Virtual Updates 2023-06-28

VMware Tools CVE – Time to update
People always ask…is it important to update VMware Tools?
Yes!
For Windows VMs, you have to orchestrate the update (there are many different ways to do this).
For any linux distros using open-vm-tool (the recommended way), use your appropriate package manager to update it.
VMware CVE post is here.

VMware vCenter 7 & 8 – updated releases
vCenter Server software just got a point upgrade for both vSphere 7 & vSphere 8.
VMware vCenter 7.0 Update 3M release notes are here.
VMware vCenter 8.0 Update 1a release notes are here.

Continue reading “Virtual Updates 2023-06-28”

Virtual Updates 2023-05-29

vBrownBag Tech Talks at VMware Explore 2023
Spoke with Alastair Cooke about this.
Time to get your community tech talks submitted!!!

IT Architect Series: Stories from the Field Vol2 released!
This has been in the works longer than I would have liked, but Vol2 is now available on Lulu, our publisher site (as in today!)
This makes 5 books now in the IT Architect Series!

Continue reading “Virtual Updates 2023-05-29”

Virtual Updates 2023-05-15

VMs, Containers, or Serverless?
Lots of folks have been talking about this online.
Amazon Prime Video has moved from Serverless, back to EC2 Images.
The reason was cost.
Just goes to show, that you need to use the right tool for the job, and that just because that’s the way you have/are doing it, doesn’t mean you shouldn’t review your options.
A post from InfoQ discussing this is here.

VMware Aria Migration
This looks to be about multi-cloud, and running your workloads in the appropriate cloud.
This initial release is focused only on assessing your environment…and they state that this part is free (not sure if it will remain that way).
The next two phases of release will add planning & execution.
This is interesting, as it looks like a combination of pieces of other offerings.
Have to see how this plays out, but it looks interesting.
VMware Blog post is here.

Continue reading “Virtual Updates 2023-05-15”

vLCM & Nested ESXi vSAN clusters

Working with Nested ESXi clusters, using vSAN, is a pretty common thing for folks to do in their lab environments.
Easy to reset, provision, and keep a lab going.

One of the nuances I always would run into since vSphere 7 was released, was the new vLCM (vSphere Lifecycle Manager).
When migrating to “Image Based Management” I had problems upgrading my Nested ESXi hosts running vSAN, as a HCL (Hardware Compatibility List) check was done, and no….Paravirtual SCSI adapters are not supported.

I keep saying I would look into this, but since this environment I run gets reset ever couple weeks, never got around to it.
I had a day of downtime recently, and got around to resolving this….

Whenever I would try to update the Image for the cluster, I would get “the host is imcompatible with the image.”
I would then check the Device Compatibility warning, which showed me that the VMware Paravirtual SCSI card was not “supported”.
But I didn’t see an “easy button” that said “This is a home lab…this is OK to bypass”.

The simple answer is to go to the Cluster’s Monitor tab, vSAN section, Skyline Health. Then select SCSI Controller is VMware Certified, & finally, Silence the Alert.

After doing this, you SHOULD be able to then upgrade your Nested vSAN cluster…

Virtual Updates 2023-05-01

vSphere 8.0 Update 1 released!
vSphere Configuration Profiles (Desired State Config for clusters).
Skyline Health Diagnostics now part of vCenter.
Okta for Identify Provider.
VMK for NFS.
Frank Denneman has a post covering some enhancements with ML.
Lots more in the release notes.
vCenter 8.0 U1 Release Notes are here.
ESXi 8.0 U1 Release Notes are here.
vSphere with Tanzu 8 Release Notes are here.
Upgrade in the lab from 8.0 and from 7.03c went great!

Total Solar Eclips April 2024!
How I first heard about it Boston, MA WCVB, an ABC affiliate……
….if their comment is right….it will 20+ years till the next Total Solar Eclipse!
How I learned of its path….Astronomy.com posted about this specifically.

