vCloud Director 8: Configure logging to vRealize Log insight

August 22, 2016 / johannstander / Leave a comment

With the recent release of the vCloud Director content pack (v8.4) for vRealize log insight I thought I would put the steps here for how to get this configured.

There are 2 methods to get the logs forwarded to your vRLI server.

log4j. Setting an additional logger in VCD log4j.properties file.
Loginsight Agent installed on

Steps to configure Log4j:

Logging is normally handled by log4j with configuration file /$VCLOUD_HOME/etc/log4j.properties.
Login to Cell with SSH.
Change to directory /$VCLOUD_HOME/etc/
Make backup copy of log4j.properties
- cp log4j.properties log4j.properties.orig
Open the file log4j.properties in a text editor and add the following lines, where syslog-host-fqdn is the FQDN of your syslog host and port is an optional port number. If no port number specified then will default to 514.
- log4j.appender.vcloud.system.syslog=org.apache.log4j.net.SyslogAppender
- log4j.appender.vcloud.system.syslog.syslogHost=syslog-host-fqdn:port
Modify this line to add the vCloud Director syslog appenders:
log4j.appender.vcloud.system.syslog.facility=LOCAL1
- log4j.appender.vcloud.system.syslog.facility=LOCAL1, log4j.rootLogger=ERROR, vcloud.system.debug, vcloud.system.info, vcloud.system.syslog
Specify the logger pattern
- #log4j.appender.vcloud.system.syslog.layout=com.vmware.vcloud.logging.layout.CustomPatternLayout
- log4j.appender.vcloud.system.syslog.layout.ConversionPattern=%d{ISO8601} | %-8.8p | %-25.50t | %-30.50c{1} | %m | %x%n
- log4j.appender.vcloud.system.syslog.threshold=INFO
Save file
Restart Cell (yes not ideal, so therefore my reason to recommended log inisght agent)
- service vmware-vcd restart
Repeat on each cell

Steps to configured Log Insight agent: (recommended)

Install the content pack which is pretty straight forward through the marketplace.
Verify the agent group for vCloud Director is available after installation.
Select the agent group and select copy template.
Provide new name.
Create filter that limits your specific vCD Cells by either selecting the hostname or IP address to filter by.
Save
Install the LI agent on each vCD cell
- Download the agent
  - Administration -> Management -> Agents
  - At bottom on page you can download the agent
- Copy the Linux RPM file to tmp folder on vCD cell. Good tool to use is WinSCP.
- Install agent
  - rpm – U VMware-Log-Insight-Agent-3.3.1-3636434.noarch_10.10.30.74.rpm
- Since we downloaded the agent directly from our log insight server the liagent.ini should already be populated with your server IP Address. This can be verified by reviewing the ini file and looking for hostname entry. cat /etc/liagent.ini
You will now see the agent in log insight server. Verify that the agent is filtered correctly for you vCD Active group.

Links:

https://kb.vmware.com/kb/2004564

vCloud Director 8: vCenter Server status error

February 17, 2016August 22, 2016 / johannstander / Leave a comment

Had issue this week come up where vCloud Director is unable to communicate with vCenter server. I had this many years ago but seems to be still relevant in vCD-SP8 so thought just write up about it with reference to good information:

In my environment this caused template deployments to fail with “Cannot retrieve list of the supported Operating Systems from Provider VDC “PVDC”. Please ensure vCenter is connected and available.”

Solution:

After reviewing vCenter Server vSphere resource under Manage and Monitor I found that vCenter is not connected.
KB 1035506 from VMware documents this issue but request that you call support to get this resolved.

The issue seems to be related to quart table and I am not going to get into much details here since Jason Boche wrote a nice detailed article how the problem comes about and how to resolve it.

http://www.boche.net/blog/index.php/2011/12/16/vcloud-director-and-vcenter-proxy-service-failure/

vCloud Director 8: Blank disconnected console or shows unavailable error

February 3, 2016August 22, 2016 / johannstander / Leave a comment

Verify that you have your Public Addresses entered in vCloud director:

System -> Administration

Under system settings select Public addresses

Fill in the necessary information, especially the FQDN for vCD public console proxy address.

vCloud Director 8: Wildcard certificate

February 3, 2016June 15, 2018 / johannstander / Leave a comment

I have a wildcard.pfx certificate which I need to use in my vCD instance. Here are the steps to convert the certificate and import into vCD:

Convert the pfx to pem:
1. openssl pkcs12 -in certificate.pfx -out certificate.cer –nodes
Extract the private key from the certificate.cer.
1. copy from —–BEGIN PRIVATE CERTIFICATE—–
2. to end of —–END PRIVATE CERTIFICATE—–
3. Create new file called certificate.key and paste
Recreate pfx and set alias for http
1. openssl pkcs12 -export -in certificate.cer -inkey certificate.key -name http -passout pass:yourpassword -out http.pfx
Recreate pfx and set alias for consoleproxy
1. openssl pkcs12 -export -in certificate.cer -inkey certificate.key -name consoleproxy -passout pass:yourpassword -out consoleproxy.pfx
Import the 2 PKCS12 keystores into Java keystore using keystore
1. ./keytool -importkeystore -srckeystore http.pfx -srcstoretype PKCS12 -destkeystore certificate.ks -deststoretype JCEKS -deststorepass yourpassword -srcalias http -destalias http -srcstorepass yourpassword
2. ./keytool -importkeystore -srckeystore consoleproxy.pfx -srcstoretype PKCS12 -destkeystore certificate.ks -deststoretype JCEKS -deststorepass yourpassword -srcalias consoleproxy -destalias consoleproxy -srcstorepass yourpassword
Now import the root and intermediate certificates (if any) to the same keystore
1. ./keytool -importcert -alias root -file GeoTrust_Global_CA.cer -storetype JCEKS -keystore certificate.ks -storepass yourpassword
2. keytool -importcert -alias intermediate -file RapidSSL.cer -storetype JCEKS -keystore certificate.ks -storepass yourpassword

