Pages

Monday, February 1, 2021

VCAP-CMA Design 2021 certification - Passed

Three weeks ago I finally passed the VCAP-CMA Design 2021 certification. I am delighted to share that I passed the exam with a score of 300. The exam code is 3V0-732 with some questions on mapping (drag & drop) and design scenarios. It has a total of 60 questions with a duration of 135 minutes.

Sadly the experience with VCAP CMA Design exam was one of the worst I've had when doing exams. 

First, I passed the exam on the second attempt with a score of 300 out of 500 where 300 is required to pass. Yes, I barely passed. But pass is pass.

Second, the exam will test your core basic concepts on vRealize Automation but with version 7.2!!!.  Then, you need to go through 7.2 reference architecture and foundation concepts.  I was not working with vRA 7.x anymore in at least one year and half. Actually I'm working with vRA 8.x. Then I needed to remember concepts.

Third, and the worst part,  even I passed the VCAP-CMA exam and I was waiting for the badge, it never came. I asked to certification VMware team why, and they told me the bad news: My old VCP7-CMA certification was not valid anymore. Then I needed to pass the new Professional VMware vRealize Automation 8.1 (2V0-31.20) exam to validate the VCAP CMA Design exam. Yes, I didn't read the little letters. The only good thing is new exam is based on vRA 8.1.

I had to schedule the new exam last week, and, yes, I passed too. I had 467 score out of 500. 

Finally I received both badges back to back. Good thing.

 


My last comment is about the exam delivery method. Right now (due to pandemic) many of them are proctored and remote.  These both exams were remote using my laptop on my home.  You needed to download an App for Mac on my computer. The App detected any application opens or running, it forces to close them in that case. Also you need to keep the camera and mic open all time or the exam is canceled immediately. Same if they listen any voice in room. First time was a little annoying but second time was comfortable. 

I have plans to make the VCAP CMA Deploy 2021 on March (to get VCIX-CMA 2021). I hope but the bad news is a proctored exam in site (no remote). 

Regards




Thursday, December 24, 2020

How to use kubectl CLI from Master and Worker VMs in PKS

When cluster operations fails, you need access to the cluster through kubectl CLI. However, in some instances, pks get-credentials errors out while fetching kubeconfig for the cluster.


An alternate way to resume troubleshooting is to SSH into the Master or Worker VMs of the cluster, see the kubectl binary, and see the kubeconfigs present on the VMs. This article details the procedure to setup the kubectl CLI

Execute the following to get access to kubectl CLI from the Kubernetes Master VM. 

bosh ssh -d service-instance_50a78f35-df99-4cf3-8815-7b680577ef59 master/0

master/01850df7-daaa-4b9c-a61f-e921074546ad:~$ sudo su -
master/01850df7-daaa-4b9c-a61f-e921074546ad:~# alias kubectl=/var/vcap/packages/kubernetes/bin/kubectl

master/01850df7-daaa-4b9c-a61f-e921074546ad:~# kubectl get pods -n pks-system

NAME                               READY     STATUS    RESTARTS   AGE
fluent-bit-mwbxd                   1/1       Running   0          1d
fluent-bit-vp66b                   1/1       Running   0          1d
sink-controller-57df674b84-wjp4k   1/1       Running   0          1d
Execute the following to get access to kubectl CLI from the Kubernetes Worker VM. 
bosh ssh -d service-instance_50a78f35-df99-4cf3-8815-7b680577ef59 worker/0

worker/a3b4ccb6-1d14-4ee4-a1f1-6d5211dfe4b9:~$ sudo su -
worker/a3b4ccb6-1d14-4ee4-a1f1-6d5211dfe4b9:~# alias kubectl="/var/vcap/packages/kubernetes/bin/kubectl --kubeconfig=/var/vcap/jobs/kubelet/config/kubeconfig"

worker/a3b4ccb6-1d14-4ee4-a1f1-6d5211dfe4b9:~# kubectl get pods -n pks-system
NAME                               READY     STATUS    RESTARTS   AGE
fluent-bit-mwbxd                   1/1       Running   0          1d
fluent-bit-vp66b                   1/1       Running   0          1d
sink-controller-57df674b84-wjp4k   1/1       Running   0          1d
Done

Wednesday, December 23, 2020

Changing the Auth Mode in Harbor from Internal Database to OIDC - options greyed out


Customer is using TKGi 1.9.2 with embbeded Harbor 2.1. Harbor has database auth mode by default.

