fduranti's Posts

I saw this blog article ( Monitor Tanzu Kubernetes clusters using vRealize Operations - VMware Cloud Management ) that explain how to monitor Tanzu Kubernetes Cluster with vROPS and talk about vS... See more...
I saw this blog article ( Monitor Tanzu Kubernetes clusters using vRealize Operations - VMware Cloud Management ) that explain how to monitor Tanzu Kubernetes Cluster with vROPS and talk about vSphere 7. I'm doing some tests and tried to configure vROPS 8.1 with Container MP 1.4.3 to monitor a Tanzu Kubernetes Cluster. I followed the procedure and configured all the things. When I got to create the Kubernetes adapter I get an error related to trusted certificates. What happen is that vrops ask me 2 times to approve a certificate (with different thumbprint) and after that I get an error saying "          " Checking on certificates I see that there are 2 defined for that adapter. Trying to delete one of them (or both) give me the same problem at the next validation of the adapter. There's any way to solve this problem or force the approval having 2 certificate defined ?
I've got an answer from the support. It work connecting with the ip address of the log insight server. After it worked a first time with ip address it work also with fqdn. It solved my issue.
Starting from some days ago I'm not able to access the Content Pack Marketplace from vRealize Log Insight. I just get a circle spinning in the middle of the screen just like it was trying to dow... See more...
Starting from some days ago I'm not able to access the Content Pack Marketplace from vRealize Log Insight. I just get a circle spinning in the middle of the screen just like it was trying to download something but not working. It was working in the past. I've the same problem on 3 different installation 2 of which are 8.0 and 1 is 8.1 just upgraded. From my browser I'm able to reach the marketplace without any problem. Anything I can check?
I'm trying to configure harbor as a docker registry as a vra 8 Code Stream endpoint but it seems that I'm not putting the correct url or it's not supported. I was able to configure the public Do... See more...
I'm trying to configure harbor as a docker registry as a vra 8 Code Stream endpoint but it seems that I'm not putting the correct url or it's not supported. I was able to configure the public Docker Hub in vRA Code Stream. I'm now trying to configure the harbor registry. I'm trying with the url for my test project repositories but I'm getting this error: Malformed Repo URL: Please follow the suggested pattern I'm using the url from the harbor registry repository that is something like this: https://harborfqdn/harbor/projects/35/repositories/testpks%2Fhello I tried to remove the %2Fhello or to put ":hello" but I get the same error: If i put the url in a format that vra8 seems to accept like https://harborfqdn/repositories/testpks/hello I get an error as that page return a 404: Validation Failed as user details or Repo Url is incorrect Anyone was able to use Harbor Registry with VRA 8 Code Stream?
I've found this series of blog that seems to be really good: https://www.simplygeek.co.uk/2019/06/12/deploying-vrealize-build-tools-to-allow-infrastructure-as-code-for-vra-and-vro/
I'm tyring to get this to work but the documentation is not really simple to follow. There's any example on how to setup a small environment (eventually without artifactory)?
It's possible to have the hostname and/or log filepath or other similar information in the Email alert? It's possible to customize the email alert title with come "variable" like $HOSTNAME or so... See more...
It's possible to have the hostname and/or log filepath or other similar information in the Email alert? It's possible to customize the email alert title with come "variable" like $HOSTNAME or something like that? It will be useful as sometimes there's no specific server/service/correlation in the error log message of the alert and in that case it's difficult to understand from which system the alert was generated.
Just one information related to the supportability of this operation. I think nothing changed so it's still not an officially supported method, is this correct? Exactly what is not supported? J... See more...
Just one information related to the supportability of this operation. I think nothing changed so it's still not an officially supported method, is this correct? Exactly what is not supported? Just the operation of "splitting" the vcenter/spc? At the end of the operation the 2 resulting domain will be supported or they'll be unsupported as they are the result of this not officially supported operation? Regards Francesco
I've found a site with some instruction on how to connect to the various nodes. From the vio for kubernetes management machine: vkube  login --insecure vkube cluster list --insecure Make a... See more...
