vCloud Director 5.5 VM Consoles and Google Chrome

Overview

We recently upgraded vCloud Director (vCD) to version 5.5.2.1 and one of the features our users were interested in was using Google Chrome to access the VM consoles.  KB article Supported browsers in VMware vCloud Director 5.5 list all of the supported browsers.  The release note’s resolved issue section says:

Attempts to open a virtual machine console on Google Chrome fail
When you attempt to open a virtual machine console on a Google Chrome browser, the operation fails. The occurs due to the deprication of NPAPI in Google Chrome. vCD 5.5.2.1 uses WebMKS instead of the VMware Remote Console to open virtual machine consoles in Google Chrome, which resolves this issue.

Issue #1: Self-signed certificate for the consoleproxy

When this environment was set up a self-signed certificate was used for the vCloud Director consoleproxy interface, but the HTTP interface had a valid certificate.  This works fine for non-Chrome browsers because they still use the vmrc plug-in to access the consoles and it seems that it doesn’t care about the self-signed certificate.

When I tried to open a VM console using Chrome, I’d receive:

2014-12-16_10-34-51

When using a non-Chrome browser that uses the vmrc, you could go to the %temp%/vmware-%username% directory and look at the logs to determine why the connection failed.  How do you check logs with the new WebMKS client?  With the VM console window selected, you can open the Javascript console by pressing F12 or right-click in the window and select Inspect Element and select the Console tab:

2014-12-16_10-33-50

You can ignore the fact that the console is viewable in the above screenshot.  It was taken from when the console was working.

2014-12-16_10-34-24

Here is the output when connecting to a VM console when the vCD console interface has a self-signed certificate:

2014-12-16_10-35-13

You can see in red what looks like to be a certificate issue.  At this point you can either reconfigure vCD’s console interface to use a valid certificate or import the self-signed certificate to your machine.

Issue #2: After fixing the certificate issue, consoles don’t respond to keyboard input

After assigning a valid certificate to the vCD console interface, the VM consoles now connected, but I noticed that I couldn’t interact with the consoles with a keyboard.  Mouse input worked fine.   Looking at the Javascript console logs showed:

2014-12-16_11-07-53

I’m not sure what this means, but since the vSphere version in this environment was 5.0 and vCenter was just upgraded to 5.5 and the hosts were still at 5.0, I decided to upgrade a host to 5.5 and see if that resolved the issue.  Fortunately, it did and now the consoles work in all supported browsers.

Advertisements

Deploying vCAC/vRA Appliances with PowerCLI

Overview

I’ve been deploying vCAC/vRA quite a bit in my lab and I thought it was time to look into using PowerCLI to automate some of the pieces.  Most of what I’ve done was taken from PowerCLI 5.8 New Feature: Get-OvfConfiguration (Part 1 of 2).

The first example is more basic and won’t use any programming constructs such as loops.  There are separate sections for the vRA SSO and vRA Core appliances and most of the information is redundant.  On the $ovaConfig lines, the details such as common.varoot_password can be found by running the command

$ovaConfig.ToHashTable() | ft -auto

SSO Appliance


connect-viserver localhost

$ovaPath = 'z:\vcac\VMware-Identity-Appliance-2.1.0.0-2007605_OVF10.ova'
$ovaConfig = Get-OvfConfiguration $ovaPath

$ovaConfig.Common.vami.hostname.value                    = 'vcac61a-sso.vmware.local'
$ovaConfig.common.varoot_password.value                  = 'vmware123'
$ovaConfig.common.va_ssh_enabled.value                   = $true
$ovaConfig.IpAssignment.IpProtocol.Value                 = 'IPv4'
$ovaConfig.NetworkMapping.Network_1.Value                = Get-VDSwitch 'vDS1' | Get-VDPortgroup 'vlan3_mgmt'
$ovaConfig.vami.VMware_Identity_Appliance.ip0.value      = '192.168.3.88'
$ovaConfig.vami.VMware_Identity_Appliance.netmask0.value = '255.255.255.0'
$ovaConfig.vami.VMware_Identity_Appliance.gateway.value  = '192.168.3.1'
$ovaConfig.vami.VMware_Identity_Appliance.DNS.value      = '192.168.1.254'

$cluster = get-cluster 'compute2'
$clusterHosts = $cluster | get-vmhost
# Find a random host in the cluster
$vmHost = $clusterHosts[$(get-random -minimum 0 -maximum $clusterHosts.length)]
$datastore = $cluster | get-datastore 'nfs-ds412-hybrid0'