Now customer wants to integrate the same harbor with OIDC. I was not able to change the auth mode in harbor URL. The drop-down button is disabled. 





Solution:


SSH into Harbor VM and Access PostgreSQL Database
~$ bosh -e pks vms
 Using environment '10.193.121.11' as user 'director' (bosh.*.read, openid, bosh.*.admin, bosh.read, bosh.admin)
 Task 186. Done
 :
 Deployment 'harbor-container-registry-74b44adfd44a90f27cb3'
 Instance                                         Process State AZ IPs VM CID                           VM Type
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842  running AZ1 10.193.121.13 vm-c5eb38a5-acd7-4769-a731-617b0de04dd5  large.disk
 :
  
 ~$ bosh -e pks -d harbor-container-registry-74b44adfd44a90f27cb3 ssh harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~$ sudo -i
 harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:~# alias docker='/var/vcap/packages/docker/bin/docker -H unix:///var/vcap/sys/run/docker/dockerd.sock'
 
Clear out all users except admin/anonymous. If there is any foreign key association, it is also necessary to remove the association
harbor-app/57d51b5a-cd39-4b71-bb66-a08184ae9842:/# docker exec -it harbor-db bash
root [ / ]# psql -U postgres
\c registry
select * from harbor_user;
delete from harbor_user where user_id > 2;

Refresh the Harbor web console-> Configurations, then you can change the auth_mode to OIDC.






Done.

Friday, December 18, 2020

VMware Influencer 100 Club

I am so happy as well for this recognition and gladly accept the invitation to join the VMware Influencer 100 Club. Thanks to Noell Grier and VMware for this amazing award!

Monday, June 1, 2020

vExpert 2020 Second Half are now open

I am very happy to be part of the vExpert Program, I'm vExpert for fourth year in a row. Proud to be part of this great group also for this year and the chance to be in touch with top experts of the field will be helpful for sharing and improving the experience. 

Also, I had the great pleasure that I was accepted to be part the vExpert PRO program first time. Another thing to be proud.

The vExpert program is designed to aid success and help amplify your external brands and channels, focused on a specific VMware technology.  They also focusing on improving your relationship with the VMware Business Unit, so I can make a direct impact on the technology. The program is not focused on certifications or how much you know about the technology. 


If you wish to apply for vExpert, the applications are open:




https://blogs.vmware.com/vexpert/2020/05/31/vexpert-applications-are-open-dont-miss-out/

I recommend you enter the plan for many reasons such as motivation, pride, knowledge and an enormous desire to continue learning but above all to continue growing as a community.

vExpert Program Benefits

    Here’s is list of some of the benefits for receiving the award.
    • Networking with 2,000 vExperts / Information Sharing
    • Knowledge Expansion on VMware & Partner Technology
    • Opportunity to apply for vExpert BU Lead Subprograms (see below)
    • Possible Job Opportunities
    • Direct Access to VMware Business Units via Subprograms
    • Blog Traffic Boost through Advocacy, @vExpert, @VMware, VMware Launch & Announcement Campaigns
    • 1 Year VMware Licenses for Home Labs for almost all Products & Some Partner Products
    • Private VMware & VMware Partner Sessions
    • Gifts from VMware and VMware Partners
    • vExpert Celebration Parties at both VMworld US and VMworld Europe with VMware CEO, Pat Gelsinger
    • VMware Advocacy Platform Invite (share your content to thousands of vExperts & VMware employees who amplify your content via their social channels)
    • Private Slack Channels for vExpert and the BU Lead Subprograms
    The process to apply is easy, twice per calendar year we open applications for a period of 30 days. Once the 30 days are over we close the applications and start voting which takes 30 to 45 days. Applications open for each calendar year in November / December and results are announced in February. We open applications again which we refer to 2nd half applications in June with an August announcement. Every vExpert, VCDX as well as any new applicants must apply at least once per year. 

