Using VRA to deploy Active Directory as a Service

Signpost "Software As A Service"

In our demo environment, i wanted to create Active Directory as a service.

A lot of customers i talk to, often talk about having to create isolated demo environments, where they can test stuff. In a lot of these demo environments, they need AD, DNS etc. So why not create an application blueprint, where you can install a fresh AD, with all the custom properties you would like.

Prereq : Full working VRA environment with application services configured and agent installed in templates.

Here is how i did it.

  1. Create a software component.
    Make sure Container is Machine.
    Screen Shot 2016-04-14 at 12.37.01
  2. Create all the properties needed.
    Screen Shot 2016-04-14 at 12.38.22
  3. Configure the install as CMD and edit the script.
    Screen Shot 2016-04-14 at 12.39.36
  4. The following script, creates a ad.txt file in the %tmp% directory.
    It then runs a dcpromo command, that point to the ad.txt file.Note that the script ends with a exit /b 0
    The reason for this, is that dcpromo ends with a error (See more here)
    The error is ok, and not important, but the VRA agent, thinks the job ends in error, if you do not set the last line.

    If you want to know more, about all the settings you can use in the Unattend file, look at this article.

    Below is the code to copy/paste.

    echo [DCINSTALL] > %tmp%\ad.txt
    echo InstallDNS=%InstallDNS% >> %tmp%\ad.txt
    echo NewDomain=%NewDomain% >> %tmp%\ad.txt
    echo NewDomainDNSName=%NewDomainDNSName% >> %tmp%\ad.txt
    echo DomainNetBiosName=%DomainNetBiosName% >> %tmp%\ad.txt
    echo SiteName=%SiteName% >> %tmp%\ad.txt
    echo ReplicaOrNewDomain=%ReplicaOrNewDomain% >> %tmp%\ad.txt
    echo ForestLevel=%ForestLevel% >> %tmp%\ad.txt
    echo DomainLevel=%DomainLevel% >> %tmp%\ad.txt
    echo DatabasePath=%DatabasePath% >> %tmp%\ad.txt
    echo LogPath=%LogPath% >> %tmp%\ad.txt
    echo RebootOnCompletion=%RebootOnCompletion% >> %tmp%\ad.txt
    echo SYSVOLPath=%SYSVOLPath% >> %tmp%\ad.txt
    echo SafeModeAdminPassword=%SafeModeAdminPassword% >> %tmp%\ad.txt
    dcpromo /unattend:%tmp%\ad.txt
    exit /b 0Screen Shot 2016-04-14 at 12.41.15

  5. After this, you are ready to publish the Software Component, and use it in your blueprints.If you want to expose the properties, in the blueprint request, it might be a good idea to update the descriptions, so the values make more sense.
    Screen Shot 2016-04-14 at 12.49.25

I hope you found this useful.

 

Posted in Teknik Tagged with: , , , ,

Goodbye Tacx – Hello Bkool

IMG_3872

So the day finally came, where i replaced my Tacx Bushido, with a new Bkool hometrainer.

I have written earlier posts, about how much i hated Tacx way of treating their old customers, and after a new iPad app update, where it again failed to work, i was quick to order a Bkool.

First impressions :

It’s really quiet compared to the Tacx. I don’t have any data on the DB of the Bkool, but when my girlfriend rode the Tacx, i had to go into the other room in our apartment. Yesterday, when she tried it, i went back into the livingroom, because i thought she had stopped the  ride. So there is a difference in the volume of noise it generates.

The software is a lot better, even thou there still seems to be big room for improvement. The first thing you notice, is that everything is online meaning it syncs with your online profile, and you can compete with other users (if you pay for it).

The best thing about it, is probably that if you don’t like their software, you can just change it to something else, and it will work with the Bkool platform. That’s kinda cool. Wish that was possible on the Tacx 🙁

bkool1

My first ride on the Bkool

You can also have multiple users, on the same iPad app. This was not possible on the Tacx.
The software also works on Mac, Pc etc.

