Access vCenter Rest API via Postman

I wanted to do some testing on Center rest API, so I get the relevant method from centre developer page(ex https://developer.vmware.com/apis/vsphere-automation/latest/vcenter/api/vcenter/vm/get/) and trying to get it using postman. Then I’m getting an unauthenticated error. So I tried with the password as well using basic authentication. But the result was the same

To avoid this error. First, we need to get the session id using basic authentication. Please see the below picture.

The method should be Post

Basic authentication and we can use our credential

This will generate a session id. We need to copy this

After that, I was able to avoid that error.

We need to use API key authentication and the key value should be the session id which we copied earlier.

Advertisement

Bad owner or permission issue with the Visual Studio code editor when we try to ssh to the Linux host

When I’m trying to ssh to one of my Linux VM using the visual code editor, I get the below error.

I did a few troubleshooting options, and I was able to resolve this using the below fix

1-Navigate to the .ssh folder

2-Go to the properties of the folder and then the security tab

3- Click on advance and disable inheritance permission

4. Then remove all the permission entries except the system and your account. Select Replace permission option as well.

5. Restart the visual code editor

kubernetes how to use network policy

In the kubernates environment to control Layer 3 or 4 traffic we can use network policy.

In this post I describe network policies with a simple examples

My lab setup

I have three nodes kubernetes cluster

There are a few pods running over there and pods have assigned label environments.I have three categories of pods are there.(dev, pods and web)

Im testing a few scenarios here

Scenario 01

Restrict both Ingress and egress traffic to\from web pods

This is the yaml file I used

—————————————

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

  name: block-all-to-web

spec:

  podSelector:

    matchLabels:

environment: web

  policyTypes:

    – Ingress

    – Egress


How to create a network policy

Save the yml file and apply it

How to view network policy

how we can test this policy?

I have logged in to ubuntudev2 and trying to curl or ping to web pods. But we can connect to other pods

To test the egress traffic from web pods, I logged in to one of the web pods and tried to run apt update. But I’m getting a connection error.Which means our policy is working.

Scenario 02

In this scenario I have restricted only incoming traffic

To test this, i’m deleting the existing the policies now.

This is the yaml file I used.

——————————-

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

  name: block-all-to-web

spec:

  podSelector:

    matchLabels:

      environment:  web

  policyTypes:

    – Ingress

After applying this policy , I was able to connect outside from web pods



Continue reading “kubernetes how to use network policy”

Deploy a vm using ansible playbook

In this article i’m going to shar the steps of deploy a vm using ansible playboook

I’m using two yaml files for this excersice.

in the vars.yml file I”m proving the vcenter environment details as a variables.

I have defined vcener fqdn,datacenter name, credential and vm template name.

Also I have disabled ssl verification sing vcenter_validate_certs: false parameter. The reason is we are using self sign ssl in our vcenter and its not trusted in the linux vm which i’m using to run this playbook.

in the second yml file(vm_deploy.yml).In this playbook i’m grabbing inputs from vars.yml. Other than that Ive added vmname , folder name , power state and wait for ip option here.

Now we can run this play book.

I have added these yml files to below github.

https://github.com/darshanajayathilake/ansiblevmdeploy

Powercli ssl error

When I’m trying to connect to the VC from powercli I get this error.

I tried but there is no ignore SSL option in the parameters.

I searched and I found below workaround for this

We need to set powercliconfig for this

Set-PowerCLIConfiguration -InvalidCertificateAction Ignore -Confirm:$false

VMWare KB-

https://developer.vmware.com/docs/powercli/latest/vmware.vimautomation.core/commands/set-powercliconfiguration/#Default

How to use vsantop

Vsanto

Vsantop is one of most useful tool to identify the performance related issues or collect the stats

Requirement-We should run vSAN 6.7 Update 3 or later version

Vsantop is like same as esxtop that we are using to identify host or vm related issues

How to use it

We need to enable SSH session to one of the node and type vsantop

By default  it will show stats relate to the domclient, but we can customize it

Example –

I need to collect latencywrite

1.press F

2.Enter the no 8 , same way we can remove the fields

3 Press Enter

Screen clipping taken: 7/10/2022 2:34 AM

Also we can change the entity by Pressing E. steps are almost same

By pressing h we can get the help by pressing h

To analyse the data the easiest way it to collect the information to csv file, you can refer to below example