To replace it your can read my previous blog post

vCloud Director 8: Replace certificates

February 3, 2016October 25, 2017 / johannstander / 1 Comment

I currently have some self signed certificates on my vCloud Director 8 installation and want to update them with new certificates. Here are the simplified steps to get this accomplished:

Firstly you need to create 2 certificates for each member of the group (cell) and import the certificates into host keystores. Each vCD has 2 IP address which allows support for 2 different SSL endpoints(http and consoleproxy). Each endpoint requires its own SSL certificate.

Requirements for cert include an X.500 distinguished name, while Subject Alternative Name is not necessary.

Replace certificate using vCD configuration script:
this process will also validate the db connection and prompt for SSL certificate and skips all other.

SSH to vCD cell
Stop the vCD services
1. service vmware-vcd stop
Run the configuration
1. /opt/vmware/vcloud-director/bin/configure
2. Specify full path to java keystore that holds the new certificates
3. Provide keystore and certificate password

This will replace the certificates and restart the vCD services.

Replace certificates using the certificates command:

Certificates command of the cell management tool automates process replace certificates in JCEKS keystore.

# cd /opt/vmware/vcloud-director/bin
# ./cell-management-tool certificates -j -p -k /tmp/.ks -w kspw
Restart the cell for changes to take affect.
1. # service vmware-vcd restart

vCloud Director 8 – what’s new

February 2, 2016August 22, 2016 / johannstander / Leave a comment

I finally got around to installing vCD-SP 8 and here are my finding on what’s new and upcoming.

Support for vCenter 6.0

ESXi and vCSA 6.0 U1 is a big advantage to 5.5 and allow SP’s to take advantage of new features and optimization provided with 6.

Support for NSX 6.2 and 6.2.1!

This allows connection to a NSX manager instead of a vShield Manager appliance in backward compatibility mode.
When using NSX manager the VSE is deployed with version 5.5.4-2673026

vDC template

Create Organization specific virtual datacenter templates with pre-set resources delegation rule-set. Have not tested this but provide some feedback later.

vApp enhancements

Reconfigure of VMs within a vApp.
Reconfigure of networking connectivity and capabilities during creation.
I have not seen anything from a UI perspective on this but seems to be more under the cover work through API.

oAuth for identify source

tokens now supported.

Tenant throttling

This prevents noisy tenants from consuming all the resources of a single instance.
Helps ensure fairness of execution and scheduling of among tenants

As mentioned in previous blog VMware did post about new UI changes coming to vCD-SP in 2016 and the following advanced networking selections seems to indicate this. I did again not find anything in documentation on these menu selections but hopefully seem some of vCloud Air features soon:
https://www.vmware.com/au/cloud-services/infrastructure/vcloud-air-advanced-networking-services

Links:

http://pubs.vmware.com/vcd-80/index.jsp#com.vmware.vcloud.api.sp.doc_90/GUID-375148E9-601D-4BFA-9C10-4D2595D96D95.html

http://pubs.vmware.com/vcd-80/index.jsp#com.vmware.vcloud.api.sp.doc_90/GUID-AA9C56E3-B7AA-42E3-9AE0-46233E1FDD2A.html

http://pubs.vmware.com/vcd-80/index.jsp#com.vmware.vcloud.api.sp.doc_90/GUID-74126E65-F99E-4128-A023-0CCF88B04832.html

https://www.vmware.com/au/cloud-services/infrastructure/vcloud-air-advanced-networking-services

vCloud Director 8 – Failed to create external network as port group dvportgroup-XXX or its VLAN ID XXX is in use

February 2, 2016August 22, 2016 / johannstander / Leave a comment

I just received the following error in my lab when i tried to create a new external network. This seems to be a known issue in vCD 5.1 & 5.5 but has not been resolved in v8.

I did not delete any port groups or VSE’s directly from vCenter server so assume the database was not successfully delete when i removed external networks.

VMware provides a comprehensive KB article on this so not going to get into to much details but solution is to remove the stale entries from Resource_Assignment table in the database.

KB: 2042474

Links:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2042474

vCloud Director 8: UI, then and what now?

January 29, 2016August 22, 2016 / johannstander / Leave a comment

Just more than a month ago we were given very exciting news from the vCloud team regarding further limited enhancements to the UI of vCD-SP for 2016.

Did you hear the news? We’re restarting the VCD UI development. Here’s what you need to know https://t.co/yfNN8LsOjw pic.twitter.com/QRKV6oSJYU

— VMware vCloud (@vCloud) December 14, 2015

//platform.twitter.com/widgets.js How things can change within a month:

http://www.networkworld.com/article/3026996/hybrid-cloud/despite-layoffs-vmware-has-a-big-bet-on-this-one-cloud-innovation.html

https://www.thelayoff.com/vmware

Lets hope that none of these recent activities has any impact on the vCD-SP UI announcements but only time will tell…

JohannStander

Virtualization, Travel, Photography, Cars, Gadgets, Life

vCD-SP