Import-VApp -name vcac61a-sso $ovaPath -OvfConfiguration $ovaConfig -VMHost $vmHost -datastore $datastore -DiskStorageFormat EagerZeroedThick | start-vm

Core Appliance

connect-viserver localhost
$ovaPath = 'z:\vcac\VMware-vCAC-Appliance-6.1.0.0-2077124_OVF10.ova'
$ovaConfig = Get-OvfConfiguration $ovaPath

$ovaConfig.Common.vami.hostname.value                = 'vcac61a.vmware.local'
$ovaConfig.common.varoot_password.value              = 'vmware123'
$ovaConfig.common.va_ssh_enabled.value               = $true
$ovaConfig.IpAssignment.IpProtocol.Value             = 'IPv4'
$ovaConfig.NetworkMapping.Network_1.Value            = Get-VDSwitch 'vDS1' | Get-VDPortgroup 'vlan3_mgmt'
$ovaConfig.vami.VMware_vCAC_Appliance.ip0.value      = '192.168.3.89'
$ovaConfig.vami.VMware_vCAC_Appliance.netmask0.value = '255.255.255.0'
$ovaConfig.vami.VMware_vCAC_Appliance.gateway.value  = '192.168.3.1'
$ovaConfig.vami.VMware_vCAC_Appliance.DNS.value      = '192.168.1.254'

$cluster = get-cluster 'compute2'
$clusterHosts = $cluster | get-vmhost</pre>
# Find a random host in the cluster
$vmHost = $clusterHosts[$(get-random -minimum 0 -maximum $clusterHosts.length)]
$datastore = $cluster | get-datastore 'nfs-ds412-hybrid0'

Import-VApp -name vcac61a $ovaPath -OvfConfiguration $ovaConfig -VMHost $vmHost -datastore $datastore -DiskStorageFormat EagerZeroedThick | start-vm

Alternate Method

The second method is a little more complex and uses loops, hashes, etc.  I’m probably going to redo this at some point to allow me to specify all appliances or a subset of all appliances to deploy.

# Defaults
$vCenter       = 'localhost'
$password      = 'vmware123';
$sshEnabled    = $true;
$ipProtocol    = 'IPv4';
$vSwitchName   = 'vDS1';
$portgroup     = 'vlan3_mgmt';
$netmask       = '255.255.255.0';
$gateway       = '192.168.3.1';
$dns           = '192.168.1.254';
$powerOn       = $true;
$clusterName   = 'compute2';
$datastoreName = 'nfs-ds412-hybrid0';

connect-viserver $vCenter

$ovfInfo = @{
  VMware_Identity_Appliance = @{
    path       = 'z:\vcac\VMware-Identity-Appliance-2.1.0.0-2007605_OVF10.ova';
    hostname   = 'vcac61a-sso.vmware.local';
    ipAddress  = '192.168.3.88';
  };
  VMware_vCAC_Appliance = @{
    path       = 'z:\vcac\VMware-vCAC-Appliance-6.1.0.0-2077124_OVF10.ova';
    hostname   = 'vcac61a.vmware.local';
    ipAddress  = '192.168.3.89';
  };
}

$ovfInfo.keys | % {
  $ovfConfig = @{
    "vami.hostname"            = $ovfInfo[$_].hostname;
    "varoot-password"          = $password;
    "va-ssh-enabled"           = $sshEnabled;
    "IpAssignment.IpProtocol"  = $ipProtocol;
    "NetworkMapping.Network 1" = $portgroup
    "vami.ip0.$_"              = $ovfInfo[$_].ipAddress;
    "vami.netmask0.$_"         = $netmask;
    "vami.gateway.$_"          = $gateway;
    "vami.DNS.$_"              = $dns;
 };

 $cluster      = get-cluster $clusterName
 $datastore    = $cluster | get-datastore $datastoreName
 $clusterHosts = $cluster | get-vmhost
 # Find a random host in the cluster
 $vmHost       = $clusterHosts[$(get-random -minimum 0 -maximum $clusterHosts.length)]
 $vmName       = ($ovfInfo[$_].hostname).split('.')[0]
 $ovfPath      = $ovfInfo[$_].path

 $deployedVM = Import-VApp -name $vmName $ovfPath -OvfConfiguration $ovfConfig -VMHost $vmHost -datastore $datastore -DiskStorageFormat thin

 if ($deployedVM -and $powerOn) { $deployedVM | start-vm }
}

I’m not sure if it’s possible, but the next step would be to figure out how to configure settings such as SSO and certificates within the appliances.  The main goal of this exercise was to get more familiar with the new Get-OvfConfiguration commandlet.

