VMware: Custom ESXi boot iso bootable on Fusion, but not vSphere...


Summary:
Building an embedded lab for some testing w/ NSX and everything.  Cannot clone a pre-installed ESXi host w/o some magic, so decided to utilize a simple kickstart script in an ESXi custom iso pre-mounted to my VM template.  Worked fine on Fusion, not vSphere/ESXi though...

Workaround:
Simply change VM Options --> Boot Options to BIOS

Fusion defaults to BIOS, which is why it worked.  I made the iso w/o UEFI options which is why it worked on fusion, but not ESXi VM.

OR

Solution:
The command I was using to make the iso was missing some key new features to make the iso UEFI bootable.
mkisofs -relaxed-filenames -J -R -o ~/Desktop/custom_esxi.iso -b ISOLINUX.BIN -c BOOT.CAT -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -eltorito-platform efi -b EFIBOOT.IMG -no-emul-boot ~/Desktop/ESXiDefaultInstall

You will have to modify two BOOT.CFG files, one in root directory, and the other in the EFI subdirectory to utilize any custom kickstart you put together.  If you only modify one, it will only point to the kickstart file when booted via BIOs and not UEFI or vice versa.

Details:
Basically, it came down to the fact that I was rebuilding the iso w/ an older command that didn't have the UEFI options.  This made my iso BIOs bootable (Fusion default), but not bootable on my ESXi VM which was set to UEFI.  Highlighted above in solutions section.  Basically my goal was to simply clone a templated VM shell w/ a local hard drive layout I needed for an Embedded vSAN lab.  The VM shell would have the iso mounted so that it would build ESXi at time of clone. 

So I needed an iso that would simply build ESXi w/ basic defaults and configure DHCP.  In the other notes section, I show how I modified the BOOT.CFG file(s) and added a KS.CFG file.  Once I found the options I was missing, my iso was now properly bootable via UEFI and BIOs.  This is a fairly easy workaround to build ESXi virtual hosts w/o having to stand up a PXE environment within an NSX bubble.

Other Notes:
mkisofs is not apart of MacOS, but you can install it via homebrew.
brew install cdrtools

/BOOT.CFG and /EFI/BOOT/BOOT.CFG (Modified kernelopt value to target CD rom and my custom KS.CFG)
kernelopt=ks=cdrom:/KS.CFG

/KS.CFG
accepteula
rootpw superduperSecret!
install --firstdisk --overwritevmfs
network --bootproto=dhcp
reboot

References:
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.install.doc/GUID-C03EADEA-A192-4AB4-9B71-9256A9CB1F9C.html
https://communities.vmware.com/thread/584801?start=0&tstart=0

Nested ESXi virtual appliances that you can customize via OVA options.
https://www.virtuallyghetto.com/2017/05/updated-nested-esxi-6-0u3-6-5d-virtual-appliances.html



VMware: PowerNSX on Mac Invoke-nsxwebrequest unknown exception

Blarg!
Summary:
All was well and dandy until I tried to actually "do" something.  I was trying to create a new logical switch (New-NSXLogicalSwitch) when these errors reared their ugly head:
https://github.com/vmware/powernsx/issues/493
One or more errors occurred. (The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20").) ---> System.PlatformNotSupportedException: The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20").

Workaround:
Windows w/ full Powershell does not have these issues.  Have yet to see if it is a thing specific to Powershell Core.  So use it if you can.

If you don't have a Windows box handy, you can modify the PowerNSX.psm module file to get around this error.  I'm unsure if it can become a permanent solution, but it effectively accomplishes the same thing as the current httpclienthandler.

Location of PowerNSX.psm file on Mac:
/usr/local/share/powershell/Modules/PowerNSX/<versionnumber>/PowerNSX.psm1

You need to modify line 105 from this:
ServerCertificateCustomValidationCallback = delegate { return true; };

To this:
ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;

*One line and case sensitive, must be verbatim.

VMware: physical vmnic# not showing up after upgrade...

Summary:
This was a weird one.  I had a couple of Dell FC630's (FX2 Blades) w/ qlogic broadcom 57810 integrated card in them.  Went to upgrade them from 6.0 to 6.5, that's when the fun began.  Before upgrade, my hosts could see them just fine.  After upgrade, they could only 'see' vmnic1.  Fresh install was also having issues.