I've found a site with some instruction on how to connect to the various nodes. From the vio for kubernetes management machine: vkube  login --insecure vkube cluster list --insecure Make a note of the Cluster ID of the cluster you want to access vkube cluster show <Cluster ID> --insecure Make a note of the IP of the Master and Worker Nodes. docker exec -it app-api /bin/bash cd /var/lib/vrc/terraform/<ClusterID> ssh -i private.key -F ssh-bastion.conf ubuntu@Kubernetes_Host_IP_Address
It seems the problem is my default nsx manageger certificate: CN=vShield Manager,OU=vShield,O=VMware Inc.,L=Palo Alto,ST=CA,C=USA Anyone know if there's any workaround?
I'm trying to do my first openstack 4.1.2.1 deployment. It's a compact deployment on vCenter 6.0 and with NSX-V 6.4. The deployment start and get an error related to certificates during the sta... See more...
I'm trying to do my first openstack 4.1.2.1 deployment. It's a compact deployment on vCenter 6.0 and with NSX-V 6.4. The deployment start and get an error related to certificates during the start of the provisioning of the first 2 virtual machine (controlplane and compute). This is where i get an error it seems that the ansible task used to copy the ca files get an error. Anyone had a similar experience or know what can create this problem? 2019-03-09 09:56:35,579 column.plugins.callback.progress Started TASK [prep-common : update the available ephemeral port range to 10000~65535] 2019-03-09 09:56:35,790 p=1425 u=jarvis |  changed: [10.160.19.103] 2019-03-09 09:56:35,795 p=1425 u=jarvis |  changed: [10.160.19.104] 2019-03-09 09:56:35,798 p=1425 u=jarvis |  TASK [prep-common : load settings from /etc/sysctl.conf] *********************** 2019-03-09 09:56:35,799 column.plugins.callback.progress Started TASK [prep-common : load settings from /etc/sysctl.conf] 2019-03-09 09:56:35,940 p=1425 u=jarvis |  changed: [10.160.19.103] 2019-03-09 09:56:35,946 p=1425 u=jarvis |  changed: [10.160.19.104] 2019-03-09 09:56:35,949 p=1425 u=jarvis |  TASK [prep-common : Add viouser to adm to allow access to logs] **************** 2019-03-09 09:56:35,949 column.plugins.callback.progress Started TASK [prep-common : Add viouser to adm to allow access to logs] 2019-03-09 09:56:36,072 p=1425 u=jarvis |  ok: [10.160.19.103] 2019-03-09 09:56:36,077 p=1425 u=jarvis |  ok: [10.160.19.104] 2019-03-09 09:56:36,081 p=1425 u=jarvis |  TASK [prep-common : list existing certificates] ******************************** 2019-03-09 09:56:36,081 column.plugins.callback.progress Started TASK [prep-common : list existing certificates] 2019-03-09 09:56:36,439 p=1425 u=jarvis |  ok: [10.160.19.103] 2019-03-09 09:56:36,445 p=1425 u=jarvis |  ok: [10.160.19.104] 2019-03-09 09:56:36,448 p=1425 u=jarvis |  TASK [prep-common : remove existing certificates] ****************************** 2019-03-09 09:56:36,448 column.plugins.callback.progress Started TASK [prep-common : remove existing certificates] 2019-03-09 09:56:36,496 p=1425 u=jarvis |  TASK [prep-common : write Root CA certificates] ******************************** 2019-03-09 09:56:36,496 column.plugins.callback.progress Started TASK [prep-common : write Root CA certificates] 2019-03-09 09:56:37,287 p=1425 u=jarvis |  An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: Country name must be a 2 character country code 2019-03-09 09:56:37,290 p=1425 u=jarvis |  fatal: [10.160.19.103]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_iEJZ1c/ansible_module_write_certificates.py\", line 104, in <module>\n    main()\n  File \"/tmp/ansible_iEJZ1c/ansible_module_write_certificates.py\", line 76, in main\n    issued_to = cert.subject.get_attributes_for_oid(\n  File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/x509.py\", line 106, in subject\n    return _decode_x509_name(self._backend, subject)\n  File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/decode_asn1.py\", line 51, in _decode_x509_name\n    attribute = _decode_x509_name_entry(backend, entry)\n  