Continue reading “Virtual Updates 2023-05-01”

vRealize Log Insight – cert issues getting to 8.12

So this problem started back a few weeks ago.
vRLI (vRealize Log Insight) had a certificate issue that was about to come to light, highlighted here in VMware KB91441, internal certificates will expire on April 30, 2023. This KB solves the problem, but doesn’t tell you how to restore your CA signed certificate back to vRLI….so I started digging.

So I planned on upgrading as soon as was possible from 8.10 to 8.12 (when 8.12 was released).

So VMware Aria Operations for Logs (the new name for vRealize Log Insight) gets released. I try to upgrade to it, and it fails.
Fun….Never had an issue upgrading vRLI, so I revert to snapshot, and try again.

Discovered that my “root” user password expired.
Addressed that.
Discovered I needed to upgrade to 8.10.2 in order to upgrade to 8.12.
Upgrade to 8.10.2 no problem.
Still had issues with the upgrade to 8.12.

Now, the issues was because I had used a certificate from my Windows CA for my vRealize lab deployment.
The KB linked above stated to remove the certificate (revert back to self signed) then upgrade….made no mention of reapplying the cert.
I tried that, and found out it worked.
So I reverted back to snapshot to figure it out.

Tried to upgrade again from 8.10.2 to 8.12, and it failed again (because I did not revert back to self signed).
Led me to believe it was a certificate issue, which I had to figure out.
I had 3 weeks, should be no problem….
Well, found my answer with just 2 days to go before April 30, 2023….

Rudi Martinsen had helped me out (unknowingly) via his blog post on April 27 about upgrading to vRLI 8.12.
A follow on blog post the following day from Rudi covered the Certificate portion!
Between the two posts, I was able to greatly simplify the vRLI 8.10.2 to VMware Aria Operations for Logs 8.12 upgrade.

I had to create the steps below, to cover the Certificate Authority, Certificate Template Management, creating the CSR, getting a CER, and creating the PEM.
I used the same CFG file as before (for creating Loginsight.cer) to call OpenSSL….I am assuming you know how to use OpenSSL (at least a bit), and that you already have your RootCA certificate file (root64.cer as the example below).

Log into the CA Windows system.
Open the Certificate Authority (Start –> Windows Administrative Tools –> Certificate Authority).
Right click on Certificate Template –> Manage
Now…in the Certificate Template Management Console….
Find Web Server –> Right Click –> Duplicate Template
Select the General Tab
Change the name, Web Server AND ClientAuth
Select Extensions
Click Edit
Click Add
Select Client Authentication, click OK
Click OK
Click OK
Close the Certificate Template Management Console.

Back in the Certificate Authority console…
Right Click “Certificate Templates”, –> New –> Certificate Template to issue
Choose Web Server AND ClientAuth
Click OK

Now ready to issue updated certs with the new requirements!!!

Run the commands to create new KEY and CSR
openssl req -new -nodes -out c:\certs\loginsight.csr -newkey rsa:2048 -keyout c:\certs\loginsight.key -config c:\certs\loginsight.cfg

Now go certificates from the CA.
Be sure to use the new template, Web Server AND ClientAuth.
That downloaded newcert.cer, which I renamed to loginsight.cer

now create the PEM files
Run these from CMD.EXE as PowerShell 7 keeps throwing errors!
type c:\certs\loginsight.key c:\certs\loginsight.cer c:\certs\root64.cer > c:\certs\loginsight.pem

Now apply the SSL to Log Insight 8.10.2.
THEN you can upgrade, with your CA’s certificate in place, to
VMware Aria Operations for Logs.

I was 3 months before I needed to update all the lab certificates anyway, so I tested this workflow making new certificates with ClientAuth, with and applied this to all the following:
vRLCM -now VMware Aria Lifecycle Manager
vIDM – VMware Identity Manager (deployed via vRLCM)
vROPs – now VMware Aria Operations (deployed via vRLCM)
vRLI – now VMware Operations for Logs (deployed via vRLCM)