Solution/Workaround:
In my case, I had to literally remove the FC630 blade from the FX2 enclosure so that all residual power would be drained.  Once done, whatever it was that was hanging the firmware for my nic finally cleared for ESXi to take control of it.

Details:

PowerCLICore: Docker: Case Sensitivity, script not running, errors.


If you've been using powershell for any period of time, you'd get used to the idea that it doesn't really care about casing.  PowerCLICore on Docker?  Yeah, it's a casing nazi...sometimes.  Now this experience was seen on a Mac.  Unsure if Docker running on linux sees this.

When working w/ cmdlets in general, you should fine.  However, if you were to query for commands related to a specific module like pester:


You'd get a blank return.  Looking at modules available via:
get-module -listavailable


Will show that pester is capitalized as "Pester" so valid get-command is:
get-command -module Pester


Long story short, if you are having issue running a script or whatnot, be sure to check your cAsInG.

Interestingly, once you do a get-command -module Pester successfully, powerclicore on docker magically doesn't care about casing after the fact.

VMware: NSX: Using PowerCLI/PowerNSX to view DFW rules in a table format.

Out-GridView Example
Summary:
This was kind of a fun exercise and helpful considering the NSX plugin kinda blows, in flash client at least.  Have yet to take a look at HTML5 one that was just released.  Was asked if we could output currently configured DFW rules.  Below you will find what I slapped together.  If it's useful to you too, great.  Also, please feel free give me feedback.

It will basically give you the following:
  1. Rule Number 
    • This is kind of a guess in that it assumes that rules will pull down from API in the correct order at runtime.
  2. Rule ID
  3. Rule Name
  4. Source
  5. Destination
  6. Service Ports
  7. Action
  8. appliedTo
This script requires the following powershell modules:
  1. vmware.powercli
  2. powernsx
Script:

VMware: NSX: Logical Switch Objects as Source and Destination Firewall rules (DFW) not working and things to know.


Summary:
One of the cool things w/ NSX is that you can define vCenter Objects as your source and destination targets in NSX's Distributed Firewall (DFW).  On the surface, great idea.  Under the hood, it is still based on IP source and targets.  Only when you decide upon a default deny/deny rule does this become apparent.

Quick and Easy:
  1. Make sure VM's are running VMware Tools.
  2. VM(s) in question is NOT in NSX Exclusion List
    1. ESX Agents (aka NSX Partner Integrations) appear to be in exclusion list by default.
    2. ESX Agents do NOT show in NSX Exclusion list UI.
  3. Use IP Sets if you are a masochist.
    1. or if a vendor provides an appliance w/o tools installed.
    2. Honestly, IP Sets make the most sense rather than defining vSphere objects.  The reason?  If you deal w/ something like an appliance that can be deleted and recreated easily, a vsphere object rule would break because the original object no longer exists.
Details:

Misc: Fitbod - Smart Machine Learning Strength Training Regimen


Download the app
Summary:
I'm lazy, frugal, and easily bored.  When the prospect of going to workout comes up, I want someone to tell me what to do when I'm in the gym @ my random time and track my workouts for trending.  Being frugal, paying for a personal trainer is one thing, then I have to schedule time w/ them (laziness).  Personal trainers do satisfy my easily bored problem though w/ new workouts all the time.  This is where Fitbod, I think, is amazing.

Laziness, Frugality, and Boredom Solved!:

  1. First Fitbod solves my laziness problem by simply being available 24/7.  I don't need to schedule time to meet a trainer @ a gym to get a good strength training workout.
  2. Second, Fitbod solves my frugality problem by simply being free.  Although to access additional secondary functions (not absolutely necessary), I would have to pay a monthly or annual fee.  The in-app purchase is fairly cheap, but I was able to get on the Beta program which gives me free access to the Elite functions (SCORE!).  During testing periods anyway.
  3. Third, Fitbod keeps me engaged by not always doing the same exercises everyday, which is what I would do being as lazy as I am.  That laziness would also get me bored doing the same things over and over again.  It's also not conducive to building strength/muscle.  That is what makes Fitbod so great.