File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/decode_asn1.py\", line 42, in _decode_x509_name_entry\n    return x509.NameAttribute(x509.ObjectIdentifier(oid), value)\n  File \"/usr/lib/python2.7/dist-packages/cryptography/x509/name.py\", line 27, in __init__\n    \"Country name must be a 2 character country code\"\nValueError: Country name must be a 2 character country code\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} 2019-03-09 09:56:37,293 p=1425 u=jarvis |  An exception occurred during task execution. To see the full traceback, use -vvv. The error was: ValueError: Country name must be a 2 character country code 2019-03-09 09:56:37,293 p=1425 u=jarvis |  fatal: [10.160.19.104]: FAILED! => {"changed": false, "failed": true, "module_stderr": "Traceback (most recent call last):\n  File \"/tmp/ansible_Azac9x/ansible_module_write_certificates.py\", line 104, in <module>\n    main()\n  File \"/tmp/ansible_Azac9x/ansible_module_write_certificates.py\", line 76, in main\n    issued_to = cert.subject.get_attributes_for_oid(\n  File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/x509.py\", line 106, in subject\n    return _decode_x509_name(self._backend, subject)\n  File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/decode_asn1.py\", line 51, in _decode_x509_name\n    attribute = _decode_x509_name_entry(backend, entry)\n  File \"/usr/lib/python2.7/dist-packages/cryptography/hazmat/backends/openssl/decode_asn1.py\", line 42, in _decode_x509_name_entry\n    return x509.NameAttribute(x509.ObjectIdentifier(oid), value)\n  File \"/usr/lib/python2.7/dist-packages/cryptography/x509/name.py\", line 27, in __init__\n    \"Country name must be a 2 character country code\"\nValueError: Country name must be a 2 character country code\n", "module_stdout": "", "msg": "MODULE FAILURE", "rc": 1} 2019-03-09 09:56:37,294 p=1425 u=jarvis |       to retry, use: --limit @/var/lib/vio/ansible/site.retry
The problem is that I'm not a kubernetes expert, just trying to get something up to understand how it work. My registry have the correct CA configured, I already use it from other docker machines... See more...
The problem is that I'm not a kubernetes expert, just trying to get something up to understand how it work. My registry have the correct CA configured, I already use it from other docker machines. From the VIO Kubernetes virtual appliance (the one used to deploy kubernetes cluster) I've configured my corporate ca correctly and I can login with docker on my registry  without any problem. The problem is when i try to deploy a pod with images on this registry. I think that in this case the machine trying to get the image are the "kubernetes nodes" that don't have my corporate ca in the trusted ca or in the /etc/docker/certs.d/registryserver/ directory. I'm trying to understand how to push a certificate on the kubernetes nodes/master virtual machine but I don't know how to login on those or if there's any command to do it on the management.
I'm having a problem with VIO Kubernetes 4.1 when trying to use a private internal docker registry with a certificate signed by my internal domain CA. I've deployed a kubernetes cluster directly... See more...
I'm having a problem with VIO Kubernetes 4.1 when trying to use a private internal docker registry with a certificate signed by my internal domain CA. I've deployed a kubernetes cluster directly in SDDC mode on my vcenter. I've changed the kubernetes api server cluster certificate with one signed internally by my ca. When I deploy something on the cluster from my internal registry i get an error. Failed to pull image "registry.domain:5500/testgroup/testk8/fduranti-master-patch-56029:6a742afb8171134937a59cf40aa34df91c95b8eb": rpc error: code = Unknown desc = Error response from daemon: Get https://registry.domain:5500/v1/_ping: x509: certificate signed by unknown authority Error syncing pod I suppose that i should copy my ca configuration to all kubernetes nodes but I'm not sure on how to do it and it seems I cannot find any guide to do it.
