WilliamLam.com

Automating default admin password change for NSX Advanced Load Balancer (NSX ALB)

03.30.2021 by William Lam // 5 Comments

Over the weekend I got a chance to deploy my first vSphere with Tanzu environment using the new NSX Advanced Load Balancer (NSX ALB) which I had shared on Twitter.

🥳 Successfully deployed my 🥇 vSphere w/@VMwareTanzu using the new @vmwarensx Advanced Load Balancer (formally @AviNetworks)

👉https://t.co/Mqb9Ja0rtV was extremely helpful, a MUST read IMHO! 👏🤙 @CormacJHogan

Visuals is NSX ALB is nice! Looks like I need more resources! pic.twitter.com/C6E36zIl7X

— William Lam (@lamw.bsky.social | @*protected email*) (@lamw) March 28, 2021

This was also my first time getting exposed to NSX ALB (formally AVI Networks) and this detailed blog post from my buddy Cormac Hogan was instrumental in helping me quickly get started and get into the specific configurations needed for a two network design with vSphere with Tanzu. For me personally, there were just too many different configuration pages a user needed to navigate to and context switching between them made it non-intuitive for a new user like myself. After going through this once, I knew Automation was the next step for me and this was also an opportunity to try out the NSX ALB API, which I also have never used before.

[Read more...]

Quick Tip - Disable vSphere with Tanzu prompt during TKG Management Cluster deployment

03.24.2021 by William Lam // 1 Comment

When you attempt to deploy a new Tanzu Kubernetes Grid (TKG) Management Cluster to a vSphere 7.0 environment, you may have noticed a message stating that you may want to enable the Tanzu Kubernetes Grid Service (TKGs) alternatively.

Running TKG and TKGs on vSphere 7.0 is fully supported and depending on your use case, you may want to enable one or the other. In either situation, you are always prompted with a question which you must answer before you can continue. Awhile back I was looking into whether there were any CLI options to override this behavior and simply answer in advanced but did not see anything in the CLI help menu.

I recently ran into this again and while asking around, I came to learn that were are indeed two (hidden) options that can be used to override and disable these prompts, which can be useful for unattended automation purposes. Although these options are hidden from the CLI help options, I am not exactly sure why this is the case, they are officially documented in the TKG documentation.

--deploy-tkg-on-vSphere7 can be used to confirm that you wish to deploy a TKG Management Cluster on vSphere 7
--enable-tkgs-on-vSphere7 can be used to confirm that you will be using the TKGs as your Management Cluster in vSphere 7

With this information, we can now pass in the --deploy-tkg-on-vSphere7 option as shown in the example below and you will no longer be prompted:

tkg init -i vsphere -p dev --name tkg-mgmt --vsphere-controlplane-endpoint-ip 192.168.30.127 --deploy-tkg-on-vSphere7

Simplified Nested ESXi installation in ESXi 7.0 Update 2 using HTTP Boot over VirtualEFI

03.22.2021 by William Lam // 19 Comments

Deploying an ESXi scripted installation aka Kickstart running within a VM (Nested ESXi) has a number of benefits, especially for testing and development purposes. This was something I did regularly as a customer, especially with new releases of ESXi to ensure our existing automation scripts and processes continued to work before rolling out into production. ESXi kickstart itself is pretty straight forward, but the required supporting infrastructure (PXE Server, DHCP, TFTP, etc) that needs to be configured, especially for a greenfield deployment can often be challenging for new comers.

Even with an existing PXE infrastructure, it can often be difficult to configure or troubleshoot depending on your level of access which does not add any value in actually testing or automating the ESXi scripted installation process. In ESXi 7.0 Update 2, an enhancement was made to the Virtual Machine's UEFI firmware called VirtualEFI that would enable ESXi to perform an HTTP Boot given the ESXi bootloader URL and without requiring any of the traditional PXE infrastructure.

To take advantage of this new capability, you just need to have a physical server running ESXi 7.0 Update 2 and a VM that is configured with the latest vHW19 compatibility. To configure HTTP boot, you will need to add the following two VM Advanced Settings:

networkBootProtocol - httpv4 or httpv6
networkBootUri - HTTP URL to the ESXi bootloader (bootx64.efi)

Disclaimer: Nested ESXi and Nested Virtualization is not officially supported by VMware

[Read more...]