Details:
So here is how it works.  You simply fill out your physical details and your fitness level.  It'll ask you some physiological questions such as height and weight.  It'll also recommend setting up an account.  You can link to facebook for ease or create a custom login.  I recommend doing so your data is backed up and can be retrieved from any device.

The app now does walk you through on how to use it so should be easy to follow through.  If not, you can see my video below on how I use it (in my not so alluring voice).  The app also connects w/ Strava so it understands any cardio impact to your muscles to recommend workouts.  Cardio logging in Fitbod itself is coming or should be coming soon.  Lastly, it does sync w/ Apple Health as well.

Can't recommend this app enough.  An absolute gem in self-fitness.  That being said, I would still highly recommend working w/ a personal trainer if you are just starting out.  Their feedback and eyeballing of your personal movements/weights is essential for full effectiveness.  Once you have a general grasp, Fitbod can help you continue your fitness journey.

A friend of mine, Julius, just started their own fitness venture called Gladiator Fitness.  I've worked w/ him in the past when he worked at my company's gym in the FitTrip program.  He'll definitely get you fit, but be warned, it's not easy and he will make you feel pain. ;)

Anyway here is a short video on how I use FitBod:




Python: Using VS Code on Mac pylint errors

Summary:
Having python built in on Mac can cause issues when you try to work python code.  One such issue is that VS Code will consistently complain about pylint missing and will attempt to install.  It'll likely fail every time and also show a nice little warning suggesting to upgrade pip to the latest version.  Slight annoyances, but annoying nonetheless.

If you've installed Python 3 using brew based on my last post, then this'll be a helpful continuation.
Python: Modules installed with PIP3 on Mac not getting installed?

Resolution:
It's quite simple.


  1. Launch Visual Studio Code
  2. Code --> Preferences --> Settings
  3. In the right pane User Settings, simply add your preferred python path.
    • "python.pythonPath": "/usr/local/bin/python3"
      • brew places a pointer here for you if you followed my last post.
  4. Save
You can also set your preferred interpreter on-demand rather than statically setting it in your user settings.  See referenced link below.

References:

Python: Modules installed with PIP3 on Mac not getting installed?

Summary:
I was essentially just trying to import a module for my python3 installation, but found it was not installed.  Typically, you should be able to install it via PIP (PIP3 in Mac case so it would install to 3.x version instead of built-in 2.x version).  It appears to install fine, but it would not appear in my installed modules when calling help("modules").  Then I noticed the problem...

Details
So in my case, I had python 2.7 and python 3.5 installed via the standard packages provided by python.org.  Nothing wrong with this and very typical, but my tinkering screwed me because I also use brew package installer.  This likely got my pip3 installation messed up and out of sync w/ standard packages installed.  My pip3 pointer was going to a 3.6 version whereas my python3 pointers were going to 3.5.  So, if not obvious, calling pip3 to install modules would only be good for python 3.6.
ls -lh /usr/local/bin

pip3 --version
Now my understanding is that I could simply point my 3.5 version of Python to the PIP 3.6 package directory, but I subscribe the the KISS (Keep It Simple Stupid) method.  Meaning, I'd rather not screw w/ defaults of anything if I don't have to.  So my workaround entails getting rid of the packaged versions and switching over to the brew installed versions.  This way I can use brew to manage the installation updates and all.  

This will hopefully keep my versions in sync so I don't run into further issues.

Workaround:
  1. Place Python Applications in trash.
  2. Delete 3.5 version from your Library (Mac High Sierra uses 2.7 still to this day so pretty safe bet to delete 3.5 if it's there)
    1. rm -rf /Library/Frameworks/Python.framework/Versions/3.5
      • This will remove 3.5 and all it's subfolders if it's found.
  3. Delete pointers for 3.5
    1. rm -rf /usr/local/bin/python3*
      • This should clean up any pointers to old python3 install that no longer exists now.
  4. Install python3 with brew
    1. brew install python3
      • This will install latest version of python and create new python3 pointers in usr/local/bin/ to the brew installed version now.