WilliamLam.com

Slick way of deploying OVF/OVA directly to ESXi & vCenter Server using govc CLI

by // 9 Comments

I have been meaning to write about this neat little feature that was added to the govc CLI late last year that allows you to easily deploy any OVF/OVA without the need of ovftool. You might ask, why not use ovftool? Well, if you just need to perform a very basic OVF/OVA deploy and prefer not to install anything on your desktop, this can be a nice alternative. govc is provided as a simple binary that is platform agnostic and supports Windows, Linux & Mac OS X. govc is built using govmomi which is also known as the vSphere SDK for Go and this also means you can consume this capablitity beyond just the CLI but also programmatically if you wish. Obviously, the CLI is the easiest method which I will demonstrate below.

Just to be clear, there is still a huge amount of value in using ovftool as it contains a large mount of functionality that is not found any where else. It is still the recommended tool for deploying OVF/OVA across all VMware based Hypervisors and is extensively used by other VMware's products for general OVF/OVA deployment.

[Read more...]

Quick Tip - Silent installation of the VMware Client Integration Plugin (CIP)

by // 9 Comments

After answering this question internally, I thought I would also share the details externally for anyone that might also be interested in automating the silent installation of the VMware Client Integration Plugin (CIP). Below are the commands to run for both Windows as well as Mac OS X (be sure to replace the filenames with the paths to your files).

Windows:

C:\Users\lamw\Desktop\VMware-ClientIntegrationPlugin-6.0.0.exe /s /v/qn /l C:\Users\lamw\Desktop\cip.log

Mac OS X:

hdiutil attach -nobrowse ~/Desktop/VMware-ClientIntegrationPlugin-6.0.0.mac64.dmg
sudo installer -pkg /Volumes/VMware-ClientIntegrationPlugin-6.0.0.mac64.dmg/VMware\ Client\ Integration\ Plug-in.pkg -target /
hdiutil detach /Volumes/VMware-ClientIntegrationPlugin-6.0.0.mac64.dmg

Someone had commented on Twitter that it would be great to have a public URL for the CIP installer for automation. In fact, such a URL does exists 🙂 If you open a browser to your vSphere Web Client login page and you do not have CIP installed, there is a link at the lower left hand corner. The URL provided is one that is hosted on VMware and always points to the latest version.

  • http://vsphereclient.vmware.com/vsphereclient/VMware-ClientIntegrationPlugin-6.0.0.exe
  • http://vsphereclient.vmware.com/vsphereclient/VMware-ClientIntegrationPlugin-6.0.0.mac64.dmg

You also have the option to download a specific version. For example, the download URL for Build 299404 would look like the following:

  • http://vsphereclient.vmware.com/vsphereclient/2/9/9/4/0/4/1/VMware-ClientIntegrationPlugin-6.0.0.exe
  • http://vsphereclient.vmware.com/vsphereclient/2/9/9/4/0/4/1/VMware-ClientIntegrationPlugin-6.0.0.mac64.dmg

Automating the configuration of new logon banner for the vSphere Web Client in 6.0 Update 2

by // 1 Comment

The ability to display a logon banner prior to logging into the vSphere Web Client UI is a new capability that was introduced with the release of vSphere 6.0 Update 2. In addition to the logon banner message, customers can also configure a mandatory consent check box requiring all users to accept prior to logging in. Below is a screenshot of the new logon banner in the vSphere Web Client, prior to login.

vsphere-web-client-logon-banner-1
The configuration of the logon banner is only available in the Platform Services Controller (PSC) Administrator UI which can be accessed by opening a browser to the following URL: https://[PSC-HOSTNAME]/psc

vsphere-web-client-logon-banner-0
Although there is currently not an API for administrating the various PSC configurations (being worked on for a future release of vSphere), it is still possible to automate the different aspects of the PSC. There are several options depending on your personal reference as well as environmental configurations.

Option 1: Use the /opt/vmware/bin/sso-config.sh utility on the PSC itself which is the simplest method but it does require either SSH or local shell access.

You first need to create a file that contains the message you wish to display in the logon banner. In this example I have created a filed called banner.txt that contains an example logon message. You can then run the following command which will allow you to set the banner as well as the title and whether to enable the consent check box:

/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner.txt -title 'Logon Disclaimer' -enable_checkbox N

If you wish to only configure the consent check box, you can just run the following command:

/opt/vmware/bin/sso-config.sh -set_logon_banner -enable_checkbox Y

If you wish to only configure the title, you can just run the following command:

/opt/vmware/bin/sso-config.sh -set_logon_banner -title 'vGhetto Disclaimer'

If you wish to only configure the banner message, you can just run the following command:

/opt/vmware/bin/sso-config.sh -set_logon_banner /root/banner.txt

If you wish to disable the logon banner feature, you can run the following command:

/opt/vmware/bin/sso-config.sh -disable_logon_banner

Option 2: Use the ldapmodify utility either locally on the PSC itself or from a remote system which I have previously written about here.

Disclaimer: Please take extreme caution when connecting to the vmdird database. You should take extreme care in making changes while in the database else you can negatively impact your environment.

In this example, I will be remotely connecting to the PSC from my desktop which is a Mac OS X system, but it can be any system which contains the ldapsearch and ldapmodify commands.

To query for the logon banner configurations, run the following ldapsearch command (specifying your environment details):

/usr/bin/ldapsearch -h 192.168.1.140 -w 'VMware1!' -x -D "cn=Administrator,cn=Users,dc=vghetto,dc=local" -b "cn=Tenants,cn=IdentityManager,cn=Services,dc=vghetto,dc=local" -s sub "objectclass=vmwSTSTenant"

vsphere-web-client-logon-banner-2
From the output, we can see there are three properties which control the logon banner feature:

  • vmwSTSLogonBannerEnableCheckbox
  • vmwSTSLogonBannerTitle
  • vmwSTSLogonBanner

To configure the new logon banner, we first need to create a file that contains our configuration changes. To do so, create a file called change.ldif which contains the following (replace with your settings):

dn: cn=vghetto.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vghetto,dc=local
changetype: modify
replace: vmwSTSLogonBannerEnableCheckbox
vmwSTSLogonBannerEnableCheckbox: TRUE
-
replace: vmwSTSLogonBanner
vmwSTSLogonBanner: You void all warranty/safety by logging into vGhetto Datacenter, you have been warned :-)
-
replace: vmwSTSLogonBannerTitle
vmwSTSLogonBannerTitle: vGhetto Disclaimer

To apply the configuration, run the following ldapmodify command (specifying your environment details):

/usr/bin/ldapmodify -f change.ldif -h 192.168.1.140 -D "cn=Administrator,cn=Users,dc=vghetto,dc=local" -w 'VMware1!'

To completely disable the logon banner feature, create a new file called change2.ldif which contains the following (replace with your settings):

dn: cn=vghetto.local,cn=Tenants,cn=IdentityManager,cn=Services,dc=vghetto,dc=local
changetype: modify
delete: vmwSTSLogonBannerEnableCheckbox
-
delete: vmwSTSLogonBanner
-
delete: vmwSTSLogonBannerTitle

To apply the configuration, run the following ldapmodify command (specifying your environment details):

/usr/bin/ldapmodify -f change.ldif -h 192.168.1.140 -D "cn=Administrator,cn=Users,dc=vghetto,dc=local" -w 'VMware1!'

If you are interested in automating other aspects of the PSC admin configurations, be sure to check out these two articles here and here.