Here is a version of the script that will work with vRA 6.2:

# Defaults
$vCenter       = 'localhost'
$password      = 'vmware123';
$sshEnabled    = $true;
$ipProtocol    = 'IPv4';
$vSwitchName   = 'vDS1';
$portgroup     = 'vlan3_mgmt';
$netmask       = '255.255.255.0';
$gateway       = '192.168.3.1';
$dns           = '192.168.1.254';
$powerOn       = $true;
$clusterName   = 'compute2';
$datastoreName = 'nfs-ds412-hybrid0';
 
connect-viserver $vCenter
 
$ovfInfo = @{
  VMware_Identity_Appliance = @{
    path       = 'z:\vra\VMware-Identity-Appliance-2.2.0.0-2300183_OVF10.ova';
    hostname   = 'vra62z-sso.vmware.local';
    ipAddress  = '192.168.3.100';
  };
  VMware_vRealize_Appliance = @{
    path       = 'z:\vra\VMware-vCAC-Appliance-6.2.0.0-2330392_OVF10.ova';
    hostname   = 'vra62z.vmware.local';
    ipAddress  = '192.168.3.101';
  };
}
 
$ovfInfo.keys | % {
  $ovfConfig = @{
    "vami.hostname"            = $ovfInfo[$_].hostname;
    "varoot-password"          = $password;
    "va-ssh-enabled"           = $sshEnabled;
    "IpAssignment.IpProtocol"  = $ipProtocol;
    "NetworkMapping.Network 1" = $portgroup
    "vami.ip0.$_"              = $ovfInfo[$_].ipAddress;
    "vami.netmask0.$_"         = $netmask;
    "vami.gateway.$_"          = $gateway;
    "vami.DNS.$_"              = $dns;
 };
 
 $cluster      = get-cluster $clusterName
 $datastore    = $cluster | get-datastore $datastoreName
 $clusterHosts = $cluster | get-vmhost
 # Find a random host in the cluster
 $vmHost       = $clusterHosts[$(get-random -minimum 0 -maximum $clusterHosts.length)]
 $vmName       = ($ovfInfo[$_].hostname).split('.')[0]
 $ovfPath      = $ovfInfo[$_].path
 
 $deployedVM = Import-VApp -name $vmName $ovfPath -OvfConfiguration $ovfConfig -VMHost $vmHost -datastore $datastore -DiskStorageFormat thin
 
 if ($deployedVM -and $powerOn) { $deployedVM | start-vm }
}

Change vcoadmin password on vCenter Orchestrator 5.5

I recently had to upgrade vCenter Orchestrator (vCO) from 5.1.2 to 5.5.2, and there isn’t a way to do an in place upgrade so you have to deploy a new vCO 5.5 appliance and migrate to it.  First you need to export the configuration of your vCO 5.1.2 appliance from the vCO configuration web portal and then import the configuration into the new vCO 5.5 appliance.  I’m using the local LDAP server for authentication and one of the issues that I ran into was with the vcoadmin password (default password is ‘vcoadmin’).  When you import the configuration into the new vCO appliance, it will fill in the vcoadmin password from the vCO 5.1 appliance.  If this password isn’t ‘vcoadmin’, you will get errors for the Authentication section of the vCO configuration web portal:

2014-12-05_12-55-30

You can enter the password of ‘vcoadmin’ in both the Authentication and Plug-in sections to make everything green, but if you need to change this password, you’ll need to do it from the vCO appliance’s console.

I found this article (http://www.vcoportal.de/2012/03/change-the-password-for-vcoadmin-on-vco-appliance/) that explains how to change the password but it’s from 2012 and when I tried to run it I received:

vco-upgrade:~ # ldappasswd -D “cn=vcoadmin,ou=vco,dc=appliance” -W -S


New password:
Re-enter new password:
Enter LDAP Password:
ldap_bind: Invalid DN syntax (34)
additional info: invalid DN

I was able to successfully reset the password by running:

ldappasswd -x -D "cn=vcoadmin,ou=vco,dc=appliance" -w current-password -s new-password "cn=vcoadmin,ou=vco,dc=appliance"

If you didn’t change the vcoadmin password in the vCO configuration web portal, it will turn green after a few seconds.  If not, you can try to update it with the new password.