 

The last thing, is that i seems that it’s possible to do climbs, of a higher grade, than it was on the Bushido. I don’t know why that is, but it seams more realistic. Again not a scientific test, just a feeling 🙂

There is a ton of things, to tell about the Bkool, but a quick google, should direct you to better reviews. One i would recommend reading is http://www.dcrainmaker.com/2012/12/bkool-wireless-ant-trainer-in-depth-review.html

This was just my though’s on my new HomeTrainer.

If you are using Bkool, and want to join, the connect to me on http://www.bkool.com/rhjensen

Posted in Træning Tagged with: , ,

When disaster strike – how to protect your mac

16846257921_e2f0bd1ab0_o

Last week i got a call, from one of my friends. His sister just spilled a glass of water, into her Macbook, and he was looking for help.

With no backup, and no insurance, this was an expensive lesson.

So i thought i would write a small post, about how i backup my Mac etc.

Pictures

I use Google Photos for all my pictures. If you get past the fact, that it’s free, and you are the product, then it’s a great product, that allows me to backup all my pictures, in an ok quality for free.

On top of that, they have really great apps for IOS etc. which allows me to have all my pictures with me all the time.

You can install a small agent on you Mac, that allows you to automatic upload all your photos, from you mac, to google Photos.

Documents etc.

I use Crash Plan for everything else.

I have Crash Plan installed on my Nas, which backups everything there to Crash Plan’s cloud service.

All my computers have also Crash Plan installed, but backups to the agent on my Nas.

It’s not a perfect solution, but it works ok for me, knowing that i have to place my data on my NAS, to be sure that it’s backed up to the cloud.

If you think this is to complex, just buy the Crash Plan family plan. It allows you to backup 10 computers to Crash Plans cloud. It’s just an install and forget.

There are lots of other solutions out there. This is what works for me. The point of this blog, is that it’s not hard to setup, so there is really no excuse on why you should lose data, if you lose your computer.

Photo Credit : https://www.flickr.com/photos/jakerust/16846257921

 

Posted in Teknik Tagged with: , , ,

Monitor VRA Appliance using VROPS EP OPS Agent

OLYMPUS DIGITAL CAMERA

I thought i would share a little fun thing, that we did in our demo environment yesterday.

We wanted to monitor the VRA appliance, and what is better that using VROPS and the EP OPS agent for the job.

Note that this is probably not supported, so use this at your own risk.

What i did.

  1. Download the EP Ops agent from VMware’s website.
    Skærmbillede 2016-02-09 kl. 13.07.51.png
  2. Transfer the file vRealize-Endpoint-Operations-Management-Agent-x86-64-linux-6.2.0-3404388.rpm to /tmp
    I used WinSCP for the job.
  3. Make the file executable by typing
    chmod +x vRealize-Endpoint-Operations-Management-Agent-x86-64-linux-6.2.0-3404388.rpm
    Skærmbillede 2016-02-09 kl. 13.17.26.png
  4. Install the Agent by typing
    rpm -i chmod +x vRealize-Endpoint-Operations-Management-Agent-x86-64-linux-6.2.0-3404388.rpmSkærmbillede 2016-02-09 kl. 12.52.30.png
  5. When done, you should see the following text.
    Skærmbillede 2016-02-09 kl. 12.52.58.png
  6. To configure the agent, type the following
    Service epops-agent start
    Skærmbillede 2016-02-09 kl. 12.53.59.png
  7. Enter the FQDN of the VROPS server
    Select port
    And accept certificate
    Skærmbillede 2016-02-09 kl. 12.54.38.png
  8. Type username
    And password
    Skærmbillede 2016-02-09 kl. 12.54.56.png
  9. And then you should be done.
    Skærmbillede 2016-02-09 kl. 12.55.11.png
  10. In your VROPS inventory, you should now be able to see the VRA appliance, and the services running.
    Skærmbillede 2016-02-09 kl. 12.59.44.png
Posted in Teknik Tagged with: , ,

Danish vExperts 2016

vexpert

After being away, for the last couple of years, i was yesterday honored, by again being awarded the vExpert title for 2016.

