Category Archives: Uncategorized

VMware Tanzu Header

Deploying Tanzu Kubernetes Grid Workload Cluster to Microsoft Azure

Following on from my previous blog post;

We will now continue and deploy our first Workload (Guest) Cluster into Azure for us by our developers to deploy their applications into.

For this technical walkthrough, I am assuming you have followed the previous blog post and have the Tanzu CLI and Kubectl CLI installed, and a working management cluster.

As a reminder of the terminology;

  • Tanzu Kubernetes Workload Clusters

Once you have deployed your management cluster, you can deploy additional CNCF conformant Kubernetes clusters and manage their full lifecycle. These clusters are designed to run your application workloads, managed via your management cluster. These clusters canrun different Kubernetes versions as required. These clusters use Antrea networking by default.

These types of clusters are also referred to as “workload” clusters, or “guest” clusters, with the latter typically referring to the Tanzu Kubernetes Grid Service running in vSphere.

Deploying a Guest Cluster

Login to your Tanzu environment Management Cluster with the following:

Tanzu login

Deploy Management cluster to Azure - Tanzu Login

First we need to create a cluster configuration YAML file. You can find a template here for Azure, or view the full available variables here.

Alternatively, we can use the existing YAML file in our ~/.tanzu/tkg/clusterconfigs folder used for the management cluster deployment and change a few settings to make it ready for our workload guest cluster.

This was my preferred method as it contained all my Azure settings already.

#Find existing cluster config file 

ls -lh ~/.tanzu/tkg/clusterconfigs/

#Copy file to a new config

cp ~/.tanzu/tkg/clusterconfigs/6x4hl1wy8o.yaml tanzu-veducate-guest-azure.yaml

# Edit file = CLUSTER_NAME
# Workload cluster names must be 42 characters or less.

Deploy Tanzu Kubernetes Guest cluster to Azure - create cluster configuration yaml file Continue reading Deploying Tanzu Kubernetes Grid Workload Cluster to Microsoft Azure

vmware fah appliance 3

Using FAHControl to monitor multiple [email protected] Clients

This blog post will cover how to centrally manage multiple [email protected] clients.

  • Installing FAHControl
  • Monitor Multiple instances of VMware Appliance for [email protected]
  • Configuring Access to your Linux based clients or directly on the VMware [email protected] Appliance
  • Connecting FAHControl to your clients
  • Troubleshooting FAHControl issues
  • Firewall Rules

Installing FAHControl to monitor multiple installations

For Windows instances, this is installed as part of the FAHClient

  • “C:\Program Files (x86)\FAHClient\FAHControl.exe”

For Linux, you will need to install FAHControl separately

Monitoring multiple instances of the VMware Appliance for [email protected]

When you deploy you’re OVA you’ll be asked to configure the below highlighted settings, by default we input a rule of 0.0.0.0/0 meaning any FAHControl node can connect (using the correct password). You can alter this for your local subnets.

VMware Appliance for FoldingatHome FAHControl remote management networks

Configuring Access to your Linux based clients or directly on the VMware [email protected] Appliance

On your Linux machines or deployed OVAs

  • Connect via SSH
  • Edit the config.xml file
vi /etc/fahclient/config.xml
  • Insert the following code to enable FAHControl access
    • From within vi press ‘i’ to enter insert mode
  • To configure a single address to access your client
    • Without passwords;
<command-allow-no-pass v='127.0.0.1 x.x.x.x’ />
  • With Password;
<command-allow v='127.0.0.1 192.168.200.10' />

<password v='VMware1!' />

N.B. The localhost address must remain configured, otherwise the client work run

  • Save the config.xml file
  • Press ESC key
  • Enter without quotes “:wq!”

Using FAHControl to monitor multiple Folding@Home Clients example config.xml file

  • Reload the FAHClient
    • /etc/init.d/FAHClient restart

reload FAHClient init.d restart

If you see “Starting fahclient … FAIL” check your XML file again for any syntax errors.

Examples Config.xml changes

Using password with a single IP restriction

  <!-- Remote Command Server -->

  <command-allow v='127.0.0.1 192.168.200.10' />

  <password v='VMware1!'/>

Without a password against a single IP restriction

  <!-- Remote Command Server -->

  <command-allow-no-pass v='127.0.0.1 192.168.200.10' />

Without either a password or IP restriction

<!-- Remote Command Server -->

  <command-allow-no-pass v='127.0.0.1 0.0.0.0/0' />

Connecting FAHControl to your clients

  • Open your FAHControl and click Add
  • Enter the name of your client as you would like it to be displayed, the IP address of your client and your password if necessary, and click save
  • You should now see your client is connected in FAHControl.

Connecting FAHControl to your clients adding a client

Connecting FAHControl to your clients adding a client settings

Troubleshooting FAHControl issues

FAHControl uses the default TCP Port 36330

Test access with telnet you should get a response as below.

FAHClient telnet port 36330

The VMware Appliance for [email protected] has IPTables configured to allow this port by default, if you did not specify a specific remote management address during deployment, then access is open to all IP addresses.

Ensure that the machine where you are running FAHControl is not blocking outbound connections to TCP 33630.

Appendix

Firewall rules

The below firewall rules have been added to the VMware Appliance for [email protected]  by default to allow for FAHControl to remotely manage FAHClient.

If you are using these instructions for a Linux machine, you can use the below settings as well.

iptables -A INPUT -p tcp --dport 36330 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

iptables -A OUTPUT -p tcp --dport 36330 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT

 

Regards

TrendMicroDeepSecurity9

Trend Deep Security – Agentless Deployment with NSX – Issues with Web Reputation Service

So I’ve just had the pleasure of deploying Trend Deep Security via the Agent-less method, utilizing the NSX free license which allows guest introspection, but no other features.

Starting in NSX 6.2.3, the default license upon install will be NSX for vShield Endpoint. This license enables use of NSX for deploying and managing vShield Endpoint for anti-virus offload capability only, and has hard enforcement to restrict usage of VXLAN, firewall, and Edge services, by blocking host preparation and creation of NSX Edges.

The Issue

With the basic Deep Security License you get the following coverage;

  • Anti-Malware
  • Web Reputation Service

However upon deploying Trend and jumping through the various hoops. (flakey support for NSX free license). You will find that you have multiple errors showing against your VM’s.

Trend-Agentless-Issue-1

The Cause

After speaking with Trend, I received the following response, which seems kind of obvious; Continue reading Trend Deep Security – Agentless Deployment with NSX – Issues with Web Reputation Service

SpongeBob Reading Official Rules Advanced Edition

More Blogs and sites I’ve been reading and sharing

My Firefox tabs have filled up again, some of these tabs have been open since the start of 2014!!!

So time to share!!!

First off, proud to announce that Cisco asked me to produce a blog post, and decided it was good enough to release into the wild on their site!!!

Get Certified, or get left behind!!!!

PowerShell and Scripting

http://explainshell.com/ – write down a command-line to see the help text that matches each argument

scriptcop.start-automating.com – ScriptCop is a tool to help make sure your scripts follow the rules. ScriptCop performs static analysis on your PowerShell, and provides tools for automating testing with PowerShell. Continue reading More Blogs and sites I’ve been reading and sharing

2014 11 07 12 37 58

Veeam: High Level End user case study, from an engineer’s perspective

Sometimes we get so bogged down into the technical details, we forget that some people just want to know about a product and how it’s used, not how to configure it and the advance settings.

This blog post was first wrote for my employers blog by me, but I think it’s a perfect High Level post detailing a customer and how the product met their requirements.

The Company

Working in the financial sector, the company has around 200 on-site employees, projecting to expand up to 300 with a recruitment drive they are planning. After having a new VMware infrastructure implemented and upgrading their Microsoft Servers to the latest and greatest, the backup solution was the next on the upgrade list. Continue reading Veeam: High Level End user case study, from an engineer’s perspective