Posts

Showing posts from June, 2013

vCenter Log Insight release

Image
vCenter Log Insight is a new log aggregator from VMware. As a new tool that is integrated with vCenter Operations Manager, Log Insight has great potential. The ability to tie in directly with VMware's knowledge base, vCenter and vCenter Operations gives Log Insight a true strength in combining analytics with logging. We started using Log Insight (project Strata) at Tech Preview 2. We had a need for log aggregation solution and thought we'd give it a try on our lower environments. We have used it for different purposes. 1st time was with analytics. when we deployed it, I had setup a dashboard to see "warning" level alerts. 3 of our 120 hosts were far surpassing the others in errors.  After clicking down into the bar graphs we saw a high number of Active Directory related errors.  After rejoining 2 of those hosts to the domain the errors had cleared. The third box we needed to reinstall to clear the errors. Since we've done this all the servers have

vCenter/vSphere Web Client SSL Certificate Requests (PFX vs JKS)

I was working to get certs for the vsphere web client.  Needless to say, I had worked w/ JKS (Java Keystore) before so I figured the process was the same for PFX (PKCS12 keystore) files, but I was dead wrong.  I'd highly recommend looking into the VMware SSL Certificate Automation Tool .  What follows is mainly a learning exercise for me. For starters, if you have a mac, good for you, cause openssl is likely already installed and accessible via terminal which makes things much easier from the get go.  If you run Windows, download the windows binaries and install.  If you go to the openssl.org site like listed in VMware's docs as a Windows admin, lord help you.  When you install the openssl windows binaries w/ all defaults selected, openssl installs on C:\OpenSSL-Win32\bin. Open a command prompt to that directory, then you can pretty much follow the instructions from VMware . To read more about my trials and tribulations, click the link to continue below.

Replacing vCenter Operations Manager Certificate (vApp)

Refer to this post for openssl info , then follow the steps here: Generate a certificate signing request openssl req -out vcops.csr -new -newkey rsa:2048 -nodes -keyout vcops.key Answer the wizard questions appropriately for your environment. This creates your Certificate request and generates the associated private key. When you receive your signed cert from the CA if not already in pem format (with private key): Assuming CER or CRT we need to convert it to PKCS12 first. openssl pkcs12 -export -in vcops.cer -inkey vcops.key -name vcops -passout pass:password -out vcops.pfx Convert to PEM w/ private key openssl pkcs12 -in vcops.pfx -out vcops.pem -nodes It will prompt for password, if you used my example under step 2, then that would be password. Log into vcop's admin console (https://vcopsServername/admin), select the SSL tab, and upload your newly created pem file. Additional Steps: These steps were helpful in updating vCOPs registration info in vCe