZEru4pqAR9s1p1VuAWqJ06SWS0026ro0Nr9_OkOCseMv4o342hDidtkczP0IFdFjAs5ryZOnJhkgcYJPyG2DJC8ESHTlzUZ6joGnbzpu2Wm7Qor4lc18J3cVO9cl/s1058/KB-13.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="400" data-original-height="1058" data-original-width="852" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3QrAejDJGnNp2yftJyyyAuhDNnAZgEVzLKmZw5K9GtXBv4RMTl9ekNwH29SXxZEru4pqAR9s1p1VuAWqJ06SWS0026ro0Nr9_OkOCseMv4o342hDidtkczP0IFdFjAs5ryZOnJhkgcYJPyG2DJC8ESHTlzUZ6joGnbzpu2Wm7Qor4lc18J3cVO9cl/s400/KB-13.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5qaO2skme-RZ75p2Txv6WCLBf5EAkiHRrXAc2_n4sODPiHyatAwUCowJr-I062oWu80axJztCGD_23hsg6yK7_GxVG_UVvk5WY7UWIvzRBzG1mR2VzOseEBc8XM3pA-aUvrHuHfBR4sl3Q2B3Agr1OCLDxS3VdjIWrtyHuXBOomVemCxW84CV97zD/s1242/KB-14.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1240" data-original-width="1242" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh5qaO2skme-RZ75p2Txv6WCLBf5EAkiHRrXAc2_n4sODPiHyatAwUCowJr-I062oWu80axJztCGD_23hsg6yK7_GxVG_UVvk5WY7UWIvzRBzG1mR2VzOseEBc8XM3pA-aUvrHuHfBR4sl3Q2B3Agr1OCLDxS3VdjIWrtyHuXBOomVemCxW84CV97zD/s400/KB-14.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
If everything seems to be OK, remove the snapshot.
</li>
</ol>
<br />
Another way to address the criticality is to upgrade vRealize Log Insight to new version before the April 30 deadline because the new 8.12 version is not affected by this issue. <br />
At the time I'm posting this article (April 20th, 2023), the new release 8.12 has just been released, and is available for <a href="https://customerconnect.vmware.com/downloads/info/slug/infrastructure_operations_management/vmware_aria_operations_for_logs/8_12" target="_blank">download</a>. <br />
VMware Aria Operations for Logs 8.12 release notes are available <a href="https://docs.vmware.com/en/VMware-Aria-Operations-for-Logs/8.12/rn/vmware-aria-operations-for-logs-812-release-notes/index.html" target="_blank">here</a>.
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-41915551403045025252023-04-06T19:17:00.002+02:002023-04-06T19:17:45.423+02:00Log Forwarding - vRealize Log Insight<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
I need to forward log from vRealize Log Insight to an external syslog server
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
A quick post on how it is simple to configure a log forwarding from vRealize Log Insight to an external syslog server.
<br />
The official documentation is available at this <a href="https://docs.vmware.com/en/vRealize-Log-Insight/8.10/com.vmware.log-insight.administration.doc/GUID-956EC67B-44B4-44BB-AF24-0DE4377F725C.html" target="_blank">link</a>
<br />
Below the steps:
<br />
<ol left="" style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px;" text-align:="">
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Get access to the vRealize Log Insight <br /> <br />
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
When logged, click on <b>Administration</b> (1) > <b>Event Forwarding</b> (2) > <b>+ NEW DESTINATION</b> (3)
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9Pc-xoFUy2QQxVTsSp1FTGpwBXI-RPtqMn2-J4_zvLj4GewOaALkkkoWzrLalz0voe3ciC-3u_UPhlxSdxsczk4yOSgxdLfGJ6LQCaDESAhIRkCa5zV8FPhq0RlEDZ9XPCGJ0G_PnYtkULhkTWu9GOIWpqVBCMYsHZNEIlC6XwwlE0JF1m1m7Hf-_/s824/LogForwarding-1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="438" data-original-width="824" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg9Pc-xoFUy2QQxVTsSp1FTGpwBXI-RPtqMn2-J4_zvLj4GewOaALkkkoWzrLalz0voe3ciC-3u_UPhlxSdxsczk4yOSgxdLfGJ6LQCaDESAhIRkCa5zV8FPhq0RlEDZ9XPCGJ0G_PnYtkULhkTWu9GOIWpqVBCMYsHZNEIlC6XwwlE0JF1m1m7Hf-_/s400/LogForwarding-1.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Fill in the forms, with the proper information like Name, Destination Host. Select the protocol (Ingestion API, syslog, or RAW) to use to send the logs and so on.<br /> It is also possible to Filter which logs to send adding a filter. In my case I forward everything.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbzX6OMfJU5yDffK544ATJq6BRas0Sev8DUPulDAMrdAqv_55teUJLQieBv_vD2uNiv5OZtGAo43DOhMZ33sOJqjE-68SXG1AD-O7Vsww69-gH4j0XFO-1ay_NfbTpkgQtWxHUJaCOChIFju6yvyFtkC-dxNczvWkywCPi1_vktCrP8Z5SwsnfWCY0/s511/LogForwarding-2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="400" data-original-height="511" data-original-width="452" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhbzX6OMfJU5yDffK544ATJq6BRas0Sev8DUPulDAMrdAqv_55teUJLQieBv_vD2uNiv5OZtGAo43DOhMZ33sOJqjE-68SXG1AD-O7Vsww69-gH4j0XFO-1ay_NfbTpkgQtWxHUJaCOChIFju6yvyFtkC-dxNczvWkywCPi1_vktCrP8Z5SwsnfWCY0/s400/LogForwarding-2.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Click on <b>SAVE</b> <br /> <br />
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
And result should be an entry like the one below:
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaoiuWUepvXgS1Fva6_EFun-oAAqiFryxMXs8KKmE0s00NmRFCGX-D7468VQwi9FRreYOoargXC8noeIGX1GjLxWyauH69yhzHVnBr5FHRBDgofvUn-XbO9qNk5vafTfbQrzuyGvWdI6Sq6Ar_ABa-1v0Cl975ZmG5CKR8JM5gsVi0Ds9s_jPmP3hj/s1272/LogForwarding-3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="215" data-original-width="1272" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaoiuWUepvXgS1Fva6_EFun-oAAqiFryxMXs8KKmE0s00NmRFCGX-D7468VQwi9FRreYOoargXC8noeIGX1GjLxWyauH69yhzHVnBr5FHRBDgofvUn-XbO9qNk5vafTfbQrzuyGvWdI6Sq6Ar_ABa-1v0Cl975ZmG5CKR8JM5gsVi0Ds9s_jPmP3hj/s400/LogForwarding-3.png"/></a></div>
</li>
</ol>
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-55475398710355709492023-03-31T14:20:00.003+02:002023-03-31T14:20:12.173+02:00How to create an ISO image from a folder on MAC<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
How to create an ISO image from a folder on MAC ??