    Regards

    Friday, May 29, 2020

    Issue installing PKS Enterprise 1.6.2


    I'm installing PKS Enterprise 1.6.2, this is the last release for PKS Enterprise 1.6 version. After I configured using EPMC (Enterprise PKS Management Console) and I applied all changes using the wizard, I was getting the error:

    May 27 17:32:04 Automator (Deploy ops-manager 2.8.5) failed: error validating Ops Manager ntp: Command error output: ntp servers provided invalid\n, error: exit status 1\n”
    May 27 17:32:06 pks-mgmt-server[919]: time=“2020-05-27T17:32:06Z” level=info msg=“Update for deployment 78c21e04-4416-484f-ba1a-83d310e181c2 - Deploy ops-manager 2.8.5: state( failed) error validating Ops Manager ntp: Command error output: ntp servers provided invalid\n, error: exit status 1\n”


    I found the NTP server was not reachable from OpsMan appliance. I suspect the NTP server has some type of Firewall blocking the communication.  I made some test to port 123 (NTP) from OpsMan appliance and effectively there was a communication problem.

    After the security team opened the port 123 to NTP from/to PKS Floading Range the installation continue good so far. 


    Regards

    Friday, August 9, 2019

    Creating Visio-Like diagrams for free using VMware stencils



    As a MacBook user I little upset when I need to create a Visio diagram due to there is not Visio for Mac. What do you do? Normally I need to power on a Windows VM. Also some official and unofficial stencils templates and stuff were created for Visio. Finally many master diagrams were created for Visio.

    Well, not anymore for me.

    I found a very amazing tool called draw.io. I have used this tool in the past using the online framework, but I discovered a best way to create diagrams visio-like even using exactly the same icons and stencils.
    Here’s one I made yesterday as VMC on AWS template:




    Here the draw.io source file for this diagram.  My plan is share all my draw.io files on my public github.com coming soon. Meanwhile you can download the .drawio from here.

    The amazing thing is draw.io support many formats even VSSX files, the format for Visio stencils templates. So what ever vssx file could be imported.

    First I needed to import stencils from this places (just using the Import from File menu option):
    Whilst I don’t see this as a full replacement for Visio. However last time, I just wanted to sketch up a quick concept for our VMware cluster and VMC on AWS architecture and it was great for that.

    Also the web online tool, draw.io has announced its desktop clients, which we can download directly from here:

    Draw.io has the advantage of including images from Amazon, Microsoft Azure, Veeam, and many others.

    Brilliant work guys. Did I tell you it's free? Visio good bye

    Regards


    Thursday, July 25, 2019

    VCD 9.7 Custom Branding Logo per-tenant



    With release on vCloud Director 9.7 you can set the logo and the theme for your vCloud Director Service Provider Admin Portal and also now you can customize the vCloud Director Tenant Portal of each tenants.

     

     Provider Portal Branding

    vCloud Director 9.7 UI can be modified for the following elements:
    • Portal name
    • Portal color
    • Portal theme (vCloud Director contains two themes – default and dark.)
    • Logo & Browser icon

     

    Customize Portal Name, Portal Color and Portal Theme

    To configure the Cloud Provider Portal Branding , make a PUT request to vCloud Director end point in to tenant organisation as below: ( T1 is my org Name)

