VCD Container Service Extension Series-Part 3: CSE Plugin Integration With VCD

July 1, 2020 Manish Jha

In last post of this series, I explained how to set up CSE server. In this post we will look at steps of integrating CSE plugin in VMware Cloud Director, so that tenants can spin K8’s cluster from VCD portal.

If you have landed directly on this post by mistake, I would recommend reading previous articles from this series.

1: Container Service Extension Introduction & Architecture

2: CSE Server Installation

Latest and greatest version of CSE plugin can be downloaded from Here

CSE plugin installation is taken care by Cloud Provider. Post installation, provider can choose to publish plugin to all/specific tenants.

Click on upload button to start the wizard. Clicking on Select Plugin File allow you to browse to location where plugin file is downloaded.

Select the scope of publishing CSE plugin. Service provider can publish this plugin to all or subset of tenants. … Read the rest

VCD Container Service Extension Series-Part 1: Introduction & Architecture

June 30, 2020 Manish Jha

I was working on VMware Container Service Extension (CSE) for the last 2 weeks and it was a great learning opportunity for me. My CSE deployment did not go smoothly and I faced many issues with very little or no idea on how to fix them. But kudos to Joe Mann for lending a helping hand to fix all infra-related issues.

Through this blog series, I want to pen down my experience of working with CSE and the challenges which I encountered, and how those issues were resolved.

What is VMware Container Service Extension?

VMware Container Service is an extension to Cloud Director which enables cloud providers to offer Kubernetes-as-a-Service (on top of VCD) to their tenants. Kubernetes as a service helps tenants to quickly deploy the Kubernetes cluster in just a few clicks directly from the VCD portal.

Cloud Providers upload customized Kubernetes templates in public catalogs which tenants leverage to deploy K8 clusters in self-contained vApps.… Read the rest

VCD Container Service Extension Series-Part 2: CSE Server Installation

June 30, 2020 Manish Jha

In first Post of this series, I talked about high level architecture of CSE infrastructure. I also discussed about various components that makes up the CSE platform. In this post I will walk through steps of installing & configuring CSE server.

CSE Installation Prerequisites

Before starting with CSE server installation, make sure following requirements are met:

1: VCD installed & configured: For Lab/POC environment, single node VCD installation is sufficient. For production environment 3 or more nodes (configured behind lb) is recommended.

2: Organization & Catalog for CSE: Dedicated Org created in VCD for CSE consumption. This org should have a Routed Org Network which has outbound connectivity to internet. Also this org should have a catalog created in advance. This catalog holds the K8’s ready vApp templates and will be shared to tenants for consumption.

3: AMQP broker configured in VCD: To extend VCD Public API, AMQP broker needs to be configured beforehand. … Read the rest

Reset Cloud Builder DB for a Fresh Bringup (VCF)

June 16, 2020 Manish Jha

Many of us might have encountered this situation where Cloud Builder UI doesn’t provide a back button after a successful SDDC bringup. I have written a blog Post in the past where I showed the API method of resetting CB for a new bringup.

This post is an extension of my earlier post. Here I will demonstrate the database hack method to initiate a fresh bringup.

Step 1: Login to Cloud Builder via SSH and switch to root user.

Step 2: Connect to the Database

# psql -U postgres -d bringup -h /home/postgresql/

1	# psql -U postgres -d bringup -h /home/postgresql/

Step 3: Nuke the Bringup related tables

bringup=# delete from execution;

bringup=# delete from "Resource";

bringup=# \q

bringup=# delete from execution;

bringup=# delete from "Resource";

bringup=# \q

Refresh the CB UI and you will be returned to the checklist page.… Read the rest

Upgrading vROPs Tenant App for VCD via CLI

June 10, 2020 Manish Jha

In this post I will walk through how to upgrade vROPs Tenant App for Cloud Director via CLI.

Although upgrade can be performed directly from TA vami interface by logging in to https://<vrops-ta-fqdn>:5480/, but having knowledge of CLI is important specially when you are looking for automating the upgrade.

Note: Vami credentials of vROPs TA defaults to root/vmware.

Below are high level steps of upgrading the TA appliance via CLI.

Note: I have tested below steps to upgrade Tenant App from v2.3 to 2.4

Step 1: Enable SSH on TA: Login to TA appliance via vCenter console (credentials: root/vmware) and enable ssh by typing below commands:

# systemctl start sshd

# systemctl enable sshd

Step 2: Download TA Upgrade Package: Upgrade package for appliance can be downloaded from VMware Market Place under Resources tab.

Extract the downloaded iso. We need to upload the content of iso on TA in next step

Step 3: Create Upgrade Repo on TA appliance: Connect to TA appliance over ssh and run following command:

# mkdir -p /data/repo

# chmod 755 -R repo/

Now upload the extracted content in /data/repo directory via winscp or similar utility.… Read the rest

Retry Failed Bringup with Modified Input Spec in VCF

June 4, 2020 Manish Jha

Those who are experienced with VCF might have seen this situation in past where a SDDC Bringup task fails because of an incorrect parameter in the json/xls file used for bringup.

Cloud Builder UI don’t provides a mechanism to go back and change the input file with correct values and retry bringup with modified file. Don’t loose heart if you are caught in this situation as it is possible to do this via API and in this post I will walk through steps of doing so.

By default cloud builder places the sddc-bringup json in /opt/vmware/sddc-support/cloud_admin_tools/Resources/vcf-ems/ directory by name vcf-ems.json.