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
Lately I have the need to create ISO images to attach as CDROM to the VMs. <br />
I put all stuff I need inside the folder and then I create the ISO image. To do that on MAC is quite easy, you don't need any added software to install. We can use the command "hdiutil". <br />
<br />
Open a terminal and type :
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">hdiutil makehybrid -o image.iso ./folder -iso -joliet </pre>
Replace the 'image.iso' with the name of the iso that you want to create and './folder' with the directory you want to convert into an ISO image.
<br />
The folder path can be relative (as in my case) or absolute.<br /><br />
Hit enter.
<!-- <div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzsa2fZFzrsnoaQ65UX0u9-jp3Xmk4VQHqEYJrpOLyCGeOipdCkDjjCxAbhgJjwJmLHPdefRujeDfOUeGsvEgVhp3T1E3bJNFym7gzKOgiEYjkxVwEi5Ka7sz5wJsTaPBYbxwnIbUki2qZs1gnuwekc-fSecqHUNvC8A0k4wNCgH4uGDO3keUqoxFo/s760/hdiutil.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="53" data-original-width="760" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzsa2fZFzrsnoaQ65UX0u9-jp3Xmk4VQHqEYJrpOLyCGeOipdCkDjjCxAbhgJjwJmLHPdefRujeDfOUeGsvEgVhp3T1E3bJNFym7gzKOgiEYjkxVwEi5Ka7sz5wJsTaPBYbxwnIbUki2qZs1gnuwekc-fSecqHUNvC8A0k4wNCgH4uGDO3keUqoxFo/s400/hdiutil.png"/></a></div> -->
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-34739260607679986492023-01-31T16:56:00.000+01:002023-01-31T16:56:31.345+01:00UBUNTU - Extend LVM Partition
<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
Few months ago I installed Ubuntu on my MAC M1 apple Silicon to practice with a K8s LAB. I proceeded with a simple installation (for beginner) leaving any options set by default, choosing to use the entire disk (30 GB). I made up my configuration, set up minikube, realized some YAML file (just to test some environment in K8s), than weeks later upgraded the kernel .... and now a warnig telling me that I have terminated the space .... what the hell ... how i did?
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpPrQB4mF5XWoiP5w3JvOSNUfwkt10BzpVIcolnNpLhpW_X8chpespZ2V7A72i9OdyHssNz28dYDO-iN2FaumhaQo2S58iggWn0FiBRRmpp4kiZ5Vy7ZSSubRo8GNLtrWn94IPFrU-pYW2alxR0YAn-rJoR84ofiEvmfeA0mS_aAhVmTsNFsWB6kGE/s789/U1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="366" data-original-width="789" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgpPrQB4mF5XWoiP5w3JvOSNUfwkt10BzpVIcolnNpLhpW_X8chpespZ2V7A72i9OdyHssNz28dYDO-iN2FaumhaQo2S58iggWn0FiBRRmpp4kiZ5Vy7ZSSubRo8GNLtrWn94IPFrU-pYW2alxR0YAn-rJoR84ofiEvmfeA0mS_aAhVmTsNFsWB6kGE/s400/U1.png"/></a></div>
Watching better the output of the "df -h" command, I realized that the size of the disk wasn't as expected.
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
During the initial installation phase I didn't pay to much attention on how the disk was really partitioned.
<br />
Let's perform a couple of commands to be sure on the real size of the disk.
<br />
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">lorenzo@ubuntu:~$ sudo lsblk -o NAME,FSTYPE,SIZE,MOUNTPOINT,LABEL</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0d2i2FN1UqV8jOwmz3snhdqvxj4Vyr0gYiJ0Oj8e3o9A-I0fZ-QUGYZgoqZwONn1ytW61rzCfWWRen297FkPfOuOV0Pk5yCcBVM2J6-SznkweMm2GbcJo06oY-3yW_4pnj-6s01aWZkNDxvZq20E3gdboAM-OJBKokNXjlcuC-svyttzwHQRK9oXP/s709/U2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="291" data-original-width="709" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0d2i2FN1UqV8jOwmz3snhdqvxj4Vyr0gYiJ0Oj8e3o9A-I0fZ-QUGYZgoqZwONn1ytW61rzCfWWRen297FkPfOuOV0Pk5yCcBVM2J6-SznkweMm2GbcJo06oY-3yW_4pnj-6s01aWZkNDxvZq20E3gdboAM-OJBKokNXjlcuC-svyttzwHQRK9oXP/s400/U2.png"/></a></div>
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">lorenzo@ubuntu:~$ sudo fdisk -l</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7onAQt3Yd2-lV2x5XlwUu4nW2K4sxzoLCoY6G6-_VxPLHQNN_cFUTgyeeQneorThbEgud3gqXT7qw1DZ_RFzNX6MsKXtQXB9VISFPUztylxIvxSvPl8BW9U4dBSo5GPxXCfgjy6fW9o4X5QS53EN75jaO7tHP7nOBeB3aT0xZ-qA4lF5QdpfpYu3e/s893/U3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="433" data-original-width="893" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj7onAQt3Yd2-lV2x5XlwUu4nW2K4sxzoLCoY6G6-_VxPLHQNN_cFUTgyeeQneorThbEgud3gqXT7qw1DZ_RFzNX6MsKXtQXB9VISFPUztylxIvxSvPl8BW9U4dBSo5GPxXCfgjy6fW9o4X5QS53EN75jaO7tHP7nOBeB3aT0xZ-qA4lF5QdpfpYu3e/s400/U3.png"/></a></div>
<br />
Verified that we have the original 30GB disk and space not allocated, what we have to do is to extend or resize the LVM partition to the available free space with the <b>lvextend</b> command. <br />
Let's proceed by steps:
<br />
<ol left="" style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px;" text-align:="">
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Locate the partition to extend running the "df -h" command. We have seen that in our case is the root "/" (93% Used).