    • Headers
      • Accept: application/*;version=32
      • Content-Type: application/json
    • PUThttps://<vCD Url>/cloudapi/branding/tenant/T1
    • BODY
      {
        "portalName": "Private Cloud",
        "portalColor": "#009AD9",
        "selectedTheme": {
          "themeType": "BUILT_IN",
          "name": "Default"
        },
        "customLinks": [
          {
            "name": "help",
            "menuItemType": "override",
            "url": "http://www.vlabware.com"
          }
        ]
      }

     

    Customize Logo

    To change the Logo, you need to define the Headers and PUT request.
    • Headers
      • Accept: image/*;version=32
      • Content-Type: image/png
    Note: Unfortunately some references like VMTECHIE has wrong the Content-Type field, due to it add an extra ";version=32", but this is wrong, if you used it you will receive this message on the Chrome Console:

    Refused to load the image ‘unsafe:data:image…’ because it violates the following Content Security Policy directive: “img-src * data: blow: ‘unsafe-inline'”.



    but using the header "Content-Type" only with "image/png", it will works well each per-tenant.
    • PUT https://<vCD Url>/cloudapi/branding/logo 

    • Body – This is bit tricky since we need to upload an image as a body.
      • In Postman client inside “Body” click on “Binary” which will allow you to choose file as body and select your logo.


      For a particular tenant, you can selectively override the default logo. Any value that you do not set uses the corresponding system default value.

      By default, no org-specific branding will be shown outside of a logged in session that means it would not appear on login and logout pages. We don't show per-tenant branding outside a logged in session (it makes it possible for tenants to "discover" one another

      if you wish to allow branding outside of logged in sessions, you can use the cell management tool to execute the following command:

       /opt/vmware/vcloud-director/bin/cell-management-tool manage-config -n backend.branding.requireAuthForBranding -v false
      

      The result of the command is:


      Here the result on Login Page:

       Inside you could see this:



      Amazing.

      Regards



    Tuesday, July 23, 2019

    What is HCX Multi Site Services Mesh?


    What is HCX Multi Site Services Mesh?

    The Multi-Site Service Mesh enables the configuration, deployment, and serviceability of Interconnect virtual appliance pairs with ease. Now you have the choice to deploy/manage HCX services with the traditional Interconnect interface or with the new Multi-Site Service Mesh. To deploy the HCX IX’s you will choose either of the method. 

    Before you plan to use HCX Multi-Site Service Mesh, let’s have a look at few benefits which we get out of this feature: 
    • Uniformity: the same configuration patterns at the source and remote sites.
    • Re-usability: Once a compute profile is created it can be used to connect to multiple HCX sites. Hence the site administrator need not define the same things again and again.
    • Multisite Ready: Compute Profiles and Network Profiles can be shared across multiple sites.
    • Ease of reconfiguration: New capability to pool datastores or modify them post-Interconnect deployment.
    • Scale-out deployment: The HCX-IX can be deployed per cluster or a single HCX-IX can be shared across multiple clusters.
    Apart from that the are few usability enhancements that have been introduced:
    • Improved interfaces display a clear deployment diagrams.
    • New task tracking features give step by step details of the progress of operations
    • Preview of required firewall rules for ease of configuration.
    Typically a compute profile looks like as shown in below image



    Once the compute profile is created in both cloud side and on-prem, we initiate the service mesh creation from on-prem side. Service mesh can’t be created from cloud side.

    During service mesh creation we map the compute/network profile of on-prem with the profiles created in cloud side. Once service mesh mapping is done, we can initiate the deployment of IX appliances. 

    Once the appliances are deployed in both on-prem and cloud side, we can start consuming the HCX services. 

    Regards

    Friday, August 3, 2018

    vExpert 2018 Award Announcement

    I am happy to be selected again to be a part of the vExpert 2018, I'm vExpert for second year in a row.



    https://blogs.vmware.com/vmtn/2018/03/vexpert-2018-award-announcement.html

    Proud to be part of this great group also for this year and the chance to be in touch with top experts of the field will be helpful for sharing and improving the experience.



    vExpert Program Benefits

    • Invite to our private #Slack channel

    • vExpert certificate signed by our CEO Pat Gelsinger.