A big congratulation to everyone who got awarded as well.

I thought i would try to list all the Danish vExperts, for 2016.

Since it’s not listed by country, i might miss someone. So please let me know, if you think somebody needs to be on the following list.

You can see all the vExperts here : http://blogs.vmware.com/vmtn/2016/02/vexpert-2016-award-announcement.html

NameCompanyTwitterBlog
Allan KjaerAteaAllan_Kjaervirtual-allan.com
Anders MikkelsenNNITAMikkelsenDKamikkelsen.com
Brian KnutssonAteaBrianKnutsson
Frank BrixPernix Datafrankbrixvfrank.org
Heino SkovProactheinoskovheinoskov.dk
Jonas Groth JakobsenAalborg Universitetjonesg_onlinesysblog.dk
Kenneth GüntherNovozymes
Kenneth HansenIT ForumVirtualizeDK
Liselotte FoverskovArrow ECSLFoverskov
Mads Fog AlbrechtslundProactHazenethazenet.dk
Michael RyomProactMichaelRyommichaelryom.dk
Mikael KorsgaardHerning Kommunejekomi
Nicolai SandagerProactNSA42
Rasmus HaslundVeeamhaslundperfectcloud.org
Søren ReinertsenSiemens Wind Power
Terkel Olsen Nationalbankenterkelolsenvterkel.dk
Robert JensenVMwarerhjensenrobert-jensen.dk
Theis SamsigComit A/Ssamsig_dk
Posted in Teknik Tagged with: , ,

Automation with vRO and vCenter – Getting started guide

maxresdefault

When i talk to people about automation, most think it’s a good idea, but have a hard time getting started.

So this post, is all about getting started with vRO and vCenter, so you can begin to use all the build in workflows, and maybe start creating your own.

Prerequisite : a vCenter and a newly installed vRO appliance,
DNS, time etc. already setup.
Working Active directory authentication setup, for vCenter.

The vRO version i’m using, is the following.Skærmbillede 2016-02-05 kl. 10.35.23.png