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJkQ7wTX0G6zYHmHTm54koNaYVZc27wtiI-SLvtAVHL6G20jkxcuRnSlJDoaVY1rNOG9H1P4YBeNp6L2xfRyazDesIIzmtnrx9f0t1s_bWhmzBF6HHSFea_jiAk3jHCD_MZcUMyl-1KChANNZR-k0OPTDGbDqgLEF89OX6d75eo8hQEZOZznDA3220/s699/U4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="124" data-original-width="699" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiJkQ7wTX0G6zYHmHTm54koNaYVZc27wtiI-SLvtAVHL6G20jkxcuRnSlJDoaVY1rNOG9H1P4YBeNp6L2xfRyazDesIIzmtnrx9f0t1s_bWhmzBF6HHSFea_jiAk3jHCD_MZcUMyl-1KChANNZR-k0OPTDGbDqgLEF89OX6d75eo8hQEZOZznDA3220/s400/U4.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
With the following command, let's check in the volume group where are the free space:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">root@ubuntu:~# vgdisplay</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzEynL0zDt0xs0kDqxoiHJlg0t_GMqkXdwxWF0E140pyHu78n5jj6HkI_-pjHreKpMgUS5WL2DhVg11qb43OgwfIkYDR12FTQBPheYzS9Uzf5BkTdBywm27Mp6aNajA_heUmq6uHWhOAGMMBBdAVJlb-Hn8ZJ4XqfS-UaW3n5TyMrOn0z5qUS3k1mh/s677/U5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="465" data-original-width="677" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzEynL0zDt0xs0kDqxoiHJlg0t_GMqkXdwxWF0E140pyHu78n5jj6HkI_-pjHreKpMgUS5WL2DhVg11qb43OgwfIkYDR12FTQBPheYzS9Uzf5BkTdBywm27Mp6aNajA_heUmq6uHWhOAGMMBBdAVJlb-Hn8ZJ4XqfS-UaW3n5TyMrOn0z5qUS3k1mh/s400/U5.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Let's run the below <b>lvextend</b> command to extend the file system.
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">root@ubuntu:~# lvextend -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiTYNkWZzcAT6t1ODxEkHp1H1BjUMUHbZIG4YwFI2ZnKpuARuYbqgz3voxxnzjIu86RBP1ynKXtK0yvMMFpwY5D1uxRqWpOkPq9Zh_WLqjKvhwu6vBu8dFyivTPpcY0qLPZkL7jUPmvac3JMFeGoHjSJ-yUBub_I8yQkTsU7iqCClpxB4vsKwtvOyr/s1873/U6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="194" data-original-width="1873" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiTYNkWZzcAT6t1ODxEkHp1H1BjUMUHbZIG4YwFI2ZnKpuARuYbqgz3voxxnzjIu86RBP1ynKXtK0yvMMFpwY5D1uxRqWpOkPq9Zh_WLqjKvhwu6vBu8dFyivTPpcY0qLPZkL7jUPmvac3JMFeGoHjSJ-yUBub_I8yQkTsU7iqCClpxB4vsKwtvOyr/s400/U6.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
With previous lvextend command we have extended the file system to use 100% of the free space availabe, but still the file system is not updated untill we execute the following <b>resize2fs</b> command:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">root@ubuntu:~# resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv</pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGNKN63bAd6QhrQfcp9ldoGcjQCOEjSzu2gDYrwdyY5Um73pjq9XZCGEsFEdwxOf-ZCdvEhjJ4gjCH-qv6lboBSx5lkysi3RhbPAdIj9TmEiaCYOVlUOHcqiT7_tetEybXYDXO0ahmMSfhfHPKcgEc4NGxzp1j9SL4QvrpKWgCxppCZkzjZv5gX7vA/s1738/U7.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="214" data-original-width="1738" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGNKN63bAd6QhrQfcp9ldoGcjQCOEjSzu2gDYrwdyY5Um73pjq9XZCGEsFEdwxOf-ZCdvEhjJ4gjCH-qv6lboBSx5lkysi3RhbPAdIj9TmEiaCYOVlUOHcqiT7_tetEybXYDXO0ahmMSfhfHPKcgEc4NGxzp1j9SL4QvrpKWgCxppCZkzjZv5gX7vA/s400/U7.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Last but not least, check that the space has been expanded as desired, performing "df -h" command again.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXHDR8j6A3IosJ579q4R3hGr5wHQp9FYfiTvbsT1jlu2BIlUzBtbz0NUPnVzNV6JCSt6JKZlEwu4ZL90f1whtlemvvuZB5pvA-bD-znAoxcHHd1bjN398oJyZfVyCwnhsUwefGkL5HLhykahy-SaY_TpLHzF1SRmNsFGq7Ty5dkp09jz7u7QOcmXpP/s1888/U9.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="721" data-original-width="1888" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgXHDR8j6A3IosJ579q4R3hGr5wHQp9FYfiTvbsT1jlu2BIlUzBtbz0NUPnVzNV6JCSt6JKZlEwu4ZL90f1whtlemvvuZB5pvA-bD-znAoxcHHd1bjN398oJyZfVyCwnhsUwefGkL5HLhykahy-SaY_TpLHzF1SRmNsFGq7Ty5dkp09jz7u7QOcmXpP/s400/U9.png"/></a></div>
</li>
</ol>
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-36033323816412099622023-01-02T10:41:00.000+01:002023-01-02T10:41:30.402+01:00How to retrieve the WWPN of a bunch of ESXi hosts using PowerShell<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
I need to quickly retrieve the WWNs of a list of ESXi hosts (not managed by a vCenter)
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
To solve this, I thought about making a script in powershell that connects to each ESXi hosts presents in "host-list.txt" file and retrieves the necessary information. As outcome, we create a csv file "wwpn-list.csv" with all gathered information.
<br />
What I'm assuming here, in my script is that all ESXi hosts have the same username and password (in my case respectively root and VMware1!).
<br />
Below is the script:
<br />
<br />
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"># get-wwpn.ps1
#
# Lorenzo Moglie
# Version: 1.0 (29.12.2022)
#
$user = 'root'
$pswd = 'VMware1!'
$Hosts = Get-Content -Path '.\host-list.txt'
$report = @()
foreach ($host in $Hosts){
#Write-Host "Host:", $host
Connect-VIServer -Server $host -User $user -Password $pswd
$temp = Get-VMhost -Name $host | Get-VMHostHBA -Type FibreChannel | Select VMHost, Device, @{N "WWN";E={"{0:X}" -f $_.PortWorldWideName}} | Sort VMHost,Device
$wwpn = @{}
$wwpn.VMHost = $temp.VMHost.Name[0]
$wwpn.vmhba64 = $temp.WWN[0]
$wwpn.vmhba65 = $temp.WWN[1]
$wwn = New-Object -TypeName PSObject -Property $wwpn
Sreport += Swwn
Disconnect-VIServer -Confirm:$false
}
$report | Select VMHost, vmhba64, vmhba65 | Sort-Object -Property VMHost | Export-Csv .\wwpn-list.csv</pre>
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>
Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-29976048567016477492022-12-29T02:18:00.000+01:002022-12-29T02:18:19.799+01:00Edge VM Present In NSX Inventory Not Present In vCenter<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
A customer writes me an email asking for help because two Edge nodes in his NSX-T infrastructure had the following critical error (as shown in the picture below):
<br />
<br />
<b>"Edge VM Present In NSX Inventory Not Present In vCenter"</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDyKsD480i54f77QmR-aokIRElgKe7iDGeTqN2p4X_1vNyFNoofGFCQLX3I4L65Uv1RHfF-NFHzrcL5KEghUytzCic8Z0xZEt9oEe-z7dMN_vo3znAXYg6GS3SeoZYqFqPnt1BYq7mP7f98-uvHAbu0rt6gXJ-RKBLqWbK3uTawRbQxNhm3qV9Ln1x/s1125/Edge01.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="729" data-original-width="1125" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjDyKsD480i54f77QmR-aokIRElgKe7iDGeTqN2p4X_1vNyFNoofGFCQLX3I4L65Uv1RHfF-NFHzrcL5KEghUytzCic8Z0xZEt9oEe-z7dMN_vo3znAXYg6GS3SeoZYqFqPnt1BYq7mP7f98-uvHAbu0rt6gXJ-RKBLqWbK3uTawRbQxNhm3qV9Ln1x/s400/Edge01.png"/></a></div>
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
This error message, as we can see from the this <a href="https://docs.vmware.com/en/VMware-NSX-Event-Catalog/index.html" target="_blank">link</a> was introduced in version 3.2.1.