So I can deploy a separate VIO management on my second vcenter server, is this correct? Thanks for the answer
I’m starting to test with VIO 4.1.2.1 and vcenter 6.0u3. I have multiple vcenter in linked mode and I’ve deployed the VIO Management machine on one of those. When I go to the Openstack Manageme... See more...
I’m starting to test with VIO 4.1.2.1 and vcenter 6.0u3. I have multiple vcenter in linked mode and I’ve deployed the VIO Management machine on one of those. When I go to the Openstack Management on the webclient and try to create a deployment it will only allow me to deploy on the vcenter where I have deployed the VIO appliance. Is it possible to create a deployment on My second vcenter? I saw that from the vcenter web client I can change the Openstack management server so I was thinking to deploy a second appliance on my second vcenter. Is this the correct way to do it or it’s just not possible to create a deployment on different vcenter?
I've opened the SR, hoping it's an already known problem as I think it's a bit difficult to explain well/show it
Thanks for the suggestion, before the upgrade I saw that there was already a patch available in KB (VMware Knowledge Base ) for 7.4 and I've installed it Patch Name vRA-7.4.8946104.8946104... See more...
Thanks for the suggestion, before the upgrade I saw that there was already a patch available in KB (VMware Knowledge Base ) for 7.4 and I've installed it Patch Name vRA-7.4.8946104.8946104-HF3 Patch ID 58ec2da5-823b-440e-b918-fbdf6ff7166f Status Success. Install complete. Description PR-213726,2115177,2123455,2065373,2120689,2119457,2123439 Execution ID cd97ef6c-bb22-4534-92e7-35113e6006af Version 7.4.8946104 Last Updated 2018-07-22 11:11 AM GMT+2 Applied on 2018-07-22 10:55 AM GMT+2 I'll try to open a SR but was hoping someone was already having or solved that problem in the forum
I have a small problem after the upgrade from 7.3.1 to 7.4. I use the action getReservationsForUserAndComponent passing some parameters to get the list of reservation I have available to let the... See more...
I have a small problem after the upgrade from 7.3.1 to 7.4. I use the action getReservationsForUserAndComponent passing some parameters to get the list of reservation I have available to let the user choose between them (filtering on some variable like operating system or Site Name). This is a typical call in my action that get the list of reservation: var location = "Napoli" var tenant = "vsphere.local" var blueprint = "LinuxServers" var component = "rhel_base" var user = "myuserQmydomain" var host = vCACCAFEHostManager.getDefaultHostForTenant(tenant , true); System.log("Host: "+host.name); var reservations = System.getModule("com.vmware.vra.reservations").getReservationsForUserAndComponent(user, tenant, host, blueprint, component); ... The complete list of reservation is composed by Those are the reservation Name and ID I get invoking that code: Name: Roma Windows (vsphere.local) ID:e2f62516-105b-4a9c-81ac-1f7462664c7d Name: Napoli Windows (vsphere.local) ID:0e533627-f3d7-452c-946e-797a9b4f77f2 Name: Napoli Oracle (vsphere.local) ID:03c4764e-98a0-4c43-9ee7-97f371f376cb Name: Napoli Linux (vsphere.local) ID:a9ff7bc6-89e9-4ab1-b887-9cfe5a30b7de Name: Roma Windows (vsphere.local) ID:e2f62516-105b-4a9c-81ac-1f7462664c7d Name: Napoli Windows (vsphere.local) ID:0e533627-f3d7-452c-946e-797a9b4f77f2 Name: Napoli Oracle (vsphere.local) ID:03c4764e-98a0-4c43-9ee7-97f371f376cb Name: Napoli Linux (vsphere.local) ID:a9ff7bc6-89e9-4ab1-b887-9cfe5a30b7de I get 2 time the data back from the call, 8 items (the same 4 duplicated). I saw that getReservationsForUserAndComponent now get also a subtenantid that accept the id of the business group. Using the business group id for the correct business group i still get duplicate items so it seems that this is not the problem. Anyone know what is happening and if I'm doing anything wrong? The issue started after 7.3.1 to 7.4 upgrade.