  1. After deployment, connect to the vRO appliance on : http://fqdn
    and accept the self signed certificate warning.Skærmbillede 2016-02-05 kl. 12.28.56.png
  2. Click on Orchestrator Control Center and accept the self signet certificate warning again.
    Login with root and the password you set, when you deployed the appliance.Skærmbillede 2016-02-05 kl. 12.31.36.png
  3. Select Certificates
    Skærmbillede 2016-02-05 kl. 12.56.30.png
  4. Select Import
    Skærmbillede 2016-02-05 kl. 13.06.39.png
  5. Type the URL of your vCenter and select import again.
    Skærmbillede 2016-02-05 kl. 13.08.34.png
  6. Select Import again, to accept the certificate.
    Skærmbillede 2016-02-05 kl. 13.08.48.png
  7. Click Home and Select Configure Autentifikation provider.
    Select vSphere and type the FQDN of your vCenter server, and click Connect.
    Skærmbillede 2016-02-05 kl. 13.10.58.png
  8. Fill out the Identity service questions :
    User name : AD administrator account on VC
    Password : the users password
    Configure License : check, to adopt the vCenter license.
    Default tenant : The SSO tenant you want to be use.
    Click register
    Skærmbillede 2016-02-05 kl. 13.13.19.png
  9. Type the administrator group, you want to be using, and click search to find it.
    Click save changes when done.
    Skærmbillede 2016-02-05 kl. 13.28.27.png
  10. You must restart the vRO server, to use the changes.
    Click the Startup options link.
    Skærmbillede 2016-02-05 kl. 13.26.20.png
  11. Click restart.
    Skærmbillede 2016-02-05 kl. 13.20.58.png
  12. Go back to the management website, from step 1, and select start Orchestrator client
    Skærmbillede 2016-02-05 kl. 13.29.15.png
  13. Run the Java program, and accept all the certificate warnings.
    Login using a username / password, that exist in the group, you selected in step 9.Skærmbillede 2016-02-05 kl. 13.32.10.png
  14. Select Design from the top drop down menu, and go to
    Library -> vCenter -> Configuration
    and select and run Add a vCenter instance
    Skærmbillede 2016-02-05 kl. 13.33.56.png
  15. Type the FQDN of the vCenter server and select yes to ignore all certificate warnings.Skærmbillede 2016-02-05 kl. 13.35.58.png
  16. I chose to run all tasks as one user. If you want the same, select no, and type a user with administrator access to vCenterSkærmbillede 2016-02-05 kl. 13.37.29.png
  17. If you did everything correct, you get a little green check mark, next to the workflow you just ran.
    Skærmbillede 2016-02-05 kl. 13.39.46.png
  18. Select and run Register vCenter Orchestrator as a vCenter server extension.Skærmbillede 2016-02-05 kl. 13.41.07.png
  19. Select the vCenter server you just registered.Skærmbillede 2016-02-05 kl. 13.42.19.png
  20. Again if everything went well, you should see a green check mark next to your workflow.Skærmbillede 2016-02-05 kl. 13.43.23.png
  21. Login to vCenter with a user, that belongs to the user group from step 9, and select the vRealize Orchestrator icon.Skærmbillede 2016-02-05 kl. 13.45.36.png
  22. If you select vRO home, and click the summary tab, you should see the vRO server, you just connected.Skærmbillede 2016-02-05 kl. 13.47.38.png
  23. Select vRO home -> Manage -> Context Action to see all the workflows currently enabled.
    You can see under Associated types, witch object, the workflow are enabled on.
    For example Rescan Datacenter HBAs, is enabled on the Datacenter object, as a right-click action.Skærmbillede 2016-02-05 kl. 13.50.33.png
  24. To enable you own, simply click the + button, and select the workflow, and which object, you want it to be enabled on.
    A good place to start, is under Library -> vCenter.
    Here you can find a lot of workflows, that work with vCenter.
    Skærmbillede 2016-02-05 kl. 13.55.26.png

I will write another post, on how to build you own workflow, and enable it in vCenter. But for now, you can use all the build in workflows, and start automating you vCenter tasks.

I hope this was useful. Drop me comment, if you have questions etc.

Posted in Teknik Tagged with: , ,

Backup PHPipam in your demo environment

16846257921_bf407108d6_b

In our demo environment at work, we found that we had to have an Ipam system. We are to many people using the environment, and we don’t have any good way of documenting what we do.

We chose the open source system PHPipam

The reason for that, is that i have seen a consultant, at one of our partners, talking about this system, and that it had an API, that could be used with vRO etc.
I you want to read more about that, go follow his site hazenet.dk

The system is fairly easy to install, on a simple Ubuntu VM, with Apache and Mysql, and we have already set it up to be quite useful.

But what about backup. It’s currently running a a vCloud provider, where we have no access to VM based backup. So i looked for other solutions and ended up with some cron jobs, running Duply, a front end for Duplicity.

This post is about how i made it work.

I had a lot of help and inspiration, from the following blog to make this work :
https://trick77.com/how-to-ftp-backup-a-linux-server-duply/
Please read this, if you want to know more about Duply and how to set it up mere secure.

Prereq : a FTP server, with a user, that is allowed to write to the backup location.

Lets begin.