<br />
The customer has already tried to verify what is indicated in the "Recommended Action" and found that the vm-id is not modified, and the Edge VMs are still in the vCenter Inventory.
<br />
Asking if he had made any changes, he replies that the only change made was at the vCenter level to update the expired Machine Cert, and that the certificate was revalidated by NSX-T (indeed the communication between the NSX-T system and the vCenter was showing no errors).
<br />
In summary, the Edge VMs were still in inventory, nobody had changed the vm-id, the only thing that had changed was the certificate in vCenter.
<br />
<br />
The customer fixed it himself on the first attempt, by restarting the cluster appliance the VIP was pointing to. By doing so, when the VIP was switched to another appliance of the NSX Manager cluster, the message resolved itself.
<br />
<br />
As a second attempt, if the first didn't work, after verifying correctly what is indicated in the "Recommended actions" would be to "<a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-F5586DC7-35B9-4929-B4A9-59806953DFB9.html" target="_blank">Redeploy an NSX Edge VM Appliance</a>" if the edge is no longer connected to NSX Manager; otherwise to replace it inside the Cluster (one by one) as indicated in "<a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-B827C49C-016E-491F-91E0-46F150E5C442.html" target="_blank">Replace an NSX Edge Transport Node Using the NSX Manager UI</a>"
</p>
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-19536495347989098342022-10-11T19:09:00.009+02:002022-10-11T22:52:09.400+02:00MacOS - Running Scripts at Login<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
In October 2018 I wrote a short post (in Italian) on how to "<a href="https://lmoglie.blogspot.com/2018/10/remapping-keys-in-macos.html" target="_blank" rel="nofollow">Remapping Keys in MacOS</a>".
<br />
In the post I also wrote that I would publish a second one on how to make this change permanent. For reasons of time (few time available), work, family, etc. I never managed to write it until I forgot about it. Then thanks to Paolo's comment I remembered that I have not posted it anymore. So, I do it now.
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
To solve this issue, and make the fix permanent every time I login into my account I decided to use the LaunchAgent features.
<br />
More information about LaunchAgent can be found in "<a href="https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/BPSystemStartup/Chapters/CreatingLaunchdJobs.html" target="_blank">Daemons and Services Programming Guide</a>" and in "<a href="about:invalid#zSoyz" target="_blank">Script management with launchd in Terminal on Mac</a>" as well.
<br />
<br />
Let's see below how to run the script when our user logon.
<br />
<ol left="" style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px;" text-align:="">
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Let's start, creating the folder where to place the script to run. In my case I decide to create a new ".lm_scripts" (hidden folder) under my own directory.
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVYkCGUHDIF-HMZYPgUquDhA6qv1tSns5oYmSLegczH2-PAsaRE1kffIjlD5sXlBbmlRb2-1v3dmJEPqNDTl487qiMSbwZKC92smADU3kY_eyQdwRcmE2lbmzm33Ue9g7fprP7HBv8Cq-NXglsew3KOx8AFW0JzwFC8ogeRjDtXGPGwQN9t2p8IPtj/s850/script1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="96" data-original-width="850" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVYkCGUHDIF-HMZYPgUquDhA6qv1tSns5oYmSLegczH2-PAsaRE1kffIjlD5sXlBbmlRb2-1v3dmJEPqNDTl487qiMSbwZKC92smADU3kY_eyQdwRcmE2lbmzm33Ue9g7fprP7HBv8Cq-NXglsew3KOx8AFW0JzwFC8ogeRjDtXGPGwQN9t2p8IPtj/s400/script1.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Create a script similar to the followingg, and place it under the new directory (in my case .lm_scrpts). <br/>
For a complete reading on how to find the various parameters, refer to my original <a href="https://lmoglie.blogspot.com/2018/10/remapping-keys-in-macos.html" target="_blank">post</a>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEKxMSSWpcaZCIzYZTa0lXQEJONIUtmh6TODYp4GQLvI0U39MnWfxFZuYFeX1-vOJX-UGp10tuK_53DK3Ti5nT7CakMYYjW7ZLSFaF4uP46Jr-qIYyvpf8yg9pYv0T37ZcL5R2ip-cxkax7FFNR0c5AcL6lBPgJQ7x0ubezwosfn5xQg5cUFhvS3il/s2641/script2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="174" data-original-width="2641" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhEKxMSSWpcaZCIzYZTa0lXQEJONIUtmh6TODYp4GQLvI0U39MnWfxFZuYFeX1-vOJX-UGp10tuK_53DK3Ti5nT7CakMYYjW7ZLSFaF4uP46Jr-qIYyvpf8yg9pYv0T37ZcL5R2ip-cxkax7FFNR0c5AcL6lBPgJQ7x0ubezwosfn5xQg5cUFhvS3il/s400/script2.png"/></a></div>
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">#!/bin/bash
hidutil property --matching '{"ProductID":0x221,"VendorID":0x5ac}' --set '{"UserKeyMapping":[{"HIDKeyboardModifierMappingSrc":0x700000063,"HIDKeyboardModifierMappingDst":0x700000037}]}'</pre>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Give the script executable permissions <br/>
<b>chmod +x remapping.keys.sh</b>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgODgVu_TqF8ghPS_VxqJ0i0-46F7zNw85vT4whq6bdSyS9NwCrSZaHLYcyozXFy1RKkzOch238q4tIstoCy8HBgh3wj96XfIOLluJV_thFwHthAz0I-sp5Gumh0dUNJm4Rv-cXCsQGfvASjb8fhuP5zod3bXqGO6cIynxJKYuXr1eyIJEbJGkJopmc/s912/script3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="34" data-original-width="912" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgODgVu_TqF8ghPS_VxqJ0i0-46F7zNw85vT4whq6bdSyS9NwCrSZaHLYcyozXFy1RKkzOch238q4tIstoCy8HBgh3wj96XfIOLluJV_thFwHthAz0I-sp5Gumh0dUNJm4Rv-cXCsQGfvASjb8fhuP5zod3bXqGO6cIynxJKYuXr1eyIJEbJGkJopmc/s400/script3.png"/></a></div>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Create with your favourite editor a new .plist file. I called it <b>com.remapping.keys.plist</b> <br/>
As shown below <br/>
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;"><?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.remapping.keys.app</string>
<key>Program</key>
<string>/Users/lorenzo/.lm_scripts/remapping.keys.sh</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist></pre>
Note that, the program string above must reflect your user and the path where the script <b>remapping.keys.sh</b> is present.
