Search Results for: content library

Heads Up - Verify the SSL certificate trust for your vSphere with Tanzu Content Library

07.28.2021 by William Lam // 1 Comment

I just learned that SSL certificate for VMware's vSphere with Tanzu Content Library (https://wp-content.vmware.com/v2/latest/lib.json) had just been updated a few days ago and this will have an impact for anyone who had subscribed to the Content Library prior to the certificate update.

Since I had setup the subscribed Content Library several months back, all the OVAs at the time were already sync'ed and there are no immediate errors when the "Fetch Content Library" task is performed (which will be fixed in a future release). However, I was seeing some strange issues with deploying specific versions of Kubernetes and I did not think much of it and deploying another version was fine, so I figured maybe it was just my setup. I also had another lab, so I ended up using that environment most recently.

It is only until you click on a specific Content Library Item and perform a manual sync will you see the following error, which indicates you are affected:

A general system error occurred: HTTP request error: cannot authenticate SSL certificate for host wp-content.vmware.com.

The quickest way to check whether you are affected is by looking at the configured SSL Thumbprint of your subscribed Content Library and comparing that to the vSphere with Tanzu Content Library endpoint.

Unfortunately, the configured SSL Thumbprint for the subscribed Content Library is not visible in the vSphere UI, but this information is available in the vSphere Content Library API.

I just put together this quick PowerCLI snippet which will retrieve the SSL Thumbprint for your subscribed Content Library and compare to the current thumbprint. If it does not match, you will get an error message printing out the current SSL Thumbprint.

Connect-CisServer -Server vcsa.primp-industries.local -User *protected email* -Password VMware1!

$SubscribedCLName = "TKG-Content-Library"
$TKGCLThumbprint = "01:8D:FD:13:A6:9E:CA:AC:CB:7C:67:18:C1:47:11:8C:64:91:5D:C9"

$contentLibraryService = Get-CisService com.vmware.content.library
$LibraryIDs = $contentLibraryService.list()

foreach($libraryID in $LibraryIDs) {
        $library = $contentLibraryService.get($libraryID)
        if($library.name -eq $SubscribedCLName) {
            $ContentLibrary = $Library
            break
        }
}

if($ContentLibrary.subscription_info.ssl_thumbprint -ne $TKGCLThumbprint.toLower()) {
    Write-Error "SSL Thumbprint $($ContentLibrary.subscription_info.ssl_thumbprint) for $SubscribedCLName does not currently match!`n"
}

The fix is straight forward, simply edit the settings of your subscribed Content Library, do not make any changes and then click on OK. Since the configured SSL Thumbprint no longer matches the hosted Content Library, you will be prompted with an action to confirm the new thumbprint and then you can save the settings.

As of right now, the SSL Certificate for the hosted vSphere with Tanzu Content Library is valid until July 7, 2022 and I expect that VMware will replace the TLS certificate prior to that date and this operation will need to be performed again. Since this issue was initially reported internally, I have also asked to see if an official VMware KB to be published.

Creating a vSphere Content Library directly on Amazon S3

07.26.2018 by William Lam // 5 Comments

A few years back I had blogged about creating your own 3rd Party vSphere Content Library enabling customers to take advantage of different types of storage backing than just vSphere Datastores. The primary requirement was that the content endpoint was accessible over HTTP(s), which meant that a number of solutions could be used from a simple web server like Nginx to an advanced distributed object store like Amazon S3 for example.

The workflow to create a 3rd Party vSphere Content Library on S3 is fairly straight forward, here is high level summary:

Organize the content on a local system (desktop)
Run a python script to index and generate the Content Library metadata
Upload the Content Library to S3

A disadvantage of the above solution is that each time you need to update or remove content, the entire process would have to be repeated again, including re-uploading the changes. Not only was this time consuming from an operational standpoint but now you also needed to also keep a full copy of all the content locally which can be several hundred gigabytes, if not more.

This topic was recently brought back up again by Gilles Chekroun, an SE in our Networking and Security Business Unit who reached out to see if there was a solution to help his customer who was running into this challenge. Over the last couple of weeks, I had been working with both Gilles and Eric Cao (Content Library Engineer) on how we could enhance the existing Python script which indexes and generates the Content Library metadata to also support running directly on Amazon S3 bucket.

[Read more...]

Automating VM Template management using Content Library in VMC

07.17.2018 by William Lam // 11 Comments

Today, the vSphere Content Library only supports a single deployable VM type using the Open Virtualization Format (OVF) standard. Although customers are familiar with both OVF and OVA (archive of OVF and VMDKs), support for vCenter VM Template is still one of the most highly requested feature for Content Library. This should come as no surprise since many of our customers have built operational procedures and automation workflows for managing VM deployments over the years and simply switching to another format has a significant impact to their existing workflows.

UPDATE (10/18/18) - The VMTX feature is now available in vSphere 6.7 Update 1

I know the Content Library team has been heads down working on a number of enhancements to Content Library and it looks like one of these improvements has recently made its way out onto VMware Cloud on AWS (VMC) which I had just noticed while working in my SDDC.

In VMC, when you right click on a VM and select "Clone as Template to Library", there will be a new option to capture a VM as a VM Template (VMTX) within a Content Library!

[Read more...]