Nithin Titta

Recovering from expired certificates on vRo (vRealize orchestrator)- cli methord

Posted on April 18, 2020December 26, 2020 by Nithin Titta

So the other day the vRo certificates had expired. We tried to change it from the vco-control center, after importing the certificates, vRo UI would simply stay there stating restarting in 2 min but nothing happens.

to replace the certificate’s via CLI

Grab the Keystore password

cat  /var/lib/vco/keystore.password
Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu

Generate CSR using key tool

keytool -certreq -alias dunes -keypass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -keystore "/etc/vco/app-server/security/jssecacerts" -file "/crt/new.csr" -storepass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -ext SAN=DNS:vip.domain.com,DNS:vro1.domain.com,DNS:vro2.domain.com

Grab the /crt/new.csr and get this signed using the CA, Import the signed cert back into vRo and then import the certificate

keytool -importcert -alias dunes -keypass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu" -file "/crt/casigned.crt" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "Pge2Nn366tNBqNavkgg6VZOHJuWmkIHAEPNq1DYu"

Restart Services

service vco-server restart && service vco-configurator restart

Now, copy the signed certificate over to node2 and then run the import command (grab the keystore password from /var/lib/vco/keystore.password)

keytool -importcert -alias dunes -keypass "AzW2gI1QJcNcRNzRX3TyrznhKlYNagKje45fTbSB" -file "/crt/casigned.crt" -keystore "/etc/vco/app-server/security/jssecacerts" -storepass "AzW2gI1QJcNcRNzRX3TyrznhKlYNagKje45fTbSB"

Restart services and you are done!!

service vco-server restart && service vco-configurator restart

Temp: Project3 solution document

Posted on March 30, 2020November 19, 2020 by Nithin Titta

The page will auto-expire on 14 APR

vRA Service registration status using bash CLI

Posted on March 18, 2020July 16, 2020 by Nithin Titta

curl --insecure -f -s -H "Content-Type: application/json" "https:/$HOSTNAME/component-registry/services/status/current?limit=200" | sed "s/}/\n/g" | grep -E -o ".serviceName.*serviceInitializationStatus.[^,]*" | sed "s/\"serviceTypeId.*,//g" | sed -e "s/\"//g" -e "s/:/=/g" -e "s/,/, /" | sed -e "s/serviceName\|serviceInitializationStatus\|=\|,\|null//g" | column -t | sort | cat -n

looking for a specific record on a Postgres database

Posted on March 5, 2020March 5, 2020 by Nithin Titta

The below script will look for a string in every column of the database. To start off with, Log in to postgres and make sure that you have selected the database.

create a function by running the below script. (copy and paste as it is)

CREATE OR REPLACE FUNCTION search_whole_db(_like_pattern text)
  RETURNS TABLE(_tbl regclass, _ctid tid) AS
$func$
BEGIN
   FOR _tbl IN
      SELECT c.oid::regclass
      FROM   pg_class c
      JOIN   pg_namespace n ON n.oid = relnamespace
      WHERE  c.relkind = 'r'                           -- only tables
      AND    n.nspname !~ '^(pg_|information_schema)'  -- exclude system schemas
      ORDER BY n.nspname, c.relname
   LOOP
      RETURN QUERY EXECUTE format(
         'SELECT $1, ctid FROM %s t WHERE t::text ~~ %L'
       , _tbl, '%' || _like_pattern || '%')
      USING _tbl;
   END LOOP;
END
$func$  LANGUAGE plpgsql;

Now, run the below command, replace ‘mypattern’ with the object you are looking for

SELECT * FROM search_whole_db('mypattern');

Here’s an example:

I am looking for a VM named hosting:57669-1:HTM:Cluster1-Web5 in a vCD database. Below is the output from psql

Type "help" for help.