<br/><br/>
</li>
<li style="margin: 0px 0px 0.25em; padding: 0px;">
Then, place the file, in my case <b>com.remapping.keys.plist</b> (just created) under the following directory <b>~/Library/LaunchAgents/</b> <br/>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIY1--nqEf_q5MlXTkQ-3xZgk9B1X1f3Nz_hDLM7MGL67OTKCTBtGaBfijk_09Vwm9UUX1fu9VWKeSGXoQPSQK2DCqG6OiQKjLnNZnEev2O2hp63kKpwJWuYhoXBh8Sf51nMhhpzfg0FyIQ09IJ4Iq13hSRJ4zBhoP7bddJAJLZxFunIGbnefCmh3l/s1550/script4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="614" data-original-width="1550" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhIY1--nqEf_q5MlXTkQ-3xZgk9B1X1f3Nz_hDLM7MGL67OTKCTBtGaBfijk_09Vwm9UUX1fu9VWKeSGXoQPSQK2DCqG6OiQKjLnNZnEev2O2hp63kKpwJWuYhoXBh8Sf51nMhhpzfg0FyIQ09IJ4Iq13hSRJ4zBhoP7bddJAJLZxFunIGbnefCmh3l/s400/script4.png"/></a></div>
</li>
</ol>
<br />
Now, at your next login the keys of the keyboard keys will be re-mapped as desired.
<br />
<p>
<b>That's it.</b>
</p>
</span>
</div>
Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-2729010355122865762022-07-25T10:53:00.005+02:002022-07-25T11:44:52.224+02:00Clone a VM via PowerCLI<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
What I need today? I just need to create a simple PowerCLI script to clone a VM, after it has been powered off.
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
<b>Disclaimer</b>: Use it at your own risk.
<br />
<br />
The following script is used to create a clone of a specific VM (after it has been shut down). <br />
Before running, replace the following fields with your information:<br /><br />
<VCENTER>: Source vCenter (where the VM is running) <br />
<USERNAME>: Username to connect to the vCenter (whit right permition to clone) <br />
<PASSWORD>: Password of the user<br />
<DATASTORE_TARGET>: Datastore target where. to place the cloned VM<br />
<br />
Below the script:
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">##############################################
# LM: Use it at your own risk
# Clone a VM on the specific Datastore and attach the suffix "_Clone" to the VM Name (cloned)
##############################################
if ($args[0].length -gt 0) {
$vmName = $args[0]
} else {
Write-Host -ForegroundColor red "Usage: .\CloneVM.ps1 <VM_Name>"
exit 40
}
Connect-VIServer -Server <VCENTER> -User <USERNAME> -Password <PASSWORD>
$vm = Get-VM -Name $vmName
if ((Get-VM -Name $vmName).PowerState -eq "PoweredOff") {
Write-Host -foreground Green "- VM "$vmName "is already OFF"
}
else
{
Write-Host -foreground Red "- VM "$vmName "is shutting down ..."
$vm | Shutdown-VMGuest -Confirm:$false
While ((Get-VM -Name $vmName).PowerState -ne "PoweredOff") {
Write-Host -foreground yellow "... waiting for" $vmName "to power off"
sleep 5
}
}
$ds = Get-Datastore -Name <DATASTORE_TARGET>
$esx = Get-Cluster -VM $vmName | Get-VMHost | Get-Random
$vm = New-VM -VM $vmName -Name $vmName'_CLONE' -Datastore $ds -VMHost $esx
Set-VM $vmName -name $vmName'_Clone' -confirm:$false
Disconnect-VIServer -Server * -Force -Confirm:$false</pre>
<br />
</p>
<p>
<b>That's it.</b>
</p>
</span>
</div>
Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-21040513411343855192022-07-04T17:47:00.005+02:002022-07-04T17:47:31.861+02:00NSX-T 3.2.0.1 - Function not (yet) implemented<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
Function not implemented.
<br />
Browsing through the NSX-T logs of an ESXi host (in /var/log/nsx-syslog.log), I found countless INFO messages of <b>nsx-opsagent</b> service, "Function not implemented", as looks like into the image below.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKvpjbXJQxqXJJVfdT0I3cRQVXn04xMh9tV5bknoIGVEjVLvR5yw706B7L_h_yHaIj4mWTJM6OTO1WjDIhiDckcNQ5ctDPnBjtfXxIfhq2cq1L9sho36XhM-SAz-KPUfVhKyeCEK7AmpVavu9xlBJxA7SYu19EcOek_lzlCo1HVD5Y67rrxc9DErbC/s1170/Function%20not%20implemented.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="682" data-original-width="1170" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKvpjbXJQxqXJJVfdT0I3cRQVXn04xMh9tV5bknoIGVEjVLvR5yw706B7L_h_yHaIj4mWTJM6OTO1WjDIhiDckcNQ5ctDPnBjtfXxIfhq2cq1L9sho36XhM-SAz-KPUfVhKyeCEK7AmpVavu9xlBJxA7SYu19EcOek_lzlCo1HVD5Y67rrxc9DErbC/s400/Function%20not%20implemented.png"/></a></div>
<br />
Therefore I asked information to the Global Support Service of VMware ...
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
They told me:<br />
<br />
"<i>This is only INFO in the logs, and however, based on the amount, I don't think this is good to happen anyway. NSX-T 3.2.0.1 is the latest release; it could be something opsagent is trying to do, but it's not fully implemented on the host side.</i>"
<br /><br />
And the reply from the Product Engineering confirm that the log is harmless. It just shows that nsx-vim is interacting with other processes, and that there will be fewer logs for "Function not implemented" in 3.2.1.
