VMware VCSA 6.x backup using ansible

Recently, I have one project requirement where i have to use vmware rest api and ansible to take the vcsa backup. In this blog we will first explore vcsa apiexplorer and traverse to rest api for backup

we need to open: https:<vcsa fqdn or ip>/apiexplorer

Select the appliance from the drop down and traverse to the backup job

explore POST /appliance/recover/backup/job . It will have parameter values

These are the option we will be using while coding in ansible. parts option you can get from vcsa vami console.

SEAT is optional.

After exploring api, its time to look into ansible. First part would be login to vcsa apiexplore. This require authentication.

VCSA login using rest api /ansible code snip

As explain above for backup request body, same way for ansible we need write json file

Now we need to write the backup task in ansible yaml file

So backup.yaml will contain login and backup task. Backup task will be calling json file , which contain vcsa backup config info.

First look to GCP console

This blog I will be sharing the screenshots, once we sign-up the google cloud platform. We get the option go to the console. Once we go to console we get the below screen

On the console screen we get lot of option, As we need to start we need to create a project.

We have created one project, “ow-project”. As we are just starting, its good to go in “getting started option” of the panel.

This getting started option has option regarding compute,storage,billing,api etc.

We need to enable billing, provide your credit card info to create vm instances, I will me covering vm instances in next part

Cloud Basics and GCP- Part1

Let me write from my experience. I started working on VMware ESXi in 2005. This was the my first experience towards concept of virtualization. There was always a discussion, that virtualization will help us to move towards cloud computing, I thought how??

We used to create datacenter where each server was running hypervisor, and create multiple vms into it. That was the limit. How can I make it accessible that environment as a service to others. When I say Service it means through web. It is not possible for everyone to install hypervisor and create vms. Even, they can do , getting each feature is very costly.

So the big player mainly amazon came with the concept. They have large number of servers [compute],storage,networking devices in a datacenter. All the servers running hypervisor and managed by any centralized access point. Now its comes to make it accessible to everyone as a service [Through Web]. I can place the order, that i need a vm. As a developer, or product owner I don’t need to worry about Datacenter, environment etc.

As a end user, I just need one OS platform where i can configure the stuff. From the web, how someone place a market order or a book order, can place a os order. It make it feasible to access remotely through internet. That is a cloud computing.

Same way Google also came up with the platform called GCP [Google Cloud platform]. Same like other providers It also provides instances [vms] through web. It can have different hypervisor, hardware etc. For end user while placing the order below are the basics.

-Compute,storage and networking: These are the basic need.

GCP [google cloud platform]

As per wiki:

Google Cloud Platform (GCP), offered by Google, is a suite of cloud computing services that runs on the same infrastructure that Google uses internally  for its end-user products, It provides a series of modular cloud services including computing, data storage, data analytics and machine learning.

I will be covering more stuff in detail from basic:

  • How to get free tier :  https://cloud.google.com/
  • Select option “Get Started for free”
  • Signup for google cloud

Most of familiar with other cloud platform. I got one good stuff from wiki, which gives similarities from other cloud services:

 

This blog I will write as series, where i will cover following:

  • Fundamentals ,terms, zones of GCP
  • setting up GCP cloud shell, Gsutils and sdk
  • Compute resource and launch instances
  • GCP storage
  • GCP Api
  • GCP networking and firewall
  • GCP IAM services
  • how to migrate to gcp

 

HPONCFG : To delete local user and add AD user

New requirement came for ilo3 and il04 for hpservers, below are the requirements:

-Remove local user

-Add Ad user.

We can add it manually, but the requirement for huge setup of server. After searching, I found hponcfg tool, which runs through xml. Below is the reference link, This links has all the xml files

https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c03219637

Delete local user xml. We need to run this xml with hpocnfg tool (which is available for windows version as well)

 

 

 

 

 

Check VMware VCSA certs validity using Ansible and RestAPI

Recently a requirement came, where VMware VCSA 6.x compliance need to be checked using Ansible.  Vendor wants to use VMware RestApi [Not interested to use VMware Python SDK].

Note: VMware Ansible module comes with VMware Python SDK [PyVmomi]. This compliance check was having

ssh , ipv6, ntp, CA certs, DNS check and set (in case of value has changed).  Most of the option was available except CA cert check. Below yaml code has three parts;

  • VCSA login
  • cert fetch
  • logging

—-vc_cert_check.yaml–

This is used for Product hardening!!


 

kubelet.service fail to start up

kubeadm init is failing due to kubelet.service is failed to start.

I performed the below step and it worked for me!!

#yum install -y kubelet kubeadm kubectl docker

Make swap off by #swapoff -a

Now reset kubeadm by #kubeadm reset

Now try #kudeadm init

after that check #systemctl status kubelet

it will be working!!!

x509 cert issues after kubeadm init

While issuing command “kubeadm token list”, reporting the below issu

failed to list bootstrap tokens [Get https://192.168.40.132:6443/api/v1/namespaces/kube-system/secrets?fieldSelector=type%3Dbootstrap.kubernetes.io%2Ftoken: x509: certificate signed by unknown authority (possibly because of “crypto/rsa: verification error” while trying to verify candidate authority certificate “kubernetes”)

Perform following step:

cp /etc/kubernetes/admin.conf ~/.kube/admin.conf

export KUBECONFIG=$HOME/.kube/admin.conf

kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
h94rrx.90dkwkukxgcp3635 23h 2018-10-22T08:29:50-07:00 authentication,signing The default bootstrap token generated by ‘kubeadm init’. system:bootstrappers:kubeadm:default-node-token

 

 

Autodeploy Image: An error occurred while generating the image [Entry is too large to be added]

This issue occurred with below environment:

vcsa 6.5, embedded vum,autodeploy and image builder service enabled.

  • For image customization we mapped more images [ approx 2 GB] so it was not allowing to map new image, and throwing below error message
Error while Autodeploy Image... An error occurred while generating the image : Error : An error occurred while performing the task Entry is too large to be added to cache, please remove any imported depots you are not using...
  • Delete the images, which are not in-use, or apply the below workaround [increase the cacheSize]
cat /etc/vmware-imagebuilder/sca-config/imagebuilder-config.propsloglevel=INFO
vmomiPort=8098
httpPort=8099
cacheSize_GB=4

ls -lh /storage/imagebuilder/exports/
total 361M

Go in vcsa --> Administrator-->System Configuration-->Services

Restart Auto Deploy

Restart ImageBuilder Service

 

 

How to set vrops [vrealize operation manager] forgotten root password

Recently, in my testing environment i forgot the root password. I did the following step to reset password:

-Restart the vrops node

-Edit the Boot option “init=/bin/bash”

Boot Options vga=0x311 elevator=noop noexec=on nousb audit=1 init=/bin/bash

-Once system boots, type below command:

"passwd root"

It will prompt for new password. Provide the new password and reboot the system!!!