Recently I’ve decided to change how I retrieve privilege escalation credentials for production hosts added to Ansible AWX. When I first started out I only had a few machines, so the root/Administrator credential was defined on each host. Whilst this approach is fine for a limited amount Continue reading
Modifying AWS Route53 Records in vRealize Automation – Part 2
In part 1 of this short series, I set the scene for a blueprint VM requiring a DNS record to be created in AWS Route53. I documented the vRO resource and configuration elements that would be needed, along with a handful of actions. In the final part, we tackle the main workflow plus Continue reading
Modifying AWS Route53 Records in vRealize Automation – Part 1
I recently built a vRealize Automation blueprint in the lab that provisions a vSphere machine into the DMZ which could be accessed externally. For users to be able to connect to this machine it will need a DNS record to be created in my external DNS domain, which is hosted with Amazon Web Services. Continue reading
Adding Internal CA SSL chains to Ansible AWX
I’m currently in the process of integrating my HobbitCloud machines into Ansible AWX. After creating an inventory, establishing my groups and adding my hosts, I began to create an SCM-based project that connects to my internal GitLab server. Unfortunately, I ran straight into an error. Continue reading
Wednesday Tidbit: Automate VMware OSOT for your VDI Images
The other day I tweeted a short bit of code on how to automate the zeroing-out of your VDI images using SDelete:
I got quite a few DMs afterwards asking if it was possible to do the same with VMware’s OS Optimization Tool.
So without further ado, here’s the code I use as the last step in my Packer builds before closing them down for svMotioning:
| $ErrorActionPreference = "Stop" | |
| $webserver = "webserver.contoso.local" | |
| $url = "http://" + $webserver | |
| $files = @("VMwareOSOptimizationTool.exe","VMwareOSOptimizationTool.exe.config","my_osot.xml") | |
| $exe = $files[0] | |
| $arg = "-o -t " + $files[2] | |
| # Verify connectivity | |
| if (Test-Connection $webserver –Quiet){ | |
| # Get the OSOT files | |
| ForEach ($file in $files) | |
| { | |
| Invoke-WebRequest –Uri ($url + "/" + $file) –OutFile $env:TEMP\$file | |
| } | |
| } else { | |
| throw "No connection to server. Aborting." | |
| } | |
| # Change to temp folder | |
| Set-Location $env:TEMP | |
| # Run OSOT | |
| Try | |
| { | |
| Start-Process $exe –ArgumentList $arg –Passthru –Wait –ErrorAction stop | |
| } | |
| Catch | |
| { | |
| Write-Error "Failed to run OSOT" | |
| Write-Error $_.Exception | |
| Exit -1 | |
| } | |
| # Delete files | |
| ForEach ($file in $files) | |
| { | |
| Remove-Item –Path $env:TEMP\$file –Confirm:$false | |
| } |
Please remember to swap out your web server and to specify your own XML file. You could also YOLO it and use one of the built-in templates…
…but don’t be surprised when you cripple half your apps 🙂
Wednesday Tidbit: PowerShell’s Import-PFXCertificate Removes the Private Key
I’ve been working on a complex automation solution recently in lab, and one task was to import a certificate to be used by VMware Horizon.
Those familiar with Horizon will know that any certificate used will need to have its corresponding private key which will also need to be exportable. The certificate also needs to have a friendly name of “vdm”. Continue reading
Custom Naming in vRealize Automation 7.x
When adding extensibility to your vRealize Automation platform, it’s important to get the basics right first. All too often it’s tempting to rush off and build complex blueprints whilst forgetting about the building blocks of good infrastructure, like naming and IPAM. Here I’m going to demonstrate how I do custom naming for workloads in my environment. Continue reading
Wednesday Tidbit: VMware AppVolumes bug deletes SSL certificates on upgrade
Recently I upgraded my AppVolumes 2.18 and 4.0 installations to the latest version. The event log on each server showed the installation as sucessful, returning “code 0” accordingly. To add to this, all services started as you would expect.
Unfortunately, both applications Continue reading
Using GitLab CI/CD Pipelines to Automate your HashiCorp Packer Builds
A long time ago I decided I was done with manual builds, and that my desktop images had to be automated. I had a lot of success with that solution, and wrote about it here.
Recently I made the decision to automate my server builds too, also using HashiCorp Packer. Whilst I used VMware Code Stream to Continue reading
Wednesday Tidbit: Using Postman to authenticate to AWS
I’m currently working on a set of vRealize Automation blueprints that reach out to Amazon Web Services Route 53 during provisioning to create some DNS records. In true “bottom-up” programming methodology, I’m using the Postman API client to prove my concept works, before coding the solution in Javascript so it can be used in vRealize Orchestrator. Continue reading