</p>
<p>
<b>That's it.</b>
</p>
</span>
</div>
Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-12028045836040355552022-04-19T13:03:00.007+02:002022-06-29T16:59:08.242+02:00NSX-T 3.2 - Traceflow request failed<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
New day, new issue :-)
<br />
I'm not able to traceflow traffic between two VMs plugged on VLAN backed segment managed by NSX-T 3.2.0.1, obtaining the following error message:
<br />
<br />
<b>Traceflow request failed. The request might be cancelled because it took more time than normal. Please retry. <br />
Error Message: Error: Traceflow intent /infra/traceflows/<UID> realized on enforcement point /infra/sites/default/enforcement-points/default with error Traceflow on VLAN logical port LogicalPort/<UID> requires INT (In-band Network Telemetry) to be enabled (Error code: 500060)</b>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijEEg_f6iwaUc5xTtmkhkHhdY-vhcTxYybbkZ8YdEgN5p-9em62qBEbi4ij2M1AVWxMvWbRuymcMd7pb-L-_XyE54-nRWFnoMfSJaZuLccPbtGbKAgCrr3y87hZp3kxVqr6a8AlZqZDgUxrPUJeaAqWqQ3pfiigebSbGZVBN3vi1oZPAqf-z0Q0CCN/s2847/TraceFlow-1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1368" data-original-width="2847" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEijEEg_f6iwaUc5xTtmkhkHhdY-vhcTxYybbkZ8YdEgN5p-9em62qBEbi4ij2M1AVWxMvWbRuymcMd7pb-L-_XyE54-nRWFnoMfSJaZuLccPbtGbKAgCrr3y87hZp3kxVqr6a8AlZqZDgUxrPUJeaAqWqQ3pfiigebSbGZVBN3vi1oZPAqf-z0Q0CCN/s400/TraceFlow-1.png"/></a></div>
Looking inside the official documentation "<a href="https://docs.vmware.com/en/VMware-NSX-T-Data-Center/3.2/administration/GUID-0771969B-A897-4FD0-AEE3-323F630A584A.html" target="_blank">Perform a Traceflow</a>"
I noticed that "Traceflow is not supported for a VLAN-backed logical switch or segment" in version 3.0 and 3.1 but it should be supported in version 3.2.
<br />
So, why it doesn't work??
<br />
I tried running the indicated REST API call "<i>PUT /api/v1/global-configs/IntGlobalConfig</i>" to enable In-band Network Telemetry (INT). Without success !!!
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
I found the solution by googling "nsx-t (In-band Network Telemetry) to be enabled (Error code: 500060)", and a post "<a href="https://vm.knutsson.it/2022/01/nsx-t-traffic-analysis-traceflow-fails/" target="_blank">NSX-T Traffic Analysis Traceflow fails</a>" by "Brian Knutsson" came out. The post explain how to enable the Traceflow in NSX-T 3.2 for vlan backed. Here are the steps performed in my infrastructure.
<br />
<br />
I made the follofing REST call:
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">curl -k -u 'admin' -X GET https://<NSX Manager IP of FQDN>/api/v1/infra/ops-global-config </pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGyuwtk83bJhhUtPssR3qyRNqbYVpLO129yflf4_A2o65PcM5yRfoyjo36riitril83Yzl7HoiwpC2MFXy7HFVmvdluPYsmtfNNnd9e2z-be3_r-jushLlwZwL5w-bDaAsogVfT4W_H7aaaG9eDJe87HddBvMxAoWdPZIZVbsv3jUw3Cf-ccB-rX46/s2020/TraceFlow-2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="690" data-original-width="2020" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGyuwtk83bJhhUtPssR3qyRNqbYVpLO129yflf4_A2o65PcM5yRfoyjo36riitril83Yzl7HoiwpC2MFXy7HFVmvdluPYsmtfNNnd9e2z-be3_r-jushLlwZwL5w-bDaAsogVfT4W_H7aaaG9eDJe87HddBvMxAoWdPZIZVbsv3jUw3Cf-ccB-rX46/s400/TraceFlow-2.png"/></a></div>
I kept note of the revision, and use it into the next call ...
<br />
<pre style="background: rgb(238, 238, 238); border: 1px solid rgb(221, 221, 221); clear: both; color: #111111; font-family: consolas, "andale mono", monaco, courier, "courier new", verdana, sans-serif; font-size: 12px; line-height: 1.5em; margin-bottom: 1.667em; overflow: auto; padding: 0.583em 0.833em;">curl -k -u 'admin' -X PUT -H "Content-Type: application/json" -d
'{
"display_name": "ops-global-config",
"in_band_network_telementry": {
"dscp_value": 2,
"indicator_type": "DSCP_VALUE"
},
"path": "/infra/ops-global-config",
"relative_path": "ops-global-config",
"_revision": 0
}'
https://<NSX Manager IP of FQDN>/policy/api/v1/infra/ops-global-config </pre>
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghhXHMbP2XV4s3d_97VqqYq3AoLHxspOkwgr55IdSQouQhyfXHujIB1swqq33LuFl_8-G1fpk3EzwaJY5y0a15yUjmNObfgKkiQX6CUgZ0o5xzL0yCf_RncLgoTvuDpnsqEzTNgtTrc2gj8Nm6fzRxLmSWKjSKtCSFSndst56sVaHhtPaFWvdUK05v/s2022/TraceFlow-3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="928" data-original-width="2022" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEghhXHMbP2XV4s3d_97VqqYq3AoLHxspOkwgr55IdSQouQhyfXHujIB1swqq33LuFl_8-G1fpk3EzwaJY5y0a15yUjmNObfgKkiQX6CUgZ0o5xzL0yCf_RncLgoTvuDpnsqEzTNgtTrc2gj8Nm6fzRxLmSWKjSKtCSFSndst56sVaHhtPaFWvdUK05v/s400/TraceFlow-3.png"/></a></div>
Now, thanks to Brian it works!!
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzysKD4ddrYsjGxqVBiH1Kh5A4v9FqHBoq1KaBY69hwXPfEyO1vjoAT9hM6kHExQxZC02N9jv6mCKB1z73koVKBpUh0-mkynla9owoohx7A6IrbEWF-E0LfaC1VIwsZNfVTQKwq_3-qPJCwdLfuzNc57AEpRWsdh5rTgxLOyYDBIp1_Dt7BpJaod6j/s2841/TraceFlow-4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="1322" data-original-width="2841" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgzysKD4ddrYsjGxqVBiH1Kh5A4v9FqHBoq1KaBY69hwXPfEyO1vjoAT9hM6kHExQxZC02N9jv6mCKB1z73koVKBpUh0-mkynla9owoohx7A6IrbEWF-E0LfaC1VIwsZNfVTQKwq_3-qPJCwdLfuzNc57AEpRWsdh5rTgxLOyYDBIp1_Dt7BpJaod6j/s400/TraceFlow-4.png"/></a></div>
</p>
<p>
<b>That's it.</b>
</p>
</span>
</div>Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0tag:blogger.com,1999:blog-4311067385424068240.post-11140388656383854452022-04-08T17:35:00.001+02:002022-04-08T17:35:11.442+02:00NSX-T 3.2.01 - Upgrade failed from 3.1.6<div dir="ltr" style="text-align: left;" trbidi="on">
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<p>
<b><h2>Issue</h2></b>
<br />
Today, during the upgrade of NSX-T Data Center infrastructure from 3.1.3.6 version to 3.2.0.1 I faced out the following issue.