  1. I started by installing duplicity by running
    apt-get install duplicity
  2. Also install lftp, to be able to ftp your files to the destination
    apt-get install lftp
  3. Go to /tmp and downloaded duply
    wget http://downloads.sourceforge.net/project/ftplicity/duply%20%28simple%20duplicity%29/1.11.x/duply_1.11.1.tgz?r=http%3A%2F%2Fduply.net%2F&ts=1454151353&use_mirror=netix
  4. If it downloads the file, with a strange name,  do a
    mv duply_1.11.1.tgz\?r\=http%3A%2F%2Fduply.net%2F duply_1.11.1.tgz
    Change the command so it matches your filename
  5. Unpack the file and open the directory
    tar xf duply_1.11.1.tgz
    cd duply_1.11.1
  6. move the duply file to /bin/etc
    mv duply /etc/bin
  7. Create a duply configuration directory
    mkdir /etc/duply
  8. You are now ready to create a configuration
    duply ipam create
  9. Go to the configuration directory
    cd /etc/duply/ipam
  10. Create a local backup directory, for you to dump the Apache and Mysql files in.
    mkdir /backup
  11. Edit the conf file
    nano conf
  12. I added # to the following lines to remove encryption, since it’s only a demo enviroment i’m backing up.
    #GPG_KEY=’_KEY_ID_’
    #GPG_PW=’_GPG_PASSWORD_’
  13. And created my target ftp server, with password and location for the backup
    TARGET=’ftp://user:password@ftpserver/Backup/location/’Change so it matches your backup server.
  14. And selected the local backup dir
    SOURCE=’/backup’
  15. Set max age to 5 days
    MAX_AGE=5D
  16. Save the conf file
    ctrl x
    y
    Enter
  17. Create file name pre, with the commands to be run before the backup job runs.
    nano pre
  18. Mine contains the following to backup all the Mysql databases on the server/usr/bin/mysqldump –all-databases -u user -p password > /backup/db.sql
  19. And to backup the apache www directory
    tar -zcvf /backup/www.tar /var/www
  20. Save and exit nano
    ctrl x
    y
    enter
  21. Create a post file, to cleanup
    nano post
  22. Mine contains the following
    rm -r /backup/*.*
  23. Save and exit nano
    ctrl x
    y
    enter
  24. Make both files executable
    chmod +x pre
    chmod +x post
  25. Test your backup, by running
    duply ipam backup
  26. If everything works, then make ure it runs, by adding the following cron jobs
    crontab -e
  27. Add the lines
    1 1 * * * /usr/bin/duply ipam backup
    1 2 * * * /usr/bin/duply ipam backup_verify_purge –forceThe first runs the backup job, and the second line, cleans up the jobs, that are older, than what you specified in task nr 15

I hope this works for you. This is not specific to PHPipam, but can be used for any file backup, on any Linux server.

One last thing. If you want a status of your backups run

duply ipam status

And to restore run

duply ipam restore /tmp/ipam

Posted in Teknik Tagged with: , ,

Install VROPS agent silent / automatic using VRA

Skærmbillede 2016-01-22 kl. 10.43.30

As a follow up, to my earlier post, about how to install Log Insight agent using VRA, i just want to create a quick post, about how to install VROPS epops agent, tuning VRA.

This is a prerequisite, for a later post i will be doing about VROPS.

Follow the guides in the earlier post, and when you come to creating the script, use the following instead.

mkdir c:\temp
xcopy \\FILESHARE\epops\*.* c:\temp
c:\temp\epops-agent-x86-64-win-6.1.0-3030162.exe /VERYSILENT -username USERNAME -password PASSWORD-serverAddress VROPS-FQDN -serverCertificateThumbprint “CERTIFICATE”
del c:\temp\*.* /Q

To find the certificate, please use this guide

Now you should be ready to add the Software package, to your Blueprints.

Skærmbillede 2016-01-22 kl. 11.29.18

Posted in Teknik Tagged with: ,

Automation User Group meeting

IMG_3480

Today we had the Automation User Group, held at the Danish VMware office.