vcd=# CREATE OR REPLACE FUNCTION search_whole_db(_like_pattern text)
vcd-#   RETURNS TABLE(_tbl regclass, _ctid tid) AS
vcd-# $func$
vcd$# BEGIN
vcd$#    FOR _tbl IN
vcd$#       SELECT c.oid::regclass
vcd$#       FROM   pg_class c
vcd$#       JOIN   pg_namespace n ON n.oid = relnamespace
vcd$#       WHERE  c.relkind = 'r'                           -- only tables
vcd$#       AND    n.nspname !~ '^(pg_|information_schema)'  -- exclude system schemas
vcd$#       ORDER BY n.nspname, c.relname
vcd$#    LOOP
vcd$#       RETURN QUERY EXECUTE format(
vcd$#          'SELECT $1, ctid FROM %s t WHERE t::text ~~ %L'
vcd$#        , _tbl, '%' || _like_pattern || '%')
vcd$#       USING _tbl;
vcd$#    END LOOP;
vcd$# END
vcd$# $func$  LANGUAGE plpgsql;
CREATE FUNCTION
vcd=#
vcd=# SELECT * FROM search_whole_db('hosting:57669-1:HTM:Cluster1-Web5');
  _tbl  | _ctid
--------+-------
 vm_inv | (2,8)
(1 row)

vExpert 2020, We Did it

Posted on February 25, 2020March 5, 2020 by Nithin Titta

https://vexpert.vmware.com/directory/3350

VRBc change currency after deployment

Posted on February 12, 2020December 26, 2020 by Nithin Titta

/usr/ITFM-Cloud/va-tools/bin/db-client.sh
update itfm_global_property set property_value = 'INR' where property_name = 'itfm.currency';

Refresh the vRBC UI

Updating the vCenter Service accounts for vRealize products:

Posted on February 6, 2020 by Nithin Titta

LCM(LifeCycle Manager)

Log into lifecycle manager https://lcmFQDN/vrlcm
Click on Datacentre>Managed vCenter Server> Edit icon>

Update the credentials there.

vRops:

Log in to vRops as an admin
Browse to Administration> Solutions >Cloud accounts > Click on the vCenter edit

Click on the edit icon for the credentials

Update the password in the field

vRA:

Log into the vRA org URL: https://vraFQDN/vcac/org/ORG_NAME as the tenant admin or the infrastructure administrator.
navigate to Infrastructure > endpoint > Edit the vCenter endpoint.

Update the credentials under the username password

Note: If integrated credentials check box is enabled, vRA uses the service account used in IAAS (domain account)

vRO (embeded and/or External):

Navigate to vRO Https://vRo_ip/vCo
Click on “START THE ORCHESTRATOR CLIENT”
Login with the administrator account.
Navigate to Library>Workflow and search for “Update a vCenter Server instance” workflow.

Click on “Update the log-in properties”

Fill in the update password for user and click on RUN
Note: If you have custom vCenter Certificates, you will need to click on the notification icon (on the left top) and allow follow the “waiting for input prompt”

Log Insight:

Navigate to the log insight URL, Switch over to the administration page (from the left top)

Under integration, click on vSphere, and click on edit and fill in the password

Click on test connection and save (on the top) when done.

Prevent VRA from deleting failed VM’s

Posted on February 6, 2020 by Nithin Titta

on the IAAS run the below

cd " C:\Program Files (x86)\VMware\vCAC\Agents\vCenter"
DynamicOps.Vrm.VRMencrypt.exe VRMAgent.exe.config get

DynamicOps.Vrm.VRMencrypt.exe VRMAgent.exe.config set doDeletes FALSE

output

C:\Program Files (x86)\VMware\vCAC\Agents\vCenter>DynamicOps.Vrm.VRMencrypt.exe VRMAgent.exe.config get
  managementEndpointName: vCenter
  doDeletes: FALSE

Login into vRa Postgres DB

Posted on February 5, 2020July 16, 2020 by Nithin Titta

su - postgres   
cd /opt/vmware/vpostgres/current/bin
./psql
In psql console run,
\c vcac

vRops 8, Exclude Specific host

Posted on February 5, 2020February 6, 2020 by Nithin Titta

Click next on the “select license keys tab”,

in the “add members” tab, scroll to the bottom and look for “objects always to exclude”

Expand “vCenter adapter”

Expand “host system” and select the host that you wish to exclude

Note: if you wish to deselect everything under the cluster (cascade) then Click on the down arrow next to “add” and select “selected objects and all its descendants”

Click next and finish to complete wizard

A self hosted blog

Author: Nithin Titta