<br />
All NSX-T Appliance managers have been updated to version 3.2.0.1, but when updating the latest appliance the result was as follows:
<br />
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhY1yKcNEkWjO3SnVeRfUGmq0cw5P9QCgUCudBC9M01PaONHzBgT1FL94EZJTAz6kHuTlaqj73gRR0vJthaNcatp4Di2TBX4S_ocVg2eJm2vQArB-un3Lka1E8edJlEPqxVzmOdo5pw8-h5BYbMjeW7UmhlTjHq2Dmu1l2fnkiRwUDGv1G-gyHUuoXA/s988/nsxt1.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="449" data-original-width="988" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhY1yKcNEkWjO3SnVeRfUGmq0cw5P9QCgUCudBC9M01PaONHzBgT1FL94EZJTAz6kHuTlaqj73gRR0vJthaNcatp4Di2TBX4S_ocVg2eJm2vQArB-un3Lka1E8edJlEPqxVzmOdo5pw8-h5BYbMjeW7UmhlTjHq2Dmu1l2fnkiRwUDGv1G-gyHUuoXA/s400/nsxt1.png"/></a></div>
<br />
looking in System > Lifecycle Management > Upgrade
<br />
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii1mAsSCoDtUjeapYfjNfoFGr5zPEgGvBEY0LOgZsciCNSQT242vF3QNcWEOZPlEO0kRCn4HgSkCRXEc_m15hldfHWuvFfm87vYyInTe3RuxNSjjC1I79JueYrnM9E2ol8jxjH0_fELyjNpHAUrAY_j-TMrPYz6fICj215OB-iK49cvqHPtU2KpnHY/s1434/nsxt2.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="640" data-original-width="1434" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEii1mAsSCoDtUjeapYfjNfoFGr5zPEgGvBEY0LOgZsciCNSQT242vF3QNcWEOZPlEO0kRCn4HgSkCRXEc_m15hldfHWuvFfm87vYyInTe3RuxNSjjC1I79JueYrnM9E2ol8jxjH0_fELyjNpHAUrAY_j-TMrPYz6fICj215OB-iK49cvqHPtU2KpnHY/s400/nsxt2.png"/></a></div>
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ_QMoIXoR6Cz1137Y2mSF8Dv_XSq0awFrq5POcMT4AtU0fYOEE4DLQiwz9VKtm3WN0aP93tV2CvX2Fr9nQi7YZ015mzQUqXa-UFndfcnZO24D14LkMFWqtzfR4jYO4zFcGdB7vPEwIDenfD7xRxxTh-h7BaW7CbNNVGDKcpUEXsF8e7bfg8k4rpOr/s1205/nsxt3.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="542" data-original-width="1205" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZ_QMoIXoR6Cz1137Y2mSF8Dv_XSq0awFrq5POcMT4AtU0fYOEE4DLQiwz9VKtm3WN0aP93tV2CvX2Fr9nQi7YZ015mzQUqXa-UFndfcnZO24D14LkMFWqtzfR4jYO4zFcGdB7vPEwIDenfD7xRxxTh-h7BaW7CbNNVGDKcpUEXsF8e7bfg8k4rpOr/s400/nsxt3.png"/></a></div>
<br />
It was not possible to connect via UI to the NSX-T manager appliances, instead via SSH, the appliances were reachables and updated, but the “<b>get cluster status</b>” NSX manager CLI command output clearly shows that the group status is degraded and that two nodes were down.
<br />
<br />
</p>
<p>
<b><H2>Solution</H2></b>
<br />
<b>Disclaimer</b>: Some of the procedures described below, may not be officially supported by VMware. Use it at your own risk.
<br />
<br />
To solve the issue I decided to keep the good NSX-T manager appliance, deactivate the cluster and deploy new appliances from the good one.
<br />
As described in this <a href="https://docs.vmware.com/en/VMware-Validated-Design/6.0.1/sddc-backup-and-restore/GUID-8A4E86B6-9CBE-4C88-ACAC-8D90666B306A.html" target="_blank">link</a>, in the event of a loss of two of the three NSX-T Manager cluster nodes we must deactivate the cluster.
<br />
An interesting guide on <a href="https://rutgerblom.com/2019/09/15/nsx-t-recoverability-part-1/" target="_blank">NSX-T recoverability</a> was written by Rutger Blom.
<br />
<br />
But let's proceed step by step.
<br />
<ul>
<span style="background-color: white; color: #666666; font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: 13.3333px; text-align: justify;">
<li>
We first need to deactivate the cluster. This operation must be performed from the good/survived NSX-T manager appliance, running the CLI command "<b>deactivate cluster</b>".
<br /><br />
</li>
<li>
We can now, delete the NSX-T Manager appliances not good from the UI.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrJxzi0hLBVAAim4Q5XPU_-hoQYXoe9oGNY1RQkRTlwOBw0V2OZCFTUXGZX57lcB3s-Hwc72hc0uTyo0-fOG_PdwtGVhz-r8-hzMEw9FdG7mVPlQ2LE11fnI-qxu2QXotm8MCC1sX-BB3ssESm4bewA4nC44YUegVT97duD3GVreRHAZiaohnI5320/s1198/nsxt4.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="464" data-original-width="1198" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrJxzi0hLBVAAim4Q5XPU_-hoQYXoe9oGNY1RQkRTlwOBw0V2OZCFTUXGZX57lcB3s-Hwc72hc0uTyo0-fOG_PdwtGVhz-r8-hzMEw9FdG7mVPlQ2LE11fnI-qxu2QXotm8MCC1sX-BB3ssESm4bewA4nC44YUegVT97duD3GVreRHAZiaohnI5320/s400/nsxt4.png"/></a></div>
If something went wrong you also need to detach the node.
<br /><br />
</li>
<li>
Let's now reset the NSX-T Upgrade Plan as shown in the <a href="https://kb.vmware.com/s/article/82042" target="_blank">KB82042</a> via API.
<br /> <br />
<b>DELETE https://NSX_MGR/api/v1/upgrade-mgmt/plan</b>
<br /> <br />
For this to take affect, ssh to the Manager node controlling the upgrade and restart the upgrade service
<br /> <br />
<b>> restart service install-upgrade</b>
<br />
<br />
</li>
<li>
Refreshing the UI .... we can continue with a fake upgrade, clicking on "NEXT - NEXT - DONE" until the end.
