Monday, October 25, 2010

vCO - secure ldap configuration - UPDATE

Today i had a configuration problem with a larger vCO environment with several domains... After starting the ldap configuration an error code 8 occurs and i had to change to secure ldap (SSL). After this change the vCenter Orchestrator want a new CA certificate for authentification. No problem, if you had an CA and export the CA request (.csr). But in my case i thought they had a "normal" ldap on port 389 and i create an simple self-signed CA.



The problem is: After creating a self-signed Certificate there is no way to create a new request with the company defaults! Deleting all cert* files and restart the configuration server does not work at all.

So you had to install the vCO again... :-( and can not import a configuration, because of the self-signed certificate.

UPDATE #1:
After consulting the vCO installation guide i found out that the certificate is stored in the Database: vmo_keystore. So after cleaning it up you are able to create a new certficate.



With this new certificate, based on the customer data i export the .csr (request) file and send it to the central certificate instance.

UPDATE #2:
Several days after my last attempt my fellow Andreas try to implement the AD SSL/TLS certificates and identifies another problem: the customer doesn´t use certificates in his AD! So after a few mails the basic problem is the NTLMv2 authorization, which is not supported in the ldap configuration.

So we try to find a fix for that and will inform you guys shortly.

UPDATE #3:
Yes, we found the solution!!! After hours of attempts, thinking about it and several coffee cups a simple GPO (thank you Microsoft!) was the cause for all the trouble.



Because the Java engine uses simple bind the connection handshake with the domain controller fails. After turning of the ldap signing request option everything works fine. The second problem was the reverse DNS wich wasn´t right.

So, lessons learned and beer earned!

Sunday, October 17, 2010

vCO - new plug-in released: VIX

VMware released a new vCenter Orchestrator plug-in this week: the vCO VIX plug-in. With this integration it is possible to start operations direct in the virtual machine, like file copy, starting a service or check for directories.



The plugin can be downloaded at VMware Labs: http://labs.vmware.com/flings/vix-vco
Within the .zip file are several components:

o11nplugin-vix.dar - The vCO VIX plug-in (binary)
vCO41-VIX-Plugin-Guide.pdf - The documentation guide
VMware-vix-x64-1.10.1-266898.zip - The Windows 64-bit VIX DLL
VSOSDK-vix-src.zip - The vCO VIX plug-in (project and source code)

The .dar file can be installed like every other plug-in in the configuration interface of the vCenter Orchestrator.

Thursday, October 7, 2010

vCO - Input Dependency - using Presentation in VMware Orchestrator

A vCO Starter asked how to prefill DropDow-Boxes (or other fields) as input in dependency of an other input. Here a simple guide to use an action in Presentation to do this.

Assuming there is a workflow with two input parameters, Input1 [string] for free input, Input2 [string] in dependency of Input1 wich should offer following values:

  • Input1 = A --> A1, A2, A3
  • Input1 = B --> B1, B2, B3
  • Input1 all other values --> C1, C2, C3

Define both strings as input parameter. Then go to the presentation tab.



The Mandatory Property forces an input for Parameter Input1. You can not proceed the Workflow without a value for Input1.

Before looking at Input2, create an action:


This action will return an array of string in dependency of the input parameter MySelection described at the beginning.

Now use this action to define the second parameter:



Add a "Predefined list of elements" property. 


Use action sign (the puzzle) to bind the action on this property. Click the "string" to select the propriate input parameter or our action. After this the presentation look like this.






Execute the workflow and test the behavior.