vRealize Automation Header

vRealize Automation – Active Directory Integration – Configure LDAPS

VMware, , , , , , ,

In this blog post, I am going to cover the setup of the Active Directory integration with vRealize Automation using LDAPS.

Cloud Assembly supports integration with Active Directory servers to provide out of the box creation of computer accounts in a specified Organizational Unit (OU) within an Active Directory server prior to provisioning a virtual machine.

Note: to join to AD within the Guest OS, you can use CloudConfig properties or vSphere CustomizationSpec.

The VMware official documentation doesn’t really call out LDAPS configuration, only LDAP. So after helping a customer configure this, I thought I’d quickly write something up.

To get started, login into vRealize Automation and select Cloud Assembly.

  • Select the Infrastructure Tab
  • Select Integrations under the Connections header
  • Click the Add Integration button
  • Select Active Directory

vRealize Automation - Configure LDAPS - Cloud Assembly - Integrations - Active Directory Continue reading vRealize Automation – Active Directory Integration – Configure LDAPS

Tanzu Blog Logo Header

Tanzu Mission Control – Upgrading attached Tanzu Kubernetes Grid Clusters fails with error “updates to immutable fields are not allowed”

VMware, Kubernetes, ,
The Issue

When trying to upgrade an attached Tanzu Kubernetes Grid Cluster via Tanzu Mission Control (TMC), that is either created by a Tanzu Management Cluster, or via the Tanzu Kubernetes Grid Service (vSphere with Tanzu), the console gives you an error message similar to:

API Error: Failed to upgrade cluster: (target=mc:01G4BGAVKHHB6C3JJ5R0WA44NM, intentId=01G4CMP025ZHEBQ000E4SM996H): admission webhook "default.validating.tanzukubernetescluster.run.tanzu.vmware.com" denied the request: updates to immutable fields are not allowed (invalid argument)
I’ve captured some screenshots below of the process.
Tanzu Mission Control - Upgrade vSphere with Tanzu Cluster - Tanzu Kubernetes Grid Service  Tanzu Mission Control - Upgrade vSphere with Tanzu Cluster - Tanzu Kubernetes Grid Service - Upgrade Cluster
Tanzu Mission Control - Upgrade Cluster - Error Message - admission webhook default.validating.tanzukubernetescluster.run.tanzu.vmware.com denied the request

The Cause

Tanzu Mission Control doesn’t keep information about the Tanzu Clusters CNI configuration. Today, TMC doesn’t support upgrading clusters that are provisioned using Callico. This is not documented in the TMC Documentation.

If you provision a cluster using TMC, it will use the Antrea CNI, and you cannot change this.

Below you can see that my cluster was provisioned using the Callico CNI.

Tanzu Mission Control - Upgrade Cluster Fails - kubectl get tanzukuberntescluster

The Fix

Upgrade the Tanzu Cluster outside of Tanzu Mission Control.

Regards

Dean Lewis

vROPs Header

vRealize Operations – Costing Setup and Configuration Deep Dive

VMware, , , , ,

In years gone by, costing of your technology platforms was covered in a product called vRealize Business for Cloud. Since the move to the 8.x code based, this product was EOL’d.

The main functions where customers saw value, to provide costings for your datacenter and virtual machines, was wrapped up into vRealize Operations.

This blog post is going to deep dive into the costing capabilities within vRealize Operations across your on-premises datacenters, and what happens when you start to consume VMware on Hyperscaler solutions, such as VMware Cloud on AWS (VMC).

Configure the Global Currency Setting

The first action is setting the global currency for the vRealize Operations instance. There are two important things to note when undertaking this configuration:

  • This can only be set once
  • This setting cannot be changed once it is set

To configure:

  • Click on Administration
  • Click on the Global Settings Tile
  • Click on the Cost/Price heading
  • Click to “Set currency”

vRealize Operations - Costing - Administration - Global Settings - Cost Price - Set Currency

Select your currency from the list and click “Set Currency”.

vRealize Operations - Costing - Administration - Global Settings - Cost Price - Set Currency 2

You will get a dialog to say the configuration has taken place.

vRealize Operations - Costing - Administration - Global Settings - Cost Price - Set Currency - Currency Successfully Set

Now below you can see that this setting is in place and there is no button/clickable option to change it.

vRealize Operations - Costing - Administration - Global Settings - Cost Price - Set Currency - Currency Successfully Set 2

Configuring Cost Settings

Now that the global currency is configured, we can start configuring all the cost settings for our Datacenter platforms.

Financial Account Model

Continue reading vRealize Operations – Costing Setup and Configuration Deep Dive

Tanzu Blog Logo Header

Tanzu Kubernetes Grid – Manual Certificate Renewal

VMware, Kubernetes, , , ,
The Issue
Note: VMware has released a full in-depth KB Article that I'd advise you review along with this blog post. If you have any queries or concerns with the processes detailed, always open a support ticket!
- How to rotate certificates in a Tanzu Kubernetes Grid cluster (86251)

One day my Kubernetes cluster just stopped responding. I could no longer connect to the Kubernetes API.

I rebooted all the nodes (as it was a demo environment) to no luck, and still nothing. So I had to go off digging.

The Cause

I SSH’d into one of my control-plane nodes, and started to tail the kubelet logs. Continue reading Tanzu Kubernetes Grid – Manual Certificate Renewal

vRealize Automation Header

vRealize Automation – Property groups deep dive

VMware, , , ,

I had the pleasure of working with a customer who wanted to use property groups within vRealize Automation, to provide various configuration data to drive their deployments. They asked some queries about how to use property groups that went beyond the documentation, so I thought it would also make a good blog post.

What are property groups?

Property groups were introduced in vRealize Automation 7.x and sorely missed when the 8.x version was shipped. They were reintroduced in vRA 8.3.

When you several properties that always appear together in your Cloud Templates, you can create a property group to store them together.

This allows you to re-use the same properties over and again across Cloud Templates from a central construct, rather than replicate the same information directly into each cloud template.

The benefit of doing this, is that if you update any information, it is pushed to all linked cloud templates. Potentially this could be a disadvantage as well, so once you use these in production, be mindful of any updates to in-use groups.

There are two types of property groups. When creating a property group, you select the type. You do not have the ability to change or convert the type once the group has been created.

  • Inputs

    Input property groups gather and apply a consistent set of properties at user request time. Input property groups can include entries for the user to add or select, or they might include read-only values that are needed by the design.

    Properties for the user to edit or select can be readable or encrypted. Read-only properties appear on the request form but can’t be edited. If you want read-only values to remain totally hidden, use a constant property group instead.

  • Constants

    Constant property groups silently apply known properties. In effect, constant property groups are invisible metadata. They provide values to your Cloud Assembly designs in a way that prevents a requesting user from reading those values or even knowing that they’re present. Examples might include license keys or domain account credentials.

Getting Started with a Input Property Group

Ultimately the Input Property Group works the exact same way as Inputs you specify on the cloud template directly. The group option simply provides a way to centralise these inputs for use between cloud templates.

Create an Input Property Group
  • Click on Design Tab
  • Click Property Groups from the left-hand navigation pane
  • Select New Property Group

vRA - Cloud Assembly - Design - Property Groups - New Property Group Continue reading vRealize Automation – Property groups deep dive