virtuallyGhetto

Automated Lab Deployment Script for vSphere with Tanzu using NSX Advanced Load Balancer (NSX ALB)

04/05/2021 by William Lam 2 Comments

After spending a few days playing with the NSX Advanced Load Balancer (NSX ALB) APIs, I am happy to share my latest automation lab deployment script for deploying vSphere with Tanzu using the new NSX ALB which was introduced with the latest vSphere 7.0 Update 2 release.

🙌 BOOM!!!

Fully Automated vSphere with @VMwareTanzu using the new @vmwarensx Advanced Load Balancer introduced in vSphere 7.0 Update 2 Lab Deployment in just 32 minutes! 🔥

Still need to clean up some things, but this beats clicking around the UI! My 🤲 thanks me pic.twitter.com/hN32Qk3oDc

— William Lam (@lamw) March 29, 2021

Lab Deployment Automation

You can find the new automation script along with all the details at the following Github Repo: https://github.com/lamw/vsphere-with-tanzu-nsx-advanced-lb-automated-lab-deployment#enable-workload-management

In my environment, it took about ~32 minutes for the deployment to finish, but YMMV based on the performance of your underlying hardware.

Workload Management Automation

In addition to the automated lab deployment script above, I have also updated my community VMware.WorkloadManagement module to add support for enabling Workload Management on a vSphere Cluster using NSX ALB. This is introduced as a new function creatively called New-WorkloadManagement3. You use the Get-Help cmdlet to get a list of supported arguments or you can take a look at this example.

Disabling vSphere with Tanzu does not delete NSX Advanced Load Balancer (NSX ALB) Service Engine (SE) VMs

03/31/2021 by William Lam Leave a Comment

While working on some automation to deploy a vSphere 7.0 Update 2 environment that has been configured with vSphere with Tanzu and NSX Advanced Load Balancer (NSX ALB), I noticed that when you disable Workload Management on a vSphere Cluster, the two NSX ALB Service Engine (SE) VMs were still left behind.

It turns out that this behavior is due to a default setting within NSX ALB that will NOT automatically delete the SE’s in the case there is a scaled up event which would then cause a re-deploy to happen. Instead, by default it is configured to wait 120 minutes (2hrs) before cleaning up.

If you wish to change this behavior, you can login to NSX ALB UI and navigate to Infrastructure->Service Engine->Advanced and update the “Delete Unused Service Engines After” to your desired value. Please note, that the shortest time interval to wait is 1 minute and if you set it to 0, it means the SE’s VMs not be deleted.

After saving this change, the next time you disable Workload Management, the SE VMs will automatically get cleaned based on the time interval you had configured.

Automating default admin password change for NSX Advanced Load Balancer (NSX ALB)

03/30/2021 by William Lam 5 Comments

Over the weekend I got a chance to deploy my first vSphere with Tanzu environment using the new NSX Advanced Load Balancer (NSX ALB) which I had shared on Twitter.

🥳 Successfully deployed my 🥇 vSphere w/@VMwareTanzu using the new @vmwarensx Advanced Load Balancer (formally @AviNetworks)

👉https://t.co/Mqb9Ja0rtV was extremely helpful, a MUST read IMHO! 👏🤙 @CormacJHogan

Visuals is NSX ALB is nice! Looks like I need more resources! pic.twitter.com/C6E36zIl7X

— William Lam (@lamw) March 28, 2021

This was also my first time getting exposed to NSX ALB (formally AVI Networks) and this detailed blog post from my buddy Cormac Hogan was instrumental in helping me quickly get started and get into the specific configurations needed for a two network design with vSphere with Tanzu. For me personally, there were just too many different configuration pages a user needed to navigate to and context switching between them made it non-intuitive for a new user like myself. After going through this once, I knew Automation was the next step for me and this was also an opportunity to try out the NSX ALB API, which I also have never used before.

Quick Tip – Disable vSphere with Tanzu prompt during TKG Management Cluster deployment

03/24/2021 by William Lam Leave a Comment

When you attempt to deploy a new Tanzu Kubernetes Grid (TKG) Management Cluster to a vSphere 7.0 environment, you may have noticed a message stating that you may want to enable the Tanzu Kubernetes Grid Service (TKGs) alternatively.

Running TKG and TKGs on vSphere 7.0 is fully supported and depending on your use case, you may want to enable one or the other. In either situation, you are always prompted with a question which you must answer before you can continue. Awhile back I was looking into whether there were any CLI options to override this behavior and simply answer in advanced but did not see anything in the CLI help menu.

