WilliamLam.com

Configure vRealize Automation to use Platform Services Controller as External Identity Provider

by // 2 Comments

I was doing some research on an inquiry that I had received from a customer who was interested in configuring their vRealize Automation (vRA) instance to use vCenter's Platform Services Controller (PSC) as an External Identity Provider (IDP) rather than the default VMware Identity Manager (vIDM) which vRA supports natively out of the box. vIDM already supports a large number of websso applications as seen here and it itself can also be used as an External IDP to integrate with things like Active Directory Federation Services (ADFS) for example.

For some customers who are more familiar with the PSC, this is a convenient way to unify their authentication between the different vRealize products which support vIDM and integrating that directly with PSC. Since both solutions spoke SAML, it was merely figuring out process on setting up the External IDP using the PSC. In reading some of our internal Wikis and working with one of the vIDM Engineers, since I was stuck on a particular step, I was able to finally get this to work which I have outlined the steps below. I also learned that we had officially supported this since vRA 7.0 which was great to hear as well.

I know there are number of customers who would also like to see the reverse of this configuration, where PSC can use vIDM as an External IDP. I know this is something the PSC team is currently looking into for External IDP support. If this is something that you are interested in or would like to see specific External IDP setup/configuration, feel free to leave a comment.

Pre-Requisite: 

  • Join Platform Services Controller (PSC) to Active Directory (instructions here & here)
  • Join vRealize Automation (vRA) Appliance to Active Directory (instructions here)

In my lab environment, I have deployed an Embedded VCSA 6.5 (this also works with an External PSC) and vRealize Automation 7.2 (this was prior to 7.3 getting released but should work as well).

[Read more...]

Quick Tip - Creating a multiline Dockerfile using heredoc w/variable substitution

by // 1 Comment

I was helping out a fellow colleague yesterday who was having some troubles handling a multiline echo statement within his Dockerfile. There are multiple ways in which you can create multiline Dockerfiles, the web is full of examples from using multiple echo statements (pretty ugly) to using heredocs which is easier to read and manage. The challenge was that he also wanted to substitute some variables into his multiline statement which apparently there were no examples online, at least neither of us could find.

Taking a closer look, I found that we can just leverage Bash's ANSI-C Quoting syntax $'string' to do what we want, which was actually something new to me as well. You can then pass in the variable like you normally would between the strings and that would give you the readability of heredocs and still be able to use Docker variables. I am sure there are other methods with more extensive escapes with single-ticks, but I also prefer a solution that is easy to read and use in case others need to manage it.

Here is a quick sample Dockerfile which demonstrates how this works:

FROM photon:1.0

ARG BASEURL="https://vmware.bintray.com/powershell"

RUN echo $'[powershell]\n\
name=VMware Photon Linux 1.0(x86_64)\n\
baseurl='$BASEURL$'\n\
gpgcheck=0\n\
enabled=1\n\
skip_if_unavailable=True\n '\
>> /etc/yum.repos.d/powershell.repo

CMD ["/bin/bash"]

Basically the echo statement has $'SOME-STRING'$VARIABLE$'SOME-STRING'

If we build and run this Docker image, we can see that we have properly substituted the BASEURL variable into our file as seen in the screenshot below.

docker build -t sample .
docker run --rm -it sample cat /etc/yum.repos.d/powershell.repo


I personally prefer to keep such logic within a separate script which the Dockerfile can reference, but I was also sympathetic to that fact that my colleague wanted to keep things simple and just have everything within the Dockerfile. I figure I would share this in case other comes across this problem as well as benefiting myself as I will probably forget in a months time 🙂

Exclusive vGhetto discount on homelab hardware from MITXPC

by // 4 Comments

On a regular basis I already receive a number of inquires from both internal VMware folks as well as external partners and customers about VMware homelabs and the type of hardware that can be used. After demo'ing our recent USB to SDDC project, the requests have literally tripled! Most folks are generally inquiring BOM details and/or where to purchase the Intel NUC or the SuperMicro E200-8D.

In particular, the SuperMicro E200-8D has probably received the most amount of interest lately. In fact, I am also interested in one after having an opportunity to play with one during the Melbourne VMUG. One thing I had noticed while talking to several colleagues who have purchased this system both locally within the Bay Area as well as overseas such as Australia was that one particular reseller kept coming up over and over again. That vendor was MITXPC which is a local bay area company located over in Fremont which specializes in Mini-ITX systems.

The reason MITXPC was being used by the majority of these folks was simple, they had the best price for the SuperMicro E200-8D which was significantly cheaper than other vendors including Amazon.

Vendor Price
E200-8D on MITXPC $799 USD ($783.02 w/discount code)
E200-8D on Amazon $849 USD

Having heard good things about MITXPC, I decided to reach out to them and see if there was anything special they could do for the VMware Community. I was able to get a special discount code that would offer folks an additional 2% off their entire purchase at MITXPC. For those of you who have been holding off on a refresh your home lab or itching to build your own, this is a great time! If you would like to take advantage of this offer, simply use the discount code VIRTUALLYGHETTO2OFF when you check out. I would like to give a huge thanks to Eric Yui of MITXPC for working with me on this and helping out the VMware Community.

Disclaimer: I am not affiliated with MITXPC.