    • Private forums on communities.vmware.com.

    • Permission to use the vExpert logo on cards, website, etc for one year

    • Access to a private directory for networking, etc.

    • Exclusive gifts from various VMware partners.

    • Private webinars with VMware partners as well as NFRs.

    • Access to private betas (subject to admission by beta teams).

    • 365-day eval licenses for most products for home lab / cloud providers.

    • Private pre-launch briefings via our blogger briefing pre-VMworld (subject to admission by product teams)

    • Blogger early access program for vSphere and some other products.

    • Featured in a public vExpert online directory.

    • Access to vetted VMware & Virtualization content for your social channels.

    • Yearly vExpert parties at both VMworld US and VMworld Europe events.

    • Identification as a vExpert at both VMworld US and VMworld EU.
    Congratulations to all new and returning vExperts.

    Regards

    Tuesday, July 31, 2018

    vRA 7.3.1 Upgrade Issue (401 error in the Infrastructure tab)

    After a recent update to VMware vRealize Automation from 7.3.0 to 7.3.1, I found 401 errors appear in the Infrastructure tab. After some little time I found the solution.

    In the Web_Admin_All.log located in C:\Program Files (x86)\VMware\vCAC\Server\Website\Logs on the IaaS web server, you see errors similar to:
    [UTC:2016-03-31 18:18:00 Local:2016-03-31 12:18] 
    [Error]: [sub-thread-Id="21" context token] Error occurred writing to the repository tracking log 
    System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException:
    The handshake failed due to an unexpected packet format. 
    at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
    at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
    at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
    at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async) --- End of inner exception stack trace --- at System.Net.HttpWebRequest.GetRequestStream(TransportContext& context) at System.Net.HttpWebRequest.GetRequestStream() at System.Data.Services.Client.ODataRequestMessageWrapper.SetRequestStream(ContentStream requestStreamContent) at System.Data.Services.Client.BatchSaveResult.BatchRequest() at System.Data.Services.Client.DataServiceContext.SaveChanges(SaveChangesOptions options) at DynamicOps.Repository.RepositoryServiceContext.SaveChanges(SaveChangesOptions options) at DynamicOps.Repository.Tracking.RepoLoggingSingleton.WriteExceptionToLogs(String message, Exception exceptionObject, Boolean writeAsWarning) INNER EXCEPTION: System.IO.IOException: The handshake failed due to an unexpected packet format. at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest) at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult) at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state) at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result) at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size) at System.Net.ConnectStream.WriteHeaders(Boolean async)

    Note: The preceding log is only an example. Date, time, and environmental variables may vary depending on your environment.

    In the web.config file for the web administration service located in C:\Program Files (x86)\VMware\vCAC\Server\Website on the IaaS web server, the repository address is set to localhost on port 80, similar to: <add key="repositoryAddress" value="https://localhost:80/repository/" />

    Under some circumstances, the web.config file can be updated with an invalid URL during the update of the IaaS web services. To resolve this issue, update the web.config with the correct URL using the following procedure.

    Note: If there are more than one IaaS web servers, this procedure will need to be completed on all nodes.

    Solution


    1. Log in to the IaaS web server and navigate to the location of the C:\Program Files (x86)\VMware\vCAC\Server\Website\web.config file.

    2. Back up the website web.config file.

    3. Change the repository address to use the appropriate FQDN for the Model Manager Website, which resides on the IaaS web server(s), similar to the following example:<add key="repositoryAddress</SPAN>" value="https://<IaaS Web FQDN>:443/repository/" />If there is only a single server, this will likely by the FQDN of the host. If there is more than one server, a VIP FQDN pointing to a load balancer will likely be in use.

    4. Run iisreset from an administrative command prompt to restart the service.
    Reference: https://kb.vmware.com/s/article/2144965

    Regards