WilliamLam.com

Quick Tip - Dynamic OVF input properties using DeploymentOptions

07.23.2021 by William Lam // Leave a Comment

I first talked about OVF DeploymentOptions back in 2013, which enables an OVF/OVA author to define a set of deployment profiles (e.g. small, medium, large) which then automatically translate to a pre-defined set of compute, network and storage configurations when deploying an OVF/OVA. There are a number VMware Appliances that takes advantage of this OVF capability, the most well known is the vCenter Server Appliance (VCSA) when it prompts you to select the size of the VCSA that you wish to deploy.

Now although the primary driver for DeploymentOptions is for having out of the box resource configurations when deploying an OVF/OVA, it can also be used to control which OVF properties are shown to end users for input based on the selected deployment option.

I recently had a need for this capability and it was only after taking another look at the OVF specification, did I realize this was possible through the use of DeploymentOptions. Below is a quick example on how you can control specific OVF properties. Imagine, we have three deployment options: Development, Stage and Production which maps to the following DeploymentOption IDs: dev, stage and prod

[Read more...]

Closer look at vSphere Permissions for vSphere with Tanzu

07.22.2021 by William Lam // Leave a Comment

Questions regarding vSphere Permissions for vSphere with Tanzu has been frequently brought up more lately and the majority of questions that I have seen, has primarily focused on the behavior of the vSphere UI Inventory. After taking a closer look and experimenting with a few permutations within my lab, I realized that most folks were simply focusing on what they were most familiar with, which is using the vSphere UI to interact with vSphere.

Although vSphere with Tanzu is tightly integrated with vSphere and the vSphere UI is certainly a primary interface, it is certainly not the only interface nor is it always the interface for end users like a developer. Depending on the needs of your end users and how your organization wishes to grant access to a vSphere Namespace, there are actually a few options that are available to you. In fact, users can interact with vSphere with Tanzu without ever logging into the vSphere UI and that is completely valid and may even be desirable for some organizations.

Note: The custom kubectl plugin for vSphere (kubectl-vsphere) which is needed to interact with vSphere with Tanzu can be downloaded by simply opening a browser (or use wget) to following URL: https://[SUPERVISOR-CLUSTER-IP]/wcp/plugin/[OS]-amd64/vsphere-plugin.zip, where OS is darwin, linux or windows (e.g. https://172.17.33.33/wcp/plugin/darwin-amd64/vsphere-plugin.zip)

Below are the results of my testing using the various vSphere Roles and Groups including the various behavior across the different consumption interfaces including the vSphere UI. To help better illustrate the results, I am also using some example personas, these are purely used as an example and may differ based on your organizational needs.

Persona: VI/Cloud Admin

In this scenario, the user is a vSphere Administrator and has the following memberships:

vSphere Role: Administrator
vSphere SSO Group: Administrators
vSphere Namespace: SSO User and/or Active Directory User

The user will be able to view and manage all vSphere infrastructure including the vSphere Namespaces and the respective workloads including TKG Workload Clusters and/or VMs via the VM Service.

Here is a summary of this users access:

[Read more...]

Introduction to the new ESXi Configuration Store CLI (configstorecli)

07.19.2021 by William Lam // 7 Comments

I was looking into a customer inquiry this morning and found myself looking at the configstorecli, which is an ESXi Shell CLI that enables access to the new ESXi Configuration Store (ConfigStore). The goal of the ConfigStore, initially introduced in ESXi 7.0 Update 1, is to centrally manage all configurations for an ESXi host instead of relying on different methods including a variety of configuration files. There is actually not much documentation out there for configstorecli, other than this blog post by Duncan and these two VMware KBs (here and here).

While searching online, I ended up clicking Duncan's blog as I figured it probably has the best information and I do recall this topic awhile back on the change in behavior for renaming a standard virtual switch. I started to play with the configstore CLI and what was not immediately clear was how to actually use it, especially identifying some of the parameters it was looking for. I figured I might as well share some of my findings as I explore configstorecli a bit more.

My first observation is that the Config Store is a JSON document store and each configuration is stored as individual JSON documents. Before you can access a specific configuration, you first need to understand the schema. To view the entire schema, run the following command:

configstorecli schema list

Since the output is JSON, you can actually save the contents to a file on your desktop and use any JSON supported tool such as jq to explore further. In the example below, I have loaded an online copy of the configstorecli output from ESXi 7.0 Update 2 using my Chrome browser, which has this JSON Viewer extension installed. The benefit with a visual tool, is that you can easily expand or collapse specific nodes within the JSON document.

[Read more...]