It was great to see 25 people, joining to talk about VRA 7, and automation in general, presented by Kim Ranyard.

IMG_3481

The agenda was something like this :

  • Welcome 
  • Whats new – vRealize Automation 7 & Orchestrator 7
    • vRealize Automation 7
      • Deployment process
      • Identity Management
      • Converged Blueprint Designer
      • Event Broker Service
    • vRealize Orchestrator 7
      • Control Center UI
      • Metrics & Monitoring
  • Intro to Lab – Converged Blueprint Designer
    • Lab Time
  • Intro to Lab – Event Broker Service
    • Lab Time

We ended up, using VMware Hands on labs, to get hands on with VRA 7, wich worked perfectly.

Thanks to Heino Skov for planning the event, and thanks to Kim for travelling all the way to DK.

Next VMUG meeting, is the VROPS user group meeting. Remember to sign up, if you want to know more about VROPS : https://www.eventbrite.com/e/vmug-operations-tickets-20052198666

 

 

Posted in Teknik Tagged with: , , ,

Install Loginsight Agent using VRA

Skærmbillede 2016-01-19 kl. 13.48.16

I thought i would create a post on how to install LogInsight agent, as a software service in vRA 7.

Prerequisites :

A working Windows blueprint, with both agents installed.
See http://pubs.vmware.com/vra-70/index.jsp#com.vmware.vrealize.automation.doc/GUID-3EBC2C8E-3BD1-43CA-8057-052C3F00308A.html if you don’t know how to install them.

A working vRA 7 environment.

A file share, where you can store your logInsight binaries.

Lets begin.

  1. The end result, should end up looking like this.
    A single vSphere VM, connected to an external network, with the LogInsight agent software package on it.
    Skærmbillede 2016-01-19 kl. 13.24.33
  2. Start by going to Design > Software Components and select New
  3. Give it a name, and make sure it’s Container is listed as Machine.
    Skærmbillede 2016-01-19 kl. 13.27.20
  4. Create a new property, to easily be able to change the LogInsight server, without changing the script.
    Name : LogInsight
    Description : LogInsight Server
    Type : String
    Value : FQDN of your LogInsight server
    Skærmbillede 2016-01-19 kl. 13.28.35
  5. Change Script type under install to CMD, and click next in the script column, to edit it.
    Skærmbillede 2016-01-19 kl. 13.32.42
  6. My script looks like This. Your will probably be different, due to how you would use it in your environment.
    The thought behind mine, is that a temp folder gets created
    mkdir c:\temp
    Then i use xcopy to copy all the binaries from my file server, to the temp folder.
    xcopy \\file.vmwdk.dk\Share\Agents\Loginsight\*.* c:\temp
    Then i run the script, with the property LogInsight, that we created in step 4.
    c:\temp\VMware-Log-Insight-Agent-3.0.0-2985111_172.17.12.107.msi /quiet SERVERHOST=%loginsight%
    And in the end, i clean up and delete all files in the temp folder again.
    del c:\temp\*.* /Q
    Skærmbillede 2016-01-19 kl. 13.36.18
  7. After this, you finish and remember to publish it.
    Skærmbillede 2016-01-19 kl. 13.40.29
  8. Go to Design > Blueprints and find and edit the blueprint, you want to agent to be installed on.
  9. Drag the new Software component from “Software Components” onto the vSphere VM.

Then you are ready to deploy, a new clean VM, with LogInsight agent installed on it.

Some gotcha, that i ran into.

  • The agent run in the context of the darwin user. Make sure that the local Darwin user, can access your file share.
  • Make sure you have unblocked the package files, that you want to run. Failing to do so, and the Windows OS, prompt you, if you want to open this file, and the script failed.
  • I ran the script manual, as the Darwin user, to test it out. This saved me some headache.

Hope it works out for you.

 

Posted in Teknik Tagged with: , ,

Subscribe