I recently ran into this again and while asking around, I came to learn that were are indeed two (hidden) options that can be used to override and disable these prompts, which can be useful for unattended automation purposes. Although these options are hidden from the CLI help options, I am not exactly sure why this is the case, they are officially documented in the TKG documentation.

–deploy-tkg-on-vSphere7 can be used to confirm that you wish to deploy a TKG Management Cluster on vSphere 7
–enable-tkgs-on-vSphere7 can be used to confirm that you will be using the TKGs as your Management Cluster in vSphere 7

With this information, we can now pass in the –deploy-tkg-on-vSphere7 option as shown in the example below and you will no longer be prompted:

tkg init -i vsphere -p dev –name tkg-mgmt –vsphere-controlplane-endpoint-ip 192.168.30.127 –deploy-tkg-on-vSphere7

Simplified Nested ESXi installation in ESXi 7.0 Update 2 using HTTP Boot over VirtualEFI

03/22/2021 by William Lam 17 Comments

Deploying an ESXi scripted installation aka Kickstart running within a VM (Nested ESXi) has a number of benefits, especially for testing and development purposes. This was something I did regularly as a customer, especially with new releases of ESXi to ensure our existing automation scripts and processes continued to work before rolling out into production. ESXi kickstart itself is pretty straight forward, but the required supporting infrastructure (PXE Server, DHCP, TFTP, etc) that needs to be configured, especially for a greenfield deployment can often be challenging for new comers.

Even with an existing PXE infrastructure, it can often be difficult to configure or troubleshoot depending on your level of access which does not add any value in actually testing or automating the ESXi scripted installation process. In ESXi 7.0 Update 2, an enhancement was made to the Virtual Machine’s UEFI firmware called VirtualEFI that would enable ESXi to perform an HTTP Boot given the ESXi bootloader URL and without requiring any of the traditional PXE infrastructure.

To take advantage of this new capability, you just need to have a physical server running ESXi 7.0 Update 2 and a VM that is configured with the latest vHW19 compatibility. To configure HTTP boot, you will need to add the following two VM Advanced Settings:

networkBootProtocol – httpv4 or httpv6
networkBootUri – HTTP URL to the ESXi bootloader (bootx64.efi)

Disclaimer: Nested ESXi and Nested Virtualization is not officially supported by VMware

Adding a customized notification banner in the vSphere UI

03/18/2021 by William Lam 1 Comment

I was recently reminded of an old vCenter Server feature called Message of the Day (MOTD) that I had used quite extensively when I was a customer to easily communicate upcoming patch windows, downtime, updates and other interesting news to my internal users. Back in the day, the vSphere UI was known as the VI Client (C# Client or Thick Client) and once the MOTD is configured, users logging in would see this this custom notification banner across their UI Client.

It has been ages since I had used vCenter’s MOTD feature but after sharing this tidbit on Twitter yesterday, I found a mix of folks that were still using this awesome feature including a VMware Cloud on AWS use case to that helped them easily identify a particular environments to users who was just learning about this feature for the first time.

Used this in @vmwarecloudaws to easily identify different environments e.g. Sandbox from Production https://t.co/bu2eaGMJw6 pic.twitter.com/6dMNb940Gb

— Mark McGilly (@MarkMcG_Bel) March 17, 2021

In addition to bringing some awareness to this oldie but goodie feature of vCenter Server, I also wanted to share some details on how you might automate this as I had a few questions about this on Twitter.

Here is a screenshot of my vSphere 7.0 Update 2 environment which has been configured with an MOTD and you can see that it can also properly render emojis, so you can certainly have some fun here 🙂

To configure an MOTD, click on the vCenter Server inventory object and then navigate to Configure->Settings->Message of Day and set or disable the message.

For those that wish to configure the MOTD programmatically, you can do so using the vSphere API with your favorite vSphere SDK of your choice including PowerCLI. You will need to use the UpdateServiceMessage() method which is part of the SessionManager object.

If you wish to view or check whether an MOTD is configured, the following PowerCLI snippet can be used:

Get-AdvancedSetting -Entity $global:DefaultVIServer -Name vpxd.motd | select Value

However, to configure the MOTD, you can NOT use the Set-AdvancedSetting cmdlet as the advanced setting is a read only value and you must use the vSphere API directly.

Using PowerCLI, here is how to view the current MOTD:

$sm = Get-View $global:DefaultVIServer.ExtensionData.Content.SessionManager
$sm.Message

Using PowerCLI, here is how to update/change the MOTD:

$motd = “🚨This is William Lam’s environment, it is NOT supported. Use at your own risk 😎”
$sm = Get-View $global:DefaultVIServer.ExtensionData.Content.SessionManager
$sm.UpdateServiceMessage($motd)