Note: Even if you are using xls to feed cloud builder, it is internally converted in json file.

You can either modify this json directly and fix the incorrect value that was supplied in your xls/json file or you can generate a new json for bringup.

Step 1: Login to cloud builder vm via ssh and switch to root user.… Read the rest

Troubleshooting vRSLCM Deployment Failure in VCF

June 4, 2020 Manish Jha

Last week while working in my VCF lab, I faced an issue with vRSLCM deployment. Deployment failed in step where SDDC Manager tries to configure vRSLCM NTP settings.

Started my troubleshooting with checking domainmanager.log on sddc manager appliance. I saw following log entries:

2020-05-30T14:44:37.013+0000 INFO [847f3151af714e35,a502] [c.v.e.s.v.v.ImportNtpSettingInVrslcm,dm-exec-4] Importing NTP Server 10.84.x.x in vRSLCM with name VCF NTP Server 1

2020-05-30T14:44:47.189+0000 DEBUG [847f3151af714e35,a502] [c.v.e.s.r.c.LoggingHttpRequestInterceptor,dm-exec-4] Request URI: https://vrslcm.vstellar.local/lcm/lcops/api/settings/productntpsetting
Request method: POST
Request body: {"name":"VCF NTP Server 1","hostName":"10.84.x.x"}
Response code: 400 BAD_REQUEST

2020-05-30T14:45:17.923+0000 ERROR [847f3151af714e35,f1d1] [c.v.e.s.o.model.error.ErrorFactory,dm-exec-10] [L5UVJG] INTERNAL_SERVER_ERROR Invocation of prefix '' part of task ImportNtpSettingInVrslcm in plugin VrslcmPlugin failed with exception.
com.vmware.evo.sddc.common.core.error.InternalServerErrorException: Invocation of prefix '' part of task ImportNtpSettingInVrslcm in plugin VrslcmPlugin failed with exception.

Caused by: org.springframework.web.client.HttpClientErrorException$BadRequest: 400 : [{"status":"ERROR","statusCode":"BAD_REQUEST","message":"Please check if the provided IP/FQDN is of an NTP server and is reachable.","resourceIdentifier":null,"errorStackTrace":["com.vmware.vrealize.lc... (13471 bytes)]

2020-05-30T14:44:37.013+0000 INFO [847f3151af714e35,a502] [c.

… Read the rest

What’s New With vCloud Availability 4.0-SLA Profiles

June 2, 2020January 17, 2026 Manish Jha

With the latest release of vCloud Availability, several notable features have been added. In this post, I will discuss one such feature, known as “SLA Profiles.”

What are SLA profiles?

This new feature brings preconfigured protection profiles to be consumed as they are.

These profiles can be assigned to all/specific tenants and are available for tenants when creating new protection/migration for virtual machines.

Each SLA profile has the following attributes:

Target recovery point objective (RPO).
Retention policy for the point-in-time instances (snapshots).
Whether the quiescing is enabled.
Whether the compression is enabled.
Timeslot to delay the initial synchronization.

There are 3 SLA profiles that you will get out of the box, i.e., gold, silver & bronze.

These profiles can be directly attached to specific organizations by clicking on the Assign button.

Profile Management

SLA profiles will be managed by the service provider. A provider can then set limits for some of the SLA attributes in a given profile and can use it in the form of a policy and assign those policies to tenants so that every tenant’s protection fits within the policy limits.… Read the rest

What’s New With vCloud Availability 4.0-Traffic Monitoring

June 2, 2020January 17, 2026 Manish Jha

In my last post of the “What’s New in vCAV 4.0” series, I discussed SLA Profiles. In this post, I will talk about another cool feature that tenants/providers are going to get with 4.0.

vCAV 4.0 can count the traffic data transferred by each virtual machine that is replicating to the cloud and aggregate the traffic volume information per organization. The service provider can monitor the traffic for every replication bidirectionally and per organization individually.

How Does Traffic Monitoring Collection Work?

Below is a high-level workflow of how the traffic monitoring mechanism works behind the scenes:

1: vCAV Replication Manager Service collects the traffic information for all replications to and from cloud sites and to and from on-premises sites. The traffic information is aggregated by organization.

2: The cloud replicator service instance always collects the replication data traffic for any replication direction. If a replication was configured with the compress option, the Replicator Service counts the compressed bytes.… Read the rest

Dealing With MyVMware Credentials shenanigan in VCF

May 30, 2020 Manish Jha

Recently while working in my lab, I deployed a proxy server and configured my SDDC Manager to use that proxy server to talk to internet.

SDDC Manager was happily talking to internet, but when I tried configuring MYVMware credentials to download product binaries, operation was failing with error “Updating depot user credentials failed”

Tried configuring credential via API (as UI sometime acts weird), but operation failed again.

curl http://localhost/lcm/depot/user -H ‘Content-Type: application/json’ -X PUT -d ‘{“userId”:”[email protected]”, “password”:”<PASSWORD>”}’

and got error 500 in response

{
"status":500,
"code":"VMWARE_DEPOT_CONNECT_FAILURE",
"message":"Depot Not Available"
}

{

"status":500,

"code":"VMWARE_DEPOT_CONNECT_FAILURE",

"message":"Depot Not Available"

}

On further investigation I found that the issue was with proxy server itself as it was not trusting certificate returned by depot.vmware.com and thus causing lcm-bundle-transfer to fail.

Google search returned nothing for this issue and I had to reach out to VCF engineering team.… Read the rest