WilliamLam.com

Automating bulk OPNsense Unbound DNS host overrides

by // Leave a Comment

I recently deployed OPNsense in my homelab, which I will be using it to setup my VMware Cloud Foundation (VCF) environment. A critical part infrastructure service that is often miss-configured is DNS and OPNsense provides a simple way add your custom DNS entries (forward/reverse) called Host Overrides, which uses Unbound DNS behind the scenes.

Like most, I have a number of DNS entries that I would like to pre-create and the UI is not exactly the quickest for any type of "bulk" operation as each entry is added sequentially.


Luckily, OPNsense does have a REST API for Unbound functions, but the documentation was not very useful as it just direct users to use the browser to extract the JSON payload, while something I am comfortable with, I think that is not what I expected from something called an API Reference ...

In any case, this was a simple enough API, that I was able to create a quick PowerShell script to parse a CSV file that contains the list of FQDN, IP Address and Description and then perform a bulk create since the API itself was also sequential in nature 🙁

[Read more...]

Quick Tip - VMware Cloud Foundation (VCF) Bringup fails without persistent ESX-OSData

by // 5 Comments

You will never run into this problem if you follow current recommended practices to install the ESX-OSData volume on a persistent storage device that could either be dedicated and/or co-located your ESXi installation.

For those deploying VMware Cloud Foundation (VCF) in a lab environment, you might attempt to reserve the limited number of storage devices for use with vSAN and decide to install ESXi on a USB device, which is perfectly fine but if you do not select a persistent storage device for the ESX-OSData volume, then it will default to use the ESXi ramdisk.

I recently observed that if you have such a configuration, the VCF Cloud Builder Bringup process will fail after attempting (three times) to re-deploy the vCenter Server Appliance (VCSA).


As you can see from the screenshot above,  VCF Cloud Builder UI does not provide any details and ask users to look at the vCenter Server installation logs.

[Read more...]

Quick Tip - Listing all vSphere Privilege Definitions

by // Leave a Comment

By design, the vSphere platform (includes vCenter Server and ESXi) is highly extensible and additional vSphere Events and Privileges can added by 2nd and 3rd party solutions. Similiar to vSphere Events, where you can query your specific vCenter Server (or ESXI hosts) to list all vSphere Event definitions, you can also do the same for vSphere Privileges.

Using PowerCLI, we can use the Get-VIPrivilege cmdlet to help list out the vSphere Privilege Groups and the specific granular vSphere Privileges that exists within deployment.

Here is an example of listing all the different vSphere Privilege Groups that have been defined, either out of the box and/or by 2nd or 3rd party solution:

Get-VIPrivilege -PrivilegeGroup | select id,Description | Sort-Object -Property Id


As of vCenter Server 8.0 Update 3c, there are currently 111 out of the box vSphere Privilege Groups, you may have more or less depending on your version and the number of 2nd/3rd party integrations.

Here is an example of listing all the vSphere Privilege definitions that have been defined, either out of the box and/or by 2nd or 3rd party solution:

Get-VIPrivilege -PrivilegeItem | select id,Description | Sort-Object -Property Id


As of vCenter Server 8.0 Update 3c, there are currently 473 out of the box vSphere Privileges, you may have more or less depending on your version and the number of 2nd/3rd party integrations.

Additionally, you may also find these other vSphere Authorization blog posts useful: