Posts

Showing posts from 2018

Powershell: Get SHA256 Thumbprint from vCenter server using Powershell Core. (NSX-T Compute Manager Registration related)

Summary: Had a need to pull a target vCenter's SSL certificate and convert it's thumbprint to SHA256 format to register to NSX-T Manager using Powershell core.  Servicepoint was not available in Core. Noticed also recently Lam updated his approach to take Core into account.  My approach is slightly different and my script will also return the certificate object back if you so choose rather than just the SHA256 value.  Anyway, I've tested in PS Core 6.0.4 and 6.1 on Ubuntu, CentOS, and MacOS and my function seems to work fine.  Let me know if you see otherwise. GIST below:

Microsoft Word for Mac: Bullets not formatting properly.

Image
Summary: Hard to quite describe, but I was working with an existing word doc and modifying some bulleted lists.  Needless to say, I was having some trouble w/ my normal methods of simply deleting a bullet and if it moved text to bullet above, hit enter to move it down. This was not working.  Among other things it would reformat it in ways that just weren't working.  Found it that it had to do w/ "Track Changes" being enabled AND what seems to be 'too many' changes before they were accepted. Workarounds: Accept all changes or Turn off "Track Changes" Either one works, but I still wanted to track changes, so I left it on and simply accepted all changes.  After doing so, working with bulleted lists worked fine.  Seems like a bug that needs to be addressed.  I have been running Office Insider Fast Track, so that MAY be part of the problem, but leaving this here for reference. MS Word for Mac version 16.16.3

Powershell: PowerNSX: Refusing to load module.

Image
Summary: "The PowerShell Core Beta has known issues that cause PowerNSX to fail.  Refusing to load module." Basically, this happens when you upgrade powershell to 6.1.x.  It's related to a bad section of code in the module that checks for beta releases that should probably deprecated or taken out. Workaround: Modify line 82 to read as such: if ( ( $script:PNsxPSTarget -eq "Core" ) -and ( $PSVersionTable.GitCommitId -notmatch '^v6.[\d].[\d]+$|6.[\d].[\d]+$') ) { Or Comment out line 82 through 90 to remove the check entirely. Details: The check appears to happen because the GitCommitId format may have changed from 6.0 to 6.1 where it was prepended with a v in 6.0 whereas in 6.1 it is not longer prepended. Links: https://github.com/vmware/powernsx/issues/557

PowerCLI: The SSL connection could not be established, see inner exception.

Image
Summary: Unable to connect to ESXi/vCenter server with Connect-VIserver cmdlet, get the following error: "The SSL connection could not be established, see inner exception." Be sure to "Set-PowerCLIConfiguration -InvalidCertificateAction:Ignore" if you plan to connect to an ESXi/vCenter that does not have trusted certificate.  Interestingly, something must've changed recently because the PowerCLI module actually would output a more descriptive message about setting your PowerCLIConfiguration. This appears to be the case w/ Powershell Core 6.1.  I'm actually unsure when this behavior started happening and whether is module or powershell related.  Regardless, figured I'd post this since I was initially confused myself when running some things on another system.

Powershell: Making a RESTful API endpoint in powershell (kinda like python flask)

Summary: While running scripts interactively and even on a scheduled basis is fine, I wanted to explore the possibility of making my scripts event-driven.  Take the vCheck Health Script for example.  Running that on a schedule is fine, but what if I wanted to run that on-demand?  Or other scripts in general? The cool thing, you can do it all in Powershell Core!  Meaning, docker, linux, macOS, etc.  Basically, you can have this script run on OS startup (pre-populated with your endpoint configs/scripts) and you would have a Powershell driven REST-style API endpoint to run your scripts. Here is the example, feel free to try it.  It'll do nothing of consequence on it's own.  I'll post later with a video on how to use it.

Powershell Core: DNSClient cmdlets .NET Alternative

Summary: DNS Cmdlets are not available in Powershell Core, but fear not, you can make use of .NET to get effectively the same functions, for DNS resolution anyway. My old post here details how to use .NET method: Useful Powershell .NET method to convert DNS name to IP

VMware: Get CDP/LLDP info from ESXi/vCenter hosts.

Summary: Had to get CDP/LLDP long time ago and never posted it.  Hosted on gist.github.com for anyone to consume and manipulate how they please.  Definitely been useful and faster since it'll actually ignore disconnected nics. Also automatically adjusts for CDP or LLDP.  I 'think' I wrote this, but I borrow so much from Lam and LucD that they deserve credit for being so awesome anyway.

Misc: Navien NPE-240A Navilink App missing scheduling function

Image
NPE-240A Summary: Just had a new tankless water heater installed in my house to replace a failing 22 year-old 50 gallon tank.  Couldn't be happier w/ my new tankless, but was dealing with weirdness on the Navilink app to control/view my new Navien .  The app's scheduling function (for the recirculation pump) was missing. Solution: NR-20DU Disconnect NR-20DU remote controller. (if you want to schedule via App) *DIP Switches need to be set properly as well. In my case, w/ a bridge valve in my furthest faucet, is considered "External Recirculation". Check w/ your plumber for proper settings, they set mine properly. If you are in the Atlanta area, I highly recommend Plumbing Express LLC . Ask for Jonathan DeWeese. For reference only, these were set correctly by my plumber for my setup. DIP Switch 1 Off, 2 On.  (Internal Recirculation would be the opposite) Parameter 18 set to On (This is to enable Navilink ) These settings are detailed out in t

Mac: Quick Screen Recording on MacOS (Bonus TouchBar Integration)

Image
Summary: To launch screen recording w/ Quicktime Player feels really unintuitive.  I'm betting the average person has no idea this capability exists.  I often forget it's able to as well.  Reason being, when you launch Quicktime Player, it defaults to opening a 'finder' window for you to select a file to 'play'.  So here is a way to kind of "shortcut" access to Quicktime screen recording on MacOS. Solution: Launch QuickTime Player "Right" Click on QuickTime Player Dock and Select "Keep in Dock" Now with QuickTime Player in dock, you can "Right Click" the icon and select Screen Recording. Bonus: Macbook Pros with Touchbar will have a smart menu to select capture type.  You can select either full screen recording of each individually attached screen or "selection" which allows you to simply click and drag your mouse on any portion of the screen.

VMware: Custom ESXi boot iso bootable on Fusion, but not vSphere...

Image
Summary: Building an embedded lab for some testing w/ NSX and everything.  Cannot clone a pre-installed ESXi host w/o some magic, so decided to utilize a simple kickstart script in an ESXi custom iso pre-mounted to my VM template.  Worked fine on Fusion, not vSphere/ESXi though... Workaround: Simply change VM Options --> Boot Options to BIOS Fusion defaults to BIOS, which is why it worked.  I made the iso w/o UEFI options which is why it worked on fusion, but not ESXi VM. OR Solution: The command I was using to make the iso was missing some key new features to make the iso UEFI bootable. mkisofs -relaxed-filenames -J -R -o ~/Desktop/custom_esxi.iso -b ISOLINUX.BIN -c BOOT.CAT -no-emul-boot -boot-load-size 4 -boot-info-table -eltorito-alt-boot -eltorito-platform efi -b EFIBOOT.IMG -no-emul-boot ~/Desktop/ESXiDefaultInstall You will have to modify two BOOT.CFG files, one in root directory, and the other in the EFI subdirectory to utilize any custom kickstart you put

VMware: PowerNSX on Mac Invoke-nsxwebrequest unknown exception

Image
Blarg! Summary: All was well and dandy until I tried to actually "do" something.  I was trying to create a new logical switch (New-NSXLogicalSwitch) when these errors reared their ugly head: https://github.com/vmware/powernsx/issues/493 One or more errors occurred. (The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20").) ---> System.PlatformNotSupportedException: The handler does not support custom handling of certificates with this combination of libcurl (7.54.0) and its SSL backend ("LibreSSL/2.0.20"). Workaround: Windows w/ full Powershell does not have these issues.  Have yet to see if it is a thing specific to Powershell Core.  So use it if you can. If you don't have a Windows box handy, you can modify the PowerNSX.psm module file to get around this error.  I'm unsure if it can become a permanent solution, but it effectively accomplishes the

VMware: physical vmnic# not showing up after upgrade...

Image
Summary: This was a weird one.  I had a couple of Dell FC630's (FX2 Blades) w/ qlogic broadcom 57810 integrated card in them.  Went to upgrade them from 6.0 to 6.5, that's when the fun began.  Before upgrade, my hosts could see them just fine.  After upgrade, they could only 'see' vmnic1.  Fresh install was also having issues. Solution/Workaround: In my case, I had to literally remove the FC630 blade from the FX2 enclosure so that all residual power would be drained.  Once done, whatever it was that was hanging the firmware for my nic finally cleared for ESXi to take control of it. Details:

PowerCLICore: Docker: Case Sensitivity, script not running, errors.

Image
If you've been using powershell for any period of time, you'd get used to the idea that it doesn't really care about casing.   PowerCLICore on Docker ?  Yeah, it's a casing nazi...sometimes.  Now this experience was seen on a Mac.  Unsure if Docker running on linux sees this. When working w/ cmdlets in general, you should fine.  However, if you were to query for commands related to a specific module like pester: You'd get a blank return.  Looking at modules available via: get-module -listavailable Will show that pester is capitalized as "Pester" so valid get-command is: get-command -module Pester Long story short, if you are having issue running a script or whatnot, be sure to check your cAsInG. Interestingly, once you do a get-command -module Pester successfully, powerclicore on docker magically doesn't care about casing after the fact.

VMware: NSX: Using PowerCLI/PowerNSX to view distributed firewall (DFW) rules in a table format.

Image
Out-GridView Example Summary: This was kind of a fun exercise and helpful considering the NSX plugin kinda blows, in flash client at least.  Have yet to take a look at HTML5 one that was just released.  Was asked if we could output currently configured DFW rules.  Below you will find what I slapped together.  If it's useful to you too, great.  Also, please feel free give me feedback. It will basically give you the following: Rule Number  This is kind of a guess in that it assumes that rules will pull down from API in the correct order at runtime. Rule ID Rule Name Source Destination Service Ports Action appliedTo This script requires the following powershell modules: vmware.powercli powernsx Script:

VMware: NSX: Logical Switch Objects as Source and Destination Firewall rules (DFW) not working and things to know.

Image
Summary: One of the cool things w/ NSX is that you can define vCenter Objects as your source and destination targets in NSX's Distributed Firewall (DFW).  On the surface, great idea.  Under the hood, it is still based on IP source and targets.  Only when you decide upon a default deny/deny rule does this become apparent. Quick and Easy: Make sure VM's are running VMware Tools. VM(s) in question is NOT in NSX Exclusion List ESX Agents (aka NSX Partner Integrations) appear to be in exclusion list by default. ESX Agents do NOT show in NSX Exclusion list UI. Use IP Sets if you are a masochist. or if a vendor provides an appliance w/o tools installed. Honestly, IP Sets make the most sense rather than defining vSphere objects.  The reason?  If you deal w/ something like an appliance that can be deleted and recreated easily, a vsphere object rule would break because the original object no longer exists. Details:

Misc: Fitbod - Smart Machine Learning Strength Training Regimen

Image
Download the app Summary: I'm lazy , frugal , and easily bored .  When the prospect of going to workout comes up, I want someone to tell me what to do when I'm in the gym @ my random time and track my workouts for trending.  Being frugal, paying for a personal trainer is one thing, then I have to schedule time w/ them (laziness).  Personal trainers do satisfy my easily bored problem though w/ new workouts all the time.  This is where Fitbod, I think, is amazing. Laziness, Frugality, and Boredom Solved!: First Fitbod solves my laziness problem by simply being available 24/7.  I don't need to schedule time to meet a trainer @ a gym to get a good strength training workout. Second, Fitbod solves my frugality problem by simply being free.  Although to access additional secondary functions (not absolutely necessary), I would have to pay a monthly or annual fee.  The in-app purchase is fairly cheap, but I was able to get on the Beta program which gives me free access

Python: Using VS Code on Mac pylint errors

Image
Summary: Having python built in on Mac can cause issues when you try to work python code.  One such issue is that VS Code will consistently complain about pylint missing and will attempt to install.  It'll likely fail every time and also show a nice little warning suggesting to upgrade pip to the latest version.  Slight annoyances, but annoying nonetheless. If you've installed Python 3 using brew based on my last post, then this'll be a helpful continuation. Python: Modules installed with PIP3 on Mac not getting installed? Resolution: It's quite simple. Launch Visual Studio Code Code --> Preferences --> Settings In the right pane User Settings, simply add your preferred python path. "python.pythonPath": "/usr/local/bin/python3" brew places a pointer here for you if you followed my last post. Save You can also set your preferred interpreter on-demand rather than statically setting it in your user settings.  See referen

Python: Modules installed with PIP3 on Mac not getting installed?

Image
Summary: I was essentially just trying to import a module for my python3 installation, but found it was not installed.  Typically, you should be able to install it via PIP (PIP3 in Mac case so it would install to 3.x version instead of built-in 2.x version).  It appears to install fine, but it would not appear in my installed modules when calling help("modules").  Then I noticed the problem... Details So in my case, I had python 2.7 and python 3.5 installed via the standard packages provided by python.org.  Nothing wrong with this and very typical, but my tinkering screwed me because I also use brew package installer.  This likely got my pip3 installation messed up and out of sync w/ standard packages installed.  My pip3 pointer was going to a 3.6 version whereas my python3 pointers were going to 3.5.  So, if not obvious, calling pip3 to install modules would only be good for python 3.6. ls -lh /usr/local/bin pip3 --version Now my understanding is that I coul