Most of the time I work with the vRealize Automation API through vRO Actions. Occasionally I have the need to make a change to the system which requires using the API. One such example is modifying the session timeout, as written by Gary at https://garyflynn.com/post/vrealize-automation-85-increase-session-timeout. Continue reading
Securing nginx on VMware TKGm with the NSX Advanced Load-Balancer and HashiCorp Vault
I’ve been running VMware’s Tanzu Kubernetes Grid in HobbitCloud for quite a while. It’s an easy way for me to consume Kubernetes, which I use for demonstrating containerised workload connectivity between clouds. I also deploy container workloads direct from vRealize Automation to TKGm clusters. Continue reading
Wednesday Tidbit: Enable Basic Auth in NSX-ALB (Avi) to enable Tanzu Kubernetes Grid
For a while now I’ve been a big fan of VMware’s Tanzu Kubernetes Grid Integrated, formally Pivotal’s Kubernetes Service. However whilst great in the beginning, newer technologies such as Cluster API have overtaken things like Bosh.
Whilst it could be frustratingly difficult to setup, VMware made serioues efforts to simplify this with solutions such as the Management Console. However after recently struggling with this and trying to create NSX-T Principal Identity certificates during setup, I decided it was time to walk away and go “all in” with TKG.
Tanzu Kubernetes Grid
After the initial fiddly bits (in my case, getting Docker to work nicely on Ubuntu), firing up the management cluster using the UI was trivially easy.
I first opted for using kube-vip as my control plane endpoint provider. After a sucessful installation, I decided I wanted to use NSX Advanced Load Balancer (formaly known as Avi Vantage) for my load-balancer.
I re-ran the installation, entered in the NSX ALB credentials, verified it saw my cloud and networks, and continued on.
However, it didn’t matter how many times I tried to perform the installation, it would always fail without even creating the control plane VMs. The logs were lacking in clarity as to the cause.
TL;DR
After pouring over the initial documentation at https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/1.5/vmware-tanzu-kubernetes-grid-15/GUID-mgmt-clusters-install-nsx-adv-lb.html, it appears VMware have missed a critical step.
To enable the TKG installer to install and configure an endpoint provider in NSX ALB, Basic Authentcation needs to be enabled.
To do this, in ALB click on the Administration tab, then expand Settings, and click Access Settings. Click the pencil icon on the right and then check the box for Allow Basic Authentication:

Makes all the difference
Frustrating I only found this out while reading Cormac Hogan‘s blog, so kudos to him.
Automate SSL Certificate Issuing and Renewal with HashiCorp Vault Agent – Part 1: Configure Vault
One of the biggest challenges operations teams face is SSL certificate issuing and renewal. Often this is because different applications, like vendor appliances, have a complicated renewal process. Others can be because corporations simply miss the renewal date. If large enterprises like Microsoft sometimes fail at this, what hope do the rest of us have? Continue reading
Wednesday Tidbit: Ensure you add Perl to your Linux Templates for vRealize Automation 8.x
Recently I deployed a new vRealize Automation environment into HobbitCloud using vRealize Suite Lifecycle Manager. The Day 2 configuration was done using Ansible, and configured items such as the Cloud Zones, Projects, Image Mappings etc.
As with all my desktop and server images, I had automated the build of my CentOS 8 image using HashiCorp Packer and GitLab by simply committing the latest ISO to my repository.
My Cloud Templates were also stored in source control (also my on-premises GitLab environment), so once Ansible had configured the integration the started to sync. However when I came to deploy a CentOS-based workload to one of my compute workload domains, it failed as it was unable to get an IP address.
TL;DR
For open-vm-tools to be able to get a IP address from a vRealize Automation network profile, you need to ensure Perl is installed in the base image.
Managing Windows hosts using Ansible Tower/AWX and SSH
I’ve recently been working with Ansible as a configuration management solution. Workloads deployed from vRealize Automation to the private cloud are handed off to Ansible Tower, whereas existing infrastructure is managed in the downstream product – AWX. This is mainly Continue reading
Enabling HashiCorp Vault Lookups in Ansible AWX – Part 2
Earlier in the year, I wrote about how to create a Python virtual environment on Ansible AWX to run the HashiCorp lookup module.
The last task is to create the credentials to support the Vault lookup, followed by configuring the necessary variables in the inventory.
Continue reading
Using Continuous Deployment to Provision VDI Desktops
Back in May, I wrote about using GitLab to automate my server builds using HashiCorp Packer. Whilst it is trivially easy to update it to accommodate desktop builds for our VDI users, I now needed a solution to automate the entire workflow – building the image and updating my VMware Horizon desktop pool. In this post, I will document how to do just that, Continue reading
Enabling HashiCorp Vault Lookups in Ansible AWX
Recently I’ve decided to change how I retrieve privilege escalation credentials for production hosts added to Ansible AWX. When I first started out I only had a few machines, so the root/Administrator credential was defined on each host. Whilst this approach is fine for a limited amount Continue reading
Modifying AWS Route53 Records in vRealize Automation – Part 2
In part 1 of this short series, I set the scene for a blueprint VM requiring a DNS record to be created in AWS Route53. I documented the vRO resource and configuration elements that would be needed, along with a handful of actions. In the final part, we tackle the main workflow plus Continue reading