<br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtGFdKRXs7e8hZSYOx8H-jpfV8jEaxx8vWXWtVbIYVElSlFlfmq6TcrkBvEUfxn8-iWvRXttY1-kzGbZgnlPF9cIPm3aPcDM3Civj10t-oI6_c2EofYyiuuLJpU6i9rgVCjyde1Ob_iEXwX7n_moGlafvA49Kw_MWD0aezmsT70k68mnjJGfTYk48s/s591/nsxt5.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="400" data-original-height="591" data-original-width="552" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgtGFdKRXs7e8hZSYOx8H-jpfV8jEaxx8vWXWtVbIYVElSlFlfmq6TcrkBvEUfxn8-iWvRXttY1-kzGbZgnlPF9cIPm3aPcDM3Civj10t-oI6_c2EofYyiuuLJpU6i9rgVCjyde1Ob_iEXwX7n_moGlafvA49Kw_MWD0aezmsT70k68mnjJGfTYk48s/s400/nsxt5.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRe5qdQZz6eDZrFQ_-uF9UOQp84e1M3f3Vz-bVaS_JxetwK_lJ6uFUQLTamp69WCAE2hwBEvTNToMvnsk9jSnTa29mL5WZwu-GjxzdO5KU2xgOf33Ry_hVpHOLYW7D92i-uOEbljHnnlCLd2Nqx2k8NhmnHCuymTNxtcl5sHskYf1pBIjnyzmyy4xW/s1186/nsxt6.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="550" data-original-width="1186" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRe5qdQZz6eDZrFQ_-uF9UOQp84e1M3f3Vz-bVaS_JxetwK_lJ6uFUQLTamp69WCAE2hwBEvTNToMvnsk9jSnTa29mL5WZwu-GjxzdO5KU2xgOf33Ry_hVpHOLYW7D92i-uOEbljHnnlCLd2Nqx2k8NhmnHCuymTNxtcl5sHskYf1pBIjnyzmyy4xW/s400/nsxt6.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLgLz5xf6Xt3LQ1mULkc_x3hOqAGoTriVNP5cssiX6KVKdqw8zGlDb_WDBD5YZl2cJ3tMwbQNOquy3XXMSG42dM7q86Mg2OT5dZO_F1bXGNZRe1yW8nPMUyZ76way5PCz8bPx4sb026PigD9DizDtWEch21rOcQL2LN1RHmuAFkKBPZKq8RX2yJT0f/s1422/nsxt7.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="633" data-original-width="1422" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLgLz5xf6Xt3LQ1mULkc_x3hOqAGoTriVNP5cssiX6KVKdqw8zGlDb_WDBD5YZl2cJ3tMwbQNOquy3XXMSG42dM7q86Mg2OT5dZO_F1bXGNZRe1yW8nPMUyZ76way5PCz8bPx4sb026PigD9DizDtWEch21rOcQL2LN1RHmuAFkKBPZKq8RX2yJT0f/s400/nsxt7.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_cOYBlSSFLl3LXp3YwTZeNGJPSXDnSIEzBUErRypKGJxI3T6RxeZtf9_IbBQPAS-yOtNVUu2z1dw3AAwKUFjOB9-PhniR5Z0E7ET_h-tvQuFQ2N7IilJBlRbLkeK6MF-UCCXEvDNsy2N3ZpyYJyfJfbxKcw7jS-LNkPSO_nfZHn4c9dVk7b6WEVTA/s1417/nsxt8.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="631" data-original-width="1417" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh_cOYBlSSFLl3LXp3YwTZeNGJPSXDnSIEzBUErRypKGJxI3T6RxeZtf9_IbBQPAS-yOtNVUu2z1dw3AAwKUFjOB9-PhniR5Z0E7ET_h-tvQuFQ2N7IilJBlRbLkeK6MF-UCCXEvDNsy2N3ZpyYJyfJfbxKcw7jS-LNkPSO_nfZHn4c9dVk7b6WEVTA/s400/nsxt8.png"/></a></div><div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimQt6OZIjqrYb540vbUVRn-cTKmZYIrvRjgzycRBshd0bq1CmWfOYp-AI3MstTftzxnuLLi9fC0oa8cVnoNPAzIImWFsknmVrZ0q1cyefvMnx57rAWyGCzK0gw5Yo9mCRZ5lIDd_EPriXHTlsJm5m_O8pVrK_DcAVngPB7YAZsZZRNr5NWDEpsReT3/s640/nsxt9.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" height="400" data-original-height="640" data-original-width="509" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimQt6OZIjqrYb540vbUVRn-cTKmZYIrvRjgzycRBshd0bq1CmWfOYp-AI3MstTftzxnuLLi9fC0oa8cVnoNPAzIImWFsknmVrZ0q1cyefvMnx57rAWyGCzK0gw5Yo9mCRZ5lIDd_EPriXHTlsJm5m_O8pVrK_DcAVngPB7YAZsZZRNr5NWDEpsReT3/s400/nsxt9.png"/></a></div>
</li>
<li>
We have at the moment, a single and operational manager/controller node, upgraded and without error or pending tasks.
<br /> <br />
We should be able, from here, to deploy two new NSX-T Manager appliances from the UI, join them to the active cluster node, and come back to this:
<br /> <br />
<div class="separator" style="clear: both;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRSnAJCyOFKI9UQwFZzUKvhvTmHETovHdoCMXHWbF-o9DqJu5nZ9mpMsFQF17XHb3tHMF_kv5wHnd1A2E5Ai-rZ53b8tVxDx9SEEqoVXP3E7pE3NbL_CgJsBpObWowcxo8o9TNG9lBPzqy3HYyGt2mkbd5N9KZXq_u6g9HW5UXqDX_Nvbh0KOjyPf1/s804/nsxt10.png" style="display: block; padding: 1em 0; text-align: center; "><img alt="" border="0" width="400" data-original-height="564" data-original-width="804" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRSnAJCyOFKI9UQwFZzUKvhvTmHETovHdoCMXHWbF-o9DqJu5nZ9mpMsFQF17XHb3tHMF_kv5wHnd1A2E5Ai-rZ53b8tVxDx9SEEqoVXP3E7pE3NbL_CgJsBpObWowcxo8o9TNG9lBPzqy3HYyGt2mkbd5N9KZXq_u6g9HW5UXqDX_Nvbh0KOjyPf1/s400/nsxt10.png"/></a></div>
</li>
</span>
</ul>
<br />
</p>
<p>
<b>That's it.</b>
</p>
</span>
</div>
Lorenzo Mogliehttp://www.blogger.com/profile/15776226795348481681noreply@blogger.com0