I was finally able to create a resource from api. I was using the wrong api. Now using https://vrops/suite-api/api/resources/adapters/{adapterInstanceId} I've manually created a EPOPS check ... See more...
I was finally able to create a resource from api. I was using the wrong api. Now using https://vrops/suite-api/api/resources/adapters/{adapterInstanceId} I've manually created a EPOPS check for a multiprocess and copied all the information from it changing only the value i need (name, process, etc) and used that api. I had to link it to a server I've created the resource and all work correctly.         {             "description": "",             "creationTime": null,             "resourceKey": {                 "name": "Process2",                 "adapterKindKey": "EP Ops Adapter",                 "resourceKindKey": "MultiProcess",                 "resourceIdentifiers": [                     {                         "identifierType": {                             "name": "agentID",                             "dataType": "STRING",                             "isPartOfUniqueness": false                         },                         "value": "1507276270024-7264808974254094315-4931884540213599268"                     },                     {                         "identifierType": {                             "name": "discoveryMode",                             "dataType": "STRING",                             "isPartOfUniqueness": false                         },                         "value": "MANUAL"                     },                     {                         "identifierType": {                             "name": "monitoredResourceID",                             "dataType": "STRING",                             "isPartOfUniqueness": true                         },                         "value": "Process2"                     },                     {                         "identifierType": {                             "name": "Override_agent_configuration_data",                             "dataType": "STRING",                             "isPartOfUniqueness": false                         },                         "value": "0"                     },                     {                         "identifierType": {                             "name": "parentID",                             "dataType": "STRING",                             "isPartOfUniqueness": true                         },                         "value": "|1507276270024-7264808974254094315-4931884540213599268"                     },                     {                         "identifierType": {                             "name": "process.query",                             "dataType": "STRING",                             "isPartOfUniqueness": false                         },                         "value": "State.Name.eq=bash"                     }                 ]             },             "resourceStatusStates": [],             "resourceHealth": null,             "resourceHealthValue": 100,             "dtEnabled": true,             "monitoringInterval": 5,             "badges": [ ],             "relatedResources": [],             "links": [],             "identifier": null         },
I'm trying without any success to add a ICMP resource to an EP Ops Adapter via suite API on vrops 6.7. I'm not sure if it's possible but if anyone have an example it will be really appreciated ... See more...
I'm trying without any success to add a ICMP resource to an EP Ops Adapter via suite API on vrops 6.7. I'm not sure if it's possible but if anyone have an example it will be really appreciated I get 2 different behaviour: 1- Trying to do a push to https://vrops/suite-api/api/adapters/uuidoftheadapters/ I get a 405 error <!doctype html><html lang="en"><head><title>HTTP Status 405 – Method Not Allowed</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 405 – Method Not Allowed</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Request method &#39;POST&#39; not supported</p><p><b>Description</b> The method received in the request-line is known by the origin server but not supported by the target resource.</p><hr class="line" /><h3>Apache Tomcat/8.5.28</h3></body></html> 2 - If I try to push data to https://vrops/suite-api/api/adapters/  (as I've saw on some bluemedora examples i found here GitHub - BlueMedoraPublic/vrops-api-example: Example usage of the VMware vRealize Operations Manager REST API  ) i get a 500 error {     "message": "Internal Server error, cause unknown.",     "moreInformation": [         {             "name": "errorMessage",             "value": "Failed to create AI resource: localizedMessage=Could not create AI on vRealize Operations Manager Collector-ITNAPVROPS08 collector. Because collector already has EP Ops Adapter adapter., code=0"         },         {             "name": "localizedMessage",             "value": "Failed to create AI resource. Could not create AI on vRealize Operations Manager Collector-ITNAPVROPS08 collector. Because collector already has EP Ops Adapter adapter.;"         }     ],     "httpStatusCode": 500,     "apiErrorCode": 500 } Any help will be really appreciated as I've to create a high number of object and it will be a really long job