Managing Windows hosts using Ansible Tower/AWX and SSH

November 26, 2020November 26, 2020 / Mark Brookfield / 2 Comments

I’ve recently been working with Ansible as a configuration management solution. Workloads deployed from vRealize Automation to the private cloud are handed off to Ansible Tower, whereas existing infrastructure is managed in the downstream product – AWX. This is mainly Continue reading →

Enabling HashiCorp Vault Lookups in Ansible AWX – Part 2

November 11, 2020February 8, 2021 / Mark Brookfield / Leave a comment

Earlier in the year, I wrote about how to create a Python virtual environment on Ansible AWX to run the HashiCorp lookup module.

The last task is to create the credentials to support the Vault lookup, followed by configuring the necessary variables in the inventory.

Continue reading →

Using Continuous Deployment to Provision VDI Desktops

November 6, 2020April 5, 2021 / Mark Brookfield / 3 Comments

Back in May, I wrote about using GitLab to automate my server builds using HashiCorp Packer. Whilst it is trivially easy to update it to accommodate desktop builds for our VDI users, I now needed a solution to automate the entire workflow – building the image and updating my VMware Horizon desktop pool. In this post, I will document how to do just that, Continue reading →

Enabling HashiCorp Vault Lookups in Ansible AWX

July 23, 2020January 28, 2021 / Mark Brookfield / 3 Comments

Recently I’ve decided to change how I retrieve privilege escalation credentials for production hosts added to Ansible AWX. When I first started out I only had a few machines, so the root/Administrator credential was defined on each host. Whilst this approach is fine for a limited amount Continue reading →

Modifying AWS Route53 Records in vRealize Automation – Part 2

July 14, 2020July 18, 2020 / Mark Brookfield / 1 Comment

20161114-1 In part 1 of this short series, I set the scene for a blueprint VM requiring a DNS record to be created in AWS Route53. I documented the vRO resource and configuration elements that would be needed, along with a handful of actions. In the final part, we tackle the main workflow plus Continue reading →

Modifying AWS Route53 Records in vRealize Automation – Part 1

July 2, 2020July 18, 2020 / Mark Brookfield / 2 Comments

20161114-1 I recently built a vRealize Automation blueprint in the lab that provisions a vSphere machine into the DMZ which could be accessed externally. For users to be able to connect to this machine it will need a DNS record to be created in my external DNS domain, which is hosted with Amazon Web Services. Continue reading →

Adding Internal CA SSL chains to Ansible AWX

June 19, 2020August 12, 2020 / Mark Brookfield / 7 Comments

I’m currently in the process of integrating my HobbitCloud machines into Ansible AWX. After creating an inventory, establishing my groups and adding my hosts, I began to create an SCM-based project that connects to my internal GitLab server. Unfortunately, I ran straight into an error. Continue reading →

Wednesday Tidbit: Automate VMware OSOT for your VDI Images

June 17, 2020July 6, 2020 / Mark Brookfield / 1 Comment

The other day I tweeted a short bit of code on how to automate the zeroing-out of your VDI images using SDelete:

Do you like to zero out your #VDI images using SDelete before snapshotting them for your pools?

Do you build your desktop images using @HashiCorp #Packer and would like to automate this? If so check out this code I threw together: https://t.co/14KYRIs4SD #EUC #vExpert

— Mark Brookfield (@virtualhobbit) June 16, 2020

I got quite a few DMs afterwards asking if it was possible to do the same with VMware’s OS Optimization Tool.

So without further ado, here’s the code I use as the last step in my Packer builds before closing them down for svMotioning:

$ErrorActionPreference = "Stop"

$webserver = "webserver.contoso.local"

$url = "http://" + $webserver

$files = @("VMwareOSOptimizationTool.exe","VMwareOSOptimizationTool.exe.config","my_osot.xml")

$exe = $files[0]

$arg = "-o -t " + $files[2]

# Verify connectivity

if (Test-Connection $webserver –Quiet){

  # Get the OSOT files

  ForEach ($file in $files)

  {

    Invoke-WebRequest –Uri ($url + "/" + $file) –OutFile $env:TEMP\$file

  }

} else {

  throw "No connection to server. Aborting."

}

# Change to temp folder

Set-Location $env:TEMP

# Run OSOT

Try 

{

  Start-Process $exe –ArgumentList $arg –Passthru –Wait –ErrorAction stop

}

Catch

{

  Write-Error "Failed to run OSOT"

  Write-Error $_.Exception

  Exit -1 

}

# Delete files

ForEach ($file in $files)

{

  Remove-Item –Path $env:TEMP\$file –Confirm:$false

}

view raw
osot.ps1
hosted with ❤ by GitHub

Please remember to swap out your web server and to specify your own XML file. You could also YOLO it and use one of the built-in templates…

Bill OReilly Well Do It Live GIF - BillOReilly WellDoItLive Mad GIFs

…but don’t be surprised when you cripple half your apps 🙂

Wednesday Tidbit: PowerShell’s Import-PFXCertificate Removes the Private Key

May 27, 2020June 2, 2020 / Mark Brookfield / Leave a comment

I’ve been working on a complex automation solution recently in lab, and one task was to import a certificate to be used by VMware Horizon.

Those familiar with Horizon will know that any certificate used will need to have its corresponding private key which will also need to be exportable. The certificate also needs to have a friendly name of “vdm”. Continue reading →

Custom Naming in vRealize Automation 7.x

May 21, 2020July 24, 2020 / Mark Brookfield / 3 Comments

20161114-1 When adding extensibility to your vRealize Automation platform, it’s important to get the basics right first. All too often it’s tempting to rush off and build complex blueprints whilst forgetting about the building blocks of good infrastructure, like naming and IPAM. Here I’m going to demonstrate how I do custom naming for workloads in my environment. Continue reading →

	$ErrorActionPreference = "Stop"

	$webserver = "webserver.contoso.local"
	$url = "http://" + $webserver
	$files = @("VMwareOSOptimizationTool.exe","VMwareOSOptimizationTool.exe.config","my_osot.xml")
	$exe = $files[0]
	$arg = "-o -t " + $files[2]

	# Verify connectivity
	if (Test-Connection $webserver –Quiet){
	# Get the OSOT files
	ForEach ($file in $files)
	{
	Invoke-WebRequest –Uri ($url + "/" + $file) –OutFile $env:TEMP\$file
	}
	} else {
	throw "No connection to server. Aborting."
	}

	# Change to temp folder
	Set-Location $env:TEMP

	# Run OSOT
	Try
	{
	Start-Process $exe –ArgumentList $arg –Passthru –Wait –ErrorAction stop
	}
	Catch
	{
	Write-Error "Failed to run OSOT"
	Write-Error $_.Exception
	Exit -1
	}

	# Delete files
	ForEach ($file in $files)
	{
	Remove-Item –Path $env:TEMP\$file –Confirm:$false
	}